diff options
| author | Stephen Smalley <stephen.smalley.work@gmail.com> | 2023-03-09 21:30:37 +0300 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2023-03-14 22:22:45 +0300 |
| commit | e67b79850fcc4eb5816d69d34fd82aeda350aca7 (patch) | |
| tree | ac2ab206d913dd36a95347b59bc739551651cafc /security/selinux/netlabel.c | |
| parent | f62ca0b6e31d82e0622a8e31ce5562e80edf6c3c (diff) | |
| download | linux-e67b79850fcc4eb5816d69d34fd82aeda350aca7.tar.xz | |
selinux: stop passing selinux_state pointers and their offspring
Linus observed that the pervasive passing of selinux_state pointers
introduced by me in commit aa8e712cee93 ("selinux: wrap global selinux
state") adds overhead and complexity without providing any
benefit. The original idea was to pave the way for SELinux namespaces
but those have not yet been implemented and there isn't currently
a concrete plan to do so. Remove the passing of the selinux_state
pointers, reverting to direct use of the single global selinux_state,
and likewise remove passing of child pointers like the selinux_avc.
The selinux_policy pointer remains as it is needed for atomic switching
of policies.
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: kernel test robot <lkp@intel.com>
Link: https://lore.kernel.org/oe-kbuild-all/202303101057.mZ3Gv5fK-lkp@intel.com/
Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux/netlabel.c')
| -rw-r--r-- | security/selinux/netlabel.c | 17 |
1 files changed, 6 insertions, 11 deletions
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 1321f15799e2..767c670d33ea 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -46,7 +46,7 @@ static int selinux_netlbl_sidlookup_cached(struct sk_buff *skb, { int rc; - rc = security_netlbl_secattr_to_sid(&selinux_state, secattr, sid); + rc = security_netlbl_secattr_to_sid(secattr, sid); if (rc == 0 && (secattr->flags & NETLBL_SECATTR_CACHEABLE) && (secattr->flags & NETLBL_SECATTR_CACHE)) @@ -77,8 +77,7 @@ static struct netlbl_lsm_secattr *selinux_netlbl_sock_genattr(struct sock *sk) secattr = netlbl_secattr_alloc(GFP_ATOMIC); if (secattr == NULL) return NULL; - rc = security_netlbl_sid_to_secattr(&selinux_state, sksec->sid, - secattr); + rc = security_netlbl_sid_to_secattr(sksec->sid, secattr); if (rc != 0) { netlbl_secattr_free(secattr); return NULL; @@ -245,8 +244,7 @@ int selinux_netlbl_skbuff_setsid(struct sk_buff *skb, if (secattr == NULL) { secattr = &secattr_storage; netlbl_secattr_init(secattr); - rc = security_netlbl_sid_to_secattr(&selinux_state, sid, - secattr); + rc = security_netlbl_sid_to_secattr(sid, secattr); if (rc != 0) goto skbuff_setsid_return; } @@ -283,8 +281,7 @@ int selinux_netlbl_sctp_assoc_request(struct sctp_association *asoc, return 0; netlbl_secattr_init(&secattr); - rc = security_netlbl_sid_to_secattr(&selinux_state, - asoc->secid, &secattr); + rc = security_netlbl_sid_to_secattr(asoc->secid, &secattr); if (rc != 0) goto assoc_request_return; @@ -332,8 +329,7 @@ int selinux_netlbl_inet_conn_request(struct request_sock *req, u16 family) return 0; netlbl_secattr_init(&secattr); - rc = security_netlbl_sid_to_secattr(&selinux_state, req->secid, - &secattr); + rc = security_netlbl_sid_to_secattr(req->secid, &secattr); if (rc != 0) goto inet_conn_request_return; rc = netlbl_req_setattr(req, &secattr); @@ -463,8 +459,7 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, perm = RAWIP_SOCKET__RECVFROM; } - rc = avc_has_perm(&selinux_state, - sksec->sid, nlbl_sid, sksec->sclass, perm, ad); + rc = avc_has_perm(sksec->sid, nlbl_sid, sksec->sclass, perm, ad); if (rc == 0) return 0; |