[2/2] kill unused 'flags' argument in avc_has_perm_flags() and avc_audit()

Commit Message

Al Viro June 10, 2021, 3:52 p.m. UTC

From 565799de3ee0a295842a07a5f9a459db5e793beb Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Sat, 16 Jan 2021 15:57:49 -0500
Subject: [PATCH 2/2] kill unused 'flags' argument in avc_has_perm_flags() and
 avc_audit()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 security/selinux/avc.c         | 7 +++----
 security/selinux/hooks.c       | 5 ++---
 security/selinux/include/avc.h | 7 ++-----
 3 files changed, 7 insertions(+), 12 deletions(-)

Comments

Paul Moore June 10, 2021, 10:41 p.m. UTC | #1

On Thu, Jun 10, 2021 at 11:52 AM Al Viro <viro@zeniv.linux.org.uk> wrote:
>
> From 565799de3ee0a295842a07a5f9a459db5e793beb Mon Sep 17 00:00:00 2001
> From: Al Viro <viro@zeniv.linux.org.uk>
> Date: Sat, 16 Jan 2021 15:57:49 -0500
> Subject: [PATCH 2/2] kill unused 'flags' argument in avc_has_perm_flags() and
>  avc_audit()
>
> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
> ---
>  security/selinux/avc.c         | 7 +++----
>  security/selinux/hooks.c       | 5 ++---
>  security/selinux/include/avc.h | 7 ++-----
>  3 files changed, 7 insertions(+), 12 deletions(-)

I'm looking at patch 1/2 now, but if we can safely get rid of the
flags arg then we might as well do away with avc_has_perm_flags()
altogether and just convert the callers to avc_has_perm().

> diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
> index c3bbfc8e8b46..098f31c415e2 100644
> --- a/security/selinux/include/avc.h
> +++ b/security/selinux/include/avc.h
> @@ -154,8 +152,7 @@ int avc_has_perm(struct selinux_state *state,
>  int avc_has_perm_flags(struct selinux_state *state,
>                        u32 ssid, u32 tsid,
>                        u16 tclass, u32 requested,
> -                      struct common_audit_data *auditdata,
> -                      int flags);
> +                      struct common_audit_data *auditdata);
>
>  int avc_has_extended_perms(struct selinux_state *state,
>                            u32 ssid, u32 tsid, u16 tclass, u32 requested,
> --
> 2.11.0

Patch

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 9c3d2a29616a..10b71a0efc50 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -1179,7 +1179,7 @@  int avc_has_perm(struct selinux_state *state, u32 ssid, u32 tsid, u16 tclass,
 				  &avd);
 
 	rc2 = avc_audit(state, ssid, tsid, tclass, requested, &avd, rc,
-			auditdata, 0);
+			auditdata);
 	if (rc2)
 		return rc2;
 	return rc;
@@ -1187,8 +1187,7 @@  int avc_has_perm(struct selinux_state *state, u32 ssid, u32 tsid, u16 tclass,
 
 int avc_has_perm_flags(struct selinux_state *state,
 		       u32 ssid, u32 tsid, u16 tclass, u32 requested,
-		       struct common_audit_data *auditdata,
-		       int flags)
+		       struct common_audit_data *auditdata)
 {
 	struct av_decision avd;
 	int rc, rc2;
@@ -1197,7 +1196,7 @@  int avc_has_perm_flags(struct selinux_state *state,
 				  &avd);
 
 	rc2 = avc_audit(state, ssid, tsid, tclass, requested, &avd, rc,
-			auditdata, flags);
+			auditdata);
 	if (rc2)
 		return rc2;
 	return rc;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f22ad1229471..2ae55348bd1c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1676,7 +1676,7 @@  static int cred_has_capability(const struct cred *cred,
 				  sid, sid, sclass, av, 0, &avd);
 	if (!(opts & CAP_OPT_NOAUDIT)) {
 		int rc2 = avc_audit(&selinux_state,
-				    sid, sid, sclass, av, &avd, rc, &ad, 0);
+				    sid, sid, sclass, av, &avd, rc, &ad);
 		if (rc2)
 			return rc2;
 	}
@@ -3154,8 +3154,7 @@  static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
 		return PTR_ERR(isec);
 
 	return avc_has_perm_flags(&selinux_state,
-				  sid, isec->sid, isec->sclass, FILE__READ, &ad,
-				  rcu ? MAY_NOT_BLOCK : 0);
+				  sid, isec->sid, isec->sclass, FILE__READ, &ad);
 }
 
 static noinline int audit_inode_permission(struct inode *inode,
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index c3bbfc8e8b46..098f31c415e2 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h
@@ -111,7 +111,6 @@  int slow_avc_audit(struct selinux_state *state,
  * @avd: access vector decisions
  * @result: result from avc_has_perm_noaudit
  * @a:  auxiliary audit data
- * @flags: VFS walk flags
  *
  * Audit the granting or denial of permissions in accordance
  * with the policy.  This function is typically called by
@@ -127,8 +126,7 @@  static inline int avc_audit(struct selinux_state *state,
 			    u16 tclass, u32 requested,
 			    struct av_decision *avd,
 			    int result,
-			    struct common_audit_data *a,
-			    int flags)
+			    struct common_audit_data *a)
 {
 	u32 audited, denied;
 	audited = avc_audit_required(requested, avd, result, 0, &denied);
@@ -154,8 +152,7 @@  int avc_has_perm(struct selinux_state *state,
 int avc_has_perm_flags(struct selinux_state *state,
 		       u32 ssid, u32 tsid,
 		       u16 tclass, u32 requested,
-		       struct common_audit_data *auditdata,
-		       int flags);
+		       struct common_audit_data *auditdata);
 
 int avc_has_extended_perms(struct selinux_state *state,
 			   u32 ssid, u32 tsid, u16 tclass, u32 requested,