For every call to cil_fill_classperms_list(), the syntax of the
whole rule, including the class permissions, has already been
checked. There is no reason to check it again. Also, because the
class permissions appear in the middle of some rules, like
constraints, the syntax array does not end with CIL_SYN_END. This
is the only case where the syntax array does not end with CIL_SYN_END.
This prevents __cil_verify_syntax() from requiring that the syntax
array ends with CIL_SYN_END.
Remove the redundant syntax checking in cil_fill_classperms_list().
Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
---
libsepol/cil/src/cil_build_ast.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
index 9da90883..514cac8d 100644
--- a/libsepol/cil/src/cil_build_ast.c
+++ b/libsepol/cil/src/cil_build_ast.c
@@ -736,20 +736,11 @@ int cil_fill_classperms_list(struct cil_tree_node *parse_current, struct cil_lis
{
int rc = SEPOL_ERR;
struct cil_tree_node *curr;
- enum cil_syntax syntax[] = {
- CIL_SYN_STRING | CIL_SYN_LIST,
- };
- int syntax_len = sizeof(syntax)/sizeof(*syntax);
if (parse_current == NULL || cp_list == NULL) {
goto exit;
}
- rc = __cil_verify_syntax(parse_current, syntax, syntax_len);
- if (rc != SEPOL_OK) {
- goto exit;
- }
-
cil_list_init(cp_list, CIL_CLASSPERMS);
curr = parse_current->cl_head;
--
2.31.1
