Re: [PATCH 3/4] selinux: Clean up initialization of isec->sclass

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Nov 10, 2016 at 4:18 PM, Andreas Gruenbacher
<agruenba@xxxxxxxxxx> wrote:
> Now that isec->initialized == LABEL_INITIALIZED implies that
> isec->sclass is valid, skip such inodes immediately in
> inode_doinit_with_dentry.
>
> For the remaining inodes, initialize isec->sclass at the beginning of
> inode_doinit_with_dentry to simplify the code.
>
> Signed-off-by: Andreas Gruenbacher <agruenba@xxxxxxxxxx>
> ---
>  security/selinux/hooks.c | 10 ++++------
>  1 file changed, 4 insertions(+), 6 deletions(-)

Merged, thanks.

> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index e4527d9..cf5067e 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -1389,12 +1389,15 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
>         int rc = 0;
>
>         if (isec->initialized == LABEL_INITIALIZED)
> -               goto out;
> +               return 0;
>
>         mutex_lock(&isec->lock);
>         if (isec->initialized == LABEL_INITIALIZED)
>                 goto out_unlock;
>
> +       if (isec->sclass == SECCLASS_FILE)
> +               isec->sclass = inode_mode_to_security_class(inode->i_mode);
> +
>         sbsec = inode->i_sb->s_security;
>         if (!(sbsec->flags & SE_SBINITIALIZED)) {
>                 /* Defer initialization until selinux_complete_init,
> @@ -1512,7 +1515,6 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
>                 isec->sid = sbsec->sid;
>
>                 /* Try to obtain a transition SID. */
> -               isec->sclass = inode_mode_to_security_class(inode->i_mode);
>                 rc = security_transition_sid(isec->task_sid, sbsec->sid,
>                                              isec->sclass, NULL, &sid);
>                 if (rc)
> @@ -1548,7 +1550,6 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
>                          */
>                         if (!dentry)
>                                 goto out_unlock;
> -                       isec->sclass = inode_mode_to_security_class(inode->i_mode);
>                         rc = selinux_genfs_get_sid(dentry, isec->sclass,
>                                                    sbsec->flags, &sid);
>                         dput(dentry);
> @@ -1563,9 +1564,6 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
>
>  out_unlock:
>         mutex_unlock(&isec->lock);
> -out:
> -       if (isec->sclass == SECCLASS_FILE)
> -               isec->sclass = inode_mode_to_security_class(inode->i_mode);
>         return rc;
>  }
>
> --
> 2.7.4
>



-- 
paul moore
www.paul-moore.com
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux