summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorZhen Lei <thunder.leizhen@huawei.com>2024-08-22 22:08:58 +0800
committerPaul Moore <paul@paul-moore.com>2024-08-28 13:42:11 -0400
commit68cfb28332420e0515cb6ffdb46921d59ba9739f (patch)
tree05359c4b18ebbdc7fa17bb7d4006b33ebf1f863a /security
parenta3422eb4facdebb685b9b4688feb60430450e3c9 (diff)
selinux: simplify avc_xperms_audit_required()
By associative and commutative laws, the result of the two 'audited' is zero. Take the second 'audited' as an example: 1) audited = requested & avd->auditallow; 2) audited &= ~requested; ==> audited = ~requested & (requested & avd->auditallow); ==> audited = (~requested & requested) & avd->auditallow; ==> audited = 0 & avd->auditallow; ==> audited = 0; In fact, it is more readable to directly write zero. The value of the first 'audited' is 0 because AUDIT is not allowed. The second 'audited' is zero because there is no AUDITALLOW permission. Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/avc.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 1ec377ce6d22..e0d1a9dfacee 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -388,7 +388,7 @@ static inline u32 avc_xperms_audit_required(u32 requested,
audited = denied & avd->auditdeny;
if (audited && xpd) {
if (avc_xperms_has_perm(xpd, perm, XPERMS_DONTAUDIT))
- audited &= ~requested;
+ audited = 0;
}
} else if (result) {
audited = denied = requested;
@@ -396,7 +396,7 @@ static inline u32 avc_xperms_audit_required(u32 requested,
audited = requested & avd->auditallow;
if (audited && xpd) {
if (!avc_xperms_has_perm(xpd, perm, XPERMS_AUDITALLOW))
- audited &= ~requested;
+ audited = 0;
}
}