diff mbox series

[08/16,v2] libsepol: Use (rc < 0) instead of (rc) when calling ebitmap functions

Message ID 20220111215446.595516-9-jwcart2@gmail.com (mailing list archive)
State Accepted
Commit 68d32d2c27bc
Headers show
Series Refactor and fix assertion checking | expand

Commit Message

James Carter Jan. 11, 2022, 9:54 p.m. UTC
Inorder to differentiate errors from matches, use "(rc < 0)" when
calling ebitmap_* functions while checking neverallow rules.

Also, just use rc instead of having a separate variable (ret) in
check_assertion_extended_permissions().

Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/src/assertion.c | 44 ++++++++++++++++++++++------------------
 1 file changed, 24 insertions(+), 20 deletions(-)
diff mbox series

Patch

diff --git a/libsepol/src/assertion.c b/libsepol/src/assertion.c
index 6881c5f6..b48169ef 100644
--- a/libsepol/src/assertion.c
+++ b/libsepol/src/assertion.c
@@ -231,27 +231,27 @@  static int report_assertion_avtab_matches(avtab_key_t *k, avtab_datum_t *d, void
 
 	rc = ebitmap_and(&src_matches, &avrule->stypes.types,
 			 &p->attr_type_map[k->source_type - 1]);
-	if (rc)
+	if (rc < 0)
 		goto oom;
 
 	if (ebitmap_is_empty(&src_matches))
 		goto exit;
 
 	rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types, &p->attr_type_map[k->target_type -1]);
-	if (rc)
+	if (rc < 0)
 		goto oom;
 
 	if (avrule->flags == RULE_SELF) {
 		rc = ebitmap_and(&matches, &p->attr_type_map[k->source_type - 1], &p->attr_type_map[k->target_type - 1]);
-		if (rc)
+		if (rc < 0)
 			goto oom;
 		rc = ebitmap_and(&self_matches, &avrule->stypes.types, &matches);
-		if (rc)
+		if (rc < 0)
 			goto oom;
 
 		if (!ebitmap_is_empty(&self_matches)) {
 			rc = ebitmap_union(&tgt_matches, &self_matches);
-			if (rc)
+			if (rc < 0)
 				goto oom;
 		}
 	}
@@ -299,11 +299,11 @@  static int report_assertion_failures(sepol_handle_t *handle, policydb_t *p, avru
 	args.errors = 0;
 
 	rc = avtab_map(&p->te_avtab, report_assertion_avtab_matches, &args);
-	if (rc)
+	if (rc < 0)
 		goto oom;
 
 	rc = avtab_map(&p->te_cond_avtab, report_assertion_avtab_matches, &args);
-	if (rc)
+	if (rc < 0)
 		goto oom;
 
 	return args.errors;
@@ -379,7 +379,6 @@  static int check_assertion_extended_permissions(avrule_t *avrule, avtab_t *avtab
 	ebitmap_node_t *snode, *tnode;
 	class_perm_node_t *cp;
 	int rc;
-	int ret = 1;
 
 	ebitmap_init(&src_matches);
 	ebitmap_init(&tgt_matches);
@@ -388,56 +387,61 @@  static int check_assertion_extended_permissions(avrule_t *avrule, avtab_t *avtab
 
 	rc = ebitmap_and(&src_matches, &avrule->stypes.types,
 			 &p->attr_type_map[k->source_type - 1]);
-	if (rc)
+	if (rc < 0)
 		goto oom;
 
-	if (ebitmap_is_empty(&src_matches))
+	if (ebitmap_is_empty(&src_matches)) {
+		rc = 0;
 		goto exit;
+	}
 
 	rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types,
 			 &p->attr_type_map[k->target_type -1]);
-	if (rc)
+	if (rc < 0)
 		goto oom;
 
 	if (avrule->flags == RULE_SELF) {
 		rc = ebitmap_and(&matches, &p->attr_type_map[k->source_type - 1],
 				&p->attr_type_map[k->target_type - 1]);
-		if (rc)
+		if (rc < 0)
 			goto oom;
 		rc = ebitmap_and(&self_matches, &avrule->stypes.types, &matches);
-		if (rc)
+		if (rc < 0)
 			goto oom;
 
 		if (!ebitmap_is_empty(&self_matches)) {
 			rc = ebitmap_union(&tgt_matches, &self_matches);
-			if (rc)
+			if (rc < 0)
 				goto oom;
 		}
 	}
 
-	if (ebitmap_is_empty(&tgt_matches))
+	if (ebitmap_is_empty(&tgt_matches)) {
+		rc = 0;
 		goto exit;
+	}
 
 	for (cp = avrule->perms; cp; cp = cp->next) {
 		if (cp->tclass != k->target_class)
 			continue;
 		ebitmap_for_each_positive_bit(&src_matches, snode, i) {
 			ebitmap_for_each_positive_bit(&tgt_matches, tnode, j) {
-				ret = check_assertion_extended_permissions_avtab(
-						avrule, avtab, i, j, k, p);
-				if (ret)
+				if (check_assertion_extended_permissions_avtab(avrule, avtab, i, j, k, p)) {
+					rc = 1;
 					goto exit;
+				}
 			}
 		}
 	}
-	goto exit;
+
+	rc = 0;
 
 oom:
 exit:
 	ebitmap_destroy(&src_matches);
 	ebitmap_destroy(&tgt_matches);
 	ebitmap_destroy(&matches);
-	return ret;
+	return rc;
 }
 
 static int check_assertion_self_match(avtab_key_t *k, avrule_t *avrule, policydb_t *p)