[PATCH 0/6] libsepol/cil: Various CIL cleanups

[PATCH 0/6] libsepol/cil: Various CIL cleanups

[James Carter]

Cleaning up the CIL codebase a bit. No changes to how CIL works.

James Carter (6):
  libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_*
  libsepol/cil: Git rid of unnecessary check in cil_gen_node()
  libsepol/cil: Remove unused field from struct cil_args_resolve
  libsepol/cil: Remove unnecessary assignment in
    cil_resolve_name_keep_aliases()
  libsepol/cil: Use the macro NODE() whenever possible
  libspepol/cil: Use the macro FLAVOR() whenever possible

 libsepol/cil/src/cil.c             |  2 +-
 libsepol/cil/src/cil_binary.c      | 12 +++----
 libsepol/cil/src/cil_build_ast.c   |  6 ++--
 libsepol/cil/src/cil_find.c        | 10 +++---
 libsepol/cil/src/cil_post.c        |  2 +-
 libsepol/cil/src/cil_resolve_ast.c | 55 +++++++++++++-----------------
 libsepol/cil/src/cil_tree.c        |  2 +-
 7 files changed, 41 insertions(+), 48 deletions(-)

-- 
2.25.4

[PATCH 1/6] libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_*

[James Carter]

The function cil_tree_walk() has an argument that can be used by
the process_node helper function to tell cil_tree_walk() to skip
the node's sub-tree or the rest of the current branch. The constants
CIL_TREE_SKIP_NOTHING, CIL_TREE_SKIP_NEXT and CIL_TREE_SKIP_HEAD are
defined to be used by that argument.

Fixed two instances in the function __cil_build_ast_node_helper()
where the value 1 is used instead of the more informative
CIL_TREE_SKIP_NEXT.

Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/cil/src/cil_build_ast.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
index a8955834..bb5bbc84 100644
--- a/libsepol/cil/src/cil_build_ast.c
+++ b/libsepol/cil/src/cil_build_ast.c
@@ -6387,10 +6387,10 @@ int __cil_build_ast_node_helper(struct cil_tree_node *parse_current, uint32_t *f
 		rc = cil_gen_macro(db, parse_current, ast_node);
 	} else if (parse_current->data == CIL_KEY_CALL) {
 		rc = cil_gen_call(db, parse_current, ast_node);
-		*finished = 1;
+		*finished = CIL_TREE_SKIP_NEXT;
 	} else if (parse_current->data == CIL_KEY_POLICYCAP) {
 		rc = cil_gen_policycap(db, parse_current, ast_node);
-		*finished = 1;
+		*finished = CIL_TREE_SKIP_NEXT;
 	} else if (parse_current->data == CIL_KEY_OPTIONAL) {
 		rc = cil_gen_optional(db, parse_current, ast_node);
 	} else if (parse_current->data == CIL_KEY_IPADDR) {
-- 
2.25.4

[PATCH 2/6] libsepol/cil: Git rid of unnecessary check in cil_gen_node()

[James Carter]

Since cil_gen_node() is only called from declarations, the check to
determine if the node is a declaration is not needed, so remove it.

Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/cil/src/cil_build_ast.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
index bb5bbc84..67801def 100644
--- a/libsepol/cil/src/cil_build_ast.c
+++ b/libsepol/cil/src/cil_build_ast.c
@@ -154,7 +154,7 @@ int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_s
 		}
 	}
 
-	if (ast_node->flavor >= CIL_MIN_DECLARATIVE && ast_node->parent->flavor == CIL_MACRO) {
+	if (ast_node->parent->flavor == CIL_MACRO) {
 		struct cil_list_item *item;
 		struct cil_list *param_list = ((struct cil_macro*)ast_node->parent->data)->params;
 		if (param_list != NULL) {
-- 
2.25.4

[PATCH 3/6] libsepol/cil: Remove unused field from struct cil_args_resolve

[James Carter]

When resolving names, the struct cil_args_resolve is passed to the
various resolve functions. The field last_resolved_name is not used.

Remove the last_resolved_name field from struct cil_args_resolve.

Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/cil/src/cil_resolve_ast.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
index daf873be..410b8c87 100644
--- a/libsepol/cil/src/cil_resolve_ast.c
+++ b/libsepol/cil/src/cil_resolve_ast.c
@@ -51,7 +51,6 @@ struct cil_args_resolve {
 	struct cil_db *db;
 	enum cil_pass pass;
 	uint32_t *changed;
-	char *last_resolved_name;
 	struct cil_tree_node *optstack;
 	struct cil_tree_node *boolif;
 	struct cil_tree_node *macro;
@@ -3905,7 +3904,6 @@ int cil_resolve_ast(struct cil_db *db, struct cil_tree_node *current)
 	extra_args.db = db;
 	extra_args.pass = pass;
 	extra_args.changed = &changed;
-	extra_args.last_resolved_name = NULL;
 	extra_args.optstack = NULL;
 	extra_args.boolif= NULL;
 	extra_args.macro = NULL;
@@ -4234,7 +4232,5 @@ exit:
 		*datum = NULL;
 	}
 
-	args->last_resolved_name = name;
-
 	return rc;
 }
-- 
2.25.4

[PATCH 4/6] libsepol/cil: Remove unnecessary assignment in cil_resolve_name_keep_aliases()

[James Carter]

Block, macro, and optional names are all in stored in a block symtab. A
declarations fully-qualified name includes all of the block names from
the root node to the declaration separated by dots. Macro and optional
names are only used when trying to determine the block referred to by
an "in" block. An optional block name might be stored in a macro's
symtab, but optional blocks have no symtab and (*datum)->symtab just
refers to the symtab of the datum which would be the current symtab.

Since the assignment is not needed, remove it so the code is clearer.

Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/cil/src/cil_resolve_ast.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
index 410b8c87..9e6afca9 100644
--- a/libsepol/cil/src/cil_resolve_ast.c
+++ b/libsepol/cil/src/cil_resolve_ast.c
@@ -4209,9 +4209,6 @@ int cil_resolve_name_keep_aliases(struct cil_tree_node *ast_node, char *name, en
 				if (node->flavor == CIL_MACRO) {
 					struct cil_macro *macro = node->data;
 					symtab = &macro->symtab[sym_index];
-				} else {
-					/* optional */
-					symtab = (*datum)->symtab;
 				}
 			}
 			current = next;
-- 
2.25.4

[PATCH 5/6] libsepol/cil: Use the macro NODE() whenever possible

[James Carter]

In cil_symtab.h, the macro NODE() is defined. It refers to the first
node in the list of nodes that declare that datum. (It is rare for
a datum to have more than one node in this list.) While the macro was
used in many places, it was not used everywhere that it could be.

Change all the remaining places to use NODE().

Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/cil/src/cil.c             |  2 +-
 libsepol/cil/src/cil_binary.c      | 12 ++++-----
 libsepol/cil/src/cil_find.c        |  2 +-
 libsepol/cil/src/cil_resolve_ast.c | 40 +++++++++++++++---------------
 libsepol/cil/src/cil_tree.c        |  2 +-
 5 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c
index 95bdb5e5..bb7f06d5 100644
--- a/libsepol/cil/src/cil.c
+++ b/libsepol/cil/src/cil.c
@@ -1380,7 +1380,7 @@ static int cil_cats_to_ebitmap(struct cil_cats *cats, struct ebitmap* cats_ebitm
 	}
 
 	cil_list_for_each(i, cats->datum_expr) {
-		node = DATUM(i->data)->nodes->head->data;
+		node = NODE(i->data);
 		if (node->flavor == CIL_CATSET) {
 			cs = (struct cil_catset*)i->data;
 			cil_list_for_each(j, cs->cats->datum_expr) {
diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
index e417c5c2..3b01ade1 100644
--- a/libsepol/cil/src/cil_binary.c
+++ b/libsepol/cil/src/cil_binary.c
@@ -147,7 +147,7 @@ static int __cil_get_sepol_level_datum(policydb_t *pdb, struct cil_symtab_datum
 
 static int __cil_expand_user(struct cil_symtab_datum *datum, ebitmap_t *new)
 {
-	struct cil_tree_node *node = datum->nodes->head->data;
+	struct cil_tree_node *node = NODE(datum);
 	struct cil_user *user = NULL;
 	struct cil_userattribute *attr = NULL;
 
