* [PATCH v3] selinux: simplify away security_policydb_len()
@ 2020-08-27 16:27 Ondrej Mosnacek
2020-08-27 16:33 ` Stephen Smalley
2020-08-31 14:03 ` Paul Moore
0 siblings, 2 replies; 3+ messages in thread
From: Ondrej Mosnacek @ 2020-08-27 16:27 UTC (permalink / raw)
To: selinux, Paul Moore; +Cc: Stephen Smalley
Remove the security_policydb_len() calls from sel_open_policy() and
instead update the inode size from the size returned from
security_read_policy().
Since after this change security_policydb_len() is only called from
security_load_policy(), remove it entirely and just open-code it there.
Also, since security_load_policy() is always called with policy_mutex
held, make it dereference the policy pointer directly and drop the
unnecessary RCU locking.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
v3: rebase on top of latest selinux/next
security/selinux/include/security.h | 1 -
security/selinux/selinuxfs.c | 12 ++++++------
security/selinux/ss/services.c | 27 ++++-----------------------
3 files changed, 10 insertions(+), 30 deletions(-)
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index bbbf7141ccdbc..cbdd3c7aff8b2 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -219,7 +219,6 @@ void selinux_policy_cancel(struct selinux_state *state,
struct selinux_policy *policy);
int security_read_policy(struct selinux_state *state,
void **data, size_t *len);
-size_t security_policydb_len(struct selinux_state *state);
int security_policycap_supported(struct selinux_state *state,
unsigned int req_cap);
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 29567acdda214..45e9efa9bf5bf 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -415,16 +415,16 @@ static int sel_open_policy(struct inode *inode, struct file *filp)
if (!plm)
goto err;
- if (i_size_read(inode) != security_policydb_len(state)) {
- inode_lock(inode);
- i_size_write(inode, security_policydb_len(state));
- inode_unlock(inode);
- }
-
rc = security_read_policy(state, &plm->data, &plm->len);
if (rc)
goto err;
+ if ((size_t)i_size_read(inode) != plm->len) {
+ inode_lock(inode);
+ i_size_write(inode, plm->len);
+ inode_unlock(inode);
+ }
+
fsi->policy_opened = 1;
filp->private_data = plm;
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 85cfd46836c7e..8dc111fbe23ab 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2328,22 +2328,6 @@ err_policy:
return rc;
}
-size_t security_policydb_len(struct selinux_state *state)
-{
- struct selinux_policy *policy;
- size_t len;
-
- if (!selinux_initialized(state))
- return 0;
-
- rcu_read_lock();
- policy = rcu_dereference(state->policy);
- len = policy->policydb.len;
- rcu_read_unlock();
-
- return len;
-}
-
/**
* security_port_sid - Obtain the SID for a port.
* @protocol: protocol number
@@ -3903,11 +3887,12 @@ int security_read_policy(struct selinux_state *state,
int rc;
struct policy_file fp;
- if (!selinux_initialized(state))
+ policy = rcu_dereference_protected(
+ state->policy, lockdep_is_held(&state->policy_mutex));
+ if (!policy)
return -EINVAL;
- *len = security_policydb_len(state);
-
+ *len = policy->policydb.len;
*data = vmalloc_user(*len);
if (!*data)
return -ENOMEM;
@@ -3915,11 +3900,7 @@ int security_read_policy(struct selinux_state *state,
fp.data = *data;
fp.len = *len;
- rcu_read_lock();
- policy = rcu_dereference(state->policy);
rc = policydb_write(&policy->policydb, &fp);
- rcu_read_unlock();
-
if (rc)
return rc;
--
2.26.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v3] selinux: simplify away security_policydb_len()
2020-08-27 16:27 [PATCH v3] selinux: simplify away security_policydb_len() Ondrej Mosnacek
@ 2020-08-27 16:33 ` Stephen Smalley
2020-08-31 14:03 ` Paul Moore
1 sibling, 0 replies; 3+ messages in thread
From: Stephen Smalley @ 2020-08-27 16:33 UTC (permalink / raw)
To: Ondrej Mosnacek; +Cc: SElinux list, Paul Moore
On Thu, Aug 27, 2020 at 12:28 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:
>
> Remove the security_policydb_len() calls from sel_open_policy() and
> instead update the inode size from the size returned from
> security_read_policy().
>
> Since after this change security_policydb_len() is only called from
> security_load_policy(), remove it entirely and just open-code it there.
>
> Also, since security_load_policy() is always called with policy_mutex
> held, make it dereference the policy pointer directly and drop the
> unnecessary RCU locking.
>
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v3] selinux: simplify away security_policydb_len()
2020-08-27 16:27 [PATCH v3] selinux: simplify away security_policydb_len() Ondrej Mosnacek
2020-08-27 16:33 ` Stephen Smalley
@ 2020-08-31 14:03 ` Paul Moore
1 sibling, 0 replies; 3+ messages in thread
From: Paul Moore @ 2020-08-31 14:03 UTC (permalink / raw)
To: Ondrej Mosnacek; +Cc: selinux, Stephen Smalley
On Thu, Aug 27, 2020 at 12:28 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:
>
> Remove the security_policydb_len() calls from sel_open_policy() and
> instead update the inode size from the size returned from
> security_read_policy().
>
> Since after this change security_policydb_len() is only called from
> security_load_policy(), remove it entirely and just open-code it there.
>
> Also, since security_load_policy() is always called with policy_mutex
> held, make it dereference the policy pointer directly and drop the
> unnecessary RCU locking.
>
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> ---
>
> v3: rebase on top of latest selinux/next
>
> security/selinux/include/security.h | 1 -
> security/selinux/selinuxfs.c | 12 ++++++------
> security/selinux/ss/services.c | 27 ++++-----------------------
> 3 files changed, 10 insertions(+), 30 deletions(-)
Merged into selinux/next.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-08-31 14:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-27 16:27 [PATCH v3] selinux: simplify away security_policydb_len() Ondrej Mosnacek
2020-08-27 16:33 ` Stephen Smalley
2020-08-31 14:03 ` Paul Moore
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.