On Thu, Jun 11, 2020 at 10:48 PM <trix@xxxxxxxxxx> wrote:
[...]
> diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
> index da94a1b4bfda..d0d6668709f0 100644
> --- a/security/selinux/ss/conditional.c
> +++ b/security/selinux/ss/conditional.c
> @@ -392,26 +392,21 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
>
> rc = next_entry(buf, fp, sizeof(u32) * 2);
> if (rc)
> - goto err;
> + return rc;
>
> expr->expr_type = le32_to_cpu(buf[0]);
> expr->bool = le32_to_cpu(buf[1]);
>
> if (!expr_node_isvalid(p, expr)) {
> rc = -EINVAL;
> - goto err;
> + return rc;
> }
Sorry for more nitpicking... This can be further simplified to just
"return -EINVAL;" and the braces can be removed.
> }
>
> rc = cond_read_av_list(p, fp, &node->true_list, NULL);
> if (rc)
> - goto err;
> + return rc;
> rc = cond_read_av_list(p, fp, &node->false_list, &node->true_list);
> - if (rc)
> - goto err;
> - return 0;
> -err:
> - cond_node_destroy(node);
> return rc;
Also here you can skip the rc assignment:
return cond_read_av_list(p, fp, &node->false_list, &node->true_list);
> }
>
> --
> 2.18.1
--
Ondrej Mosnacek
Software Engineer, Platform Security - SELinux kernel
Red Hat, Inc.
