selinux: simplify avc_xperms_audit_required()
By associative and commutative laws, the result of the two 'audited' is zero. Take the second 'audited' as an example: 1) audited = requested & avd->auditallow; 2) audited &= ~requested; ==> audited = ~requested & (requested & avd->auditallow); ==> audited = (~requested & requested) & avd->auditallow; ==> audited = 0 & avd->auditallow; ==> audited = 0; In fact, it is more readable to directly write zero. The value of the first 'audited' is 0 because AUDIT is not allowed. The second 'audited' is zero because there is no AUDITALLOW permission. Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
a3422eb4fa
commit
68cfb28332
@ -388,7 +388,7 @@ static inline u32 avc_xperms_audit_required(u32 requested,
|
|||||||
audited = denied & avd->auditdeny;
|
audited = denied & avd->auditdeny;
|
||||||
if (audited && xpd) {
|
if (audited && xpd) {
|
||||||
if (avc_xperms_has_perm(xpd, perm, XPERMS_DONTAUDIT))
|
if (avc_xperms_has_perm(xpd, perm, XPERMS_DONTAUDIT))
|
||||||
audited &= ~requested;
|
audited = 0;
|
||||||
}
|
}
|
||||||
} else if (result) {
|
} else if (result) {
|
||||||
audited = denied = requested;
|
audited = denied = requested;
|
||||||
@ -396,7 +396,7 @@ static inline u32 avc_xperms_audit_required(u32 requested,
|
|||||||
audited = requested & avd->auditallow;
|
audited = requested & avd->auditallow;
|
||||||
if (audited && xpd) {
|
if (audited && xpd) {
|
||||||
if (!avc_xperms_has_perm(xpd, perm, XPERMS_AUDITALLOW))
|
if (!avc_xperms_has_perm(xpd, perm, XPERMS_AUDITALLOW))
|
||||||
audited &= ~requested;
|
audited = 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user