diff options
| author | Christian Göttsche <cgzones@googlemail.com> | 2023-07-18 20:06:27 +0200 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2023-07-19 11:04:28 -0400 |
| commit | 08a12b39e289fedf755afbc81de44a5cd1286b4b (patch) | |
| tree | 54a223508300e5a7b350d67ad53e931d836a44fa | |
| parent | 90aa4f5e92f2797c3c86e05f588ab277b0e0ba39 (diff) | |
selinux: drop avtab_search()
avtab_search() shares the same logic with avtab_search_node(), except
that it returns, if found, a pointer to the struct avtab_node member
datum instead of the node itself. Since the member is an embedded
struct, and not a pointer, the returned value of avtab_search() and
avtab_search_node() will always in unison either be NULL or non-NULL.
Drop avtab_search() and replace its calls by avtab_search_node() to
deduplicate logic and adopt the only caller caring for the type of
the returned value accordingly.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
| -rw-r--r-- | security/selinux/ss/avtab.c | 32 | ||||
| -rw-r--r-- | security/selinux/ss/avtab.h | 1 | ||||
| -rw-r--r-- | security/selinux/ss/conditional.c | 4 | ||||
| -rw-r--r-- | security/selinux/ss/services.c | 13 |
4 files changed, 8 insertions, 42 deletions
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index 8d7c14ca27a2..5fd439c5b8a4 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c @@ -180,38 +180,6 @@ struct avtab_node *avtab_insert_nonunique(struct avtab *h, return avtab_insert_node(h, hvalue, prev, key, datum); } -struct avtab_datum *avtab_search(struct avtab *h, const struct avtab_key *key) -{ - int hvalue; - struct avtab_node *cur; - u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); - - if (!h || !h->nslot) - return NULL; - - hvalue = avtab_hash(key, h->mask); - for (cur = h->htable[hvalue]; cur; - cur = cur->next) { - if (key->source_type == cur->key.source_type && - key->target_type == cur->key.target_type && - key->target_class == cur->key.target_class && - (specified & cur->key.specified)) - return &cur->datum; - - if (key->source_type < cur->key.source_type) - break; - if (key->source_type == cur->key.source_type && - key->target_type < cur->key.target_type) - break; - if (key->source_type == cur->key.source_type && - key->target_type == cur->key.target_type && - key->target_class < cur->key.target_class) - break; - } - - return NULL; -} - /* This search function returns a node pointer, and can be used in * conjunction with avtab_search_next_node() */ diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h index f265e9da18e2..c2b88430c916 100644 --- a/security/selinux/ss/avtab.h +++ b/security/selinux/ss/avtab.h @@ -90,7 +90,6 @@ struct avtab { void avtab_init(struct avtab *h); int avtab_alloc(struct avtab *, u32); int avtab_alloc_dup(struct avtab *new, const struct avtab *orig); -struct avtab_datum *avtab_search(struct avtab *h, const struct avtab_key *k); void avtab_destroy(struct avtab *h); void avtab_hash_eval(struct avtab *h, const char *tag); diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index b156c181c3c1..81ff676f209a 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c @@ -272,7 +272,7 @@ static int cond_insertf(struct avtab *a, const struct avtab_key *k, * cond_te_avtab. */ if (k->specified & AVTAB_TYPE) { - if (avtab_search(&p->te_avtab, k)) { + if (avtab_search_node(&p->te_avtab, k)) { pr_err("SELinux: type rule already exists outside of a conditional.\n"); return -EINVAL; } @@ -304,7 +304,7 @@ static int cond_insertf(struct avtab *a, const struct avtab_key *k, } } } else { - if (avtab_search(&p->te_cond_avtab, k)) { + if (avtab_search_node(&p->te_cond_avtab, k)) { pr_err("SELinux: conflicting type rules when adding type rule for true.\n"); return -EINVAL; } diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 83b85536cd2b..fa47e4e38935 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -1706,8 +1706,7 @@ static int security_compute_sid(u32 ssid, struct context *scontext, *tcontext, newcontext; struct sidtab_entry *sentry, *tentry; struct avtab_key avkey; - struct avtab_datum *avdatum; - struct avtab_node *node; + struct avtab_node *avnode, *node; u16 tclass; int rc = 0; bool sock; @@ -1815,22 +1814,22 @@ retry: avkey.target_type = tcontext->type; avkey.target_class = tclass; avkey.specified = specified; - avdatum = avtab_search(&policydb->te_avtab, &avkey); + avnode = avtab_search_node(&policydb->te_avtab, &avkey); /* If no permanent rule, also check for enabled conditional rules */ - if (!avdatum) { + if (!avnode) { node = avtab_search_node(&policydb->te_cond_avtab, &avkey); for (; node; node = avtab_search_node_next(node, specified)) { if (node->key.specified & AVTAB_ENABLED) { - avdatum = &node->datum; + avnode = node; break; } } } - if (avdatum) { + if (avnode) { /* Use the type from the type transition/member/change rule. */ - newcontext.type = avdatum->u.data; + newcontext.type = avnode->datum.u.data; } /* if we have a objname this is a file trans check so check those rules */ |