I plan on merging this series next week. Jim On Tue, Jan 11, 2022 at 4:54 PM James Carter <jwcart2@xxxxxxxxx> wrote: > > The first 13 patches refactor and cleanup the neverallow and > neverallowxperm checking code to make it easier to understand. > > The last 3 patches fixes errors in the assertion checking code. > > This series is to prepare for adding not-self support to assertion > checking. > > The only change for version 2 is in patch 7 where target_type should > have been used instead of source_type. > > James Carter (16): > libsepol: Return an error if check_assertion() returns an error. > libsepol: Change label in check_assertion_avtab_match() > libsepol: Remove uneeded error messages in assertion checking > libsepol: Check for error from check_assertion_extended_permissions() > libsepol: Use consistent return checking style > libsepol: Move check of target types to before check for self > libsepol: Create function check_assertion_self_match() and use it > libsepol: Use (rc < 0) instead of (rc) when calling ebitmap functions > libsepol: Remove unnessesary check for matching class > libsepol: Move assigning outer loop index out of inner loop > libsepol: Make use of previously created ebitmap when checking self > libsepol: Refactor match_any_class_permissions() to be clearer > libsepol: Make return value clearer when reporting neverallowx errors > libsepol: The src and tgt must be the same if neverallow uses self > libsepol: Set args avtab pointer when reporting assertion violations > libsepol: Fix two problems with neverallowxperm reporting > > libsepol/src/assertion.c | 193 +++++++++++++++++++++------------------ > 1 file changed, 102 insertions(+), 91 deletions(-) > > -- > 2.31.1 >
