@@ -85,29 +85,34 @@ static int cil_type_matches(ebitmap_t *matches, struct cil_symtab_datum *d1, str
enum cil_flavor f1 = FLAVOR(d1);
enum cil_flavor f2 = FLAVOR(d2);
- if (f1 != CIL_TYPEATTRIBUTE && f2 != CIL_TYPEATTRIBUTE) {
- struct cil_type *t1 = (struct cil_type *)d1;
- struct cil_type *t2 = (struct cil_type *)d2;
- if (t1->value == t2->value) {
- ebitmap_set_bit(matches, t1->value, 1);
- }
- } else if (f1 == CIL_TYPEATTRIBUTE && f2 != CIL_TYPEATTRIBUTE) {
- struct cil_typeattribute *a = (struct cil_typeattribute *)d1;
- struct cil_type *t = (struct cil_type *)d2;
- if (ebitmap_get_bit(a->types, t->value)) {
- ebitmap_set_bit(matches, t->value, 1);
- }
- } else if (f1 != CIL_TYPEATTRIBUTE && f2 == CIL_TYPEATTRIBUTE) {
- struct cil_type *t = (struct cil_type *)d1;
- struct cil_typeattribute *a = (struct cil_typeattribute *)d2;
- if (ebitmap_get_bit(a->types, t->value)) {
- ebitmap_set_bit(matches, t->value, 1);
- }
- } else {
- /* Both are attributes */
+ if (f1 == CIL_TYPEATTRIBUTE && f2 == CIL_TYPEATTRIBUTE) {
struct cil_typeattribute *a1 = (struct cil_typeattribute *)d1;
struct cil_typeattribute *a2 = (struct cil_typeattribute *)d2;
rc = ebitmap_and(matches, a1->types, a2->types);
+ } else {
+ ebitmap_init(matches);
+ if (f1 != CIL_TYPEATTRIBUTE && f2 != CIL_TYPEATTRIBUTE) {
+ struct cil_type *t1 = (struct cil_type *)d1;
+ struct cil_type *t2 = (struct cil_type *)d2;
+ if (t1->value == t2->value) {
+ rc = ebitmap_set_bit(matches, t1->value, 1);
+ }
+ } else if (f1 == CIL_TYPEATTRIBUTE && f2 != CIL_TYPEATTRIBUTE) {
+ struct cil_typeattribute *a = (struct cil_typeattribute *)d1;
+ struct cil_type *t = (struct cil_type *)d2;
+ if (ebitmap_get_bit(a->types, t->value)) {
+ rc = ebitmap_set_bit(matches, t->value, 1);
+ }
+ } else { // f1 != CIL_TYPEATTRIBUTE && f2 == CIL_TYPEATTRIBUTE
+ struct cil_type *t = (struct cil_type *)d1;
+ struct cil_typeattribute *a = (struct cil_typeattribute *)d2;
+ if (ebitmap_get_bit(a->types, t->value)) {
+ rc = ebitmap_set_bit(matches, t->value, 1);
+ }
+ }
+ if (rc != SEPOL_OK) {
+ ebitmap_destroy(matches);
+ }
}
return rc;
@@ -115,31 +120,28 @@ static int cil_type_matches(ebitmap_t *matches, struct cil_symtab_datum *d1, str
/* s1 is the src type that is matched with a self
* s2, and t2 are the source and type of the other rule
+ * Assumes there is a match between s1 and s2
*/
static int cil_self_match_any(struct cil_symtab_datum *s1, struct cil_symtab_datum *s2, struct cil_symtab_datum *t2)
{
int rc;
- struct cil_tree_node *n1 = NODE(s1);
- if (n1->flavor != CIL_TYPEATTRIBUTE) {
+
+ if (FLAVOR(s1) != CIL_TYPEATTRIBUTE) {
rc = cil_type_match_any(s1, t2);
} else {
struct cil_typeattribute *a = (struct cil_typeattribute *)s1;
ebitmap_t map;
- ebitmap_init(&map);
rc = cil_type_matches(&map, s2, t2);
if (rc < 0) {
- ebitmap_destroy(&map);
- goto exit;
+ return rc;
}
- if (map.node == NULL) {
- rc = CIL_FALSE;
- goto exit;
+ if (ebitmap_is_empty(&map)) {
+ return CIL_FALSE;
}
rc = ebitmap_match_any(&map, a->types);
ebitmap_destroy(&map);
}
-exit:
return rc;
}
While it does no harm to call ebitmap_init() twice for an ebitmap, since it is just memsetting the ebitmap to 0, it is poor practice. In the function cil_type_matches() in cil_find.c, either ebitmap_and() or ebitmap_set_bit() will be called. The function ebitmap_and() will call ebitmap_init() on the destination ebitmap, but ebitmap_set_bit() does not. Instead of calling ebitmap_init() before the call to cil_type_matches(), let cil_type_matches() make the call if it is going to call ebitmap_set_bit(). It can also call ebitmap_destroy() on an error. Since we are removing the call to ebitmap_init() in cil_self_match_any(), cleanup some other things in the function (like using the FLAVOR() macro and using ebitmap_is_empty()). Signed-off-by: James Carter <jwcart2@gmail.com> --- libsepol/cil/src/cil_find.c | 60 +++++++++++++++++++------------------ 1 file changed, 31 insertions(+), 29 deletions(-)