Skip to content

Commit 68cfb28

Browse files
Zhen Leipcmoore
Zhen Lei
authored and
pcmoore
committed
selinux: simplify avc_xperms_audit_required()
By associative and commutative laws, the result of the two 'audited' is zero. Take the second 'audited' as an example: 1) audited = requested & avd->auditallow; 2) audited &= ~requested; ==> audited = ~requested & (requested & avd->auditallow); ==> audited = (~requested & requested) & avd->auditallow; ==> audited = 0 & avd->auditallow; ==> audited = 0; In fact, it is more readable to directly write zero. The value of the first 'audited' is 0 because AUDIT is not allowed. The second 'audited' is zero because there is no AUDITALLOW permission. Signed-off-by: Zhen Lei <[email protected]> Signed-off-by: Paul Moore <[email protected]>
1 parent a3422eb commit 68cfb28

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

security/selinux/avc.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -388,15 +388,15 @@ static inline u32 avc_xperms_audit_required(u32 requested,
388388
audited = denied & avd->auditdeny;
389389
if (audited && xpd) {
390390
if (avc_xperms_has_perm(xpd, perm, XPERMS_DONTAUDIT))
391-
audited &= ~requested;
391+
audited = 0;
392392
}
393393
} else if (result) {
394394
audited = denied = requested;
395395
} else {
396396
audited = requested & avd->auditallow;
397397
if (audited && xpd) {
398398
if (!avc_xperms_has_perm(xpd, perm, XPERMS_AUDITALLOW))
399-
audited &= ~requested;
399+
audited = 0;
400400
}
401401
}
402402

0 commit comments

Comments
 (0)