diff options
author | Eric Paris <eparis@redhat.com> | 2010-11-23 11:40:09 -0500 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2010-11-30 17:28:57 -0500 |
commit | 7ae9f23cbd3ef9daff7f768da4bfd4c56b19300d (patch) | |
tree | 8a92d6d1f05268c27f0e37d5684e947c6111d89e /security | |
parent | 4b02b524487622ce1cf472123899520b583f47dc (diff) | |
download | kernel_goldelico_gta04-7ae9f23cbd3ef9daff7f768da4bfd4c56b19300d.zip kernel_goldelico_gta04-7ae9f23cbd3ef9daff7f768da4bfd4c56b19300d.tar.gz kernel_goldelico_gta04-7ae9f23cbd3ef9daff7f768da4bfd4c56b19300d.tar.bz2 |
selinux: rework security_netlbl_secattr_to_sid
security_netlbl_secattr_to_sid is difficult to follow, especially the
return codes. Try to make the function obvious.
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/ss/services.c | 42 |
1 files changed, 21 insertions, 21 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 84e2a98..ab6dbce 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -3041,7 +3041,7 @@ static void security_netlbl_cache_add(struct netlbl_lsm_secattr *secattr, int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, u32 *sid) { - int rc = -EIDRM; + int rc; struct context *ctx; struct context ctx_new; @@ -3052,16 +3052,15 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, read_lock(&policy_rwlock); - if (secattr->flags & NETLBL_SECATTR_CACHE) { + if (secattr->flags & NETLBL_SECATTR_CACHE) *sid = *(u32 *)secattr->cache->data; - rc = 0; - } else if (secattr->flags & NETLBL_SECATTR_SECID) { + else if (secattr->flags & NETLBL_SECATTR_SECID) *sid = secattr->attr.secid; - rc = 0; - } else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) { + else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) { + rc = -EIDRM; ctx = sidtab_search(&sidtab, SECINITSID_NETMSG); if (ctx == NULL) - goto netlbl_secattr_to_sid_return; + goto out; context_init(&ctx_new); ctx_new.user = ctx->user; @@ -3069,34 +3068,35 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, ctx_new.type = ctx->type; mls_import_netlbl_lvl(&ctx_new, secattr); if (secattr->flags & NETLBL_SECATTR_MLS_CAT) { - if (ebitmap_netlbl_import(&ctx_new.range.level[0].cat, - secattr->attr.mls.cat) != 0) - goto netlbl_secattr_to_sid_return; + rc = ebitmap_netlbl_import(&ctx_new.range.level[0].cat, + secattr->attr.mls.cat); + if (rc) + goto out; memcpy(&ctx_new.range.level[1].cat, &ctx_new.range.level[0].cat, sizeof(ctx_new.range.level[0].cat)); } - if (mls_context_isvalid(&policydb, &ctx_new) != 1) - goto netlbl_secattr_to_sid_return_cleanup; + rc = -EIDRM; + if (!mls_context_isvalid(&policydb, &ctx_new)) + goto out_free; rc = sidtab_context_to_sid(&sidtab, &ctx_new, sid); - if (rc != 0) - goto netlbl_secattr_to_sid_return_cleanup; + if (rc) + goto out_free; security_netlbl_cache_add(secattr, *sid); ebitmap_destroy(&ctx_new.range.level[0].cat); - } else { + } else *sid = SECSID_NULL; - rc = 0; - } -netlbl_secattr_to_sid_return: read_unlock(&policy_rwlock); - return rc; -netlbl_secattr_to_sid_return_cleanup: + return 0; +out_free: ebitmap_destroy(&ctx_new.range.level[0].cat); - goto netlbl_secattr_to_sid_return; +out: + read_unlock(&policy_rwlock); + return rc; } /** |