Commit 66ccd256 authored by Ondrej Mosnacek's avatar Ondrej Mosnacek Committed by Paul Moore
Browse files

selinux: simplify away security_policydb_len() 



Remove the security_policydb_len() calls from sel_open_policy() and
instead update the inode size from the size returned from
security_read_policy().

Since after this change security_policydb_len() is only called from
security_load_policy(), remove it entirely and just open-code it there.

Also, since security_load_policy() is always called with policy_mutex
held, make it dereference the policy pointer directly and drop the
unnecessary RCU locking.

Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
Acked-by: default avatarStephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent 9ff9abc4

security/selinux/include/security.h

+0 −1
Original line number Diff line number Diff line
@@ -219,7 +219,6 @@ void selinux_policy_cancel(struct selinux_state *state, 
			struct selinux_policy *policy);

int security_read_policy(struct selinux_state *state,

			 void **data, size_t *len);

size_t security_policydb_len(struct selinux_state *state);



int security_policycap_supported(struct selinux_state *state,

				 unsigned int req_cap);

security/selinux/selinuxfs.c

+6 −6
Original line number Diff line number Diff line
@@ -415,16 +415,16 @@ static int sel_open_policy(struct inode *inode, struct file *filp) 
	if (!plm)

		goto err;



	if (i_size_read(inode) != security_policydb_len(state)) {

		inode_lock(inode);

		i_size_write(inode, security_policydb_len(state));

		inode_unlock(inode);

	}



	rc = security_read_policy(state, &plm->data, &plm->len);

	if (rc)

		goto err;



	if ((size_t)i_size_read(inode) != plm->len) {

		inode_lock(inode);

		i_size_write(inode, plm->len);

		inode_unlock(inode);

	}



	fsi->policy_opened = 1;



	filp->private_data = plm;

security/selinux/ss/services.c

+4 −23
Original line number Diff line number Diff line
@@ -2328,22 +2328,6 @@ err_policy: 
	return rc;

}



size_t security_policydb_len(struct selinux_state *state)

{

	struct selinux_policy *policy;

	size_t len;



	if (!selinux_initialized(state))

		return 0;



	rcu_read_lock();

	policy = rcu_dereference(state->policy);

	len = policy->policydb.len;

	rcu_read_unlock();



	return len;

}



/**

 * security_port_sid - Obtain the SID for a port.

 * @protocol: protocol number
@@ -3903,11 +3887,12 @@ int security_read_policy(struct selinux_state *state, 
	int rc;

	struct policy_file fp;



	if (!selinux_initialized(state))

	policy = rcu_dereference_protected(

			state->policy, lockdep_is_held(&state->policy_mutex));

	if (!policy)

		return -EINVAL;



	*len = security_policydb_len(state);



	*len = policy->policydb.len;

	*data = vmalloc_user(*len);

	if (!*data)

		return -ENOMEM;
@@ -3915,11 +3900,7 @@ int security_read_policy(struct selinux_state *state, 
	fp.data = *data;

	fp.len = *len;



	rcu_read_lock();

	policy = rcu_dereference(state->policy);

	rc = policydb_write(&policy->policydb, &fp);

	rcu_read_unlock();



	if (rc)

		return rc;

CRA Git | Maintained and supported by SUSTech CRA and CCSE