From: Paul Moore <paul@xxxxxxxxxxxxxx>
There really is no need for LABEL_MISSING as we really only care if
the inode's label is INVALID or INITIALIZED. Also adjust the
revalidate code to reload the label whenever the label is not
INITIALIZED so we are less sensitive to label state in the future.
Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx>
---
security/selinux/hooks.c | 2 +-
security/selinux/include/objsec.h | 5 ++---
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index ec1a1a8..837c566 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -259,7 +259,7 @@ static int __inode_security_revalidate(struct inode *inode,
might_sleep_if(may_sleep);
- if (isec->initialized == LABEL_INVALID) {
+ if (isec->initialized != LABEL_INITIALIZED) {
if (!may_sleep)
return -ECHILD;
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index a2ae054..c21e135 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -38,9 +38,8 @@ struct task_security_struct {
};
enum label_initialized {
- LABEL_MISSING, /* not initialized */
- LABEL_INITIALIZED, /* inizialized */
- LABEL_INVALID /* invalid */
+ LABEL_INVALID, /* invalid or not initialized */
+ LABEL_INITIALIZED /* initialized */
};
struct inode_security_struct {
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
