selinux: Streamline type determination in security_compute_sid

Simplifies the logic for determining the security context type in
security_compute_sid, enhancing readability and efficiency.

Consolidates default type assignment logic next to type transition
checks, removing redundancy and improving code flow.

Signed-off-by: Canfeng Guo <guocanfeng@uniontech.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index e33e55384b75aaf1468af0209a3189db1f0e0dd2..a9830fbfc5c66c62c6d93643f142de25c347c5a7 100644 (file)
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1804,22 +1804,9 @@ retry:
                        newcontext.role = OBJECT_R_VAL;
        }
 
-       /* Set the type to default values. */
-       if (cladatum && cladatum->default_type == DEFAULT_SOURCE) {
-               newcontext.type = scontext->type;
-       } else if (cladatum && cladatum->default_type == DEFAULT_TARGET) {
-               newcontext.type = tcontext->type;
-       } else {
-               if ((tclass == policydb->process_class) || sock) {
-                       /* Use the type of process. */
-                       newcontext.type = scontext->type;
-               } else {
-                       /* Use the type of the related object. */
-                       newcontext.type = tcontext->type;
-               }
-       }
-
-       /* Look for a type transition/member/change rule. */
+       /* Set the type.
+        * Look for a type transition/member/change rule.
+        */
        avkey.source_type = scontext->type;
        avkey.target_type = tcontext->type;
        avkey.target_class = tclass;
@@ -1837,9 +1824,24 @@ retry:
                }
        }
 
+       /* If a permanent rule is found, use the type from
+        * the type transition/member/change rule. Otherwise,
+        * set the type to its default values.
+        */
        if (avnode) {
-               /* Use the type from the type transition/member/change rule. */
                newcontext.type = avnode->datum.u.data;
+       } else if (cladatum && cladatum->default_type == DEFAULT_SOURCE) {
+               newcontext.type = scontext->type;
+       } else if (cladatum && cladatum->default_type == DEFAULT_TARGET) {
+               newcontext.type = tcontext->type;
+       } else {
+               if ((tclass == policydb->process_class) || sock) {
+                       /* Use the type of process. */
+                       newcontext.type = scontext->type;
+               } else {
+                       /* Use the type of the related object. */
+                       newcontext.type = tcontext->type;
+               }
        }
 
        /* if we have a objname this is a file trans check so check those rules */