On 2/19/20 8:30 AM, Stephen Smalley wrote:
On 2/18/20 3:39 PM, James Carter wrote:
When checking whether or not an ebitmap has any bits set, use
ebitmap_length() instead of ebitmap_cardinality().
There is no need to find out how many bits are set, if all that is
needed is to determine if any bits are set at all.
Signed-off-by: James Carter <jwcart2@xxxxxxxxxxxxx>
---
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index e20c3d44..b1cbef08 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -2149,7 +2149,7 @@ static int role_to_cil(int indent, struct policydb *pdb,
struct avrule_block *UN
}
}
- if (ebitmap_cardinality(&role->dominates) > 1) {
+ if (ebitmap_length(&role->dominates) > 1) {
log_err("Warning: role 'dominance' statement unsupported in CIL.
Dropping from output.");
}
Noticed that this test differs from the rest, checking > 1 rather than just
comparing with 0. Not sure if it matters but ebitmap_length() will be > 1 if
role->dominates is non-empty even if it only has one bit set. So maybe this one
is supposed to really be ebitmap_cardinality()?
You are right. I misread this one.
Jim
--
James Carter <jwcart2@xxxxxxxxxxxxx>
National Security Agency
