EvalState::realiseContext(): Allow access to the entire closure

Fixes #11030.

(cherry picked from commit 08361f031d)

# Conflicts:
#	src/libexpr/eval.cc
#	tests/functional/import-from-derivation.nix
#	tests/functional/import-from-derivation.sh

src/libexpr/eval.cc

@@ -379,6 +379,16 @@ void EvalState::allowPath(const StorePath & storePath)
         rootFS2->allowPrefix(CanonPath(store->toRealPath(storePath)));
 }
 
+void EvalState::allowClosure(const StorePath & storePath)
+{
+    if (!rootFS.dynamic_pointer_cast<AllowListSourceAccessor>()) return;
+
+    StorePathSet closure;
+    store->computeFSClosure(storePath, closure);
+    for (auto & p : closure)
+        allowPath(p);
+}
+
 void EvalState::allowAndSetStorePathString(const StorePath & storePath, Value & v)
 {
     allowPath(storePath);
@@ -3113,10 +3123,14 @@ std::optional<std::string> EvalState::resolveLookupPathPath(const LookupPath::Pa
             allowPath(path);
             if (store->isInStore(path)) {
                 try {
+<<<<<<< HEAD
                     StorePathSet closure;
                     store->computeFSClosure(store->toStorePath(path).first, closure);
                     for (auto & p : closure)
                         allowPath(p);
+=======
+                    allowClosure(store->toStorePath(path.path.abs()).first);
+>>>>>>> 08361f031 (EvalState::realiseContext(): Allow access to the entire closure)
                 } catch (InvalidPath &) { }
             }
         }