selinux: drop avtab_search()

avtab_search() shares the same logic with avtab_search_node(), except
that it returns, if found, a pointer to the struct avtab_node member
datum instead of the node itself.  Since the member is an embedded
struct, and not a pointer, the returned value of avtab_search() and
avtab_search_node() will always in unison either be NULL or non-NULL.

Drop avtab_search() and replace its calls by avtab_search_node() to
deduplicate logic and adopt the only caller caring for the type of
the returned value accordingly.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
index 8d7c14ca27a2af5dd7d7097f2a579cf028c632cc..5fd439c5b8a4ef0ae96e9721a0473124639d1279 100644 (file)
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@@ -180,38 +180,6 @@ struct avtab_node *avtab_insert_nonunique(struct avtab *h,
        return avtab_insert_node(h, hvalue, prev, key, datum);
 }
 
-struct avtab_datum *avtab_search(struct avtab *h, const struct avtab_key *key)
-{
-       int hvalue;
-       struct avtab_node *cur;
-       u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD);
-
-       if (!h || !h->nslot)
-               return NULL;
-
-       hvalue = avtab_hash(key, h->mask);
-       for (cur = h->htable[hvalue]; cur;
-            cur = cur->next) {
-               if (key->source_type == cur->key.source_type &&
-                   key->target_type == cur->key.target_type &&
-                   key->target_class == cur->key.target_class &&
-                   (specified & cur->key.specified))
-                       return &cur->datum;
-
-               if (key->source_type < cur->key.source_type)
-                       break;
-               if (key->source_type == cur->key.source_type &&
-                   key->target_type < cur->key.target_type)
-                       break;
-               if (key->source_type == cur->key.source_type &&
-                   key->target_type == cur->key.target_type &&
-                   key->target_class < cur->key.target_class)
-                       break;
-       }
-
-       return NULL;
-}
-
 /* This search function returns a node pointer, and can be used in
  * conjunction with avtab_search_next_node()
  */

diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h
index f265e9da18e2f6b03b7218eed791d99ddcf611f5..c2b88430c91698a680501085d070d369ecd13ef4 100644 (file)
--- a/security/selinux/ss/avtab.h
+++ b/security/selinux/ss/avtab.h
@@ -90,7 +90,6 @@ struct avtab {
 void avtab_init(struct avtab *h);
 int avtab_alloc(struct avtab *, u32);
 int avtab_alloc_dup(struct avtab *new, const struct avtab *orig);
-struct avtab_datum *avtab_search(struct avtab *h, const struct avtab_key *k);
 void avtab_destroy(struct avtab *h);
 void avtab_hash_eval(struct avtab *h, const char *tag);
 

diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index b156c181c3c1687ac9f66bd07da0c82f1f472583..81ff676f209a808c5688dfe88609f16471cbca42 100644 (file)
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -272,7 +272,7 @@ static int cond_insertf(struct avtab *a, const struct avtab_key *k,
         * cond_te_avtab.
         */
        if (k->specified & AVTAB_TYPE) {
-               if (avtab_search(&p->te_avtab, k)) {
+               if (avtab_search_node(&p->te_avtab, k)) {
                        pr_err("SELinux: type rule already exists outside of a conditional.\n");
                        return -EINVAL;
                }
@@ -304,7 +304,7 @@ static int cond_insertf(struct avtab *a, const struct avtab_key *k,
                                }
                        }
                } else {
-                       if (avtab_search(&p->te_cond_avtab, k)) {
+                       if (avtab_search_node(&p->te_cond_avtab, k)) {
                                pr_err("SELinux: conflicting type rules when adding type rule for true.\n");
                                return -EINVAL;
                        }

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 83b85536cd2bad489306d8db62164a153fb06e3a..fa47e4e38935aa386f433ecd406c09e5f13cc0ea 100644 (file)
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1706,8 +1706,7 @@ static int security_compute_sid(u32 ssid,
        struct context *scontext, *tcontext, newcontext;
        struct sidtab_entry *sentry, *tentry;
        struct avtab_key avkey;
-       struct avtab_datum *avdatum;
-       struct avtab_node *node;
+       struct avtab_node *avnode, *node;
        u16 tclass;
        int rc = 0;
        bool sock;
@@ -1815,22 +1814,22 @@ retry:
        avkey.target_type = tcontext->type;
        avkey.target_class = tclass;
        avkey.specified = specified;
-       avdatum = avtab_search(&policydb->te_avtab, &avkey);
+       avnode = avtab_search_node(&policydb->te_avtab, &avkey);
 
        /* If no permanent rule, also check for enabled conditional rules */
-       if (!avdatum) {
+       if (!avnode) {
                node = avtab_search_node(&policydb->te_cond_avtab, &avkey);
                for (; node; node = avtab_search_node_next(node, specified)) {
                        if (node->key.specified & AVTAB_ENABLED) {
-                               avdatum = &node->datum;
+                               avnode = node;
                                break;
                        }
                }
        }
 
-       if (avdatum) {
+       if (avnode) {
                /* Use the type from the type transition/member/change rule. */
-               newcontext.type = avdatum->u.data;
+               newcontext.type = avnode->datum.u.data;
        }
 
        /* if we have a objname this is a file trans check so check those rules */