| Message ID | 20210901204252.635570-1-jwcart2@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/3,v2] libsepol/cil: Remove redundant syntax checking | expand |
On Wed, Sep 1, 2021 at 10:42 PM James Carter <jwcart2@gmail.com> wrote: > > For every call to cil_fill_classperms_list(), the syntax of the > whole rule, including the class permissions, has already been > checked. There is no reason to check it again. Also, because the > class permissions appear in the middle of some rules, like > constraints, the syntax array does not end with CIL_SYN_END. This > is the only case where the syntax array does not end with CIL_SYN_END. > This prevents __cil_verify_syntax() from requiring that the syntax > array ends with CIL_SYN_END. > > Remove the redundant syntax checking in cil_fill_classperms_list(). > > Signed-off-by: James Carter <jwcart2@gmail.com> > --- > v2: Same as v1 For these 3 patches: Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org> Thanks, Nicolas > > libsepol/cil/src/cil_build_ast.c | 9 --------- > 1 file changed, 9 deletions(-) > > diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c > index a5afc267..f0bb8c0c 100644 > --- a/libsepol/cil/src/cil_build_ast.c > +++ b/libsepol/cil/src/cil_build_ast.c > @@ -736,20 +736,11 @@ int cil_fill_classperms_list(struct cil_tree_node *parse_current, struct cil_lis > { > int rc = SEPOL_ERR; > struct cil_tree_node *curr; > - enum cil_syntax syntax[] = { > - CIL_SYN_STRING | CIL_SYN_LIST, > - }; > - int syntax_len = sizeof(syntax)/sizeof(*syntax); > > if (parse_current == NULL || cp_list == NULL) { > goto exit; > } > > - rc = __cil_verify_syntax(parse_current, syntax, syntax_len); > - if (rc != SEPOL_OK) { > - goto exit; > - } > - > cil_list_init(cp_list, CIL_CLASSPERMS); > > curr = parse_current->cl_head; > -- > 2.31.1 >
On Mon, Sep 6, 2021 at 1:54 PM Nicolas Iooss <nicolas.iooss@m4x.org> wrote: > > On Wed, Sep 1, 2021 at 10:42 PM James Carter <jwcart2@gmail.com> wrote: > > > > For every call to cil_fill_classperms_list(), the syntax of the > > whole rule, including the class permissions, has already been > > checked. There is no reason to check it again. Also, because the > > class permissions appear in the middle of some rules, like > > constraints, the syntax array does not end with CIL_SYN_END. This > > is the only case where the syntax array does not end with CIL_SYN_END. > > This prevents __cil_verify_syntax() from requiring that the syntax > > array ends with CIL_SYN_END. > > > > Remove the redundant syntax checking in cil_fill_classperms_list(). > > > > Signed-off-by: James Carter <jwcart2@gmail.com> > > --- > > v2: Same as v1 > > For these 3 patches: > > Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org> > These three patches have been merged. Jim > Thanks, > Nicolas > > > > > libsepol/cil/src/cil_build_ast.c | 9 --------- > > 1 file changed, 9 deletions(-) > > > > diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c > > index a5afc267..f0bb8c0c 100644 > > --- a/libsepol/cil/src/cil_build_ast.c > > +++ b/libsepol/cil/src/cil_build_ast.c > > @@ -736,20 +736,11 @@ int cil_fill_classperms_list(struct cil_tree_node *parse_current, struct cil_lis > > { > > int rc = SEPOL_ERR; > > struct cil_tree_node *curr; > > - enum cil_syntax syntax[] = { > > - CIL_SYN_STRING | CIL_SYN_LIST, > > - }; > > - int syntax_len = sizeof(syntax)/sizeof(*syntax); > > > > if (parse_current == NULL || cp_list == NULL) { > > goto exit; > > } > > > > - rc = __cil_verify_syntax(parse_current, syntax, syntax_len); > > - if (rc != SEPOL_OK) { > > - goto exit; > > - } > > - > > cil_list_init(cp_list, CIL_CLASSPERMS); > > > > curr = parse_current->cl_head; > > -- > > 2.31.1 > > >
diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index a5afc267..f0bb8c0c 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -736,20 +736,11 @@ int cil_fill_classperms_list(struct cil_tree_node *parse_current, struct cil_lis { int rc = SEPOL_ERR; struct cil_tree_node *curr; - enum cil_syntax syntax[] = { - CIL_SYN_STRING | CIL_SYN_LIST, - }; - int syntax_len = sizeof(syntax)/sizeof(*syntax); if (parse_current == NULL || cp_list == NULL) { goto exit; } - rc = __cil_verify_syntax(parse_current, syntax, syntax_len); - if (rc != SEPOL_OK) { - goto exit; - } - cil_list_init(cp_list, CIL_CLASSPERMS); curr = parse_current->cl_head;
For every call to cil_fill_classperms_list(), the syntax of the whole rule, including the class permissions, has already been checked. There is no reason to check it again. Also, because the class permissions appear in the middle of some rules, like constraints, the syntax array does not end with CIL_SYN_END. This is the only case where the syntax array does not end with CIL_SYN_END. This prevents __cil_verify_syntax() from requiring that the syntax array ends with CIL_SYN_END. Remove the redundant syntax checking in cil_fill_classperms_list(). Signed-off-by: James Carter <jwcart2@gmail.com> --- v2: Same as v1 libsepol/cil/src/cil_build_ast.c | 9 --------- 1 file changed, 9 deletions(-)