All of lore.kernel.org
 help / color / mirror / Atom feed
From: James Carter <jwcart2@gmail.com>
To: selinux@vger.kernel.org
Cc: cgzones@googlemail.com, James Carter <jwcart2@gmail.com>
Subject: [PATCH 09/16 v2] libsepol: Remove unnessesary check for matching class
Date: Tue, 11 Jan 2022 16:54:39 -0500	[thread overview]
Message-ID: <20220111215446.595516-10-jwcart2@gmail.com> (raw)
In-Reply-To: <20220111215446.595516-1-jwcart2@gmail.com>

When check_assertion_extended_permissions() is called, it has already
been determined that there is a match, and, since neither the class
nor the permissions are used, there is no need for the check.

Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/src/assertion.c | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/libsepol/src/assertion.c b/libsepol/src/assertion.c
index b48169ef..42fa87d9 100644
--- a/libsepol/src/assertion.c
+++ b/libsepol/src/assertion.c
@@ -377,7 +377,6 @@ static int check_assertion_extended_permissions(avrule_t *avrule, avtab_t *avtab
 	ebitmap_t src_matches, tgt_matches, self_matches, matches;
 	unsigned int i, j;
 	ebitmap_node_t *snode, *tnode;
-	class_perm_node_t *cp;
 	int rc;
 
 	ebitmap_init(&src_matches);
@@ -421,15 +420,11 @@ static int check_assertion_extended_permissions(avrule_t *avrule, avtab_t *avtab
 		goto exit;
 	}
 
-	for (cp = avrule->perms; cp; cp = cp->next) {
-		if (cp->tclass != k->target_class)
-			continue;
-		ebitmap_for_each_positive_bit(&src_matches, snode, i) {
-			ebitmap_for_each_positive_bit(&tgt_matches, tnode, j) {
-				if (check_assertion_extended_permissions_avtab(avrule, avtab, i, j, k, p)) {
-					rc = 1;
-					goto exit;
-				}
+	ebitmap_for_each_positive_bit(&src_matches, snode, i) {
+		ebitmap_for_each_positive_bit(&tgt_matches, tnode, j) {
+			if (check_assertion_extended_permissions_avtab(avrule, avtab, i, j, k, p)) {
+				rc = 1;
+				goto exit;
 			}
 		}
 	}
-- 
2.31.1


  parent reply	other threads:[~2022-01-11 21:55 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-11 21:54 [PATCH 00/16 v2] Refactor and fix assertion checking James Carter
2022-01-11 21:54 ` [PATCH 01/16 v2] libsepol: Return an error if check_assertion() returns an error James Carter
2022-01-11 21:54 ` [PATCH 02/16 v2] libsepol: Change label in check_assertion_avtab_match() James Carter
2022-01-11 21:54 ` [PATCH 03/16 v2] libsepol: Remove uneeded error messages in assertion checking James Carter
2022-01-11 21:54 ` [PATCH 04/16 v2] libsepol: Check for error from check_assertion_extended_permissions() James Carter
2022-01-11 21:54 ` [PATCH 05/16 v2] libsepol: Use consistent return checking style James Carter
2022-01-11 21:54 ` [PATCH 06/16 v2] libsepol: Move check of target types to before check for self James Carter
2022-01-11 21:54 ` [PATCH 07/16 v2] libsepol: Create function check_assertion_self_match() and use it James Carter
2022-01-11 21:54 ` [PATCH 08/16 v2] libsepol: Use (rc < 0) instead of (rc) when calling ebitmap functions James Carter
2022-01-11 21:54 ` James Carter [this message]
2022-01-11 21:54 ` [PATCH 10/16 v2] libsepol: Move assigning outer loop index out of inner loop James Carter
2022-01-11 21:54 ` [PATCH 11/16 v2] libsepol: Make use of previously created ebitmap when checking self James Carter
2022-01-11 21:54 ` [PATCH 12/16 v2] libsepol: Refactor match_any_class_permissions() to be clearer James Carter
2022-01-11 21:54 ` [PATCH 13/16 v2] libsepol: Make return value clearer when reporting neverallowx errors James Carter
2022-01-11 21:54 ` [PATCH 14/16 v2] libsepol: The src and tgt must be the same if neverallow uses self James Carter
2022-01-11 21:54 ` [PATCH 15/16 v2] libsepol: Set args avtab pointer when reporting assertion violations James Carter
2022-01-11 21:54 ` [PATCH 16/16 v2] libsepol: Fix two problems with neverallowxperm reporting James Carter
2022-02-18 21:16 ` [PATCH 00/16 v2] Refactor and fix assertion checking James Carter
2022-02-24 21:07   ` James Carter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220111215446.595516-10-jwcart2@gmail.com \
    --to=jwcart2@gmail.com \
    --cc=cgzones@googlemail.com \
    --cc=selinux@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.