Message ID | 20241115133619.114393-6-cgoettsche@seltendoof.de (mailing list archive) |
---|---|
State | Superseded |
Delegated to: | Paul Moore |
Headers | show |
Series | [RFC,01/22] selinux: supply missing field initializers | expand |
On 11/15/2024 8:35 AM, Christian Göttsche wrote: > From: Christian Göttsche <cgzones@googlemail.com> > > The functions context_cmp() and mls_context_cmp() are not traditional > C style compare functions returning -1, 0, and 1 for less than, equal, > and greater than; they only return whether their arguments are equal. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > --- > security/selinux/ss/context.c | 2 +- > security/selinux/ss/context.h | 10 +++++----- > security/selinux/ss/services.c | 2 +- > security/selinux/ss/sidtab.c | 2 +- > 4 files changed, 8 insertions(+), 8 deletions(-) > > diff --git a/security/selinux/ss/context.c b/security/selinux/ss/context.c > index e39990f494dd..a528b7f76280 100644 > --- a/security/selinux/ss/context.c > +++ b/security/selinux/ss/context.c > @@ -20,7 +20,7 @@ u32 context_compute_hash(const struct context *c) > * context struct with only the len & str set (and vice versa) > * under a given policy. Since context structs from different > * policies should never meet, it is safe to hash valid and > - * invalid contexts differently. The context_cmp() function > + * invalid contexts differently. The context_equal() function > * already operates under the same assumption. > */ > if (c->len) > diff --git a/security/selinux/ss/context.h b/security/selinux/ss/context.h > index 7ccab2e6965f..e1307f6f7f50 100644 > --- a/security/selinux/ss/context.h > +++ b/security/selinux/ss/context.h > @@ -132,8 +132,8 @@ static inline int mls_context_glblub(struct context *dst, > return rc; > } > > -static inline int mls_context_cmp(const struct context *c1, > - const struct context *c2) > +static inline bool mls_context_equal(const struct context *c1, > + const struct context *c2) > { > return ((c1->range.level[0].sens == c2->range.level[0].sens) && > ebitmap_cmp(&c1->range.level[0].cat, &c2->range.level[0].cat) && Should the same logic in this patch be applied to ebitmap_cmp as well? -Daniel
diff --git a/security/selinux/ss/context.c b/security/selinux/ss/context.c index e39990f494dd..a528b7f76280 100644 --- a/security/selinux/ss/context.c +++ b/security/selinux/ss/context.c @@ -20,7 +20,7 @@ u32 context_compute_hash(const struct context *c) * context struct with only the len & str set (and vice versa) * under a given policy. Since context structs from different * policies should never meet, it is safe to hash valid and - * invalid contexts differently. The context_cmp() function + * invalid contexts differently. The context_equal() function * already operates under the same assumption. */ if (c->len) diff --git a/security/selinux/ss/context.h b/security/selinux/ss/context.h index 7ccab2e6965f..e1307f6f7f50 100644 --- a/security/selinux/ss/context.h +++ b/security/selinux/ss/context.h @@ -132,8 +132,8 @@ static inline int mls_context_glblub(struct context *dst, return rc; } -static inline int mls_context_cmp(const struct context *c1, - const struct context *c2) +static inline bool mls_context_equal(const struct context *c1, + const struct context *c2) { return ((c1->range.level[0].sens == c2->range.level[0].sens) && ebitmap_cmp(&c1->range.level[0].cat, &c2->range.level[0].cat) && @@ -188,15 +188,15 @@ static inline void context_destroy(struct context *c) mls_context_destroy(c); } -static inline int context_cmp(const struct context *c1, - const struct context *c2) +static inline bool context_equal(const struct context *c1, + const struct context *c2) { if (c1->len && c2->len) return (c1->len == c2->len && !strcmp(c1->str, c2->str)); if (c1->len || c2->len) return 0; return ((c1->user == c2->user) && (c1->role == c2->role) && - (c1->type == c2->type) && mls_context_cmp(c1, c2)); + (c1->type == c2->type) && mls_context_equal(c1, c2)); } u32 context_compute_hash(const struct context *c); diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 261a512528d5..2b155f22a0f4 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -3327,7 +3327,7 @@ int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type, __func__, xfrm_sid); goto out; } - rc = (mls_context_cmp(nlbl_ctx, xfrm_ctx) ? 0 : -EACCES); + rc = (mls_context_equal(nlbl_ctx, xfrm_ctx) ? 0 : -EACCES); if (rc) goto out; diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c index c8848cbba81f..c74353672dcf 100644 --- a/security/selinux/ss/sidtab.c +++ b/security/selinux/ss/sidtab.c @@ -66,7 +66,7 @@ static u32 context_to_sid(struct sidtab *s, struct context *context, u32 hash) hash_for_each_possible_rcu(s->context_to_sid, entry, list, hash) { if (entry->hash != hash) continue; - if (context_cmp(&entry->context, context)) { + if (context_equal(&entry->context, context)) { sid = entry->sid; break; }