Commit 5298d0b9 authored by Stephen Smalley's avatar Stephen Smalley Committed by Paul Moore
Browse files

selinux: clean up selinux_inode_permission MAY_NOT_BLOCK tests 



Through a somewhat convoluted series of changes, we have ended up
with multiple unnecessary occurrences of (flags & MAY_NOT_BLOCK)
tests in selinux_inode_permission().  Clean it up and simplify.
No functional change.

Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent 0188d5c0

security/selinux/hooks.c

+4 −4
Original line number Diff line number Diff line
@@ -3033,7 +3033,7 @@ static int selinux_inode_permission(struct inode *inode, int mask) 
	const struct cred *cred = current_cred();

	u32 perms;

	bool from_access;

	unsigned flags = mask & MAY_NOT_BLOCK;

	bool no_block = mask & MAY_NOT_BLOCK;

	struct inode_security_struct *isec;

	u32 sid;

	struct av_decision avd;
@@ -3055,13 +3055,13 @@ static int selinux_inode_permission(struct inode *inode, int mask) 
	perms = file_mask_to_av(inode->i_mode, mask);



	sid = cred_sid(cred);

	isec = inode_security_rcu(inode, flags & MAY_NOT_BLOCK);

	isec = inode_security_rcu(inode, no_block);

	if (IS_ERR(isec))

		return PTR_ERR(isec);



	rc = avc_has_perm_noaudit(&selinux_state,

				  sid, isec->sid, isec->sclass, perms,

				  (flags & MAY_NOT_BLOCK) ? AVC_NONBLOCKING : 0,

				  no_block ? AVC_NONBLOCKING : 0,

				  &avd);

	audited = avc_audit_required(perms, &avd, rc,

				     from_access ? FILE__AUDIT_ACCESS : 0,
@@ -3070,7 +3070,7 @@ static int selinux_inode_permission(struct inode *inode, int mask) 
		return rc;



	/* fall back to ref-walk if we have to generate audit */

	if (flags & MAY_NOT_BLOCK)

	if (no_block)

		return -ECHILD;



	rc2 = audit_inode_permission(inode, perms, audited, denied, rc);

CRA Git | Maintained and supported by SUSTech CRA and CCSE