summaryrefslogtreecommitdiffstats
path: root/security/selinux/hooks.c
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2019-11-22 22:16:56 +0100
committerPaul Moore <paul@paul-moore.com>2019-12-10 00:47:27 +0100
commit5298d0b9b98089f5af406f7e05a41a53f9a15c11 (patch)
treea660f0ec35c8f544da3ccfe79ac8a44024832fbb /security/selinux/hooks.c
parentselinux: fall back to ref-walk if audit is required (diff)
downloadlinux-5298d0b9b98089f5af406f7e05a41a53f9a15c11.tar.xz
linux-5298d0b9b98089f5af406f7e05a41a53f9a15c11.zip
selinux: clean up selinux_inode_permission MAY_NOT_BLOCK tests
Through a somewhat convoluted series of changes, we have ended up with multiple unnecessary occurrences of (flags & MAY_NOT_BLOCK) tests in selinux_inode_permission(). Clean it up and simplify. No functional change. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r--security/selinux/hooks.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 328d455ec293..47626342b6e5 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3033,7 +3033,7 @@ static int selinux_inode_permission(struct inode *inode, int mask)
const struct cred *cred = current_cred();
u32 perms;
bool from_access;
- unsigned flags = mask & MAY_NOT_BLOCK;
+ bool no_block = mask & MAY_NOT_BLOCK;
struct inode_security_struct *isec;
u32 sid;
struct av_decision avd;
@@ -3055,13 +3055,13 @@ static int selinux_inode_permission(struct inode *inode, int mask)
perms = file_mask_to_av(inode->i_mode, mask);
sid = cred_sid(cred);
- isec = inode_security_rcu(inode, flags & MAY_NOT_BLOCK);
+ isec = inode_security_rcu(inode, no_block);
if (IS_ERR(isec))
return PTR_ERR(isec);
rc = avc_has_perm_noaudit(&selinux_state,
sid, isec->sid, isec->sclass, perms,
- (flags & MAY_NOT_BLOCK) ? AVC_NONBLOCKING : 0,
+ no_block ? AVC_NONBLOCKING : 0,
&avd);
audited = avc_audit_required(perms, &avd, rc,
from_access ? FILE__AUDIT_ACCESS : 0,
@@ -3070,7 +3070,7 @@ static int selinux_inode_permission(struct inode *inode, int mask)
return rc;
/* fall back to ref-walk if we have to generate audit */
- if (flags & MAY_NOT_BLOCK)
+ if (no_block)
return -ECHILD;
rc2 = audit_inode_permission(inode, perms, audited, denied, rc);