Commit da2d4130 authored by Canfeng Guo's avatar Canfeng Guo Committed by Paul Moore
Browse files

selinux: Streamline type determination in security_compute_sid 



Simplifies the logic for determining the security context type in
security_compute_sid, enhancing readability and efficiency.

Consolidates default type assignment logic next to type transition
checks, removing redundancy and improving code flow.

Signed-off-by: default avatarCanfeng Guo <guocanfeng@uniontech.com>
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent 8400291e

security/selinux/ss/services.c

+19 −17
Original line number Diff line number Diff line
@@ -1804,22 +1804,9 @@ static int security_compute_sid(u32 ssid, 
			newcontext.role = OBJECT_R_VAL;

	}



	/* Set the type to default values. */

	if (cladatum && cladatum->default_type == DEFAULT_SOURCE) {

		newcontext.type = scontext->type;

	} else if (cladatum && cladatum->default_type == DEFAULT_TARGET) {

		newcontext.type = tcontext->type;

	} else {

		if ((tclass == policydb->process_class) || sock) {

			/* Use the type of process. */

			newcontext.type = scontext->type;

		} else {

			/* Use the type of the related object. */

			newcontext.type = tcontext->type;

		}

	}



	/* Look for a type transition/member/change rule. */

	/* Set the type.

	 * Look for a type transition/member/change rule.

	 */

	avkey.source_type = scontext->type;

	avkey.target_type = tcontext->type;

	avkey.target_class = tclass;
@@ -1837,9 +1824,24 @@ static int security_compute_sid(u32 ssid, 
		}

	}



	/* If a permanent rule is found, use the type from

	 * the type transition/member/change rule. Otherwise,

	 * set the type to its default values.

	 */

	if (avnode) {

		/* Use the type from the type transition/member/change rule. */

		newcontext.type = avnode->datum.u.data;

	} else if (cladatum && cladatum->default_type == DEFAULT_SOURCE) {

		newcontext.type = scontext->type;

	} else if (cladatum && cladatum->default_type == DEFAULT_TARGET) {

		newcontext.type = tcontext->type;

	} else {

		if ((tclass == policydb->process_class) || sock) {

			/* Use the type of process. */

			newcontext.type = scontext->type;

		} else {

			/* Use the type of the related object. */

			newcontext.type = tcontext->type;

		}

	}



	/* if we have a objname this is a file trans check so check those rules */