On 2/18/20 3:39 PM, James Carter wrote:
When checking whether or not an ebitmap has any bits set, use
ebitmap_length() instead of ebitmap_cardinality().
There is no need to find out how many bits are set, if all that is
needed is to determine if any bits are set at all.
Signed-off-by: James Carter <jwcart2@xxxxxxxxxxxxx>
---
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index e20c3d44..b1cbef08 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -2149,7 +2149,7 @@ static int role_to_cil(int indent, struct policydb *pdb, struct avrule_block *UN
}
}
- if (ebitmap_cardinality(&role->dominates) > 1) {
+ if (ebitmap_length(&role->dominates) > 1) {
log_err("Warning: role 'dominance' statement unsupported in CIL. Dropping from output.");
}
Noticed that this test differs from the rest, checking > 1 rather than
just comparing with 0. Not sure if it matters but ebitmap_length() will
be > 1 if role->dominates is non-empty even if it only has one bit set.
So maybe this one is supposed to really be ebitmap_cardinality()?
