RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-02-01 02:12:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

libsepol/cil: Remove redundant syntax checking

Browse Source 
For every call to cil_fill_classperms_list(), the syntax of the
whole rule, including the class permissions, has already been
checked. There is no reason to check it again. Also, because the
class permissions appear in the middle of some rules, like
constraints, the syntax array does not end with CIL_SYN_END. This
is the only case where the syntax array does not end with CIL_SYN_END.
This prevents __cil_verify_syntax() from requiring that the syntax
array ends with CIL_SYN_END.

Remove the redundant syntax checking in cil_fill_classperms_list().

Signed-off-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
James Carter 2021-09-01 16:08:28 -04:00
parent 4878981229
commit 6390a28a30
1 changed files with 0 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
libsepol/cil/src/cil_build_ast.c
View File

@ -752,20 +752,11 @@ int cil_fill_classperms_list(struct cil_tree_node *parse_current, struct cil_lis
{
int rc = SEPOL_ERR;
struct cil_tree_node *curr;
enum cil_syntax syntax[] = {
CIL_SYN_STRING | CIL_SYN_LIST,
};
int syntax_len = sizeof(syntax)/sizeof(*syntax);
if (parse_current == NULL || cp_list == NULL) {
goto exit;
}
rc = __cil_verify_syntax(parse_current, syntax, syntax_len);
if (rc != SEPOL_OK) {
goto exit;
}
cil_list_init(cp_list, CIL_CLASSPERMS);
curr = parse_current->cl_head;