Re: [PATCH 1/1] selinux: simplify avc_xperms_audit_required()

From: Paul Moore
Date: Wed Aug 28 2024 - 13:42:19 EST

Next message: Helge Deller: "Re: [PATCH 1/5] fbdev/efifb: Use stack memory for screeninfo structs"
Previous message: Maximilian Luz: "Re: [PATCH v3 3/3] platform/surface: Add OF support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Aug 22, 2024 Zhen Lei <thunder.leizhen@xxxxxxxxxx> wrote:
>
> By associative and commutative laws, the result of the two 'audited' is
> zero. Take the second 'audited' as an example:
> 1) audited = requested & avd->auditallow;
> 2) audited &= ~requested;
> ==> audited = ~requested & (requested & avd->auditallow);
> ==> audited = (~requested & requested) & avd->auditallow;
> ==> audited = 0 & avd->auditallow;
> ==> audited = 0;
>
> In fact, it is more readable to directly write zero. The value of the
> first 'audited' is 0 because AUDIT is not allowed. The second 'audited'
> is zero because there is no AUDITALLOW permission.
>
> Signed-off-by: Zhen Lei <thunder.leizhen@xxxxxxxxxx>
> ---
> security/selinux/avc.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)

Looks good to me, merged into selinux/dev, thanks!

--
paul-moore.com

Next message: Helge Deller: "Re: [PATCH 1/5] fbdev/efifb: Use stack memory for screeninfo structs"
Previous message: Maximilian Luz: "Re: [PATCH v3 3/3] platform/surface: Add OF support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]