selinux: simplify avc_xperms_audit_required()

By associative and commutative laws, the result of the two 'audited' is
zero. Take the second 'audited' as an example:
  1) audited = requested & avd->auditallow;
  2) audited &= ~requested;
  ==> audited = ~requested & (requested & avd->auditallow);
  ==> audited = (~requested & requested) & avd->auditallow;
  ==> audited = 0 & avd->auditallow;
  ==> audited = 0;

In fact, it is more readable to directly write zero. The value of the
first 'audited' is 0 because AUDIT is not allowed. The second 'audited'
is zero because there is no AUDITALLOW permission.

Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 1ec377ce6d226e86607e54b6aaf90f68472276e5..e0d1a9dfaceeaac23af2c28c07aa4c8fef82aeff 100644 (file)
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -388,7 +388,7 @@ static inline u32 avc_xperms_audit_required(u32 requested,
                audited = denied & avd->auditdeny;
                if (audited && xpd) {
                        if (avc_xperms_has_perm(xpd, perm, XPERMS_DONTAUDIT))
-                               audited &= ~requested;
+                               audited = 0;
                }
        } else if (result) {
                audited = denied = requested;
@@ -396,7 +396,7 @@ static inline u32 avc_xperms_audit_required(u32 requested,
                audited = requested & avd->auditallow;
                if (audited && xpd) {
                        if (!avc_xperms_has_perm(xpd, perm, XPERMS_AUDITALLOW))
-                               audited &= ~requested;
+                               audited = 0;
                }
        }