summaryrefslogtreecommitdiffstats
path: root/security/selinux/ss
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2011-05-24 22:48:51 +0200
committerLinus Torvalds <torvalds@linux-foundation.org>2011-05-27 03:13:57 +0200
commitf01e1af445fac107e91d62a2d59dd535f633810b (patch)
treef5da7e4162f0a6f4bb50e4cb41f6a06c672f66b0 /security/selinux/ss
parentMerge git://git.kernel.org/pub/scm/linux/kernel/git/pkl/squashfs-linus (diff)
downloadlinux-f01e1af445fac107e91d62a2d59dd535f633810b.tar.xz
linux-f01e1af445fac107e91d62a2d59dd535f633810b.zip
selinux: don't pass in NULL avd to avc_has_perm_noaudit
Right now security_get_user_sids() will pass in a NULL avd pointer to avc_has_perm_noaudit(), which then forces that function to have a dummy entry for that case and just generally test it. Don't do it. The normal callers all pass a real avd pointer, and this helper function is incredibly hot. So don't make avc_has_perm_noaudit() do conditional stuff that isn't needed for the common case. This also avoids some duplicated stack space. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security/selinux/ss')
-rw-r--r--security/selinux/ss/services.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index c3e4b52699f4..973e00e34fa9 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2217,10 +2217,11 @@ out_unlock:
goto out;
}
for (i = 0, j = 0; i < mynel; i++) {
+ struct av_decision dummy_avd;
rc = avc_has_perm_noaudit(fromsid, mysids[i],
SECCLASS_PROCESS, /* kernel value */
PROCESS__TRANSITION, AVC_STRICT,
- NULL);
+ &dummy_avd);
if (!rc)
mysids2[j++] = mysids[i];
cond_resched();