@@ -180,38 +180,6 @@ struct avtab_node *avtab_insert_nonunique(struct avtab *h,
return avtab_insert_node(h, hvalue, prev, key, datum);
}
-struct avtab_datum *avtab_search(struct avtab *h, const struct avtab_key *key)
-{
- int hvalue;
- struct avtab_node *cur;
- u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
-
- if (!h || !h->nslot)
- return NULL;
-
- hvalue = avtab_hash(key, h->mask);
- for (cur = h->htable[hvalue]; cur;
- cur = cur->next) {
- if (key->source_type == cur->key.source_type &&
- key->target_type == cur->key.target_type &&
- key->target_class == cur->key.target_class &&
- (specified & cur->key.specified))
- return &cur->datum;
-
- if (key->source_type < cur->key.source_type)
- break;
- if (key->source_type == cur->key.source_type &&
- key->target_type < cur->key.target_type)
- break;
- if (key->source_type == cur->key.source_type &&
- key->target_type == cur->key.target_type &&
- key->target_class < cur->key.target_class)
- break;
- }
-
- return NULL;
-}
-
/* This search function returns a node pointer, and can be used in
* conjunction with avtab_search_next_node()
*/
@@ -90,7 +90,6 @@ struct avtab {
void avtab_init(struct avtab *h);
int avtab_alloc(struct avtab *, u32);
int avtab_alloc_dup(struct avtab *new, const struct avtab *orig);
-struct avtab_datum *avtab_search(struct avtab *h, const struct avtab_key *k);
void avtab_destroy(struct avtab *h);
void avtab_hash_eval(struct avtab *h, const char *tag);
@@ -272,7 +272,7 @@ static int cond_insertf(struct avtab *a, const struct avtab_key *k,
* cond_te_avtab.
*/
if (k->specified & AVTAB_TYPE) {
- if (avtab_search(&p->te_avtab, k)) {
+ if (avtab_search_node(&p->te_avtab, k)) {
pr_err("SELinux: type rule already exists outside of a conditional.\n");
return -EINVAL;
}
@@ -304,7 +304,7 @@ static int cond_insertf(struct avtab *a, const struct avtab_key *k,
}
}
} else {
- if (avtab_search(&p->te_cond_avtab, k)) {
+ if (avtab_search_node(&p->te_cond_avtab, k)) {
pr_err("SELinux: conflicting type rules when adding type rule for true.\n");
return -EINVAL;
}
@@ -1706,8 +1706,7 @@ static int security_compute_sid(u32 ssid,
struct context *scontext, *tcontext, newcontext;
struct sidtab_entry *sentry, *tentry;
struct avtab_key avkey;
- struct avtab_datum *avdatum;
- struct avtab_node *node;
+ struct avtab_node *avnode, *node;
u16 tclass;
int rc = 0;
bool sock;
@@ -1815,22 +1814,22 @@ static int security_compute_sid(u32 ssid,
avkey.target_type = tcontext->type;
avkey.target_class = tclass;
avkey.specified = specified;
- avdatum = avtab_search(&policydb->te_avtab, &avkey);
+ avnode = avtab_search_node(&policydb->te_avtab, &avkey);
/* If no permanent rule, also check for enabled conditional rules */
- if (!avdatum) {
+ if (!avnode) {
node = avtab_search_node(&policydb->te_cond_avtab, &avkey);
for (; node; node = avtab_search_node_next(node, specified)) {
if (node->key.specified & AVTAB_ENABLED) {
- avdatum = &node->datum;
+ avnode = node;
break;
}
}
}
- if (avdatum) {
+ if (avnode) {
/* Use the type from the type transition/member/change rule. */
- newcontext.type = avdatum->u.data;
+ newcontext.type = avnode->datum.u.data;
}
/* if we have a objname this is a file trans check so check those rules */
avtab_search() shares the same logic with avtab_search_node(), except that it returns, if found, a pointer to the struct avtab_node member datum instead of the node itself. Since the member is an embedded struct, and not a pointer, the returned value of avtab_search() and avtab_search_node() will always in unison either be NULL or non-NULL. Drop avtab_search() and replace its calls by avtab_search_node() to deduplicate logic and adopt the only caller caring for the type of the returned value accordingly. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- security/selinux/ss/avtab.c | 32 ------------------------------- security/selinux/ss/avtab.h | 1 - security/selinux/ss/conditional.c | 4 ++-- security/selinux/ss/services.c | 13 ++++++------- 4 files changed, 8 insertions(+), 42 deletions(-)