Commit 3dfd16ab authored by John Johansen's avatar John Johansen
Browse files

apparmor: cleanup: move perm accumulation into perms.h 



Perm accumulation is going to be used much more frequently so let
the compiler figure out if it can be optimized when used.

Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
parent 0bece4fa

security/apparmor/include/perms.h

+53 −0
Original line number Diff line number Diff line
@@ -96,6 +96,59 @@ struct aa_perms { 
extern struct aa_perms nullperms;

extern struct aa_perms allperms;



/**

 * aa_perms_accum_raw - accumulate perms with out masking off overlapping perms

 * @accum - perms struct to accumulate into

 * @addend - perms struct to add to @accum

 */

static inline void aa_perms_accum_raw(struct aa_perms *accum,

				      struct aa_perms *addend)

{

	accum->deny |= addend->deny;

	accum->allow &= addend->allow & ~addend->deny;

	accum->audit |= addend->audit & addend->allow;

	accum->quiet &= addend->quiet & ~addend->allow;

	accum->kill |= addend->kill & ~addend->allow;

	accum->complain |= addend->complain & ~addend->allow & ~addend->deny;

	accum->cond |= addend->cond & ~addend->allow & ~addend->deny;

	accum->hide &= addend->hide & ~addend->allow;

	accum->prompt |= addend->prompt & ~addend->allow & ~addend->deny;

	accum->subtree |= addend->subtree & ~addend->deny;



	if (!accum->xindex)

		accum->xindex = addend->xindex;

	if (!accum->tag)

		accum->tag = addend->tag;

	if (!accum->label)

		accum->label = addend->label;

}



/**

 * aa_perms_accum - accumulate perms, masking off overlapping perms

 * @accum - perms struct to accumulate into

 * @addend - perms struct to add to @accum

 */

static inline void aa_perms_accum(struct aa_perms *accum,

				  struct aa_perms *addend)

{

	accum->deny |= addend->deny;

	accum->allow &= addend->allow & ~accum->deny;

	accum->audit |= addend->audit & accum->allow;

	accum->quiet &= addend->quiet & ~accum->allow;

	accum->kill |= addend->kill & ~accum->allow;

	accum->complain |= addend->complain & ~accum->allow & ~accum->deny;

	accum->cond |= addend->cond & ~accum->allow & ~accum->deny;

	accum->hide &= addend->hide & ~accum->allow;

	accum->prompt |= addend->prompt & ~accum->allow & ~accum->deny;

	accum->subtree &= addend->subtree & ~accum->deny;



	if (!accum->xindex)

		accum->xindex = addend->xindex;

	if (!accum->tag)

		accum->tag = addend->tag;

	if (!accum->label)

		accum->label = addend->label;

}



#define xcheck(FN1, FN2)	\

({				\

security/apparmor/lib.c

+0 −52
Original line number Diff line number Diff line
@@ -331,58 +331,6 @@ void aa_apply_modes_to_perms(struct aa_profile *profile, struct aa_perms *perms) 
		perms->prompt = ALL_PERMS_MASK;

}



/**

 * aa_perms_accum_raw - accumulate perms with out masking off overlapping perms

 * @accum - perms struct to accumulate into

 * @addend - perms struct to add to @accum

 */

void aa_perms_accum_raw(struct aa_perms *accum, struct aa_perms *addend)

{

	accum->deny |= addend->deny;

	accum->allow &= addend->allow & ~addend->deny;

	accum->audit |= addend->audit & addend->allow;

	accum->quiet &= addend->quiet & ~addend->allow;

	accum->kill |= addend->kill & ~addend->allow;

	accum->complain |= addend->complain & ~addend->allow & ~addend->deny;

	accum->cond |= addend->cond & ~addend->allow & ~addend->deny;

	accum->hide &= addend->hide & ~addend->allow;

	accum->prompt |= addend->prompt & ~addend->allow & ~addend->deny;

	accum->subtree |= addend->subtree & ~addend->deny;



	if (!accum->xindex)

		accum->xindex = addend->xindex;

	if (!accum->tag)

		accum->tag = addend->tag;

	if (!accum->label)

		accum->label = addend->label;

}



/**

 * aa_perms_accum - accumulate perms, masking off overlapping perms

 * @accum - perms struct to accumulate into

 * @addend - perms struct to add to @accum

 */

void aa_perms_accum(struct aa_perms *accum, struct aa_perms *addend)

{

	accum->deny |= addend->deny;

	accum->allow &= addend->allow & ~accum->deny;

	accum->audit |= addend->audit & accum->allow;

	accum->quiet &= addend->quiet & ~accum->allow;

	accum->kill |= addend->kill & ~accum->allow;

	accum->complain |= addend->complain & ~accum->allow & ~accum->deny;

	accum->cond |= addend->cond & ~accum->allow & ~accum->deny;

	accum->hide &= addend->hide & ~accum->allow;

	accum->prompt |= addend->prompt & ~accum->allow & ~accum->deny;

	accum->subtree &= addend->subtree & ~accum->deny;



	if (!accum->xindex)

		accum->xindex = addend->xindex;

	if (!accum->tag)

		accum->tag = addend->tag;

	if (!accum->label)

		accum->label = addend->label;

}



void aa_profile_match_label(struct aa_profile *profile, struct aa_label *label,

			    int type, u32 request, struct aa_perms *perms)

{