selinux: drop avtab_search() (08a12b39) · Commits · jan.koester / Linux

security/selinux/ss/avtab.c

+0 −32

Original line number	Diff line number	Diff line
		@@ -180,38 +180,6 @@ struct avtab_node avtab_insert_nonunique(struct avtab h,
		return avtab_insert_node(h, hvalue, prev, key, datum);
		}

		struct avtab_datum avtab_search(struct avtab h, const struct avtab_key *key)
		{
		int hvalue;
		struct avtab_node *cur;
		u16 specified = key->specified & ~(AVTAB_ENABLED\|AVTAB_ENABLED_OLD);

		if (!h \|\| !h->nslot)
		return NULL;

		hvalue = avtab_hash(key, h->mask);
		for (cur = h->htable[hvalue]; cur;
		cur = cur->next) {
		if (key->source_type == cur->key.source_type &&
		key->target_type == cur->key.target_type &&
		key->target_class == cur->key.target_class &&
		(specified & cur->key.specified))
		return &cur->datum;

		if (key->source_type < cur->key.source_type)
		break;
		if (key->source_type == cur->key.source_type &&
		key->target_type < cur->key.target_type)
		break;
		if (key->source_type == cur->key.source_type &&
		key->target_type == cur->key.target_type &&
		key->target_class < cur->key.target_class)
		break;
		}

		return NULL;
		}

		/* This search function returns a node pointer, and can be used in
		* conjunction with avtab_search_next_node()
		*/

+0 −1

Original line number	Diff line number	Diff line
		@@ -90,7 +90,6 @@ struct avtab {
		void avtab_init(struct avtab *h);
		int avtab_alloc(struct avtab *, u32);
		int avtab_alloc_dup(struct avtab new, const struct avtab orig);
		struct avtab_datum avtab_search(struct avtab h, const struct avtab_key *k);
		void avtab_destroy(struct avtab *h);
		void avtab_hash_eval(struct avtab h, const char tag);

+2 −2

Original line number	Diff line number	Diff line
		@@ -272,7 +272,7 @@ static int cond_insertf(struct avtab a, const struct avtab_key k,
		* cond_te_avtab.
		*/
		if (k->specified & AVTAB_TYPE) {
		if (avtab_search(&p->te_avtab, k)) {
		if (avtab_search_node(&p->te_avtab, k)) {
		pr_err("SELinux: type rule already exists outside of a conditional.\n");
		return -EINVAL;
		}
		@@ -304,7 +304,7 @@ static int cond_insertf(struct avtab a, const struct avtab_key k,
		}
		}
		} else {
		if (avtab_search(&p->te_cond_avtab, k)) {
		if (avtab_search_node(&p->te_cond_avtab, k)) {
		pr_err("SELinux: conflicting type rules when adding type rule for true.\n");
		return -EINVAL;
		}

+6 −7

Original line number	Diff line number	Diff line
		@@ -1706,8 +1706,7 @@ static int security_compute_sid(u32 ssid,
		struct context scontext, tcontext, newcontext;
		struct sidtab_entry sentry, tentry;
		struct avtab_key avkey;
		struct avtab_datum *avdatum;
		struct avtab_node *node;
		struct avtab_node avnode, node;
		u16 tclass;
		int rc = 0;
		bool sock;
		@@ -1815,22 +1814,22 @@ static int security_compute_sid(u32 ssid,
		avkey.target_type = tcontext->type;
		avkey.target_class = tclass;
		avkey.specified = specified;
		avdatum = avtab_search(&policydb->te_avtab, &avkey);
		avnode = avtab_search_node(&policydb->te_avtab, &avkey);

		/* If no permanent rule, also check for enabled conditional rules */
		if (!avdatum) {
		if (!avnode) {
		node = avtab_search_node(&policydb->te_cond_avtab, &avkey);
		for (; node; node = avtab_search_node_next(node, specified)) {
		if (node->key.specified & AVTAB_ENABLED) {
		avdatum = &node->datum;
		avnode = node;
		break;
		}
		}
		}

		if (avdatum) {
		if (avnode) {
		/* Use the type from the type transition/member/change rule. */
		newcontext.type = avdatum->u.data;
		newcontext.type = avnode->datum.u.data;
		}

		/* if we have a objname this is a file trans check so check those rules */