Skip to content

Commit 66ccd25

Browse files
WOnder93pcmoore
WOnder93
authored and
pcmoore
committed
selinux: simplify away security_policydb_len()
Remove the security_policydb_len() calls from sel_open_policy() and instead update the inode size from the size returned from security_read_policy(). Since after this change security_policydb_len() is only called from security_load_policy(), remove it entirely and just open-code it there. Also, since security_load_policy() is always called with policy_mutex held, make it dereference the policy pointer directly and drop the unnecessary RCU locking. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
1 parent 9ff9abc commit 66ccd25

3 files changed

Lines changed: 10 additions & 30 deletions

File tree

security/selinux/include/security.h

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -219,7 +219,6 @@ void selinux_policy_cancel(struct selinux_state *state,
219219
struct selinux_policy *policy);
220220
int security_read_policy(struct selinux_state *state,
221221
void **data, size_t *len);
222-
size_t security_policydb_len(struct selinux_state *state);
223222

224223
int security_policycap_supported(struct selinux_state *state,
225224
unsigned int req_cap);

security/selinux/selinuxfs.c

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -415,16 +415,16 @@ static int sel_open_policy(struct inode *inode, struct file *filp)
415415
if (!plm)
416416
goto err;
417417

418-
if (i_size_read(inode) != security_policydb_len(state)) {
419-
inode_lock(inode);
420-
i_size_write(inode, security_policydb_len(state));
421-
inode_unlock(inode);
422-
}
423-
424418
rc = security_read_policy(state, &plm->data, &plm->len);
425419
if (rc)
426420
goto err;
427421

422+
if ((size_t)i_size_read(inode) != plm->len) {
423+
inode_lock(inode);
424+
i_size_write(inode, plm->len);
425+
inode_unlock(inode);
426+
}
427+
428428
fsi->policy_opened = 1;
429429

430430
filp->private_data = plm;

security/selinux/ss/services.c

Lines changed: 4 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -2328,22 +2328,6 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len,
23282328
return rc;
23292329
}
23302330

2331-
size_t security_policydb_len(struct selinux_state *state)
2332-
{
2333-
struct selinux_policy *policy;
2334-
size_t len;
2335-
2336-
if (!selinux_initialized(state))
2337-
return 0;
2338-
2339-
rcu_read_lock();
2340-
policy = rcu_dereference(state->policy);
2341-
len = policy->policydb.len;
2342-
rcu_read_unlock();
2343-
2344-
return len;
2345-
}
2346-
23472331
/**
23482332
* security_port_sid - Obtain the SID for a port.
23492333
* @protocol: protocol number
@@ -3903,23 +3887,20 @@ int security_read_policy(struct selinux_state *state,
39033887
int rc;
39043888
struct policy_file fp;
39053889

3906-
if (!selinux_initialized(state))
3890+
policy = rcu_dereference_protected(
3891+
state->policy, lockdep_is_held(&state->policy_mutex));
3892+
if (!policy)
39073893
return -EINVAL;
39083894

3909-
*len = security_policydb_len(state);
3910-
3895+
*len = policy->policydb.len;
39113896
*data = vmalloc_user(*len);
39123897
if (!*data)
39133898
return -ENOMEM;
39143899

39153900
fp.data = *data;
39163901
fp.len = *len;
39173902

3918-
rcu_read_lock();
3919-
policy = rcu_dereference(state->policy);
39203903
rc = policydb_write(&policy->policydb, &fp);
3921-
rcu_read_unlock();
3922-
39233904
if (rc)
39243905
return rc;
39253906

0 commit comments

Comments
 (0)