Commit e6b5ebca authored by Paul Moore's avatar Paul Moore
Browse files

selinux: cleanup selinux_lsm_getattr() 



A number of small changes to selinux_lsm_getattr() to improve the
quality and readability of the code:

* Explicitly set the `value` parameter to NULL in the case where an
  attribute has not been set.
* Rename the `__tsec` variable to `tsec` to better fit the SELinux code.
* Rename `bad` to `err_unlock` to better indicate the jump target drops
  the RCU lock.

Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent 0142c566

security/selinux/hooks.c

+18 −18
Original line number Diff line number Diff line
@@ -6348,55 +6348,55 @@ static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode) 
static int selinux_lsm_getattr(unsigned int attr, struct task_struct *p,

			       char **value)

{

	const struct task_security_struct *__tsec;

	u32 sid;

	const struct task_security_struct *tsec;

	int error;

	unsigned len;

	u32 sid;

	u32 len;



	rcu_read_lock();

	__tsec = selinux_cred(__task_cred(p));



	if (current != p) {

		error = avc_has_perm(current_sid(), __tsec->sid,

	tsec = selinux_cred(__task_cred(p));

	if (p != current) {

		error = avc_has_perm(current_sid(), tsec->sid,

				     SECCLASS_PROCESS, PROCESS__GETATTR, NULL);

		if (error)

			goto bad;

			goto err_unlock;

	}



	switch (attr) {

	case LSM_ATTR_CURRENT:

		sid = __tsec->sid;

		sid = tsec->sid;

		break;

	case LSM_ATTR_PREV:

		sid = __tsec->osid;

		sid = tsec->osid;

		break;

	case LSM_ATTR_EXEC:

		sid = __tsec->exec_sid;

		sid = tsec->exec_sid;

		break;

	case LSM_ATTR_FSCREATE:

		sid = __tsec->create_sid;

		sid = tsec->create_sid;

		break;

	case LSM_ATTR_KEYCREATE:

		sid = __tsec->keycreate_sid;

		sid = tsec->keycreate_sid;

		break;

	case LSM_ATTR_SOCKCREATE:

		sid = __tsec->sockcreate_sid;

		sid = tsec->sockcreate_sid;

		break;

	default:

		error = -EOPNOTSUPP;

		goto bad;

		goto err_unlock;

	}

	rcu_read_unlock();



	if (!sid)

	if (sid == SECSID_NULL) {

		*value = NULL;

		return 0;

	}



	error = security_sid_to_context(sid, value, &len);

	if (error)

		return error;

	return len;



bad:

err_unlock:

	rcu_read_unlock();

	return error;

}