mirror of
https://github.com/FEX-Emu/linux.git
synced 2024-12-02 12:47:29 +00:00
selinux: don't pass in NULL avd to avc_has_perm_noaudit
Right now security_get_user_sids() will pass in a NULL avd pointer to avc_has_perm_noaudit(), which then forces that function to have a dummy entry for that case and just generally test it. Don't do it. The normal callers all pass a real avd pointer, and this helper function is incredibly hot. So don't make avc_has_perm_noaudit() do conditional stuff that isn't needed for the common case. This also avoids some duplicated stack space. Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
bc9bc72e2f
commit
f01e1af445
@ -752,10 +752,9 @@ int avc_ss_reset(u32 seqno)
|
||||
int avc_has_perm_noaudit(u32 ssid, u32 tsid,
|
||||
u16 tclass, u32 requested,
|
||||
unsigned flags,
|
||||
struct av_decision *in_avd)
|
||||
struct av_decision *avd)
|
||||
{
|
||||
struct avc_node *node;
|
||||
struct av_decision avd_entry, *avd;
|
||||
int rc = 0;
|
||||
u32 denied;
|
||||
|
||||
@ -766,18 +765,11 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
|
||||
node = avc_lookup(ssid, tsid, tclass);
|
||||
if (unlikely(!node)) {
|
||||
rcu_read_unlock();
|
||||
|
||||
if (in_avd)
|
||||
avd = in_avd;
|
||||
else
|
||||
avd = &avd_entry;
|
||||
|
||||
security_compute_av(ssid, tsid, tclass, avd);
|
||||
rcu_read_lock();
|
||||
node = avc_insert(ssid, tsid, tclass, avd);
|
||||
} else {
|
||||
if (in_avd)
|
||||
memcpy(in_avd, &node->ae.avd, sizeof(*in_avd));
|
||||
memcpy(avd, &node->ae.avd, sizeof(*avd));
|
||||
avd = &node->ae.avd;
|
||||
}
|
||||
|
||||
|
@ -2217,10 +2217,11 @@ out_unlock:
|
||||
goto out;
|
||||
}
|
||||
for (i = 0, j = 0; i < mynel; i++) {
|
||||
struct av_decision dummy_avd;
|
||||
rc = avc_has_perm_noaudit(fromsid, mysids[i],
|
||||
SECCLASS_PROCESS, /* kernel value */
|
||||
PROCESS__TRANSITION, AVC_STRICT,
|
||||
NULL);
|
||||
&dummy_avd);
|
||||
if (!rc)
|
||||
mysids2[j++] = mysids[i];
|
||||
cond_resched();
|
||||
|
Loading…
Reference in New Issue
Block a user