The first 13 patches refactor and cleanup the neverallow and neverallowxperm checking code to make it easier to understand. The last 3 patches fixes errors in the assertion checking code. This series is to prepare for adding not-self support to assertion checking. The only change for version 2 is in patch 7 where target_type should have been used instead of source_type. James Carter (16): libsepol: Return an error if check_assertion() returns an error. libsepol: Change label in check_assertion_avtab_match() libsepol: Remove uneeded error messages in assertion checking libsepol: Check for error from check_assertion_extended_permissions() libsepol: Use consistent return checking style libsepol: Move check of target types to before check for self libsepol: Create function check_assertion_self_match() and use it libsepol: Use (rc < 0) instead of (rc) when calling ebitmap functions libsepol: Remove unnessesary check for matching class libsepol: Move assigning outer loop index out of inner loop libsepol: Make use of previously created ebitmap when checking self libsepol: Refactor match_any_class_permissions() to be clearer libsepol: Make return value clearer when reporting neverallowx errors libsepol: The src and tgt must be the same if neverallow uses self libsepol: Set args avtab pointer when reporting assertion violations libsepol: Fix two problems with neverallowxperm reporting libsepol/src/assertion.c | 193 +++++++++++++++++++++------------------ 1 file changed, 102 insertions(+), 91 deletions(-) -- 2.31.1