diff options
| author | Ingo Molnar <mingo@elte.hu> | 2010-04-02 20:02:55 +0200 |
|---|---|---|
| committer | Ingo Molnar <mingo@elte.hu> | 2010-04-02 20:03:08 +0200 |
| commit | c9494727cf293ae2ec66af57547a3e79c724fec2 (patch) | |
| tree | 44ae197b64fa7530ee695a90ad31326dda06f1e1 /security/selinux/avc.c | |
| parent | 6427462bfa50f50dc6c088c07037264fcc73eca1 (diff) | |
| parent | 42be79e37e264557f12860fa4cc84b4de3685954 (diff) | |
| download | kernel-crypto-c9494727cf293ae2ec66af57547a3e79c724fec2.tar.gz kernel-crypto-c9494727cf293ae2ec66af57547a3e79c724fec2.tar.xz kernel-crypto-c9494727cf293ae2ec66af57547a3e79c724fec2.zip | |
Merge branch 'linus' into sched/core
Merge reason: update to latest upstream
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Diffstat (limited to 'security/selinux/avc.c')
| -rw-r--r-- | security/selinux/avc.c | 28 |
1 files changed, 11 insertions, 17 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index f2dde268165..989fef82563 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -337,7 +337,7 @@ static inline struct avc_node *avc_search_node(u32 ssid, u32 tsid, u16 tclass) * Look up an AVC entry that is valid for the * (@ssid, @tsid), interpreting the permissions * based on @tclass. If a valid AVC entry exists, - * then this function return the avc_node. + * then this function returns the avc_node. * Otherwise, this function returns NULL. */ static struct avc_node *avc_lookup(u32 ssid, u32 tsid, u16 tclass) @@ -489,17 +489,14 @@ void avc_audit(u32 ssid, u32 tsid, struct common_audit_data stack_data; u32 denied, audited; denied = requested & ~avd->allowed; - if (denied) { - audited = denied; - if (!(audited & avd->auditdeny)) - return; - } else if (result) { + if (denied) + audited = denied & avd->auditdeny; + else if (result) audited = denied = requested; - } else { - audited = requested; - if (!(audited & avd->auditallow)) - return; - } + else + audited = requested & avd->auditallow; + if (!audited) + return; if (!a) { a = &stack_data; memset(a, 0, sizeof(*a)); @@ -526,7 +523,7 @@ void avc_audit(u32 ssid, u32 tsid, * @perms: permissions * * Register a callback function for events in the set @events - * related to the SID pair (@ssid, @tsid) and + * related to the SID pair (@ssid, @tsid) * and the permissions @perms, interpreting * @perms based on @tclass. Returns %0 on success or * -%ENOMEM if insufficient memory exists to add the callback. @@ -571,7 +568,7 @@ static inline int avc_sidcmp(u32 x, u32 y) * * if a valid AVC entry doesn't exist,this function returns -ENOENT. * if kmalloc() called internal returns NULL, this function returns -ENOMEM. - * otherwise, this function update the AVC entry. The original AVC-entry object + * otherwise, this function updates the AVC entry. The original AVC-entry object * will release later by RCU. */ static int avc_update_node(u32 event, u32 perms, u32 ssid, u32 tsid, u16 tclass, @@ -746,9 +743,7 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid, else avd = &avd_entry; - rc = security_compute_av(ssid, tsid, tclass, requested, avd); - if (rc) - goto out; + security_compute_av(ssid, tsid, tclass, avd); rcu_read_lock(); node = avc_insert(ssid, tsid, tclass, avd); } else { @@ -770,7 +765,6 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid, } rcu_read_unlock(); -out: return rc; } |