selinux: avoid unnecessary indirection in struct level_datum

Store the owned member of type struct mls_level directly in the parent
struct instead of an extra heap allocation.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index 989c809d310d69cfb9369cab73c1aec588ce9225..a6e49269f5351df096da8c9fb56103a2f7b0ee9d 100644 (file)
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -171,7 +171,7 @@ int mls_level_isvalid(struct policydb *p, struct mls_level *l)
         * levdatum->level->cat and no bit in l->cat is larger than
         * p->p_cats.nprim.
         */
-       return ebitmap_contains(&levdatum->level->cat, &l->cat,
+       return ebitmap_contains(&levdatum->level.cat, &l->cat,
                                p->p_cats.nprim);
 }
 
@@ -289,7 +289,7 @@ int mls_context_to_sid(struct policydb *pol, char oldc, char *scontext,
                levdatum = symtab_search(&pol->p_levels, sensitivity);
                if (!levdatum)
                        return -EINVAL;
-               context->range.level[l].sens = levdatum->level->sens;
+               context->range.level[l].sens = levdatum->level.sens;
 
                /* Extract category set. */
                while (next_cat != NULL) {
@@ -456,7 +456,7 @@ int mls_convert_context(struct policydb *oldp, struct policydb *newp,
 
                if (!levdatum)
                        return -EINVAL;
-               newc->range.level[l].sens = levdatum->level->sens;
+               newc->range.level[l].sens = levdatum->level.sens;
 
                ebitmap_for_each_positive_bit(&oldc->range.level[l].cat, node,
                                              i)

diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 1b9fdda03e91e9c0950694b0e90ae7641a7bcfe1..0850ea6ae018562e42516b3fc03a09aed9ed9d8f 100644 (file)
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -301,9 +301,7 @@ static int sens_destroy(void *key, void *datum, void *p)
        kfree(key);
        if (datum) {
                levdatum = datum;
-               if (levdatum->level)
-                       ebitmap_destroy(&levdatum->level->cat);
-               kfree(levdatum->level);
+               ebitmap_destroy(&levdatum->level.cat);
        }
        kfree(datum);
        return 0;
@@ -635,11 +633,11 @@ static int sens_index(void *key, void *datum, void *datap)
        p = datap;
 
        if (!levdatum->isalias) {
-               if (!levdatum->level->sens ||
-                   levdatum->level->sens > p->p_levels.nprim)
+               if (!levdatum->level.sens ||
+                   levdatum->level.sens > p->p_levels.nprim)
                        return -EINVAL;
 
-               p->sym_val_to_name[SYM_LEVELS][levdatum->level->sens - 1] = key;
+               p->sym_val_to_name[SYM_LEVELS][levdatum->level.sens - 1] = key;
        }
 
        return 0;
@@ -1618,12 +1616,7 @@ static int sens_read(struct policydb *p, struct symtab *s, struct policy_file *f
        if (rc)
                goto bad;
 
-       rc = -ENOMEM;
-       levdatum->level = kmalloc(sizeof(*levdatum->level), GFP_KERNEL);
-       if (!levdatum->level)
-               goto bad;
-
-       rc = mls_read_level(levdatum->level, fp);
+       rc = mls_read_level(&levdatum->level, fp);
        if (rc)
                goto bad;
 
@@ -2844,7 +2837,7 @@ static int sens_write(void *vkey, void *datum, void *ptr)
        if (rc)
                return rc;
 
-       rc = mls_write_level(levdatum->level, fp);
+       rc = mls_write_level(&levdatum->level, fp);
        if (rc)
                return rc;
 

diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index c699fa52f59ac5a7e8b7a499ed66421461d96073..80d1fa7e49954b3c848f30a9102e4f8607f733b9 100644 (file)
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -126,7 +126,7 @@ struct user_datum {
 
 /* Sensitivity attributes */
 struct level_datum {
-       struct mls_level *level; /* sensitivity and associated categories */
+       struct mls_level level; /* sensitivity and associated categories */
        unsigned char isalias; /* is this sensitivity an alias for another? */
 };