+1 -2

security/selinux/ss/conditional.c

reviewed

··· 85 85 * list appropriately. If the result of the expression is undefined 86 86 * all of the rules are disabled for safety. 87 87 */ 88 88 - int evaluate_cond_node(struct policydb *p, struct cond_node *node) 88 88 + void evaluate_cond_node(struct policydb *p, struct cond_node *node) 89 89 { 90 90 int new_state; 91 91 struct cond_av_list *cur; ··· 111 111 cur->node->key.specified |= AVTAB_ENABLED; 112 112 } 113 113 } 114 114 - return 0; 115 114 } 116 115 117 116 int cond_policydb_init(struct policydb *p)

+1 -1

security/selinux/ss/conditional.h

reviewed

··· 75 75 struct av_decision *avd, struct extended_perms *xperms); 76 76 void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key, 77 77 struct extended_perms_decision *xpermd); 78 78 - int evaluate_cond_node(struct policydb *p, struct cond_node *node); 78 78 + void evaluate_cond_node(struct policydb *p, struct cond_node *node); 79 79 80 80 #endif /* _CONDITIONAL_H_ */

+4 -10

security/selinux/ss/services.c

reviewed

··· 2956 2956 policydb->bool_val_to_struct[i]->state = 0; 2957 2957 } 2958 2958 2959 2959 - for (cur = policydb->cond_list; cur; cur = cur->next) { 2960 2960 - rc = evaluate_cond_node(policydb, cur); 2961 2961 - if (rc) 2962 2962 - goto out; 2963 2963 - } 2959 2959 + for (cur = policydb->cond_list; cur; cur = cur->next) 2960 2960 + evaluate_cond_node(policydb, cur); 2964 2961 2965 2962 seqno = ++state->ss->latest_granting; 2966 2963 rc = 0; ··· 3010 3013 if (booldatum) 3011 3014 booldatum->state = bvalues[i]; 3012 3015 } 3013 3013 - for (cur = policydb->cond_list; cur; cur = cur->next) { 3014 3014 - rc = evaluate_cond_node(policydb, cur); 3015 3015 - if (rc) 3016 3016 - goto out; 3017 3017 - } 3016 3016 + for (cur = policydb->cond_list; cur; cur = cur->next) 3017 3017 + evaluate_cond_node(policydb, cur); 3018 3018 3019 3019 out: 3020 3020 if (bnames) {