Skip to content

Commit da2d413

Browse files
Canfeng Guopcmoore
Canfeng Guo
authored and
pcmoore
committed
selinux: Streamline type determination in security_compute_sid
Simplifies the logic for determining the security context type in security_compute_sid, enhancing readability and efficiency. Consolidates default type assignment logic next to type transition checks, removing redundancy and improving code flow. Signed-off-by: Canfeng Guo <[email protected]> Signed-off-by: Paul Moore <[email protected]>
1 parent 8400291 commit da2d413

File tree

1 file changed

+19
-17
lines changed

1 file changed

+19
-17
lines changed

security/selinux/ss/services.c

Lines changed: 19 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1804,22 +1804,9 @@ static int security_compute_sid(u32 ssid,
18041804
newcontext.role = OBJECT_R_VAL;
18051805
}
18061806

1807-
/* Set the type to default values. */
1808-
if (cladatum && cladatum->default_type == DEFAULT_SOURCE) {
1809-
newcontext.type = scontext->type;
1810-
} else if (cladatum && cladatum->default_type == DEFAULT_TARGET) {
1811-
newcontext.type = tcontext->type;
1812-
} else {
1813-
if ((tclass == policydb->process_class) || sock) {
1814-
/* Use the type of process. */
1815-
newcontext.type = scontext->type;
1816-
} else {
1817-
/* Use the type of the related object. */
1818-
newcontext.type = tcontext->type;
1819-
}
1820-
}
1821-
1822-
/* Look for a type transition/member/change rule. */
1807+
/* Set the type.
1808+
* Look for a type transition/member/change rule.
1809+
*/
18231810
avkey.source_type = scontext->type;
18241811
avkey.target_type = tcontext->type;
18251812
avkey.target_class = tclass;
@@ -1837,9 +1824,24 @@ static int security_compute_sid(u32 ssid,
18371824
}
18381825
}
18391826

1827+
/* If a permanent rule is found, use the type from
1828+
* the type transition/member/change rule. Otherwise,
1829+
* set the type to its default values.
1830+
*/
18401831
if (avnode) {
1841-
/* Use the type from the type transition/member/change rule. */
18421832
newcontext.type = avnode->datum.u.data;
1833+
} else if (cladatum && cladatum->default_type == DEFAULT_SOURCE) {
1834+
newcontext.type = scontext->type;
1835+
} else if (cladatum && cladatum->default_type == DEFAULT_TARGET) {
1836+
newcontext.type = tcontext->type;
1837+
} else {
1838+
if ((tclass == policydb->process_class) || sock) {
1839+
/* Use the type of process. */
1840+
newcontext.type = scontext->type;
1841+
} else {
1842+
/* Use the type of the related object. */
1843+
newcontext.type = tcontext->type;
1844+
}
18431845
}
18441846

18451847
/* if we have a objname this is a file trans check so check those rules */

0 commit comments

Comments
 (0)