Commit df4779b5 authored by Huaisheng Ye's avatar Huaisheng Ye Committed by Paul Moore
Browse files

selinux: remove redundant selinux_nlmsg_perm 



selinux_nlmsg_perm is used for only by selinux_netlink_send. Remove
the redundant function to simplify the code.

Fix a typo by suggestion from Stephen.

Signed-off-by: default avatarHuaisheng Ye <yehs1@lenovo.com>
Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent ae3d8c2e

security/selinux/hooks.c

+34 −39
Original line number Diff line number Diff line
@@ -5520,44 +5520,6 @@ static int selinux_tun_dev_open(void *security) 
	return 0;

}



static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)

{

	int err = 0;

	u32 perm;

	struct nlmsghdr *nlh;

	struct sk_security_struct *sksec = sk->sk_security;



	if (skb->len < NLMSG_HDRLEN) {

		err = -EINVAL;

		goto out;

	}

	nlh = nlmsg_hdr(skb);



	err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);

	if (err) {

		if (err == -EINVAL) {

			pr_warn_ratelimited("SELinux: unrecognized netlink"

			       " message: protocol=%hu nlmsg_type=%hu sclass=%s"

			       " pig=%d comm=%s\n",

			       sk->sk_protocol, nlh->nlmsg_type,

			       secclass_map[sksec->sclass - 1].name,

			       task_pid_nr(current), current->comm);

			if (!enforcing_enabled(&selinux_state) ||

			    security_get_allow_unknown(&selinux_state))

				err = 0;

		}



		/* Ignore */

		if (err == -ENOENT)

			err = 0;

		goto out;

	}



	err = sock_has_perm(sk, perm);

out:

	return err;

}



#ifdef CONFIG_NETFILTER



static unsigned int selinux_ip_forward(struct sk_buff *skb,
@@ -5886,7 +5848,40 @@ static unsigned int selinux_ipv6_postroute(void *priv, 


static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)

{

	return selinux_nlmsg_perm(sk, skb);

	int err = 0;

	u32 perm;

	struct nlmsghdr *nlh;

	struct sk_security_struct *sksec = sk->sk_security;



	if (skb->len < NLMSG_HDRLEN) {

		err = -EINVAL;

		goto out;

	}

	nlh = nlmsg_hdr(skb);



	err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);

	if (err) {

		if (err == -EINVAL) {

			pr_warn_ratelimited("SELinux: unrecognized netlink"

			       " message: protocol=%hu nlmsg_type=%hu sclass=%s"

			       " pid=%d comm=%s\n",

			       sk->sk_protocol, nlh->nlmsg_type,

			       secclass_map[sksec->sclass - 1].name,

			       task_pid_nr(current), current->comm);

			if (!enforcing_enabled(&selinux_state) ||

			    security_get_allow_unknown(&selinux_state))

				err = 0;

		}



		/* Ignore */

		if (err == -ENOENT)

			err = 0;

		goto out;

	}



	err = sock_has_perm(sk, perm);

out:

	return err;

}



static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass)

CRA Git | Maintained and supported by SUSTech CRA and CCSE