diff options
Diffstat (limited to 'security/selinux/ss/conditional.c')
-rw-r--r-- | security/selinux/ss/conditional.c | 32 |
1 files changed, 5 insertions, 27 deletions
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index c4cd20a2d5bd..62c6773be0b7 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c @@ -15,7 +15,6 @@ #include "security.h" #include "conditional.h" -#include "services.h" /* * cond_evaluate_expr evaluates a conditional expr @@ -613,39 +612,21 @@ int cond_write_list(struct policydb *p, struct cond_node *list, void *fp) return 0; } - -void cond_compute_operation(struct avtab *ctab, struct avtab_key *key, - struct operation_decision *od) -{ - struct avtab_node *node; - - if (!ctab || !key || !od) - return; - - for (node = avtab_search_node(ctab, key); node; - node = avtab_search_node_next(node, key->specified)) { - if (node->key.specified & AVTAB_ENABLED) - services_compute_operation_num(od, node); - } - return; - -} /* Determine whether additional permissions are granted by the conditional * av table, and if so, add them to the result */ -void cond_compute_av(struct avtab *ctab, struct avtab_key *key, - struct av_decision *avd, struct operation *ops) +void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decision *avd) { struct avtab_node *node; - if (!ctab || !key || !avd || !ops) + if (!ctab || !key || !avd) return; for (node = avtab_search_node(ctab, key); node; node = avtab_search_node_next(node, key->specified)) { if ((u16)(AVTAB_ALLOWED|AVTAB_ENABLED) == (node->key.specified & (AVTAB_ALLOWED|AVTAB_ENABLED))) - avd->allowed |= node->datum.u.data; + avd->allowed |= node->datum.data; if ((u16)(AVTAB_AUDITDENY|AVTAB_ENABLED) == (node->key.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED))) /* Since a '0' in an auditdeny mask represents a @@ -653,13 +634,10 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key, * the '&' operand to ensure that all '0's in the mask * are retained (much unlike the allow and auditallow cases). */ - avd->auditdeny &= node->datum.u.data; + avd->auditdeny &= node->datum.data; if ((u16)(AVTAB_AUDITALLOW|AVTAB_ENABLED) == (node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED))) - avd->auditallow |= node->datum.u.data; - if ((node->key.specified & AVTAB_ENABLED) && - (node->key.specified & AVTAB_OP)) - services_compute_operation_type(ops, node); + avd->auditallow |= node->datum.data; } return; } |