[PATCH 09/10] ipe: don't bother with removal of files in directory we'll be removing

Wed, 11 Jun 2025 20:20:45 -0700 

... and use securityfs_remove() instead of securityfs_recursive_remove()

Signed-off-by: Al Viro <[email protected]>
---
 security/ipe/fs.c        | 32 ++++++++++++--------------------
 security/ipe/policy_fs.c |  4 ++--
 2 files changed, 14 insertions(+), 22 deletions(-)

diff --git a/security/ipe/fs.c b/security/ipe/fs.c
index f40e50bfd2e7..0bb9468b8026 100644
--- a/security/ipe/fs.c
+++ b/security/ipe/fs.c
@@ -12,11 +12,8 @@
 #include "policy.h"
 #include "audit.h"
 
-static struct dentry *np __ro_after_init;
 static struct dentry *root __ro_after_init;
 struct dentry *policy_root __ro_after_init;
-static struct dentry *audit_node __ro_after_init;
-static struct dentry *enforce_node __ro_after_init;
 
 /**
  * setaudit() - Write handler for the securityfs node, "ipe/success_audit"
@@ -200,27 +197,26 @@ static int __init ipe_init_securityfs(void)
 {
        int rc = 0;
        struct ipe_policy *ap;
+       struct dentry *dentry;
 
        if (!ipe_enabled)
                return -EOPNOTSUPP;
 
        root = securityfs_create_dir("ipe", NULL);
-       if (IS_ERR(root)) {
-               rc = PTR_ERR(root);
-               goto err;
-       }
+       if (IS_ERR(root))
+               return PTR_ERR(root);
 
-       audit_node = securityfs_create_file("success_audit", 0600, root,
+       dentry = securityfs_create_file("success_audit", 0600, root,
                                            NULL, &audit_fops);
-       if (IS_ERR(audit_node)) {
-               rc = PTR_ERR(audit_node);
+       if (IS_ERR(dentry)) {
+               rc = PTR_ERR(dentry);
                goto err;
        }
 
-       enforce_node = securityfs_create_file("enforce", 0600, root, NULL,
+       dentry = securityfs_create_file("enforce", 0600, root, NULL,
                                              &enforce_fops);
-       if (IS_ERR(enforce_node)) {
-               rc = PTR_ERR(enforce_node);
+       if (IS_ERR(dentry)) {
+               rc = PTR_ERR(dentry);
                goto err;
        }
 
@@ -237,18 +233,14 @@ static int __init ipe_init_securityfs(void)
                        goto err;
        }
 
-       np = securityfs_create_file("new_policy", 0200, root, NULL, &np_fops);
-       if (IS_ERR(np)) {
-               rc = PTR_ERR(np);
+       dentry = securityfs_create_file("new_policy", 0200, root, NULL, 
&np_fops);
+       if (IS_ERR(dentry)) {
+               rc = PTR_ERR(dentry);
                goto err;
        }
 
        return 0;
 err:
-       securityfs_remove(np);
-       securityfs_remove(policy_root);
-       securityfs_remove(enforce_node);
-       securityfs_remove(audit_node);
        securityfs_remove(root);
        return rc;
 }
diff --git a/security/ipe/policy_fs.c b/security/ipe/policy_fs.c
index db26032ccbe1..9d92d8a14b13 100644
--- a/security/ipe/policy_fs.c
+++ b/security/ipe/policy_fs.c
@@ -438,7 +438,7 @@ static const struct ipefs_file policy_subdir[] = {
  */
 void ipe_del_policyfs_node(struct ipe_policy *p)
 {
-       securityfs_recursive_remove(p->policyfs);
+       securityfs_remove(p->policyfs);
        p->policyfs = NULL;
 }
 
@@ -485,6 +485,6 @@ int ipe_new_policyfs_node(struct ipe_policy *p)
 
        return 0;
 err:
-       securityfs_recursive_remove(policyfs);
+       securityfs_remove(policyfs);
        return rc;
 }
-- 
2.39.5

Reply via email to