From: Paul Moore <paul@paul-moore.com>
To: selinux@vger.kernel.org
Subject: [PATCH] selinux: cleanup selinux_lsm_getattr()
Date: Fri, 23 Feb 2024 16:26:40 -0500 [thread overview]
Message-ID: <20240223212640.305789-2-paul@paul-moore.com> (raw)
A number of small changes to selinux_lsm_getattr() to improve the
quality and readability of the code:
* Explicitly set the `value` parameter to NULL in the case where an
attribute has not been set.
* Rename the `__tsec` variable to `tsec` to better fit the SELinux code.
* Rename `bad` to `err_unlock` to better indicate the jump target drops
the RCU lock.
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
security/selinux/hooks.c | 36 ++++++++++++++++++------------------
1 file changed, 18 insertions(+), 18 deletions(-)
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index a0fde0641f77..011b2ab08995 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6347,55 +6347,55 @@ static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
static int selinux_lsm_getattr(unsigned int attr, struct task_struct *p,
char **value)
{
- const struct task_security_struct *__tsec;
- u32 sid;
+ const struct task_security_struct *tsec;
int error;
- unsigned len;
+ u32 sid;
+ u32 len;
rcu_read_lock();
- __tsec = selinux_cred(__task_cred(p));
-
- if (current != p) {
- error = avc_has_perm(current_sid(), __tsec->sid,
+ tsec = selinux_cred(__task_cred(p));
+ if (p != current) {
+ error = avc_has_perm(current_sid(), tsec->sid,
SECCLASS_PROCESS, PROCESS__GETATTR, NULL);
if (error)
- goto bad;
+ goto err_unlock;
}
-
switch (attr) {
case LSM_ATTR_CURRENT:
- sid = __tsec->sid;
+ sid = tsec->sid;
break;
case LSM_ATTR_PREV:
- sid = __tsec->osid;
+ sid = tsec->osid;
break;
case LSM_ATTR_EXEC:
- sid = __tsec->exec_sid;
+ sid = tsec->exec_sid;
break;
case LSM_ATTR_FSCREATE:
- sid = __tsec->create_sid;
+ sid = tsec->create_sid;
break;
case LSM_ATTR_KEYCREATE:
- sid = __tsec->keycreate_sid;
+ sid = tsec->keycreate_sid;
break;
case LSM_ATTR_SOCKCREATE:
- sid = __tsec->sockcreate_sid;
+ sid = tsec->sockcreate_sid;
break;
default:
error = -EOPNOTSUPP;
- goto bad;
+ goto err_unlock;
}
rcu_read_unlock();
- if (!sid)
+ if (sid == SECSID_NULL) {
+ *value = NULL;
return 0;
+ }
error = security_sid_to_context(sid, value, &len);
if (error)
return error;
return len;
-bad:
+err_unlock:
rcu_read_unlock();
return error;
}
--
2.43.2
next reply other threads:[~2024-02-23 21:26 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-23 21:26 Paul Moore [this message]
2024-03-26 20:37 ` [PATCH] selinux: cleanup selinux_lsm_getattr() Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240223212640.305789-2-paul@paul-moore.com \
--to=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).