diff options
author | Ondrej Mosnacek <omosnace@redhat.com> | 2018-11-13 14:52:53 +0100 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2018-11-20 22:38:14 +0100 |
commit | 5386e6caa6711407182573e2b0344fe908b0fbcc (patch) | |
tree | e03f89d863f28a5a26e23858f78814e7fab949e5 /security/selinux/ss/sidtab.c | |
parent | Documentation: Update SELinux reference policy URL (diff) | |
download | linux-5386e6caa6711407182573e2b0344fe908b0fbcc.tar.xz linux-5386e6caa6711407182573e2b0344fe908b0fbcc.zip |
selinux: refactor sidtab conversion
This is a purely cosmetic change that encapsulates the three-step sidtab
conversion logic (shutdown -> clone -> map) into a single function
defined in sidtab.c (as opposed to services.c).
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
[PM: whitespaces fixes to make checkpatch happy]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/ss/sidtab.c')
-rw-r--r-- | security/selinux/ss/sidtab.c | 50 |
1 files changed, 36 insertions, 14 deletions
diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c index fd75a12fa8fc..ccc0ea230df4 100644 --- a/security/selinux/ss/sidtab.c +++ b/security/selinux/ss/sidtab.c @@ -116,11 +116,11 @@ struct context *sidtab_search_force(struct sidtab *s, u32 sid) return sidtab_search_core(s, sid, 1); } -int sidtab_map(struct sidtab *s, - int (*apply) (u32 sid, - struct context *context, - void *args), - void *args) +static int sidtab_map(struct sidtab *s, + int (*apply)(u32 sid, + struct context *context, + void *args), + void *args) { int i, rc = 0; struct sidtab_node *cur; @@ -141,6 +141,37 @@ out: return rc; } +/* Clone the SID into the new SID table. */ +static int clone_sid(u32 sid, struct context *context, void *arg) +{ + struct sidtab *s = arg; + + if (sid > SECINITSID_NUM) + return sidtab_insert(s, sid, context); + else + return 0; +} + +int sidtab_convert(struct sidtab *s, struct sidtab *news, + int (*convert)(u32 sid, + struct context *context, + void *args), + void *args) +{ + unsigned long flags; + int rc; + + spin_lock_irqsave(&s->lock, flags); + s->shutdown = 1; + spin_unlock_irqrestore(&s->lock, flags); + + rc = sidtab_map(s, clone_sid, news); + if (rc) + return rc; + + return sidtab_map(news, convert, args); +} + static void sidtab_update_cache(struct sidtab *s, struct sidtab_node *n, int loc) { BUG_ON(loc >= SIDTAB_CACHE_LEN); @@ -295,12 +326,3 @@ void sidtab_set(struct sidtab *dst, struct sidtab *src) dst->cache[i] = NULL; spin_unlock_irqrestore(&src->lock, flags); } - -void sidtab_shutdown(struct sidtab *s) -{ - unsigned long flags; - - spin_lock_irqsave(&s->lock, flags); - s->shutdown = 1; - spin_unlock_irqrestore(&s->lock, flags); -} |