selinux: remove redundant selinux_nlmsg_perm
selinux_nlmsg_perm is used for only by selinux_netlink_send. Remove the redundant function to simplify the code. Fix a typo by suggestion from Stephen. Signed-off-by: Huaisheng Ye <yehs1@lenovo.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Huaisheng Ye
Paul Moore
Родитель
ae3d8c2e27
Коммит
df4779b5d2
|
|
@ -5520,44 +5520,6 @@ static int selinux_tun_dev_open(void *security)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
|
||||
{
|
||||
int err = 0;
|
||||
u32 perm;
|
||||
struct nlmsghdr *nlh;
|
||||
struct sk_security_struct *sksec = sk->sk_security;
|
||||
|
||||
if (skb->len < NLMSG_HDRLEN) {
|
||||
err = -EINVAL;
|
||||
goto out;
|
||||
}
|
||||
nlh = nlmsg_hdr(skb);
|
||||
|
||||
err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
|
||||
if (err) {
|
||||
if (err == -EINVAL) {
|
||||
pr_warn_ratelimited("SELinux: unrecognized netlink"
|
||||
" message: protocol=%hu nlmsg_type=%hu sclass=%s"
|
||||
" pig=%d comm=%s\n",
|
||||
sk->sk_protocol, nlh->nlmsg_type,
|
||||
secclass_map[sksec->sclass - 1].name,
|
||||
task_pid_nr(current), current->comm);
|
||||
if (!enforcing_enabled(&selinux_state) ||
|
||||
security_get_allow_unknown(&selinux_state))
|
||||
err = 0;
|
||||
}
|
||||
|
||||
/* Ignore */
|
||||
if (err == -ENOENT)
|
||||
err = 0;
|
||||
goto out;
|
||||
}
|
||||
|
||||
err = sock_has_perm(sk, perm);
|
||||
out:
|
||||
return err;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_NETFILTER
|
||||
|
||||
static unsigned int selinux_ip_forward(struct sk_buff *skb,
|
||||
|
|
@ -5886,7 +5848,40 @@ static unsigned int selinux_ipv6_postroute(void *priv,
|
|||
|
||||
static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
|
||||
{
|
||||
return selinux_nlmsg_perm(sk, skb);
|
||||
int err = 0;
|
||||
u32 perm;
|
||||
struct nlmsghdr *nlh;
|
||||
struct sk_security_struct *sksec = sk->sk_security;
|
||||
|
||||
if (skb->len < NLMSG_HDRLEN) {
|
||||
err = -EINVAL;
|
||||
goto out;
|
||||
}
|
||||
nlh = nlmsg_hdr(skb);
|
||||
|
||||
err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
|
||||
if (err) {
|
||||
if (err == -EINVAL) {
|
||||
pr_warn_ratelimited("SELinux: unrecognized netlink"
|
||||
" message: protocol=%hu nlmsg_type=%hu sclass=%s"
|
||||
" pid=%d comm=%s\n",
|
||||
sk->sk_protocol, nlh->nlmsg_type,
|
||||
secclass_map[sksec->sclass - 1].name,
|
||||
task_pid_nr(current), current->comm);
|
||||
if (!enforcing_enabled(&selinux_state) ||
|
||||
security_get_allow_unknown(&selinux_state))
|
||||
err = 0;
|
||||
}
|
||||
|
||||
/* Ignore */
|
||||
if (err == -ENOENT)
|
||||
err = 0;
|
||||
goto out;
|
||||
}
|
||||
|
||||
err = sock_has_perm(sk, perm);
|
||||
out:
|
||||
return err;
|
||||
}
|
||||
|
||||
static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass)
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче