forked from Minki/linux
selinux: simplify away security_policydb_len()
Remove the security_policydb_len() calls from sel_open_policy() and instead update the inode size from the size returned from security_read_policy(). Since after this change security_policydb_len() is only called from security_load_policy(), remove it entirely and just open-code it there. Also, since security_load_policy() is always called with policy_mutex held, make it dereference the policy pointer directly and drop the unnecessary RCU locking. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
9ff9abc4c6
commit
66ccd2560a
@ -219,7 +219,6 @@ void selinux_policy_cancel(struct selinux_state *state,
|
||||
struct selinux_policy *policy);
|
||||
int security_read_policy(struct selinux_state *state,
|
||||
void **data, size_t *len);
|
||||
size_t security_policydb_len(struct selinux_state *state);
|
||||
|
||||
int security_policycap_supported(struct selinux_state *state,
|
||||
unsigned int req_cap);
|
||||
|
@ -415,16 +415,16 @@ static int sel_open_policy(struct inode *inode, struct file *filp)
|
||||
if (!plm)
|
||||
goto err;
|
||||
|
||||
if (i_size_read(inode) != security_policydb_len(state)) {
|
||||
inode_lock(inode);
|
||||
i_size_write(inode, security_policydb_len(state));
|
||||
inode_unlock(inode);
|
||||
}
|
||||
|
||||
rc = security_read_policy(state, &plm->data, &plm->len);
|
||||
if (rc)
|
||||
goto err;
|
||||
|
||||
if ((size_t)i_size_read(inode) != plm->len) {
|
||||
inode_lock(inode);
|
||||
i_size_write(inode, plm->len);
|
||||
inode_unlock(inode);
|
||||
}
|
||||
|
||||
fsi->policy_opened = 1;
|
||||
|
||||
filp->private_data = plm;
|
||||
|
@ -2328,22 +2328,6 @@ err_policy:
|
||||
return rc;
|
||||
}
|
||||
|
||||
size_t security_policydb_len(struct selinux_state *state)
|
||||
{
|
||||
struct selinux_policy *policy;
|
||||
size_t len;
|
||||
|
||||
if (!selinux_initialized(state))
|
||||
return 0;
|
||||
|
||||
rcu_read_lock();
|
||||
policy = rcu_dereference(state->policy);
|
||||
len = policy->policydb.len;
|
||||
rcu_read_unlock();
|
||||
|
||||
return len;
|
||||
}
|
||||
|
||||
/**
|
||||
* security_port_sid - Obtain the SID for a port.
|
||||
* @protocol: protocol number
|
||||
@ -3903,11 +3887,12 @@ int security_read_policy(struct selinux_state *state,
|
||||
int rc;
|
||||
struct policy_file fp;
|
||||
|
||||
if (!selinux_initialized(state))
|
||||
policy = rcu_dereference_protected(
|
||||
state->policy, lockdep_is_held(&state->policy_mutex));
|
||||
if (!policy)
|
||||
return -EINVAL;
|
||||
|
||||
*len = security_policydb_len(state);
|
||||
|
||||
*len = policy->policydb.len;
|
||||
*data = vmalloc_user(*len);
|
||||
if (!*data)
|
||||
return -ENOMEM;
|
||||
@ -3915,11 +3900,7 @@ int security_read_policy(struct selinux_state *state,
|
||||
fp.data = *data;
|
||||
fp.len = *len;
|
||||
|
||||
rcu_read_lock();
|
||||
policy = rcu_dereference(state->policy);
|
||||
rc = policydb_write(&policy->policydb, &fp);
|
||||
rcu_read_unlock();
|
||||
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user