From mboxrd@z Thu Jan  1 00:00:00 1970
From: serge@hallyn.com (Serge E. Hallyn)
Date: Thu, 24 Aug 2017 11:23:08 -0500
Subject: [PATCH V3 08/10] capabilities: invert logic for clarity
In-Reply-To: <6c9745800b15f096639297937ea53b0ec60c2183.1503459890.git.rgb@redhat.com>
References: <cover.1503459890.git.rgb@redhat.com>
	<6c9745800b15f096639297937ea53b0ec60c2183.1503459890.git.rgb@redhat.com>
Message-ID: <20170824162308.GH10515@mail.hallyn.com>
To: linux-security-module@vger.kernel.org
List-Id: linux-security-module.vger.kernel.org

Quoting Richard Guy Briggs (rgb at redhat.com):
> The way the logic was presented, it was awkward to read and verify.  Invert the
> logic using DeMorgan's Law to be more easily able to read and understand.
> 
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>

Reviewed-by: Serge Hallyn <serge@hallyn.com>

> ---
>  security/commoncap.c |    8 ++++----
>  1 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/security/commoncap.c b/security/commoncap.c
> index ffcaff0..eb2da69 100644
> --- a/security/commoncap.c
> +++ b/security/commoncap.c
> @@ -552,10 +552,10 @@ static inline bool nonroot_raised_pE(struct cred *cred, kuid_t root)
>  	bool ret = false;
>  
>  	if (cap_grew(effective, ambient, cred) &&
> -	    (!cap_full(effective, cred) ||
> -	     !is_eff(root, cred) ||
> -	     !is_real(root, cred) ||
> -	     !root_privileged()))
> +	    !(cap_full(effective, cred) &&
> +	      is_eff(root, cred) &&
> +	      is_real(root, cred) &&
> +	      root_privileged()))
>  		ret = true;
>  	return ret;
>  }
> -- 
> 1.7.1
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Serge E. Hallyn" <serge@hallyn.com>
Subject: Re: [PATCH V3 08/10] capabilities: invert logic for clarity
Date: Thu, 24 Aug 2017 11:23:08 -0500
Message-ID: <20170824162308.GH10515@mail.hallyn.com>
References: <cover.1503459890.git.rgb@redhat.com>
 <6c9745800b15f096639297937ea53b0ec60c2183.1503459890.git.rgb@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-path: <linux-security-module-owner@vger.kernel.org>
Content-Disposition: inline
In-Reply-To: <6c9745800b15f096639297937ea53b0ec60c2183.1503459890.git.rgb@redhat.com>
Sender: owner-linux-security-module@vger.kernel.org
To: Richard Guy Briggs <rgb@redhat.com>
Cc: linux-security-module@vger.kernel.org, linux-audit@redhat.com, Andy Lutomirski <luto@kernel.org>, "Serge E. Hallyn" <serge.hallyn@ubuntu.com>, Kees Cook <keescook@chromium.org>, James Morris <james.l.morris@oracle.com>, Eric Paris <eparis@redhat.com>, Paul Moore <pmoore@redhat.com>, Steve Grubb <sgrubb@redhat.com>
List-Id: linux-audit@redhat.com

Quoting Richard Guy Briggs (rgb@redhat.com):
> The way the logic was presented, it was awkward to read and verify.  Invert the
> logic using DeMorgan's Law to be more easily able to read and understand.
> 
> Signed-off-by: Richard Guy Briggs <rgb@redhat.com>

Reviewed-by: Serge Hallyn <serge@hallyn.com>

> ---
>  security/commoncap.c |    8 ++++----
>  1 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/security/commoncap.c b/security/commoncap.c
> index ffcaff0..eb2da69 100644
> --- a/security/commoncap.c
> +++ b/security/commoncap.c
> @@ -552,10 +552,10 @@ static inline bool nonroot_raised_pE(struct cred *cred, kuid_t root)
>  	bool ret = false;
>  
>  	if (cap_grew(effective, ambient, cred) &&
> -	    (!cap_full(effective, cred) ||
> -	     !is_eff(root, cred) ||
> -	     !is_real(root, cred) ||
> -	     !root_privileged()))
> +	    !(cap_full(effective, cred) &&
> +	      is_eff(root, cred) &&
> +	      is_real(root, cred) &&
> +	      root_privileged()))
>  		ret = true;
>  	return ret;
>  }
> -- 
> 1.7.1