selinux: simplify evaluate_cond_node()

It never fails, so it can just return void.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index 70c378ee1a2f6ad6c03de966aa56c691b16ab3be..04593062008dfbfdd60593f0e94572183bea964b 100644 (file)
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -85,7 +85,7 @@ static int cond_evaluate_expr(struct policydb *p, struct cond_expr *expr)
  * list appropriately. If the result of the expression is undefined
  * all of the rules are disabled for safety.
  */
-int evaluate_cond_node(struct policydb *p, struct cond_node *node)
+void evaluate_cond_node(struct policydb *p, struct cond_node *node)
 {
        int new_state;
        struct cond_av_list *cur;
@@ -111,7 +111,6 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node)
                                cur->node->key.specified |= AVTAB_ENABLED;
                }
        }
-       return 0;
 }
 
 int cond_policydb_init(struct policydb *p)

diff --git a/security/selinux/ss/conditional.h b/security/selinux/ss/conditional.h
index ec846e45904c8ddbe655895e6e7c5e6e4faad573..d86ef286ca84b2330801a492df1653c95b904f52 100644 (file)
--- a/security/selinux/ss/conditional.h
+++ b/security/selinux/ss/conditional.h
@@ -75,6 +75,6 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
                struct av_decision *avd, struct extended_perms *xperms);
 void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key,
                struct extended_perms_decision *xpermd);
-int evaluate_cond_node(struct policydb *p, struct cond_node *node);
+void evaluate_cond_node(struct policydb *p, struct cond_node *node);
 
 #endif /* _CONDITIONAL_H_ */

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 5cf491768142cbaaaec6befa0d0f3d5632450273..922b5e4a03e86f9113e1eda1b2f0bfa80605ef97 100644 (file)
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2956,11 +2956,8 @@ int security_set_bools(struct selinux_state *state, int len, int *values)
                        policydb->bool_val_to_struct[i]->state = 0;
        }
 
-       for (cur = policydb->cond_list; cur; cur = cur->next) {
-               rc = evaluate_cond_node(policydb, cur);
-               if (rc)
-                       goto out;
-       }
+       for (cur = policydb->cond_list; cur; cur = cur->next)
+               evaluate_cond_node(policydb, cur);
 
        seqno = ++state->ss->latest_granting;
        rc = 0;
@@ -3013,11 +3010,8 @@ static int security_preserve_bools(struct selinux_state *state,
                if (booldatum)
                        booldatum->state = bvalues[i];
        }
-       for (cur = policydb->cond_list; cur; cur = cur->next) {
-               rc = evaluate_cond_node(policydb, cur);
-               if (rc)
-                       goto out;
-       }
+       for (cur = policydb->cond_list; cur; cur = cur->next)
+               evaluate_cond_node(policydb, cur);
 
 out:
        if (bnames) {