From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 24 Aug 2022 14:55:50 +0000 (+0200)
Subject: selinux-util: modernizations
X-Git-Tag: v252-rc1~349^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=09f7e8d603b8e4ba628d66d8c6aeda8acad3ee0f;p=thirdparty%2Fsystemd.git

selinux-util: modernizations

Let's no bother with reading return value of libselinux API calls into
r, if the actual error is in errno anyway.

Let's remove one unnecessary strdup()

Let's rename a return parameter ret_xyz
---

diff --git a/src/shared/selinux-util.c b/src/shared/selinux-util.c
index 57f330f8bc3..336d7f5c968 100644
--- a/src/shared/selinux-util.c
+++ b/src/shared/selinux-util.c
@@ -372,7 +372,6 @@ int mac_selinux_get_create_label_from_exe(const char *exe, char **label) {
 #if HAVE_SELINUX
         _cleanup_freecon_ char *mycon = NULL, *fcon = NULL;
         security_class_t sclass;
-        int r;
 
         assert(exe);
         assert(label);
@@ -380,12 +379,10 @@ int mac_selinux_get_create_label_from_exe(const char *exe, char **label) {
         if (!mac_selinux_use())
                 return -EOPNOTSUPP;
 
-        r = getcon_raw(&mycon);
-        if (r < 0)
+        if (getcon_raw(&mycon) < 0)
                 return -errno;
 
-        r = getfilecon_raw(exe, &fcon);
-        if (r < 0)
+        if (getfilecon_raw(exe, &fcon) < 0)
                 return -errno;
 
         sclass = string_to_security_class("process");
@@ -411,36 +408,29 @@ int mac_selinux_get_our_label(char **label) {
 #endif
 }
 
-int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *exec_label, char **label) {
+int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *exec_label, char **ret_label) {
 #if HAVE_SELINUX
         _cleanup_freecon_ char *mycon = NULL, *peercon = NULL, *fcon = NULL;
         _cleanup_context_free_ context_t pcon = NULL, bcon = NULL;
+        const char *range = NULL, *bcon_str = NULL;
         security_class_t sclass;
-        const char *range = NULL;
-        int r;
 
         assert(socket_fd >= 0);
         assert(exe);
-        assert(label);
+        assert(ret_label);
 
         if (!mac_selinux_use())
                 return -EOPNOTSUPP;
 
-        r = getcon_raw(&mycon);
-        if (r < 0)
+        if (getcon_raw(&mycon) < 0)
                 return -errno;
 
-        r = getpeercon_raw(socket_fd, &peercon);
-        if (r < 0)
+        if (getpeercon_raw(socket_fd, &peercon) < 0)
                 return -errno;
 
-        if (!exec_label) {
-                /* If there is no context set for next exec let's use context
-                   of target executable */
-                r = getfilecon_raw(exe, &fcon);
-                if (r < 0)
+        if (!exec_label) /* If there is no context set for next exec let's use context of target executable */
+                if (getfilecon_raw(exe, &fcon) < 0)
                         return -errno;
-        }
 
         bcon = context_new(mycon);
         if (!bcon)
@@ -454,20 +444,18 @@ int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *
         if (!range)
                 return -errno;
 
-        r = context_range_set(bcon, range);
-        if (r)
+        if (context_range_set(bcon, range) != 0)
                 return -errno;
 
-        freecon(mycon);
-        mycon = strdup(context_str(bcon));
-        if (!mycon)
+        bcon_str = context_str(bcon);
+        if (!bcon_str)
                 return -ENOMEM;
 
         sclass = string_to_security_class("process");
         if (sclass == 0)
                 return -ENOSYS;
 
-        return RET_NERRNO(security_compute_create_raw(mycon, fcon, sclass, label));
+        return RET_NERRNO(security_compute_create_raw(bcon_str, fcon, sclass, ret_label));
 #else
         return -EOPNOTSUPP;
 #endif