selinux: small cleanups in selinux_audit_rule_init()
authorPaul Moore <paul@paul-moore.com>
Fri, 5 May 2023 22:49:44 +0000 (18:49 -0400)
committerPaul Moore <paul@paul-moore.com>
Mon, 8 May 2023 20:53:41 +0000 (16:53 -0400)
A few small tweaks to selinux_audit_rule_init():

- Adjust how we use the @rc variable so we are not doing any extra
  work in the common/success case.

- Related to the above, rework the 'out' jump label so that the
  success and error paths are different, simplifying both.

- Cleanup some of the vertical whitespace while we are making the
  other changes.

Signed-off-by: Paul Moore <paul@paul-moore.com>
security/selinux/ss/services.c

index 9571a447e427282c7465c65f8b66a5f9909eb46c..78946b71c1c158d82ee01f4079543c6b4cfa9059 100644 (file)
@@ -3541,38 +3541,38 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
        tmprule = kzalloc(sizeof(struct selinux_audit_rule), GFP_KERNEL);
        if (!tmprule)
                return -ENOMEM;
-
        context_init(&tmprule->au_ctxt);
 
        rcu_read_lock();
        policy = rcu_dereference(state->policy);
        policydb = &policy->policydb;
-
        tmprule->au_seqno = policy->latest_granting;
-
        switch (field) {
        case AUDIT_SUBJ_USER:
        case AUDIT_OBJ_USER:
-               rc = -EINVAL;
                userdatum = symtab_search(&policydb->p_users, rulestr);
-               if (!userdatum)
-                       goto out;
+               if (!userdatum) {
+                       rc = -EINVAL;
+                       goto err;
+               }
                tmprule->au_ctxt.user = userdatum->value;
                break;
        case AUDIT_SUBJ_ROLE:
        case AUDIT_OBJ_ROLE:
-               rc = -EINVAL;
                roledatum = symtab_search(&policydb->p_roles, rulestr);
-               if (!roledatum)
-                       goto out;
+               if (!roledatum) {
+                       rc = -EINVAL;
+                       goto err;
+               }
                tmprule->au_ctxt.role = roledatum->value;
                break;
        case AUDIT_SUBJ_TYPE:
        case AUDIT_OBJ_TYPE:
-               rc = -EINVAL;
                typedatum = symtab_search(&policydb->p_types, rulestr);
-               if (!typedatum)
-                       goto out;
+               if (!typedatum) {
+                       rc = -EINVAL;
+                       goto err;
+               }
                tmprule->au_ctxt.type = typedatum->value;
                break;
        case AUDIT_SUBJ_SEN:
@@ -3582,20 +3582,18 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
                rc = mls_from_string(policydb, rulestr, &tmprule->au_ctxt,
                                     GFP_ATOMIC);
                if (rc)
-                       goto out;
+                       goto err;
                break;
        }
-       rc = 0;
-out:
        rcu_read_unlock();
 
-       if (rc) {
-               selinux_audit_rule_free(tmprule);
-               tmprule = NULL;
-       }
-
        *rule = tmprule;
+       return 0;
 
+err:
+       rcu_read_unlock();
+       selinux_audit_rule_free(tmprule);
+       *rule = NULL;
        return rc;
 }