Commit 68cfb283 authored Aug 22, 2024 by Zhen Lei Committed by Paul Moore Aug 28, 2024

selinux: simplify avc_xperms_audit_required()



By associative and commutative laws, the result of the two 'audited' is
zero. Take the second 'audited' as an example:
  1) audited = requested & avd->auditallow;
  2) audited &= ~requested;
  ==> audited = ~requested & (requested & avd->auditallow);
  ==> audited = (~requested & requested) & avd->auditallow;
  ==> audited = 0 & avd->auditallow;
  ==> audited = 0;

In fact, it is more readable to directly write zero. The value of the
first 'audited' is 0 because AUDIT is not allowed. The second 'audited'
is zero because there is no AUDITALLOW permission.

Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

parent a3422eb4

security/selinux/avc.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -388,7 +388,7 @@ static inline u32 avc_xperms_audit_required(u32 requested,
		audited = denied & avd->auditdeny;
		if (audited && xpd) {
		if (avc_xperms_has_perm(xpd, perm, XPERMS_DONTAUDIT))
		audited &= ~requested;
		audited = 0;
		}
		} else if (result) {
		audited = denied = requested;
		@@ -396,7 +396,7 @@ static inline u32 avc_xperms_audit_required(u32 requested,
		audited = requested & avd->auditallow;
		if (audited && xpd) {
		if (!avc_xperms_has_perm(xpd, perm, XPERMS_AUDITALLOW))
		audited &= ~requested;
		audited = 0;
		}
		}