Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp4053060ybl; Mon, 13 Jan 2020 07:06:42 -0800 (PST) X-Google-Smtp-Source: APXvYqwDaw0u1UYRWVMGqPiGfqImqoOtE25gKg1xNgygLKYq8yPYQ+TqhQby5zRlCey9c8t5XYrr X-Received: by 2002:aca:5bd6:: with SMTP id p205mr13345457oib.132.1578928002427; Mon, 13 Jan 2020 07:06:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578928002; cv=none; d=google.com; s=arc-20160816; b=S9x35UA+oLe+LiDjlwXd3UIWmYK+wvFpez0tJL5/SHi0Hb6m4xbSXoJKZCoyYEox8h lVQpkIZ4mOyDx2312ZGLgFf0zUfR3IVpvRdQ4qUoWE/nAZosIYSpGhMWmBpRehsdCQ1+ oqH//l5ZSohcbOa4FsiThqzggpTIcQ4md1BFEtw7dEI/FnFpjgH7qn2+viVBBLdtRLlA CmRZWFQuudGqE3s7cqXaWC57j6d5elx1m9x25yKPdATdQjpZBdrlEo3OP339Wbu4YKyf UZVMSltagCMbkcJuQyK472+0MzDW/H7SNIUf3omXmBxH0iATqoe11vDl/R4TkiduiJ+p Zzww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:domainkey-signature; bh=rfEWlhtYauL+JO/JKvLQ0nbc56CpPvRhpax6pnjMJkM=; b=jlgCo4n5dqhkj8gk6AzkAN8YJe20Te8Wf6K4Y2qjs5+7rOzgHs5meytjvm0J8HO+jd uAsz6myaxaZA9zzqWst9fI5GDarMb6d1pJG8gw6eAE8ia4UHHCa327tlk7apw27/yqX2 3YoVWw3nznaPestaUSCEpQUtG3ej84/ID/8JMkFmjxTxiVVMQa6gMogu7XIKguuFWIL7 ZeLQ1ypau+j8xJ0+4k7NY7aB2PSfT6zyQnbCbEnqAR27ymcitpPsPYdiacrUL3FHpIqI LIZiLrOo7mMWqzpedP0BMRFmOdo6I8dnDAtYtz7KvNB9sg59NYrOnA8TmzXbZC4rN2TJ aUjw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zoho.com header.s=zm2020 header.b=d6joAXlh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=zoho.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 11si7292002otu.301.2020.01.13.07.06.29; Mon, 13 Jan 2020 07:06:42 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@zoho.com header.s=zm2020 header.b=d6joAXlh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=zoho.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728813AbgAMPFV (ORCPT + 99 others); Mon, 13 Jan 2020 10:05:21 -0500 Received: from sender4-pp-o98.zoho.com ([136.143.188.98]:25820 "EHLO sender4-pp-o98.zoho.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726567AbgAMPFV (ORCPT ); Mon, 13 Jan 2020 10:05:21 -0500 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=zapps768; d=zoho.com; h=from:to:cc:subject:date:message-id; b=oKRxTbyZSWCwEM5f/v753X1q8gS0hHmuC371flxDrr912wa1ebM4k21LFAaAAQXbpH2lcJTYP+Ai p2tXo9cBfPSiEC6YoicKW0WZpyTr+FPkTKfcG34YAZz9U5kvDVki DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1578927908; s=zm2020; d=zoho.com; i=yehs2007@zoho.com; h=From:To:Cc:Subject:Date:Message-Id; bh=rfEWlhtYauL+JO/JKvLQ0nbc56CpPvRhpax6pnjMJkM=; b=d6joAXlhiYpGfaHyP3tmr9dvjYLB0s1bFKXWL/y75+3b5xRhwpPPodbX8a8y4X7F i21+7W+qKD6/opwKkom7lL47eKyFXdD0qBQKQyFmWrnOuXojjZkDSGvWXQZraNWhNKi TGfpnIAJmRLZcPBSVX+8QSMn89sAWeqbbbEHhteQ= Received: from YEHS1XPF1D05WL.lenovo.com (111.197.254.155 [111.197.254.155]) by mx.zohomail.com with SMTPS id 1578927904903470.01076834086973; Mon, 13 Jan 2020 07:05:04 -0800 (PST) From: Huaisheng Ye To: paul@paul-moore.com, sds@tycho.nsa.gov, eparis@parisplace.org, jmorris@namei.org, serge@hallyn.com Cc: tyu1@lenovo.com, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, linux-kernel@vger.kernel.org, Huaisheng Ye Subject: [PATCH v2] selinux: remove redundant selinux_nlmsg_perm Date: Mon, 13 Jan 2020 23:03:31 +0800 Message-Id: <20200113150331.34108-1-yehs2007@zoho.com> X-Mailer: git-send-email 2.17.0.windows.1 X-ZohoMailClient: External Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Huaisheng Ye selinux_nlmsg_perm is used for only by selinux_netlink_send. Remove the redundant function to simplify the code. Fix a typo by suggestion from Stephen. Signed-off-by: Huaisheng Ye Acked-by: Stephen Smalley --- security/selinux/hooks.c | 73 ++++++++++++++++++++++-------------------------- 1 file changed, 34 insertions(+), 39 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index fb1b9da..9f3f966 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -5507,44 +5507,6 @@ static int selinux_tun_dev_open(void *security) return 0; } -static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) -{ - int err = 0; - u32 perm; - struct nlmsghdr *nlh; - struct sk_security_struct *sksec = sk->sk_security; - - if (skb->len < NLMSG_HDRLEN) { - err = -EINVAL; - goto out; - } - nlh = nlmsg_hdr(skb); - - err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm); - if (err) { - if (err == -EINVAL) { - pr_warn_ratelimited("SELinux: unrecognized netlink" - " message: protocol=%hu nlmsg_type=%hu sclass=%s" - " pig=%d comm=%s\n", - sk->sk_protocol, nlh->nlmsg_type, - secclass_map[sksec->sclass - 1].name, - task_pid_nr(current), current->comm); - if (!enforcing_enabled(&selinux_state) || - security_get_allow_unknown(&selinux_state)) - err = 0; - } - - /* Ignore */ - if (err == -ENOENT) - err = 0; - goto out; - } - - err = sock_has_perm(sk, perm); -out: - return err; -} - #ifdef CONFIG_NETFILTER static unsigned int selinux_ip_forward(struct sk_buff *skb, @@ -5873,7 +5835,40 @@ static unsigned int selinux_ipv6_postroute(void *priv, static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) { - return selinux_nlmsg_perm(sk, skb); + int err = 0; + u32 perm; + struct nlmsghdr *nlh; + struct sk_security_struct *sksec = sk->sk_security; + + if (skb->len < NLMSG_HDRLEN) { + err = -EINVAL; + goto out; + } + nlh = nlmsg_hdr(skb); + + err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm); + if (err) { + if (err == -EINVAL) { + pr_warn_ratelimited("SELinux: unrecognized netlink" + " message: protocol=%hu nlmsg_type=%hu sclass=%s" + " pid=%d comm=%s\n", + sk->sk_protocol, nlh->nlmsg_type, + secclass_map[sksec->sclass - 1].name, + task_pid_nr(current), current->comm); + if (!enforcing_enabled(&selinux_state) || + security_get_allow_unknown(&selinux_state)) + err = 0; + } + + /* Ignore */ + if (err == -ENOENT) + err = 0; + goto out; + } + + err = sock_has_perm(sk, perm); +out: + return err; } static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass) -- 1.8.3.1