korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-11 21:38:32 +08:00
Code Issues Packages Projects Releases Wiki Activity

selinux: simplify away security_policydb_len()

Browse Source 
Remove the security_policydb_len() calls from sel_open_policy() and
instead update the inode size from the size returned from
security_read_policy().

Since after this change security_policydb_len() is only called from
security_load_policy(), remove it entirely and just open-code it there.

Also, since security_load_policy() is always called with policy_mutex
held, make it dereference the policy pointer directly and drop the
unnecessary RCU locking.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Ondrej Mosnacek 2020-08-27 18:27:53 +02:00 committed by Paul Moore
parent 9ff9abc4c6
commit 66ccd2560a
3 changed files with 10 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
security/selinux/include/security.h
View File

@ -219,7 +219,6 @@ void selinux_policy_cancel(struct selinux_state *state,
struct selinux_policy *policy);
int security_read_policy(struct selinux_state *state,
void **data, size_t *len);
size_t security_policydb_len(struct selinux_state *state);
int security_policycap_supported(struct selinux_state *state,
unsigned int req_cap);

12
security/selinux/selinuxfs.c
View File

@ -415,16 +415,16 @@ static int sel_open_policy(struct inode *inode, struct file *filp)
if (!plm)
goto err;
if (i_size_read(inode) != security_policydb_len(state)) {
inode_lock(inode);
i_size_write(inode, security_policydb_len(state));
inode_unlock(inode);
}
rc = security_read_policy(state, &plm->data, &plm->len);
if (rc)
goto err;
if ((size_t)i_size_read(inode) != plm->len) {
inode_lock(inode);
i_size_write(inode, plm->len);
inode_unlock(inode);
}
fsi->policy_opened = 1;
filp->private_data = plm;

27
security/selinux/ss/services.c
View File

@ -2328,22 +2328,6 @@ err_policy:
return rc;
}
size_t security_policydb_len(struct selinux_state *state)
{
struct selinux_policy *policy;
size_t len;
if (!selinux_initialized(state))
return 0;
rcu_read_lock();
policy = rcu_dereference(state->policy);
len = policy->policydb.len;
rcu_read_unlock();
return len;
}
/**
* security_port_sid - Obtain the SID for a port.
* @protocol: protocol number
@ -3903,11 +3887,12 @@ int security_read_policy(struct selinux_state *state,
int rc;
struct policy_file fp;
if (!selinux_initialized(state))
policy = rcu_dereference_protected(
state->policy, lockdep_is_held(&state->policy_mutex));
if (!policy)
return -EINVAL;
*len = security_policydb_len(state);
*len = policy->policydb.len;
*data = vmalloc_user(*len);
if (!*data)
return -ENOMEM;
@ -3915,11 +3900,7 @@ int security_read_policy(struct selinux_state *state,
fp.data = *data;
fp.len = *len;
rcu_read_lock();
policy = rcu_dereference(state->policy);
rc = policydb_write(&policy->policydb, &fp);
rcu_read_unlock();
if (rc)
return rc;