Commit 19e49834 authored by Linus Torvalds's avatar Linus Torvalds

selinux: remove 'flags' parameter from inode_has_perm

Every single user passes in '0'.  I think we had non-zero users back in
some stone age when selinux_inode_permission() was implemented in terms
of inode_has_perm(), but that complicated case got split up into a
totally separate code-path so that we could optimize the much simpler
special cases.

See commit 2e334057 ("SELinux: delay initialization of audit data in
selinux_inode_permission") for example.
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 15c83d26
...@@ -1525,8 +1525,7 @@ static int task_has_system(struct task_struct *tsk, ...@@ -1525,8 +1525,7 @@ static int task_has_system(struct task_struct *tsk,
static int inode_has_perm(const struct cred *cred, static int inode_has_perm(const struct cred *cred,
struct inode *inode, struct inode *inode,
u32 perms, u32 perms,
struct common_audit_data *adp, struct common_audit_data *adp)
unsigned flags)
{ {
struct inode_security_struct *isec; struct inode_security_struct *isec;
u32 sid; u32 sid;
...@@ -1539,7 +1538,7 @@ static int inode_has_perm(const struct cred *cred, ...@@ -1539,7 +1538,7 @@ static int inode_has_perm(const struct cred *cred,
sid = cred_sid(cred); sid = cred_sid(cred);
isec = inode->i_security; isec = inode->i_security;
return avc_has_perm_flags(sid, isec->sid, isec->sclass, perms, adp, flags); return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
} }
/* Same as inode_has_perm, but pass explicit audit data containing /* Same as inode_has_perm, but pass explicit audit data containing
...@@ -1554,7 +1553,7 @@ static inline int dentry_has_perm(const struct cred *cred, ...@@ -1554,7 +1553,7 @@ static inline int dentry_has_perm(const struct cred *cred,
ad.type = LSM_AUDIT_DATA_DENTRY; ad.type = LSM_AUDIT_DATA_DENTRY;
ad.u.dentry = dentry; ad.u.dentry = dentry;
return inode_has_perm(cred, inode, av, &ad, 0); return inode_has_perm(cred, inode, av, &ad);
} }
/* Same as inode_has_perm, but pass explicit audit data containing /* Same as inode_has_perm, but pass explicit audit data containing
...@@ -1569,7 +1568,7 @@ static inline int path_has_perm(const struct cred *cred, ...@@ -1569,7 +1568,7 @@ static inline int path_has_perm(const struct cred *cred,
ad.type = LSM_AUDIT_DATA_PATH; ad.type = LSM_AUDIT_DATA_PATH;
ad.u.path = *path; ad.u.path = *path;
return inode_has_perm(cred, inode, av, &ad, 0); return inode_has_perm(cred, inode, av, &ad);
} }
/* Same as path_has_perm, but uses the inode from the file struct. */ /* Same as path_has_perm, but uses the inode from the file struct. */
...@@ -1581,7 +1580,7 @@ static inline int file_path_has_perm(const struct cred *cred, ...@@ -1581,7 +1580,7 @@ static inline int file_path_has_perm(const struct cred *cred,
ad.type = LSM_AUDIT_DATA_PATH; ad.type = LSM_AUDIT_DATA_PATH;
ad.u.path = file->f_path; ad.u.path = file->f_path;
return inode_has_perm(cred, file_inode(file), av, &ad, 0); return inode_has_perm(cred, file_inode(file), av, &ad);
} }
/* Check whether a task can use an open file descriptor to /* Check whether a task can use an open file descriptor to
...@@ -1617,7 +1616,7 @@ static int file_has_perm(const struct cred *cred, ...@@ -1617,7 +1616,7 @@ static int file_has_perm(const struct cred *cred,
/* av is zero if only checking access to the descriptor. */ /* av is zero if only checking access to the descriptor. */
rc = 0; rc = 0;
if (av) if (av)
rc = inode_has_perm(cred, inode, av, &ad, 0); rc = inode_has_perm(cred, inode, av, &ad);
out: out:
return rc; return rc;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment