When check_assertion_extended_permissions() is called, it has already been determined that there is a match, and, since neither the class nor the permissions are used, there is no need for the check. Signed-off-by: James Carter <jwcart2@xxxxxxxxx> --- libsepol/src/assertion.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/libsepol/src/assertion.c b/libsepol/src/assertion.c index b48169ef..42fa87d9 100644 --- a/libsepol/src/assertion.c +++ b/libsepol/src/assertion.c @@ -377,7 +377,6 @@ static int check_assertion_extended_permissions(avrule_t *avrule, avtab_t *avtab ebitmap_t src_matches, tgt_matches, self_matches, matches; unsigned int i, j; ebitmap_node_t *snode, *tnode; - class_perm_node_t *cp; int rc; ebitmap_init(&src_matches); @@ -421,15 +420,11 @@ static int check_assertion_extended_permissions(avrule_t *avrule, avtab_t *avtab goto exit; } - for (cp = avrule->perms; cp; cp = cp->next) { - if (cp->tclass != k->target_class) - continue; - ebitmap_for_each_positive_bit(&src_matches, snode, i) { - ebitmap_for_each_positive_bit(&tgt_matches, tnode, j) { - if (check_assertion_extended_permissions_avtab(avrule, avtab, i, j, k, p)) { - rc = 1; - goto exit; - } + ebitmap_for_each_positive_bit(&src_matches, snode, i) { + ebitmap_for_each_positive_bit(&tgt_matches, tnode, j) { + if (check_assertion_extended_permissions_avtab(avrule, avtab, i, j, k, p)) { + rc = 1; + goto exit; } } } -- 2.31.1