selinux/libsepol
James Carter 3b71e51637 libsepol: Make use of previously created ebitmap when checking self
In both check_assertion_extended_permissions() and
report_assertion_avtab_matches(), when checking for a match involving
a rule using self, the matches between the source and target of the
rule being checked are found using ebitmap_and() and then the matches
between that result and the source of the neverallow are found using
another ebitmap_and() call.

Since the matches between the sources of the rule being checked and
the neverallow have already been found, just find the matches between
that result and the target of the rule being checked. This only
requires one call to ebitmap_and() instead of two.

Signed-off-by: James Carter <jwcart2@gmail.com>
2022-02-24 10:38:18 -05:00
..
cil libsepol/cil: Ensure that the class in a classcommon is a kernel class 2022-02-11 14:07:03 -05:00
fuzz libsepol: add libfuzz based fuzzer for reading binary policies 2021-12-15 12:48:28 -05:00
include libsepol: avoid implicit conversions 2021-07-13 21:01:07 +02:00
man selinux: Update manpages after removing legacy boolean and user code 2019-07-29 23:46:47 +02:00
src libsepol: Make use of previously created ebitmap when checking self 2022-02-24 10:38:18 -05:00
tests ci: run the tests under ASan/UBsan on GHActions 2022-01-06 10:34:33 -05:00
utils
.gitignore
COPYING
Makefile
VERSION Update VERSIONs to 3.3 for release. 2021-10-21 16:31:23 +02:00