]> git.baikalelectronics.ru Git - kernel.git/commitdiff
selinux: kill 'flags' argument in avc_has_perm_flags() and avc_audit()
authorAl Viro <viro@zeniv.linux.org.uk>
Sat, 16 Jan 2021 20:57:49 +0000 (15:57 -0500)
committerPaul Moore <paul@paul-moore.com>
Fri, 11 Jun 2021 17:11:45 +0000 (13:11 -0400)
... along with avc_has_perm_flags() itself, since now it's identical
to avc_has_perm() (as pointed out by Paul Moore)

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
[PM: add "selinux:" prefix to subj and tweak for length]
Signed-off-by: Paul Moore <paul@paul-moore.com>
security/selinux/avc.c
security/selinux/hooks.c
security/selinux/include/avc.h

index 9322687cb0303df2bf9aa76b5bc109f057732ad2..97f4c944a20ff6100715dea043dbcb5f70da120d 100644 (file)
@@ -1180,25 +1180,7 @@ int avc_has_perm(struct selinux_state *state, u32 ssid, u32 tsid, u16 tclass,
                                  &avd);
 
        rc2 = avc_audit(state, ssid, tsid, tclass, requested, &avd, rc,
-                       auditdata, 0);
-       if (rc2)
-               return rc2;
-       return rc;
-}
-
-int avc_has_perm_flags(struct selinux_state *state,
-                      u32 ssid, u32 tsid, u16 tclass, u32 requested,
-                      struct common_audit_data *auditdata,
-                      int flags)
-{
-       struct av_decision avd;
-       int rc, rc2;
-
-       rc = avc_has_perm_noaudit(state, ssid, tsid, tclass, requested, 0,
-                                 &avd);
-
-       rc2 = avc_audit(state, ssid, tsid, tclass, requested, &avd, rc,
-                       auditdata, flags);
+                       auditdata);
        if (rc2)
                return rc2;
        return rc;
index 4e64f681e5d120cb6083de239e49615705442091..b0032c42333eb82138e1c8861d8b8874c970f394 100644 (file)
@@ -1676,7 +1676,7 @@ static int cred_has_capability(const struct cred *cred,
                                  sid, sid, sclass, av, 0, &avd);
        if (!(opts & CAP_OPT_NOAUDIT)) {
                int rc2 = avc_audit(&selinux_state,
-                                   sid, sid, sclass, av, &avd, rc, &ad, 0);
+                                   sid, sid, sclass, av, &avd, rc, &ad);
                if (rc2)
                        return rc2;
        }
@@ -3153,9 +3153,8 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
        if (IS_ERR(isec))
                return PTR_ERR(isec);
 
-       return avc_has_perm_flags(&selinux_state,
-                                 sid, isec->sid, isec->sclass, FILE__READ, &ad,
-                                 rcu ? MAY_NOT_BLOCK : 0);
+       return avc_has_perm(&selinux_state,
+                                 sid, isec->sid, isec->sclass, FILE__READ, &ad);
 }
 
 static noinline int audit_inode_permission(struct inode *inode,
index c3bbfc8e8b4627728cada24dcd2e8f80f5582af2..00f78be48283685b1782227147df7ff8ed8fc7b3 100644 (file)
@@ -111,7 +111,6 @@ int slow_avc_audit(struct selinux_state *state,
  * @avd: access vector decisions
  * @result: result from avc_has_perm_noaudit
  * @a:  auxiliary audit data
- * @flags: VFS walk flags
  *
  * Audit the granting or denial of permissions in accordance
  * with the policy.  This function is typically called by
@@ -127,8 +126,7 @@ static inline int avc_audit(struct selinux_state *state,
                            u16 tclass, u32 requested,
                            struct av_decision *avd,
                            int result,
-                           struct common_audit_data *a,
-                           int flags)
+                           struct common_audit_data *a)
 {
        u32 audited, denied;
        audited = avc_audit_required(requested, avd, result, 0, &denied);
@@ -151,11 +149,6 @@ int avc_has_perm(struct selinux_state *state,
                 u32 ssid, u32 tsid,
                 u16 tclass, u32 requested,
                 struct common_audit_data *auditdata);
-int avc_has_perm_flags(struct selinux_state *state,
-                      u32 ssid, u32 tsid,
-                      u16 tclass, u32 requested,
-                      struct common_audit_data *auditdata,
-                      int flags);
 
 int avc_has_extended_perms(struct selinux_state *state,
                           u32 ssid, u32 tsid, u16 tclass, u32 requested,