@@ -175,7 +175,7 @@ exit:
 
 static int __cil_expand_role(struct cil_symtab_datum *datum, ebitmap_t *new)
 {
-	struct cil_tree_node *node = datum->nodes->head->data;
+	struct cil_tree_node *node = NODE(datum);
 
 	if (node->flavor == CIL_ROLEATTRIBUTE) {
 		struct cil_roleattribute *attr = (struct cil_roleattribute *)datum;
@@ -201,7 +201,7 @@ exit:
 
 static int __cil_expand_type(struct cil_symtab_datum *datum, ebitmap_t *new)
 {
-	struct cil_tree_node *node = datum->nodes->head->data;
+	struct cil_tree_node *node = NODE(datum);
 
 	if (node->flavor == CIL_TYPEATTRIBUTE) {
 		struct cil_typeattribute *attr = (struct cil_typeattribute *)datum;
@@ -2943,7 +2943,7 @@ int __cil_cats_to_mls_level(policydb_t *pdb, struct cil_cats *cats, mls_level_t
 	cat_datum_t *sepol_cat = NULL;
 
 	cil_list_for_each(i, cats->datum_expr) {
-		struct cil_tree_node *node = DATUM(i->data)->nodes->head->data;
+		struct cil_tree_node *node = NODE(i->data);
 		if (node->flavor == CIL_CATSET) {
 			struct cil_list_item *j;
 			struct cil_catset *cs = i->data;
@@ -3701,7 +3701,7 @@ int __cil_node_to_policydb(struct cil_tree_node *node, void *extra_args)
 	type_value_to_cil = args->type_value_to_cil;
 
 	if (node->flavor >= CIL_MIN_DECLARATIVE) {
-		if (node != DATUM(node->data)->nodes->head->data) {
+		if (node != NODE(node->data)) {
 			goto exit;
 		}
 	}
@@ -4450,7 +4450,7 @@ static void __cil_init_sepol_type_set(type_set_t *t)
 static int __cil_add_sepol_type(policydb_t *pdb, const struct cil_db *db, struct cil_symtab_datum *datum, ebitmap_t *map)
 {
 	int rc = SEPOL_ERR;
-	struct cil_tree_node *n = datum->nodes->head->data;
+	struct cil_tree_node *n = NODE(datum);
 	type_datum_t *sepol_datum = NULL;
 
 	if (n->flavor == CIL_TYPEATTRIBUTE) {
diff --git a/libsepol/cil/src/cil_find.c b/libsepol/cil/src/cil_find.c
index 41342424..c182406e 100644
--- a/libsepol/cil/src/cil_find.c
+++ b/libsepol/cil/src/cil_find.c
@@ -118,7 +118,7 @@ static int cil_type_matches(ebitmap_t *matches, struct cil_symtab_datum *d1, str
 static int cil_self_match_any(struct cil_symtab_datum *s1, struct cil_symtab_datum *s2, struct cil_symtab_datum *t2)
 {
 	int rc;
-	struct cil_tree_node *n1 = s1->nodes->head->data;
+	struct cil_tree_node *n1 = NODE(s1);
 	if (n1->flavor != CIL_TYPEATTRIBUTE) {
 		rc = cil_type_match_any(s1, t2);
 	} else {
diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
index 9e6afca9..060bc0d0 100644
--- a/libsepol/cil/src/cil_resolve_ast.c
+++ b/libsepol/cil/src/cil_resolve_ast.c
@@ -393,7 +393,7 @@ int cil_resolve_type_rule(struct cil_tree_node *current, void *extra_args)
 		goto exit;
 	}
 
-	result_node = result_datum->nodes->head->data;
+	result_node = NODE(result_datum);
 
 	if (result_node->flavor != CIL_TYPE) {
 		cil_log(CIL_ERR, "Type rule result must be a type [%d]\n",result_node->flavor);
@@ -421,7 +421,7 @@ int cil_resolve_typeattributeset(struct cil_tree_node *current, void *extra_args
 		goto exit;
 	}
 
-	attr_node = attr_datum->nodes->head->data;
+	attr_node = NODE(attr_datum);
 
 	if (attr_node->flavor != CIL_TYPEATTRIBUTE) {
 		rc = SEPOL_ERR;
@@ -470,7 +470,7 @@ int cil_resolve_expandtypeattribute(struct cil_tree_node *current, void *extra_a
 			goto exit;
 		}
 
-		attr_node = attr_datum->nodes->head->data;
+		attr_node = NODE(attr_datum);
 
 		if (attr_node->flavor != CIL_TYPEATTRIBUTE) {
 			rc = SEPOL_ERR;
@@ -594,7 +594,7 @@ int cil_resolve_typepermissive(struct cil_tree_node *current, void *extra_args)
 		goto exit;
 	}
 
