[09/16] libsepol: Remove unnessesary check for matching class

Commit Message

James Carter Dec. 17, 2021, 6:19 p.m. UTC

When check_assertion_extended_permissions() is called, it has already
been determined that there is a match, and, since neither the class
nor the permissions are used, there is no need for the check.

Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/src/assertion.c | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

Patch

diff --git a/libsepol/src/assertion.c b/libsepol/src/assertion.c
index cf10e41d..7aaaf303 100644
--- a/libsepol/src/assertion.c
+++ b/libsepol/src/assertion.c
@@ -377,7 +377,6 @@  static int check_assertion_extended_permissions(avrule_t *avrule, avtab_t *avtab
 	ebitmap_t src_matches, tgt_matches, self_matches, matches;
 	unsigned int i, j;
 	ebitmap_node_t *snode, *tnode;
-	class_perm_node_t *cp;
 	int rc;
 
 	ebitmap_init(&src_matches);
@@ -421,15 +420,11 @@  static int check_assertion_extended_permissions(avrule_t *avrule, avtab_t *avtab
 		goto exit;
 	}
 
-	for (cp = avrule->perms; cp; cp = cp->next) {
-		if (cp->tclass != k->target_class)
-			continue;
-		ebitmap_for_each_positive_bit(&src_matches, snode, i) {
-			ebitmap_for_each_positive_bit(&tgt_matches, tnode, j) {
-				if (check_assertion_extended_permissions_avtab(avrule, avtab, i, j, k, p)) {
-					rc = 1;
-					goto exit;
-				}
+	ebitmap_for_each_positive_bit(&src_matches, snode, i) {
+		ebitmap_for_each_positive_bit(&tgt_matches, tnode, j) {
+			if (check_assertion_extended_permissions_avtab(avrule, avtab, i, j, k, p)) {
+				rc = 1;
+				goto exit;
 			}
 		}
 	}