tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
apparmor: cleanup: move perm accumulation into perms.h
Perm accumulation is going to be used much more frequently so let
the compiler figure out if it can be optimized when used.
Signed-off-by: John Johansen <john.johansen@canonical.com>
+53
-52
+53
security/apparmor/include/perms.h
+53
security/apparmor/include/perms.h
···
96
96
extern struct aa_perms nullperms;
97
97
extern struct aa_perms allperms;
98
98
99
+
/**
100
+
* aa_perms_accum_raw - accumulate perms with out masking off overlapping perms
101
+
* @accum - perms struct to accumulate into
102
+
* @addend - perms struct to add to @accum
103
+
*/
104
+
static inline void aa_perms_accum_raw(struct aa_perms *accum,
105
+
struct aa_perms *addend)
106
+
{
107
+
accum->deny |= addend->deny;
108
+
accum->allow &= addend->allow & ~addend->deny;
109
+
accum->audit |= addend->audit & addend->allow;
110
+
accum->quiet &= addend->quiet & ~addend->allow;
111
+
accum->kill |= addend->kill & ~addend->allow;
112
+
accum->complain |= addend->complain & ~addend->allow & ~addend->deny;
113
+
accum->cond |= addend->cond & ~addend->allow & ~addend->deny;
114
+
accum->hide &= addend->hide & ~addend->allow;
115
+
accum->prompt |= addend->prompt & ~addend->allow & ~addend->deny;
116
+
accum->subtree |= addend->subtree & ~addend->deny;
117
+
118
+
if (!accum->xindex)
119
+
accum->xindex = addend->xindex;
120
+
if (!accum->tag)
121
+
accum->tag = addend->tag;
122
+
if (!accum->label)
123
+
accum->label = addend->label;
124
+
}
125
+
126
+
/**
127
+
* aa_perms_accum - accumulate perms, masking off overlapping perms
128
+
* @accum - perms struct to accumulate into
129
+
* @addend - perms struct to add to @accum
130
+
*/
131
+
static inline void aa_perms_accum(struct aa_perms *accum,
132
+
struct aa_perms *addend)
133
+
{
134
+
accum->deny |= addend->deny;
135
+
accum->allow &= addend->allow & ~accum->deny;
136
+
accum->audit |= addend->audit & accum->allow;
137
+
accum->quiet &= addend->quiet & ~accum->allow;
138
+
accum->kill |= addend->kill & ~accum->allow;
139
+
accum->complain |= addend->complain & ~accum->allow & ~accum->deny;
140
+
accum->cond |= addend->cond & ~accum->allow & ~accum->deny;
141
+
accum->hide &= addend->hide & ~accum->allow;
142
+
accum->prompt |= addend->prompt & ~accum->allow & ~accum->deny;
143
+
accum->subtree &= addend->subtree & ~accum->deny;
144
+
145
+
if (!accum->xindex)
146
+
accum->xindex = addend->xindex;
147
+
if (!accum->tag)
148
+
accum->tag = addend->tag;
149
+
if (!accum->label)
150
+
accum->label = addend->label;
151
+
}
99
152
100
153
#define xcheck(FN1, FN2) \
101
154
({ \
-52
security/apparmor/lib.c
-52
security/apparmor/lib.c
···
331
331
perms->prompt = ALL_PERMS_MASK;
332
332
}
333
333
334
-
/**
335
-
* aa_perms_accum_raw - accumulate perms with out masking off overlapping perms
336
-
* @accum - perms struct to accumulate into
337
-
* @addend - perms struct to add to @accum
338
-
*/
339
-
void aa_perms_accum_raw(struct aa_perms *accum, struct aa_perms *addend)
340
-
{
341
-
accum->deny |= addend->deny;
342
-
accum->allow &= addend->allow & ~addend->deny;
343
-
accum->audit |= addend->audit & addend->allow;
344
-
accum->quiet &= addend->quiet & ~addend->allow;
345
-
accum->kill |= addend->kill & ~addend->allow;
346
-
accum->complain |= addend->complain & ~addend->allow & ~addend->deny;
347
-
accum->cond |= addend->cond & ~addend->allow & ~addend->deny;
348
-
accum->hide &= addend->hide & ~addend->allow;
349
-
accum->prompt |= addend->prompt & ~addend->allow & ~addend->deny;
350
-
accum->subtree |= addend->subtree & ~addend->deny;
351
-
352
-
if (!accum->xindex)
353
-
accum->xindex = addend->xindex;
354
-
if (!accum->tag)
355
-
accum->tag = addend->tag;
356
-
if (!accum->label)
357
-
accum->label = addend->label;
358
-
}
359
-
360
-
/**
361
-
* aa_perms_accum - accumulate perms, masking off overlapping perms
362
-
* @accum - perms struct to accumulate into
363
-
* @addend - perms struct to add to @accum
364
-
*/
365
-
void aa_perms_accum(struct aa_perms *accum, struct aa_perms *addend)
366
-
{
367
-
accum->deny |= addend->deny;
368
-
accum->allow &= addend->allow & ~accum->deny;
369
-
accum->audit |= addend->audit & accum->allow;
370
-
accum->quiet &= addend->quiet & ~accum->allow;
371
-
accum->kill |= addend->kill & ~accum->allow;
372
-
accum->complain |= addend->complain & ~accum->allow & ~accum->deny;
373
-
accum->cond |= addend->cond & ~accum->allow & ~accum->deny;
374
-
accum->hide &= addend->hide & ~accum->allow;
375
-
accum->prompt |= addend->prompt & ~accum->allow & ~accum->deny;
376
-
accum->subtree &= addend->subtree & ~accum->deny;
377
-
378
-
if (!accum->xindex)
379
-
accum->xindex = addend->xindex;
380
-
if (!accum->tag)
381
-
accum->tag = addend->tag;
382
-
if (!accum->label)
383
-
accum->label = addend->label;
384
-
}
385
-
386
334
void aa_profile_match_label(struct aa_profile *profile, struct aa_label *label,
387
335
int type, u32 request, struct aa_perms *perms)
388
336
{