-	type_node = type_datum->nodes->head->data;
+	type_node = NODE(type_datum);
 
 	if (type_node->flavor != CIL_TYPE && type_node->flavor != CIL_TYPEALIAS) {
 		cil_log(CIL_ERR, "Typepermissive must be a type or type alias\n");
@@ -654,7 +654,7 @@ int cil_resolve_nametypetransition(struct cil_tree_node *current, void *extra_ar
 		goto exit;
 	}
 
-	result_node = result_datum->nodes->head->data;
+	result_node = NODE(result_datum);
 
 	if (result_node->flavor != CIL_TYPE && result_node->flavor != CIL_TYPEALIAS) {
 		cil_log(CIL_ERR, "typetransition result is not a type or type alias\n");
@@ -855,7 +855,7 @@ int cil_resolve_userlevel(struct cil_tree_node *current, void *extra_args)
 		goto exit;
 	}
 
-	user_node = user_datum->nodes->head->data;
+	user_node = NODE(user_datum);
 
 	if (user_node->flavor != CIL_USER) {
 		cil_log(CIL_ERR, "Userlevel must be a user\n");
@@ -908,7 +908,7 @@ int cil_resolve_userrange(struct cil_tree_node *current, void *extra_args)
 		goto exit;
 	}
 
-	user_node = user_datum->nodes->head->data;
+	user_node = NODE(user_datum);
 
 	if (user_node->flavor != CIL_USER) {
 		cil_log(CIL_ERR, "Userrange must be a user: %s\n", user_datum->fqn);
@@ -959,7 +959,7 @@ int cil_resolve_userprefix(struct cil_tree_node *current, void *extra_args)
 		goto exit;
 	}
 
-	user_node = user_datum->nodes->head->data;
+	user_node = NODE(user_datum);
 
 	if (user_node->flavor != CIL_USER) {
 		cil_log(CIL_ERR, "Userprefix must be a user: %s\n", user_datum->fqn);
@@ -986,7 +986,7 @@ int cil_resolve_selinuxuser(struct cil_tree_node *current, void *extra_args)
 		goto exit;
 	}
 
-	user_node = user_datum->nodes->head->data;
+	user_node = NODE(user_datum);
 
 	if (user_node->flavor != CIL_USER) {
 		cil_log(CIL_ERR, "Selinuxuser must be a user: %s\n", user_datum->fqn);
@@ -1079,7 +1079,7 @@ int cil_resolve_roletransition(struct cil_tree_node *current, void *extra_args)
 	if (rc != SEPOL_OK) {
 		goto exit;
 	}
-	node = result_datum->nodes->head->data;
+	node = NODE(result_datum);
 	if (node->flavor != CIL_ROLE) {
 		rc = SEPOL_ERR;
 		printf("%i\n", node->flavor);
@@ -1131,7 +1131,7 @@ int cil_resolve_roleattributeset(struct cil_tree_node *current, void *extra_args
 	if (rc != SEPOL_OK) {
 		goto exit;
 	}
-	attr_node = attr_datum->nodes->head->data;
+	attr_node = NODE(attr_datum);
 
 	if (attr_node->flavor != CIL_ROLEATTRIBUTE) {
 		rc = SEPOL_ERR;
@@ -1569,7 +1569,7 @@ int cil_resolve_catorder(struct cil_tree_node *current, void *extra_args)
 			cil_log(CIL_ERR, "Failed to resolve category %s in categoryorder\n", (char *)curr->data);
 			goto exit;
 		}
-		node = cat_datum->nodes->head->data;
+		node = NODE(cat_datum);
 		if (node->flavor != CIL_CAT) {
 			cil_log(CIL_ERR, "%s is not a category. Only categories are allowed in categoryorder statements\n", cat_datum->name);
 			rc = SEPOL_ERR;
@@ -1832,7 +1832,7 @@ int cil_resolve_context(struct cil_tree_node *current, struct cil_context *conte
 		goto exit;
 	}
 
-	node = user_datum->nodes->head->data;
+	node = NODE(user_datum);
 
 	if (node->flavor != CIL_USER) {
 		cil_log(CIL_ERR, "Context user must be a user: %s\n", user_datum->fqn);
@@ -1847,7 +1847,7 @@ int cil_resolve_context(struct cil_tree_node *current, struct cil_context *conte
 		goto exit;
 	}
 
