diff options
author | 2019-11-22 16:16:56 -0500 | |
---|---|---|
committer | 2019-12-09 18:47:27 -0500 | |
commit | 5298d0b9b98089f5af406f7e05a41a53f9a15c11 (patch) | |
tree | a660f0ec35c8f544da3ccfe79ac8a44024832fbb /security/selinux/hooks.c | |
parent | selinux: fall back to ref-walk if audit is required (diff) | |
download | wireguard-linux-5298d0b9b98089f5af406f7e05a41a53f9a15c11.tar.xz wireguard-linux-5298d0b9b98089f5af406f7e05a41a53f9a15c11.zip |
selinux: clean up selinux_inode_permission MAY_NOT_BLOCK tests
Through a somewhat convoluted series of changes, we have ended up
with multiple unnecessary occurrences of (flags & MAY_NOT_BLOCK)
tests in selinux_inode_permission(). Clean it up and simplify.
No functional change.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r-- | security/selinux/hooks.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 328d455ec293..47626342b6e5 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3033,7 +3033,7 @@ static int selinux_inode_permission(struct inode *inode, int mask) const struct cred *cred = current_cred(); u32 perms; bool from_access; - unsigned flags = mask & MAY_NOT_BLOCK; + bool no_block = mask & MAY_NOT_BLOCK; struct inode_security_struct *isec; u32 sid; struct av_decision avd; @@ -3055,13 +3055,13 @@ static int selinux_inode_permission(struct inode *inode, int mask) perms = file_mask_to_av(inode->i_mode, mask); sid = cred_sid(cred); - isec = inode_security_rcu(inode, flags & MAY_NOT_BLOCK); + isec = inode_security_rcu(inode, no_block); if (IS_ERR(isec)) return PTR_ERR(isec); rc = avc_has_perm_noaudit(&selinux_state, sid, isec->sid, isec->sclass, perms, - (flags & MAY_NOT_BLOCK) ? AVC_NONBLOCKING : 0, + no_block ? AVC_NONBLOCKING : 0, &avd); audited = avc_audit_required(perms, &avd, rc, from_access ? FILE__AUDIT_ACCESS : 0, @@ -3070,7 +3070,7 @@ static int selinux_inode_permission(struct inode *inode, int mask) return rc; /* fall back to ref-walk if we have to generate audit */ - if (flags & MAY_NOT_BLOCK) + if (no_block) return -ECHILD; rc2 = audit_inode_permission(inode, perms, audited, denied, rc); |