mirror of
https://github.com/torvalds/linux.git
synced 2024-11-22 20:22:09 +00:00
selinux: remove 'flags' parameter from inode_has_perm
Every single user passes in '0'. I think we had non-zero users back in
some stone age when selinux_inode_permission() was implemented in terms
of inode_has_perm(), but that complicated case got split up into a
totally separate code-path so that we could optimize the much simpler
special cases.
See commit 2e33405785
("SELinux: delay initialization of audit data in
selinux_inode_permission") for example.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
15c83d26e1
commit
19e49834d2
@ -1525,8 +1525,7 @@ static int task_has_system(struct task_struct *tsk,
|
|||||||
static int inode_has_perm(const struct cred *cred,
|
static int inode_has_perm(const struct cred *cred,
|
||||||
struct inode *inode,
|
struct inode *inode,
|
||||||
u32 perms,
|
u32 perms,
|
||||||
struct common_audit_data *adp,
|
struct common_audit_data *adp)
|
||||||
unsigned flags)
|
|
||||||
{
|
{
|
||||||
struct inode_security_struct *isec;
|
struct inode_security_struct *isec;
|
||||||
u32 sid;
|
u32 sid;
|
||||||
@ -1539,7 +1538,7 @@ static int inode_has_perm(const struct cred *cred,
|
|||||||
sid = cred_sid(cred);
|
sid = cred_sid(cred);
|
||||||
isec = inode->i_security;
|
isec = inode->i_security;
|
||||||
|
|
||||||
return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags);
|
return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Same as inode_has_perm, but pass explicit audit data containing
|
/* Same as inode_has_perm, but pass explicit audit data containing
|
||||||
@ -1554,7 +1553,7 @@ static inline int dentry_has_perm(const struct cred *cred,
|
|||||||
|
|
||||||
ad.type = LSM_AUDIT_DATA_DENTRY;
|
ad.type = LSM_AUDIT_DATA_DENTRY;
|
||||||
ad.u.dentry = dentry;
|
ad.u.dentry = dentry;
|
||||||
return inode_has_perm(cred, inode, av, &ad, 0);
|
return inode_has_perm(cred, inode, av, &ad);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Same as inode_has_perm, but pass explicit audit data containing
|
/* Same as inode_has_perm, but pass explicit audit data containing
|
||||||
@ -1569,7 +1568,7 @@ static inline int path_has_perm(const struct cred *cred,
|
|||||||
|
|
||||||
ad.type = LSM_AUDIT_DATA_PATH;
|
ad.type = LSM_AUDIT_DATA_PATH;
|
||||||
ad.u.path = *path;
|
ad.u.path = *path;
|
||||||
return inode_has_perm(cred, inode, av, &ad, 0);
|
return inode_has_perm(cred, inode, av, &ad);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Same as path_has_perm, but uses the inode from the file struct. */
|
/* Same as path_has_perm, but uses the inode from the file struct. */
|
||||||
@ -1581,7 +1580,7 @@ static inline int file_path_has_perm(const struct cred *cred,
|
|||||||
|
|
||||||
ad.type = LSM_AUDIT_DATA_PATH;
|
ad.type = LSM_AUDIT_DATA_PATH;
|
||||||
ad.u.path = file->f_path;
|
ad.u.path = file->f_path;
|
||||||
return inode_has_perm(cred, file_inode(file), av, &ad, 0);
|
return inode_has_perm(cred, file_inode(file), av, &ad);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Check whether a task can use an open file descriptor to
|
/* Check whether a task can use an open file descriptor to
|
||||||
@ -1617,7 +1616,7 @@ static int file_has_perm(const struct cred *cred,
|
|||||||
/* av is zero if only checking access to the descriptor. */
|
/* av is zero if only checking access to the descriptor. */
|
||||||
rc = 0;
|
rc = 0;
|
||||||
if (av)
|
if (av)
|
||||||
rc = inode_has_perm(cred, inode, av, &ad, 0);
|
rc = inode_has_perm(cred, inode, av, &ad);
|
||||||
|
|
||||||
out:
|
out:
|
||||||
return rc;
|
return rc;
|
||||||
|
Loading…
Reference in New Issue
Block a user