On Thu, Jan 18, 2024 at 8:44 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote:
>
> We only need to call inode_mode_to_security_class() once in
> selinux_inode_init_security().
>
> Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx>
Reviewed-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
> ---
> security/selinux/hooks.c | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 7c69ce62c106..9e59f9c80ca8 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -2920,23 +2920,22 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
> struct superblock_security_struct *sbsec;
> struct xattr *xattr = lsm_get_xattr_slot(xattrs, xattr_count);
> u32 newsid, clen;
> + u16 newsclass;
> int rc;
> char *context;
>
> sbsec = selinux_superblock(dir->i_sb);
>
> newsid = tsec->create_sid;
> -
> - rc = selinux_determine_inode_label(tsec, dir, qstr,
> - inode_mode_to_security_class(inode->i_mode),
> - &newsid);
> + newsclass = inode_mode_to_security_class(inode->i_mode);
> + rc = selinux_determine_inode_label(tsec, dir, qstr, newsclass, &newsid);
> if (rc)
> return rc;
>
> /* Possibly defer initialization to selinux_complete_init. */
> if (sbsec->flags & SE_SBINITIALIZED) {
> struct inode_security_struct *isec = selinux_inode(inode);
> - isec->sclass = inode_mode_to_security_class(inode->i_mode);
> + isec->sclass = newsclass;
> isec->sid = newsid;
> isec->initialized = LABEL_INITIALIZED;
> }
> --
> 2.43.0
>
>
