On Mon, 2013-06-03 at 14:59 -0400, Eric Paris wrote: > selinux_inode_permission had some heavy lifting done to make it more > performance polite. But it still does largely the same thing as > inode_has_perm. So move that work into inode_has_perm and call > inode_has_perm from selinux_inode_permission. > > Signed-off-by: Eric Paris <epa...@redhat.com> > --- > security/selinux/hooks.c | 92 > ++++++++++++++++++++++-------------------------- > 1 file changed, 42 insertions(+), 50 deletions(-) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 5c6f2cd..cfecb52 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c
> @@ -1514,6 +1538,14 @@ static int inode_has_perm(const struct cred *cred, > sid = cred_sid(cred); > isec = inode->i_security; > > + rc = avc_has_perm_noaudit(sid, isec->sid, isec->sclass, perms, 0, &avd); > + audited = avc_audit_required(perms, &avd, rc, dontaudit, &denied); > + if (likely(!audited)) > + return rc; > + > + rc2 = audit_inode_permission(inode, adp, perms, audited, denied, flags); > + if (rc2) > + return rc2; > return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, > flags); > } > Should just return rc, not avc_has_perm_flags(). I fixed that in the 2/2 patch and this should work just fine. Kills a little performance, but still works. -Eric -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
