diff options
| author | Paul Moore <paul@paul-moore.com> | 2022-11-08 13:01:19 -0500 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2022-11-09 11:00:49 -0500 |
| commit | 048be156491ff1aeb0fe5ff0862644d38cd39015 (patch) | |
| tree | 8201a4ebe4bcc2dbdf95eef34761db08e25f3132 /security/selinux/ss/sidtab.c | |
| parent | selinux: increase the deprecation sleep for checkreqprot and runtime disable (diff) | |
| download | linux-048be156491ff1aeb0fe5ff0862644d38cd39015.tar.gz linux-048be156491ff1aeb0fe5ff0862644d38cd39015.zip | |
selinux: remove the sidtab context conversion indirect calls
The sidtab conversion code has support for multiple context
conversion routines through the use of function pointers and
indirect calls. However, the reality is that all current users rely
on the same conversion routine: convert_context(). This patch does
away with this extra complexity and replaces the indirect calls
with direct function calls; allowing us to remove a layer of
obfuscation and create cleaner, more maintainable code.
Reviewed-by: Ondrej Mosnacek <omosnace@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/ss/sidtab.c')
| -rw-r--r-- | security/selinux/ss/sidtab.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c index a54b8652bfb5..1c3d2cda6b92 100644 --- a/security/selinux/ss/sidtab.c +++ b/security/selinux/ss/sidtab.c @@ -18,6 +18,7 @@ #include "flask.h" #include "security.h" #include "sidtab.h" +#include "services.h" struct sidtab_str_cache { struct rcu_head rcu_member; @@ -292,7 +293,6 @@ int sidtab_context_to_sid(struct sidtab *s, struct context *context, } count = s->count; - convert = s->convert; /* bail out if we already reached max entries */ rc = -EOVERFLOW; @@ -316,25 +316,28 @@ int sidtab_context_to_sid(struct sidtab *s, struct context *context, * if we are building a new sidtab, we need to convert the context * and insert it there as well */ + convert = s->convert; if (convert) { + struct sidtab *target = convert->target; + rc = -ENOMEM; - dst_convert = sidtab_do_lookup(convert->target, count, 1); + dst_convert = sidtab_do_lookup(target, count, 1); if (!dst_convert) { context_destroy(&dst->context); goto out_unlock; } - rc = convert->func(context, &dst_convert->context, - convert->args); + rc = services_convert_context(convert->args, + context, &dst_convert->context); if (rc) { context_destroy(&dst->context); goto out_unlock; } dst_convert->sid = index_to_sid(count); dst_convert->hash = context_compute_hash(&dst_convert->context); - convert->target->count = count + 1; + target->count = count + 1; - hash_add_rcu(convert->target->context_to_sid, + hash_add_rcu(target->context_to_sid, &dst_convert->list, dst_convert->hash); } @@ -402,9 +405,9 @@ static int sidtab_convert_tree(union sidtab_entry_inner *edst, } i = 0; while (i < SIDTAB_LEAF_ENTRIES && *pos < count) { - rc = convert->func(&esrc->ptr_leaf->entries[i].context, - &edst->ptr_leaf->entries[i].context, - convert->args); + rc = services_convert_context(convert->args, + &esrc->ptr_leaf->entries[i].context, + &edst->ptr_leaf->entries[i].context); if (rc) return rc; (*pos)++; |