On Mon, Sep 6, 2021 at 1:54 PM Nicolas Iooss <nicolas.iooss@xxxxxxx> wrote:
>
> On Wed, Sep 1, 2021 at 10:42 PM James Carter <jwcart2@xxxxxxxxx> wrote:
> >
> > For every call to cil_fill_classperms_list(), the syntax of the
> > whole rule, including the class permissions, has already been
> > checked. There is no reason to check it again. Also, because the
> > class permissions appear in the middle of some rules, like
> > constraints, the syntax array does not end with CIL_SYN_END. This
> > is the only case where the syntax array does not end with CIL_SYN_END.
> > This prevents __cil_verify_syntax() from requiring that the syntax
> > array ends with CIL_SYN_END.
> >
> > Remove the redundant syntax checking in cil_fill_classperms_list().
> >
> > Signed-off-by: James Carter <jwcart2@xxxxxxxxx>
> > ---
> > v2: Same as v1
>
> For these 3 patches:
>
> Acked-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
>
These three patches have been merged.
Jim
> Thanks,
> Nicolas
>
> >
> > libsepol/cil/src/cil_build_ast.c | 9 ---------
> > 1 file changed, 9 deletions(-)
> >
> > diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
> > index a5afc267..f0bb8c0c 100644
> > --- a/libsepol/cil/src/cil_build_ast.c
> > +++ b/libsepol/cil/src/cil_build_ast.c
> > @@ -736,20 +736,11 @@ int cil_fill_classperms_list(struct cil_tree_node *parse_current, struct cil_lis
> > {
> > int rc = SEPOL_ERR;
> > struct cil_tree_node *curr;
> > - enum cil_syntax syntax[] = {
> > - CIL_SYN_STRING | CIL_SYN_LIST,
> > - };
> > - int syntax_len = sizeof(syntax)/sizeof(*syntax);
> >
> > if (parse_current == NULL || cp_list == NULL) {
> > goto exit;
> > }
> >
> > - rc = __cil_verify_syntax(parse_current, syntax, syntax_len);
> > - if (rc != SEPOL_OK) {
> > - goto exit;
> > - }
> > -
> > cil_list_init(cp_list, CIL_CLASSPERMS);
> >
> > curr = parse_current->cl_head;
> > --
> > 2.31.1
> >
>
