Skip to content

Commit

Permalink
selinux: simplify away security_policydb_len()
Browse files Browse the repository at this point in the history 
Remove the security_policydb_len() calls from sel_open_policy() and
instead update the inode size from the size returned from
security_read_policy().

Since after this change security_policydb_len() is only called from
security_load_policy(), remove it entirely and just open-code it there.

Also, since security_load_policy() is always called with policy_mutex
held, make it dereference the policy pointer directly and drop the
unnecessary RCU locking.

Signed-off-by: Ondrej Mosnacek <[email protected]>
Acked-by: Stephen Smalley <[email protected]>
Signed-off-by: Paul Moore <[email protected]>
  • Loading branch information
@WOnder93 @pcmoore
WOnder93 authored and pcmoore committed Aug 31, 2020
1 parent 9ff9abc commit 66ccd25
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 30 deletions.
1 change: 0 additions & 1 deletion security/selinux/include/security.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -219,7 +219,6 @@ void selinux_policy_cancel(struct selinux_state *state,
struct selinux_policy *policy);
int security_read_policy(struct selinux_state *state,
void **data, size_t *len);
size_t security_policydb_len(struct selinux_state *state);

int security_policycap_supported(struct selinux_state *state,
unsigned int req_cap);
Expand Down
12 changes: 6 additions & 6 deletions security/selinux/selinuxfs.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -415,16 +415,16 @@ static int sel_open_policy(struct inode *inode, struct file *filp)
if (!plm)
goto err;

if (i_size_read(inode) != security_policydb_len(state)) {
inode_lock(inode);
i_size_write(inode, security_policydb_len(state));
inode_unlock(inode);
}

rc = security_read_policy(state, &plm->data, &plm->len);
if (rc)
goto err;

if ((size_t)i_size_read(inode) != plm->len) {
inode_lock(inode);
i_size_write(inode, plm->len);
inode_unlock(inode);
}

fsi->policy_opened = 1;

filp->private_data = plm;
Expand Down
27 changes: 4 additions & 23 deletions security/selinux/ss/services.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2328,22 +2328,6 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len,
return rc;
}

size_t security_policydb_len(struct selinux_state *state)
{
struct selinux_policy *policy;
size_t len;

if (!selinux_initialized(state))
return 0;

rcu_read_lock();
policy = rcu_dereference(state->policy);
len = policy->policydb.len;
rcu_read_unlock();

return len;
}

/**
* security_port_sid - Obtain the SID for a port.
* @protocol: protocol number
Expand Down Expand Up @@ -3903,23 +3887,20 @@ int security_read_policy(struct selinux_state *state,
int rc;
struct policy_file fp;

if (!selinux_initialized(state))
policy = rcu_dereference_protected(
state->policy, lockdep_is_held(&state->policy_mutex));
if (!policy)
return -EINVAL;

*len = security_policydb_len(state);

*len = policy->policydb.len;
*data = vmalloc_user(*len);
if (!*data)
return -ENOMEM;

fp.data = *data;
fp.len = *len;

rcu_read_lock();
policy = rcu_dereference(state->policy);
rc = policydb_write(&policy->policydb, &fp);
rcu_read_unlock();

if (rc)
return rc;

Expand Down

0 comments on commit 66ccd25

Please sign in to comment.