From patchwork Thu May 11 20:42:41 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Guy Briggs X-Patchwork-Id: 9723007 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 0C26F60364 for ; Thu, 11 May 2017 20:44:09 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 032982871A for ; Thu, 11 May 2017 20:44:09 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EA3B92871D; Thu, 11 May 2017 20:44:08 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6531A2871A for ; Thu, 11 May 2017 20:44:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932307AbdEKUoH (ORCPT ); Thu, 11 May 2017 16:44:07 -0400 Received: from mx1.redhat.com ([209.132.183.28]:48910 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932136AbdEKUoH (ORCPT ); Thu, 11 May 2017 16:44:07 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id EE3F97AE90; Thu, 11 May 2017 20:44:06 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com EE3F97AE90 Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx01.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=rgb@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com EE3F97AE90 Received: from madcap2.tricolour.ca (ovpn-112-10.rdu2.redhat.com [10.10.112.10]) by smtp.corp.redhat.com (Postfix) with ESMTP id 764385C8AE; Thu, 11 May 2017 20:43:53 +0000 (UTC) From: Richard Guy Briggs To: linux-security-module@vger.kernel.org, linux-audit@redhat.com Cc: Richard Guy Briggs , Andy Lutomirski , "Serge E. Hallyn" , Kees Cook , James Morris , Eric Paris , Paul Moore , Steve Grubb Subject: [RFC PATCH V2 2/4] capabilities: invert logic for clarity Date: Thu, 11 May 2017 16:42:41 -0400 Message-Id: <020580f9a2db5624019d4fd4687c286d04e63841.1494527628.git.rgb@redhat.com> In-Reply-To: References: In-Reply-To: References: X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 11 May 2017 20:44:07 +0000 (UTC) Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP The way the logic was presented, it was awkward to read and verify. Invert the logic using DeMorgan's Law to be more easily able to read and understand. Signed-off-by: Richard Guy Briggs --- security/commoncap.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/security/commoncap.c b/security/commoncap.c index 9520f0a..664d6a5 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -608,7 +608,7 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) * Number 1 above might fail if you don't have a full bset, but I think * that is interesting information to audit. */ - if (pESET && (!pEALL || !EROOT || !RROOT || !SROOT) ) { + if (pESET && !(pEALL && EROOT && RROOT && SROOT) ) { ret = audit_log_bprm_fcaps(bprm, new, old); if (ret < 0) return ret;