selinux: Streamline type determination in security_compute_sid
Simplifies the logic for determining the security context type in security_compute_sid, enhancing readability and efficiency. Consolidates default type assignment logic next to type transition checks, removing redundancy and improving code flow. Signed-off-by: Canfeng Guo <guocanfeng@uniontech.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
8400291e28
commit
da2d41308c
@ -1804,22 +1804,9 @@ retry:
|
||||
newcontext.role = OBJECT_R_VAL;
|
||||
}
|
||||
|
||||
/* Set the type to default values. */
|
||||
if (cladatum && cladatum->default_type == DEFAULT_SOURCE) {
|
||||
newcontext.type = scontext->type;
|
||||
} else if (cladatum && cladatum->default_type == DEFAULT_TARGET) {
|
||||
newcontext.type = tcontext->type;
|
||||
} else {
|
||||
if ((tclass == policydb->process_class) || sock) {
|
||||
/* Use the type of process. */
|
||||
newcontext.type = scontext->type;
|
||||
} else {
|
||||
/* Use the type of the related object. */
|
||||
newcontext.type = tcontext->type;
|
||||
}
|
||||
}
|
||||
|
||||
/* Look for a type transition/member/change rule. */
|
||||
/* Set the type.
|
||||
* Look for a type transition/member/change rule.
|
||||
*/
|
||||
avkey.source_type = scontext->type;
|
||||
avkey.target_type = tcontext->type;
|
||||
avkey.target_class = tclass;
|
||||
@ -1837,9 +1824,24 @@ retry:
|
||||
}
|
||||
}
|
||||
|
||||
/* If a permanent rule is found, use the type from
|
||||
* the type transition/member/change rule. Otherwise,
|
||||
* set the type to its default values.
|
||||
*/
|
||||
if (avnode) {
|
||||
/* Use the type from the type transition/member/change rule. */
|
||||
newcontext.type = avnode->datum.u.data;
|
||||
} else if (cladatum && cladatum->default_type == DEFAULT_SOURCE) {
|
||||
newcontext.type = scontext->type;
|
||||
} else if (cladatum && cladatum->default_type == DEFAULT_TARGET) {
|
||||
newcontext.type = tcontext->type;
|
||||
} else {
|
||||
if ((tclass == policydb->process_class) || sock) {
|
||||
/* Use the type of process. */
|
||||
newcontext.type = scontext->type;
|
||||
} else {
|
||||
/* Use the type of the related object. */
|
||||
newcontext.type = tcontext->type;
|
||||
}
|
||||
}
|
||||
|
||||
/* if we have a objname this is a file trans check so check those rules */
|
||||
|
Loading…
Reference in New Issue
Block a user