-	node = role_datum->nodes->head->data;
+	node = NODE(role_datum);
 	if (node->flavor != CIL_ROLE) {
 		rc = SEPOL_ERR;
 		cil_log(CIL_ERR, "Context role not a role: %s\n", role_datum->fqn);
@@ -1861,7 +1861,7 @@ int cil_resolve_context(struct cil_tree_node *current, struct cil_context *conte
 		goto exit;
 	}
 
-	node = type_datum->nodes->head->data;
+	node = NODE(type_datum);
 
 	if (node->flavor != CIL_TYPE && node->flavor != CIL_TYPEALIAS) {
 		rc = SEPOL_ERR;
@@ -2311,7 +2311,7 @@ int cil_resolve_blockinherit_link(struct cil_tree_node *current, void *extra_arg
 		goto exit;
 	}
 
-	node = block_datum->nodes->head->data;
+	node = NODE(block_datum);
 
 	if (node->flavor != CIL_BLOCK) {
 		cil_log(CIL_ERR, "%s is not a block\n", cil_node_to_string(node));
@@ -2450,7 +2450,7 @@ int cil_resolve_blockabstract(struct cil_tree_node *current, void *extra_args)
 		goto exit;
 	}
 
-	block_node = block_datum->nodes->head->data;
+	block_node = NODE(block_datum);
 	if (block_node->flavor != CIL_BLOCK) {
 		cil_log(CIL_ERR, "Failed to resolve blockabstract to a block, rc: %d\n", rc);
 		goto exit;
@@ -2482,7 +2482,7 @@ int cil_resolve_in(struct cil_tree_node *current, void *extra_args)
 		goto exit;
 	}
 
-	block_node = block_datum->nodes->head->data;
+	block_node = NODE(block_datum);
 
 	rc = cil_copy_ast(db, current, block_node);
 	if (rc != SEPOL_OK) {
@@ -2774,7 +2774,7 @@ int cil_resolve_call1(struct cil_tree_node *current, void *extra_args)
 		goto exit;
 	}
 
-	macro_node = macro_datum->nodes->head->data;
+	macro_node = NODE(macro_datum);
 
 	if (macro_node->flavor != CIL_MACRO) {
 		printf("Failed to resolve %s to a macro\n", new_call->macro_str);
@@ -3367,7 +3367,7 @@ int cil_resolve_userattributeset(struct cil_tree_node *current, void *extra_args
 	if (rc != SEPOL_OK) {
 		goto exit;
 	}
-	attr_node = attr_datum->nodes->head->data;
+	attr_node = NODE(attr_datum);
 
 	if (attr_node->flavor != CIL_USERATTRIBUTE) {
 		rc = SEPOL_ERR;
diff --git a/libsepol/cil/src/cil_tree.c b/libsepol/cil/src/cil_tree.c
index b1cbda91..3ab5e868 100644
--- a/libsepol/cil/src/cil_tree.c
+++ b/libsepol/cil/src/cil_tree.c
@@ -1688,7 +1688,7 @@ void cil_tree_print_node(struct cil_tree_node *node)
 					struct cil_symtab_datum *datum = ((struct cil_args*)item->data)->arg;
 					if (datum != NULL) {
 						if (datum->nodes != NULL && datum->nodes->head != NULL) {
-							cil_tree_print_node((struct cil_tree_node*)datum->nodes->head->data);
+							cil_tree_print_node(NODE(datum));
 						}
 					} else if (((struct cil_args*)item->data)->arg_str != NULL) {
 						switch (item->flavor) {
-- 
2.25.4

[PATCH 6/6] libspepol/cil: Use the macro FLAVOR() whenever possible

[James Carter]

In cil_symtab.h, the macro FLAVOR() is defined. It refers to the
flavor of the first node in the list of nodes that declare the datum.
(The flavors of every node should be the same.) While the macro was
used in many places, it was not used everywhere that it could be.

Change all the remaining places to use FLAVOR().

Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/cil/src/cil_find.c        | 8 ++++----
 libsepol/cil/src/cil_post.c        | 2 +-
 libsepol/cil/src/cil_resolve_ast.c | 8 ++++----
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/libsepol/cil/src/cil_find.c b/libsepol/cil/src/cil_find.c
index c182406e..638b675d 100644
--- a/libsepol/cil/src/cil_find.c
+++ b/libsepol/cil/src/cil_find.c
@@ -44,8 +44,8 @@ struct cil_args_find {
 
 static int cil_type_match_any(struct cil_symtab_datum *d1, struct cil_symtab_datum *d2)
 {
-	enum cil_flavor f1 = ((struct cil_tree_node*)d1->nodes->head->data)->flavor;
-	enum cil_flavor f2 = ((struct cil_tree_node*)d2->nodes->head->data)->flavor;
+	enum cil_flavor f1 = FLAVOR(d1);
+	enum cil_flavor f2 = FLAVOR(d2);
 
 	if (f1 != CIL_TYPEATTRIBUTE && f2 != CIL_TYPEATTRIBUTE) {
 		struct cil_type *t1 = (struct cil_type *)d1;
@@ -81,8 +81,8 @@ static int cil_type_match_any(struct cil_symtab_datum *d1, struct cil_symtab_dat
 static int cil_type_matches(ebitmap_t *matches, struct cil_symtab_datum *d1, struct cil_symtab_datum *d2)
 {
 	int rc = SEPOL_OK;
-	enum cil_flavor f1 = ((struct cil_tree_node*)d1->nodes->head->data)->flavor;
-	enum cil_flavor f2 = ((struct cil_tree_node*)d2->nodes->head->data)->flavor;
+	enum cil_flavor f1 = FLAVOR(d1);
+	enum cil_flavor f2 = FLAVOR(d2);
 
 	if (f1 != CIL_TYPEATTRIBUTE && f2 != CIL_TYPEATTRIBUTE) {
 		struct cil_type *t1 = (struct cil_type *)d1;
diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
index a0cadfde..37a44415 100644
--- a/libsepol/cil/src/cil_post.c
+++ b/libsepol/cil/src/cil_post.c
@@ -1482,7 +1482,7 @@ static void __mark_neverallow_attrs(struct cil_list *expr_list)
 
 	cil_list_for_each(curr, expr_list) {
 		if (curr->flavor == CIL_DATUM) {
-			if (NODE(curr->data)->flavor == CIL_TYPEATTRIBUTE) {
+			if (FLAVOR(curr->data) == CIL_TYPEATTRIBUTE) {
 				struct cil_typeattribute *attr = curr->data;
 				if (strstr(DATUM(attr)->name, TYPEATTR_INFIX)) {
 					__mark_neverallow_attrs(attr->expr_list);
diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
index 060bc0d0..f6deb100 100644
--- a/libsepol/cil/src/cil_resolve_ast.c
+++ b/libsepol/cil/src/cil_resolve_ast.c
@@ -505,7 +505,7 @@ int cil_resolve_aliasactual(struct cil_tree_node *current, void *extra_args, enu
 	if (rc != SEPOL_OK) {
 		goto exit;
 	}
-	if (NODE(alias_datum)->flavor != alias_flavor) {
+	if (FLAVOR(alias_datum) != alias_flavor) {
 		cil_log(CIL_ERR, "%s is not an alias\n",alias_datum->name);
 		rc = SEPOL_ERR;
 		goto exit;
@@ -516,7 +516,7 @@ int cil_resolve_aliasactual(struct cil_tree_node *current, void *extra_args, enu
 		goto exit;
 	}
 
-	if (NODE(actual_datum)->flavor != flavor && NODE(actual_datum)->flavor != alias_flavor) {
+	if (FLAVOR(actual_datum) != flavor && FLAVOR(actual_datum) != alias_flavor) {
 		cil_log(CIL_ERR, "%s is a %s, but aliases a %s\n", alias_datum->name, cil_node_to_string(NODE(alias_datum)), cil_node_to_string(NODE(actual_datum)));
 		rc = SEPOL_ERR;
 		goto exit;
@@ -2573,7 +2573,7 @@ int cil_resolve_bounds(struct cil_tree_node *current, void *extra_args, enum cil
 	if (rc != SEPOL_OK) {
 		goto exit;
 	}
-	if (NODE(parent_datum)->flavor == attr_flavor) {
+	if (FLAVOR(parent_datum) == attr_flavor) {
 		cil_log(CIL_ERR, "Bounds parent %s is an attribute\n", bounds->parent_str);
 		rc = SEPOL_ERR;
 		goto exit;
@@ -2584,7 +2584,7 @@ int cil_resolve_bounds(struct cil_tree_node *current, void *extra_args, enum cil
 	if (rc != SEPOL_OK) {
 		goto exit;
 	}
-	if (NODE(child_datum)->flavor == attr_flavor) {
+	if (FLAVOR(child_datum) == attr_flavor) {
 		cil_log(CIL_ERR, "Bounds child %s is an attribute\n", bounds->child_str);
 		rc = SEPOL_ERR;
 		goto exit;
-- 
2.25.4

