ich777/linux_media
1
0
Fork 0
mirror of https://github.com/tbsdtv/linux_media.git synced 2025-07-23 20:51:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

selinux: simplify away security_policydb_len()

Browse Source 
Remove the security_policydb_len() calls from sel_open_policy() and
instead update the inode size from the size returned from
security_read_policy().

Since after this change security_policydb_len() is only called from
security_load_policy(), remove it entirely and just open-code it there.

Also, since security_load_policy() is always called with policy_mutex
held, make it dereference the policy pointer directly and drop the
unnecessary RCU locking.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Ondrej Mosnacek
2020-08-27 18:27:53 +02:00
committed by Paul Moore
parent 9ff9abc4c6
commit 66ccd2560a
3 changed files with 10 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
security/selinux/include/security.h
View File

@@ -219,7 +219,6 @@ void selinux_policy_cancel(struct selinux_state *state,
struct selinux_policy *policy); struct selinux_policy *policy);
int security_read_policy(struct selinux_state *state, int security_read_policy(struct selinux_state *state,
void **data, size_t *len); void **data, size_t *len);
size_t security_policydb_len(struct selinux_state *state);
int security_policycap_supported(struct selinux_state *state, int security_policycap_supported(struct selinux_state *state,
unsigned int req_cap); unsigned int req_cap);

12
security/selinux/selinuxfs.c
View File

@@ -415,16 +415,16 @@ static int sel_open_policy(struct inode *inode, struct file *filp)
if (!plm) if (!plm)
goto err; goto err;
if (i_size_read(inode) != security_policydb_len(state)) {
inode_lock(inode);
i_size_write(inode, security_policydb_len(state));
inode_unlock(inode);
}
rc = security_read_policy(state, &plm->data, &plm->len); rc = security_read_policy(state, &plm->data, &plm->len);
if (rc) if (rc)
goto err; goto err;
if ((size_t)i_size_read(inode) != plm->len) {
inode_lock(inode);
i_size_write(inode, plm->len);
inode_unlock(inode);
}
fsi->policy_opened = 1; fsi->policy_opened = 1;
filp->private_data = plm; filp->private_data = plm;

27
security/selinux/ss/services.c
View File

@@ -2328,22 +2328,6 @@ err_policy:
return rc; return rc;
} }
size_t security_policydb_len(struct selinux_state *state)
{
struct selinux_policy *policy;
size_t len;
if (!selinux_initialized(state))
return 0;
rcu_read_lock();
policy = rcu_dereference(state->policy);
len = policy->policydb.len;
rcu_read_unlock();
return len;
}
/** /**
* security_port_sid - Obtain the SID for a port. * security_port_sid - Obtain the SID for a port.
* @protocol: protocol number * @protocol: protocol number
@@ -3903,11 +3887,12 @@ int security_read_policy(struct selinux_state *state,
int rc; int rc;
struct policy_file fp; struct policy_file fp;
if (!selinux_initialized(state)) policy = rcu_dereference_protected(
state->policy, lockdep_is_held(&state->policy_mutex));
if (!policy)
return -EINVAL; return -EINVAL;
*len = security_policydb_len(state); *len = policy->policydb.len;
*data = vmalloc_user(*len); *data = vmalloc_user(*len);
if (!*data) if (!*data)
return -ENOMEM; return -ENOMEM;
@@ -3915,11 +3900,7 @@ int security_read_policy(struct selinux_state *state,
fp.data = *data; fp.data = *data;
fp.len = *len; fp.len = *len;
rcu_read_lock();
policy = rcu_dereference(state->policy);
rc = policydb_write(&policy->policydb, &fp); rc = policydb_write(&policy->policydb, &fp);
rcu_read_unlock();
if (rc) if (rc)
return rc; return rc;