selinux: clean up selinux_inode_permission MAY_NOT_BLOCK tests

Through a somewhat convoluted series of changes, we have ended up
with multiple unnecessary occurrences of (flags & MAY_NOT_BLOCK)
tests in selinux_inode_permission().  Clean it up and simplify.
No functional change.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 328d455..4762634 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3033,7 +3033,7 @@ static int selinux_inode_permission(struct inode *inode, int mask)
        const struct cred *cred = current_cred();
        u32 perms;
        bool from_access;
-       unsigned flags = mask & MAY_NOT_BLOCK;
+       bool no_block = mask & MAY_NOT_BLOCK;
        struct inode_security_struct *isec;
        u32 sid;
        struct av_decision avd;
@@ -3055,13 +3055,13 @@ static int selinux_inode_permission(struct inode *inode, int mask)
        perms = file_mask_to_av(inode->i_mode, mask);
 
        sid = cred_sid(cred);
-       isec = inode_security_rcu(inode, flags & MAY_NOT_BLOCK);
+       isec = inode_security_rcu(inode, no_block);
        if (IS_ERR(isec))
                return PTR_ERR(isec);
 
        rc = avc_has_perm_noaudit(&selinux_state,
                                  sid, isec->sid, isec->sclass, perms,
-                                 (flags & MAY_NOT_BLOCK) ? AVC_NONBLOCKING : 0,
+                                 no_block ? AVC_NONBLOCKING : 0,
                                  &avd);
        audited = avc_audit_required(perms, &avd, rc,
                                     from_access ? FILE__AUDIT_ACCESS : 0,
@@ -3070,7 +3070,7 @@ static int selinux_inode_permission(struct inode *inode, int mask)
                return rc;
 
        /* fall back to ref-walk if we have to generate audit */
-       if (flags & MAY_NOT_BLOCK)
+       if (no_block)
                return -ECHILD;
 
        rc2 = audit_inode_permission(inode, perms, audited, denied, rc);