On Aug 22, 2024 Zhen Lei <thunder.leizhen@xxxxxxxxxx> wrote: > > By associative and commutative laws, the result of the two 'audited' is > zero. Take the second 'audited' as an example: > 1) audited = requested & avd->auditallow; > 2) audited &= ~requested; > ==> audited = ~requested & (requested & avd->auditallow); > ==> audited = (~requested & requested) & avd->auditallow; > ==> audited = 0 & avd->auditallow; > ==> audited = 0; > > In fact, it is more readable to directly write zero. The value of the > first 'audited' is 0 because AUDIT is not allowed. The second 'audited' > is zero because there is no AUDITALLOW permission. > > Signed-off-by: Zhen Lei <thunder.leizhen@xxxxxxxxxx> > --- > security/selinux/avc.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) Looks good to me, merged into selinux/dev, thanks! -- paul-moore.com
