[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240629041124.156720-1-guocanfeng@uniontech.com>
Date: Sat, 29 Jun 2024 12:11:24 +0800
From: Canfeng Guo <guocanfeng@...ontech.com>
To: paul@...l-moore.com
Cc: stephen.smalley.work@...il.com,
omosnace@...hat.com,
selinux@...r.kernel.org,
linux-kernel@...r.kernel.org,
Canfeng Guo <guocanfeng@...ontech.com>
Subject: [PATCH] selinux: Streamline type determination in security_compute_sid
Simplifies the logic for determining the security context type in
security_compute_sid, enhancing readability and efficiency.
Consolidates default type assignment logic next to type transition
checks, removing redundancy and improving code flow.
Signed-off-by: Canfeng Guo <guocanfeng@...ontech.com>
---
security/selinux/ss/services.c | 32 ++++++++++++++++----------------
1 file changed, 16 insertions(+), 16 deletions(-)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index e33e55384b75..0c07ebf0b1e7 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1804,21 +1804,7 @@ static int security_compute_sid(u32 ssid,
newcontext.role = OBJECT_R_VAL;
}
- /* Set the type to default values. */
- if (cladatum && cladatum->default_type == DEFAULT_SOURCE) {
- newcontext.type = scontext->type;
- } else if (cladatum && cladatum->default_type == DEFAULT_TARGET) {
- newcontext.type = tcontext->type;
- } else {
- if ((tclass == policydb->process_class) || sock) {
- /* Use the type of process. */
- newcontext.type = scontext->type;
- } else {
- /* Use the type of the related object. */
- newcontext.type = tcontext->type;
- }
- }
-
+ /* Set the type. */
/* Look for a type transition/member/change rule. */
avkey.source_type = scontext->type;
avkey.target_type = tcontext->type;
@@ -1837,9 +1823,23 @@ static int security_compute_sid(u32 ssid,
}
}
+ /* If a permanent rule is found, use the type from */
+ /* the type transition/member/change rule. Otherwise, */
+ /* set the type to its default values. */
if (avnode) {
- /* Use the type from the type transition/member/change rule. */
newcontext.type = avnode->datum.u.data;
+ } else if (cladatum && cladatum->default_type == DEFAULT_SOURCE) {
+ newcontext.type = scontext->type;
+ } else if (cladatum && cladatum->default_type == DEFAULT_TARGET) {
+ newcontext.type = tcontext->type;
+ } else {
+ if ((tclass == policydb->process_class) || sock) {
+ /* Use the type of process. */
+ newcontext.type = scontext->type;
+ } else {
+ /* Use the type of the related object. */
+ newcontext.type = tcontext->type;
+ }
}
/* if we have a objname this is a file trans check so check those rules */
--
2.20.1
Powered by blists - more mailing lists