commit f01e1af445fac107e91d62a2d59dd535f633810b
author Linus Torvalds <torvalds@linux-foundation.org> Tue May 24 13:48:51 2011 -0700
committer Linus Torvalds <torvalds@linux-foundation.org> Thu May 26 18:13:57 2011 -0700
tree f5da7e4162f0a6f4bb50e4cb41f6a06c672f66b0
parent bc9bc72e2f9bb07384c00604d1a40d0b5f62be6c

selinux: don't pass in NULL avd to avc_has_perm_noaudit

Right now security_get_user_sids() will pass in a NULL avd pointer to
avc_has_perm_noaudit(), which then forces that function to have a dummy
entry for that case and just generally test it.

Don't do it.  The normal callers all pass a real avd pointer, and this
helper function is incredibly hot.  So don't make avc_has_perm_noaudit()
do conditional stuff that isn't needed for the common case.

This also avoids some duplicated stack space.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

security/selinux/avc.c

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index fcb89cb..d515b21 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -752,10 +752,9 @@
 int avc_has_perm_noaudit(u32 ssid, u32 tsid,
 			 u16 tclass, u32 requested,
 			 unsigned flags,
-			 struct av_decision *in_avd)
+			 struct av_decision *avd)
 {
 	struct avc_node *node;
-	struct av_decision avd_entry, *avd;
 	int rc = 0;
 	u32 denied;
 
@@ -766,18 +765,11 @@
 	node = avc_lookup(ssid, tsid, tclass);
 	if (unlikely(!node)) {
 		rcu_read_unlock();
-
-		if (in_avd)
-			avd = in_avd;
-		else
-			avd = &avd_entry;
-
 		security_compute_av(ssid, tsid, tclass, avd);
 		rcu_read_lock();
 		node = avc_insert(ssid, tsid, tclass, avd);
 	} else {
-		if (in_avd)
-			memcpy(in_avd, &node->ae.avd, sizeof(*in_avd));
+		memcpy(avd, &node->ae.avd, sizeof(*avd));
 		avd = &node->ae.avd;
 	}