selinux: refactor sidtab conversion (5386e6ca) · Commits · e / devices / android_kernel_fairphone_FP5

security/selinux/ss/services.c

+1 −21

Original line number	Diff line number	Diff line
		@@ -1880,19 +1880,6 @@ int security_change_sid(struct selinux_state *state,
		out_sid, false);
		}

		/* Clone the SID into the new SID table. */
		static int clone_sid(u32 sid,
		struct context *context,
		void *arg)
		{
		struct sidtab *s = arg;

		if (sid > SECINITSID_NUM)
		return sidtab_insert(s, sid, context);
		else
		return 0;
		}

		static inline int convert_context_handle_invalid_context(
		struct selinux_state *state,
		struct context *context)
		@@ -2186,13 +2173,6 @@ int security_load_policy(struct selinux_state state, void data, size_t len)
		goto err;
		}

		/* Clone the SID table. */
		sidtab_shutdown(sidtab);

		rc = sidtab_map(sidtab, clone_sid, &newsidtab);
		if (rc)
		goto err;

		/*
		* Convert the internal representations of contexts
		* in the new SID table.
		@@ -2200,7 +2180,7 @@ int security_load_policy(struct selinux_state state, void data, size_t len)
		args.state = state;
		args.oldp = policydb;
		args.newp = newpolicydb;
		rc = sidtab_map(&newsidtab, convert_context, &args);
		rc = sidtab_convert(sidtab, &newsidtab, convert_context, &args);
		if (rc) {
		pr_err("SELinux: unable to convert the internal"
		" representation of contexts in the new SID"

+36 −14

Original line number	Diff line number	Diff line
		@@ -116,7 +116,7 @@ struct context sidtab_search_force(struct sidtab s, u32 sid)
		return sidtab_search_core(s, sid, 1);
		}

		int sidtab_map(struct sidtab *s,
		static int sidtab_map(struct sidtab *s,
		int (*apply)(u32 sid,
		struct context *context,
		void *args),
		@@ -141,6 +141,37 @@ int sidtab_map(struct sidtab *s,
		return rc;
		}

		/* Clone the SID into the new SID table. */
		static int clone_sid(u32 sid, struct context context, void arg)
		{
		struct sidtab *s = arg;

		if (sid > SECINITSID_NUM)
		return sidtab_insert(s, sid, context);
		else
		return 0;
		}

		int sidtab_convert(struct sidtab s, struct sidtab news,
		int (*convert)(u32 sid,
		struct context *context,
		void *args),
		void *args)
		{
		unsigned long flags;
		int rc;

		spin_lock_irqsave(&s->lock, flags);
		s->shutdown = 1;
		spin_unlock_irqrestore(&s->lock, flags);

		rc = sidtab_map(s, clone_sid, news);
		if (rc)
		return rc;

		return sidtab_map(news, convert, args);
		}

		static void sidtab_update_cache(struct sidtab s, struct sidtab_node n, int loc)
		{
		BUG_ON(loc >= SIDTAB_CACHE_LEN);
		@@ -295,12 +326,3 @@ void sidtab_set(struct sidtab dst, struct sidtab src)
		dst->cache[i] = NULL;
		spin_unlock_irqrestore(&src->lock, flags);
		}

		void sidtab_shutdown(struct sidtab *s)
		{
		unsigned long flags;

		spin_lock_irqsave(&s->lock, flags);
		s->shutdown = 1;
		spin_unlock_irqrestore(&s->lock, flags);
		}

+5 −6

Original line number	Diff line number	Diff line
		@@ -37,7 +37,7 @@ int sidtab_insert(struct sidtab s, u32 sid, struct context context);
		struct context sidtab_search(struct sidtab s, u32 sid);
		struct context sidtab_search_force(struct sidtab s, u32 sid);

		int sidtab_map(struct sidtab *s,
		int sidtab_convert(struct sidtab s, struct sidtab news,
		int (*apply)(u32 sid,
		struct context *context,
		void *args),
		@@ -50,7 +50,6 @@ int sidtab_context_to_sid(struct sidtab *s,
		void sidtab_hash_eval(struct sidtab h, char tag);
		void sidtab_destroy(struct sidtab *s);
		void sidtab_set(struct sidtab dst, struct sidtab src);
		void sidtab_shutdown(struct sidtab *s);

		#endif /* _SS_SIDTAB_H_ */