From: Al Viro <viro@zeniv.linux.org.uk>
To: selinux@vger.kernel.org
Subject: [PATCH 2/2] kill unused 'flags' argument in avc_has_perm_flags() and avc_audit()
Date: Thu, 10 Jun 2021 15:52:02 +0000 [thread overview]
Message-ID: <YMI1IpLMGuFvw4kd@zeniv-ca.linux.org.uk> (raw)
In-Reply-To: <YMI08apUwu1Y7Tc5@zeniv-ca.linux.org.uk>
From 565799de3ee0a295842a07a5f9a459db5e793beb Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Sat, 16 Jan 2021 15:57:49 -0500
Subject: [PATCH 2/2] kill unused 'flags' argument in avc_has_perm_flags() and
avc_audit()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
security/selinux/avc.c | 7 +++----
security/selinux/hooks.c | 5 ++---
security/selinux/include/avc.h | 7 ++-----
3 files changed, 7 insertions(+), 12 deletions(-)
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 9c3d2a29616a..10b71a0efc50 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -1179,7 +1179,7 @@ int avc_has_perm(struct selinux_state *state, u32 ssid, u32 tsid, u16 tclass,
&avd);
rc2 = avc_audit(state, ssid, tsid, tclass, requested, &avd, rc,
- auditdata, 0);
+ auditdata);
if (rc2)
return rc2;
return rc;
@@ -1187,8 +1187,7 @@ int avc_has_perm(struct selinux_state *state, u32 ssid, u32 tsid, u16 tclass,
int avc_has_perm_flags(struct selinux_state *state,
u32 ssid, u32 tsid, u16 tclass, u32 requested,
- struct common_audit_data *auditdata,
- int flags)
+ struct common_audit_data *auditdata)
{
struct av_decision avd;
int rc, rc2;
@@ -1197,7 +1196,7 @@ int avc_has_perm_flags(struct selinux_state *state,
&avd);
rc2 = avc_audit(state, ssid, tsid, tclass, requested, &avd, rc,
- auditdata, flags);
+ auditdata);
if (rc2)
return rc2;
return rc;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f22ad1229471..2ae55348bd1c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1676,7 +1676,7 @@ static int cred_has_capability(const struct cred *cred,
sid, sid, sclass, av, 0, &avd);
if (!(opts & CAP_OPT_NOAUDIT)) {
int rc2 = avc_audit(&selinux_state,
- sid, sid, sclass, av, &avd, rc, &ad, 0);
+ sid, sid, sclass, av, &avd, rc, &ad);
if (rc2)
return rc2;
}
@@ -3154,8 +3154,7 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
return PTR_ERR(isec);
return avc_has_perm_flags(&selinux_state,
- sid, isec->sid, isec->sclass, FILE__READ, &ad,
- rcu ? MAY_NOT_BLOCK : 0);
+ sid, isec->sid, isec->sclass, FILE__READ, &ad);
}
static noinline int audit_inode_permission(struct inode *inode,
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index c3bbfc8e8b46..098f31c415e2 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -111,7 +111,6 @@ int slow_avc_audit(struct selinux_state *state,
* @avd: access vector decisions
* @result: result from avc_has_perm_noaudit
* @a: auxiliary audit data
- * @flags: VFS walk flags
*
* Audit the granting or denial of permissions in accordance
* with the policy. This function is typically called by
@@ -127,8 +126,7 @@ static inline int avc_audit(struct selinux_state *state,
u16 tclass, u32 requested,
struct av_decision *avd,
int result,
- struct common_audit_data *a,
- int flags)
+ struct common_audit_data *a)
{
u32 audited, denied;
audited = avc_audit_required(requested, avd, result, 0, &denied);
@@ -154,8 +152,7 @@ int avc_has_perm(struct selinux_state *state,
int avc_has_perm_flags(struct selinux_state *state,
u32 ssid, u32 tsid,
u16 tclass, u32 requested,
- struct common_audit_data *auditdata,
- int flags);
+ struct common_audit_data *auditdata);
int avc_has_extended_perms(struct selinux_state *state,
u32 ssid, u32 tsid, u16 tclass, u32 requested,
--
2.11.0
next prev parent reply other threads:[~2021-06-10 15:52 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-10 15:51 [PATCH 1/2] selinux: slow_avc_audit has become non-blocking Al Viro
2021-06-10 15:52 ` Al Viro [this message]
2021-06-10 22:41 ` [PATCH 2/2] kill unused 'flags' argument in avc_has_perm_flags() and avc_audit() Paul Moore
2021-06-10 23:12 ` [PATCH 1/2] selinux: slow_avc_audit has become non-blocking Paul Moore
2021-06-11 1:45 ` Al Viro
2021-06-11 1:51 ` Paul Moore
2021-06-11 17:18 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YMI1IpLMGuFvw4kd@zeniv-ca.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.