Commit f01e1af445fa ("selinux: don't pass in NULL avd to avc_has_perm_noaudit")
made this pointer reassignment unnecessary. Avd should continue to reference
the stack-based copy.
Signed-off-by: Jeff Vander Stoep <[email protected]>
---
security/selinux/avc.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index afcc0ae..3c17dda 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -724,12 +724,10 @@ inline int avc_has_perm_noaudit(u32 ssid, u32 tsid,
rcu_read_lock();
node = avc_lookup(ssid, tsid, tclass);
- if (unlikely(!node)) {
+ if (unlikely(!node))
node = avc_compute_av(ssid, tsid, tclass, avd);
- } else {
+ else
memcpy(avd, &node->ae.avd, sizeof(*avd));
- avd = &node->ae.avd;
- }
denied = requested & ~(avd->allowed);
if (unlikely(denied))
--
2.2.0.rc0.207.ga3a616c
Acked-By: Nick Kralevich <[email protected]>
On Thu, Feb 26, 2015 at 1:54 PM, Jeff Vander Stoep <[email protected]> wrote:
> Commit f01e1af445fa ("selinux: don't pass in NULL avd to avc_has_perm_noaudit")
> made this pointer reassignment unnecessary. Avd should continue to reference
> the stack-based copy.
>
> Signed-off-by: Jeff Vander Stoep <[email protected]>
> ---
> security/selinux/avc.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index afcc0ae..3c17dda 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -724,12 +724,10 @@ inline int avc_has_perm_noaudit(u32 ssid, u32 tsid,
> rcu_read_lock();
>
> node = avc_lookup(ssid, tsid, tclass);
> - if (unlikely(!node)) {
> + if (unlikely(!node))
> node = avc_compute_av(ssid, tsid, tclass, avd);
> - } else {
> + else
> memcpy(avd, &node->ae.avd, sizeof(*avd));
> - avd = &node->ae.avd;
> - }
>
> denied = requested & ~(avd->allowed);
> if (unlikely(denied))
> --
> 2.2.0.rc0.207.ga3a616c
>
> _______________________________________________
> Selinux mailing list
> [email protected]
> To unsubscribe, send email to [email protected].
> To get help, send an email containing "help" to [email protected].
--
Nick Kralevich | Android Security | [email protected] | 650.214.4037
On 02/26/2015 04:54 PM, Jeff Vander Stoep wrote:
> Commit f01e1af445fa ("selinux: don't pass in NULL avd to avc_has_perm_noaudit")
> made this pointer reassignment unnecessary. Avd should continue to reference
> the stack-based copy.
>
> Signed-off-by: Jeff Vander Stoep <[email protected]>
Acked-by: Stephen Smalley <[email protected]>
> ---
> security/selinux/avc.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index afcc0ae..3c17dda 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -724,12 +724,10 @@ inline int avc_has_perm_noaudit(u32 ssid, u32 tsid,
> rcu_read_lock();
>
> node = avc_lookup(ssid, tsid, tclass);
> - if (unlikely(!node)) {
> + if (unlikely(!node))
> node = avc_compute_av(ssid, tsid, tclass, avd);
> - } else {
> + else
> memcpy(avd, &node->ae.avd, sizeof(*avd));
> - avd = &node->ae.avd;
> - }
>
> denied = requested & ~(avd->allowed);
> if (unlikely(denied))
>