Commit 7ae9f23c authored by Eric Paris's avatar Eric Paris

selinux: rework security_netlbl_secattr_to_sid

security_netlbl_secattr_to_sid is difficult to follow, especially the
return codes.  Try to make the function obvious.
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent 4b02b524
......@@ -3041,7 +3041,7 @@ static void security_netlbl_cache_add(struct netlbl_lsm_secattr *secattr,
int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
u32 *sid)
{
int rc = -EIDRM;
int rc;
struct context *ctx;
struct context ctx_new;
......@@ -3052,16 +3052,15 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
read_lock(&policy_rwlock);
if (secattr->flags & NETLBL_SECATTR_CACHE) {
if (secattr->flags & NETLBL_SECATTR_CACHE)
*sid = *(u32 *)secattr->cache->data;
rc = 0;
} else if (secattr->flags & NETLBL_SECATTR_SECID) {
else if (secattr->flags & NETLBL_SECATTR_SECID)
*sid = secattr->attr.secid;
rc = 0;
} else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) {
else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) {
rc = -EIDRM;
ctx = sidtab_search(&sidtab, SECINITSID_NETMSG);
if (ctx == NULL)
goto netlbl_secattr_to_sid_return;
goto out;
context_init(&ctx_new);
ctx_new.user = ctx->user;
......@@ -3069,34 +3068,35 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
ctx_new.type = ctx->type;
mls_import_netlbl_lvl(&ctx_new, secattr);
if (secattr->flags & NETLBL_SECATTR_MLS_CAT) {
if (ebitmap_netlbl_import(&ctx_new.range.level[0].cat,
secattr->attr.mls.cat) != 0)
goto netlbl_secattr_to_sid_return;
rc = ebitmap_netlbl_import(&ctx_new.range.level[0].cat,
secattr->attr.mls.cat);
if (rc)
goto out;
memcpy(&ctx_new.range.level[1].cat,
&ctx_new.range.level[0].cat,
sizeof(ctx_new.range.level[0].cat));
}
if (mls_context_isvalid(&policydb, &ctx_new) != 1)
goto netlbl_secattr_to_sid_return_cleanup;
rc = -EIDRM;
if (!mls_context_isvalid(&policydb, &ctx_new))
goto out_free;
rc = sidtab_context_to_sid(&sidtab, &ctx_new, sid);
if (rc != 0)
goto netlbl_secattr_to_sid_return_cleanup;
if (rc)
goto out_free;
security_netlbl_cache_add(secattr, *sid);
ebitmap_destroy(&ctx_new.range.level[0].cat);
} else {
} else
*sid = SECSID_NULL;
rc = 0;
}
netlbl_secattr_to_sid_return:
read_unlock(&policy_rwlock);
return rc;
netlbl_secattr_to_sid_return_cleanup:
return 0;
out_free:
ebitmap_destroy(&ctx_new.range.level[0].cat);
goto netlbl_secattr_to_sid_return;
out:
read_unlock(&policy_rwlock);
return rc;
}
/**
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment