forked from Minki/linux
selinux: kill 'flags' argument in avc_has_perm_flags() and avc_audit()
... along with avc_has_perm_flags() itself, since now it's identical to avc_has_perm() (as pointed out by Paul Moore) Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> [PM: add "selinux:" prefix to subj and tweak for length] Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
b17ec22fb3
commit
d99cf13f14
@ -1180,25 +1180,7 @@ int avc_has_perm(struct selinux_state *state, u32 ssid, u32 tsid, u16 tclass,
|
||||
&avd);
|
||||
|
||||
rc2 = avc_audit(state, ssid, tsid, tclass, requested, &avd, rc,
|
||||
auditdata, 0);
|
||||
if (rc2)
|
||||
return rc2;
|
||||
return rc;
|
||||
}
|
||||
|
||||
int avc_has_perm_flags(struct selinux_state *state,
|
||||
u32 ssid, u32 tsid, u16 tclass, u32 requested,
|
||||
struct common_audit_data *auditdata,
|
||||
int flags)
|
||||
{
|
||||
struct av_decision avd;
|
||||
int rc, rc2;
|
||||
|
||||
rc = avc_has_perm_noaudit(state, ssid, tsid, tclass, requested, 0,
|
||||
&avd);
|
||||
|
||||
rc2 = avc_audit(state, ssid, tsid, tclass, requested, &avd, rc,
|
||||
auditdata, flags);
|
||||
auditdata);
|
||||
if (rc2)
|
||||
return rc2;
|
||||
return rc;
|
||||
|
@ -1676,7 +1676,7 @@ static int cred_has_capability(const struct cred *cred,
|
||||
sid, sid, sclass, av, 0, &avd);
|
||||
if (!(opts & CAP_OPT_NOAUDIT)) {
|
||||
int rc2 = avc_audit(&selinux_state,
|
||||
sid, sid, sclass, av, &avd, rc, &ad, 0);
|
||||
sid, sid, sclass, av, &avd, rc, &ad);
|
||||
if (rc2)
|
||||
return rc2;
|
||||
}
|
||||
@ -3153,9 +3153,8 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
|
||||
if (IS_ERR(isec))
|
||||
return PTR_ERR(isec);
|
||||
|
||||
return avc_has_perm_flags(&selinux_state,
|
||||
sid, isec->sid, isec->sclass, FILE__READ, &ad,
|
||||
rcu ? MAY_NOT_BLOCK : 0);
|
||||
return avc_has_perm(&selinux_state,
|
||||
sid, isec->sid, isec->sclass, FILE__READ, &ad);
|
||||
}
|
||||
|
||||
static noinline int audit_inode_permission(struct inode *inode,
|
||||
|
@ -111,7 +111,6 @@ int slow_avc_audit(struct selinux_state *state,
|
||||
* @avd: access vector decisions
|
||||
* @result: result from avc_has_perm_noaudit
|
||||
* @a: auxiliary audit data
|
||||
* @flags: VFS walk flags
|
||||
*
|
||||
* Audit the granting or denial of permissions in accordance
|
||||
* with the policy. This function is typically called by
|
||||
@ -127,8 +126,7 @@ static inline int avc_audit(struct selinux_state *state,
|
||||
u16 tclass, u32 requested,
|
||||
struct av_decision *avd,
|
||||
int result,
|
||||
struct common_audit_data *a,
|
||||
int flags)
|
||||
struct common_audit_data *a)
|
||||
{
|
||||
u32 audited, denied;
|
||||
audited = avc_audit_required(requested, avd, result, 0, &denied);
|
||||
@ -151,11 +149,6 @@ int avc_has_perm(struct selinux_state *state,
|
||||
u32 ssid, u32 tsid,
|
||||
u16 tclass, u32 requested,
|
||||
struct common_audit_data *auditdata);
|
||||
int avc_has_perm_flags(struct selinux_state *state,
|
||||
u32 ssid, u32 tsid,
|
||||
u16 tclass, u32 requested,
|
||||
struct common_audit_data *auditdata,
|
||||
int flags);
|
||||
|
||||
int avc_has_extended_perms(struct selinux_state *state,
|
||||
u32 ssid, u32 tsid, u16 tclass, u32 requested,
|
||||
|
Loading…
Reference in New Issue
Block a user