Re: [PATCH 0/6] libsepol/cil: Various CIL cleanups

[Nicolas Iooss]

On Mon, Nov 16, 2020 at 11:07 PM James Carter <jwcart2@gmail.com> wrote:
>
> Cleaning up the CIL codebase a bit. No changes to how CIL works.
>
> James Carter (6):
>   libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_*
>   libsepol/cil: Git rid of unnecessary check in cil_gen_node()
>   libsepol/cil: Remove unused field from struct cil_args_resolve
>   libsepol/cil: Remove unnecessary assignment in
>     cil_resolve_name_keep_aliases()
>   libsepol/cil: Use the macro NODE() whenever possible
>   libspepol/cil: Use the macro FLAVOR() whenever possible
>
>  libsepol/cil/src/cil.c             |  2 +-
>  libsepol/cil/src/cil_binary.c      | 12 +++----
>  libsepol/cil/src/cil_build_ast.c   |  6 ++--
>  libsepol/cil/src/cil_find.c        | 10 +++---
>  libsepol/cil/src/cil_post.c        |  2 +-
>  libsepol/cil/src/cil_resolve_ast.c | 55 +++++++++++++-----------------
>  libsepol/cil/src/cil_tree.c        |  2 +-
>  7 files changed, 41 insertions(+), 48 deletions(-)
>
> --
> 2.25.4
>

Hello,
The content of these patches look good but there are two misspellings
in the commit messages:

* Patch 2 : "libsepol/cil: Git rid of unnecessary check in
cil_gen_node()" -> "Get" instead of "Git"
* Patch 6 : "libspepol/cil: Use the macro FLAVOR() whenever possible"
-> "libsepol"

With these changes:
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>

Feel free to apply the patches yourself, with the misspellings fixes.

Thanks,
Nicolas

Re: [PATCH 0/6] libsepol/cil: Various CIL cleanups

[Nicolas Iooss]

On Tue, Nov 24, 2020 at 8:25 AM Nicolas Iooss <nicolas.iooss@m4x.org> wrote:
>
> On Mon, Nov 16, 2020 at 11:07 PM James Carter <jwcart2@gmail.com> wrote:
> >
> > Cleaning up the CIL codebase a bit. No changes to how CIL works.
> >
> > James Carter (6):
> >   libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_*
> >   libsepol/cil: Git rid of unnecessary check in cil_gen_node()
> >   libsepol/cil: Remove unused field from struct cil_args_resolve
> >   libsepol/cil: Remove unnecessary assignment in
> >     cil_resolve_name_keep_aliases()
> >   libsepol/cil: Use the macro NODE() whenever possible
> >   libspepol/cil: Use the macro FLAVOR() whenever possible
> >
> >  libsepol/cil/src/cil.c             |  2 +-
> >  libsepol/cil/src/cil_binary.c      | 12 +++----
> >  libsepol/cil/src/cil_build_ast.c   |  6 ++--
> >  libsepol/cil/src/cil_find.c        | 10 +++---
> >  libsepol/cil/src/cil_post.c        |  2 +-
> >  libsepol/cil/src/cil_resolve_ast.c | 55 +++++++++++++-----------------
> >  libsepol/cil/src/cil_tree.c        |  2 +-
> >  7 files changed, 41 insertions(+), 48 deletions(-)
> >
> > --
> > 2.25.4
> >
>
> Hello,
> The content of these patches look good but there are two misspellings
> in the commit messages:
>
> * Patch 2 : "libsepol/cil: Git rid of unnecessary check in
> cil_gen_node()" -> "Get" instead of "Git"
> * Patch 6 : "libspepol/cil: Use the macro FLAVOR() whenever possible"
> -> "libsepol"
>
> With these changes:
> Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
>
> Feel free to apply the patches yourself, with the misspellings fixes.

Merged, with the two spelling fixes.
Thanks,
Nicolas