add new system file

hc

2024-02-20 102a0743326a03cd1a1202ceda21e175b7d3575c

 kernel/security/selinux/netport.c
..
..
@@ -1,3 +1,4 @@
1
+// SPDX-License-Identifier: GPL-2.0-only
1
2
 /*
2
3
  * Network port table
3
4
  *
..
..
@@ -10,21 +11,10 @@
10
11
  * This code is heavily based on the "netif" concept originally developed by
11
12
  * James Morris <jmorris@redhat.com>
12
13
  *   (see security/selinux/netif.c for more information)
13
- *
14
14
  */
15
15
 
16
16
 /*
17
17
  * (c) Copyright Hewlett-Packard Development Company, L.P., 2008
18
- *
19
- * This program is free software: you can redistribute it and/or modify
20
- * it under the terms of version 2 of the GNU General Public License as
21
- * published by the Free Software Foundation.
22
- *
23
- * This program is distributed in the hope that it will be useful,
24
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
25
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
26
- * GNU General Public License for more details.
27
- *
28
18
  */
29
19
 
30
20
 #include <linux/types.h>
..
..
@@ -140,16 +130,16 @@
140
130
  * @sid: port SID
141
131
  *
142
132
  * Description:
143
- * This function determines the SID of a network port by quering the security
133
+ * This function determines the SID of a network port by querying the security
144
134
  * policy.  The result is added to the network port table to speedup future
145
135
  * queries.  Returns zero on success, negative values on failure.
146
136
  *
147
137
  */
148
138
 static int sel_netport_sid_slow(u8 protocol, u16 pnum, u32 *sid)
149
139
 {
150
-	int ret = -ENOMEM;
140
+	int ret;
151
141
 	struct sel_netport *port;
152
-	struct sel_netport *new = NULL;
142
+	struct sel_netport *new;
153
143
 
154
144
 	spin_lock_bh(&sel_netport_lock);
155
145
 	port = sel_netport_find(protocol, pnum);
..
..
@@ -158,25 +148,23 @@
158
148
 		spin_unlock_bh(&sel_netport_lock);
159
149
 		return 0;
160
150
 	}
161
-	new = kzalloc(sizeof(*new), GFP_ATOMIC);
162
-	if (new == NULL)
163
-		goto out;
151
+
164
152
 	ret = security_port_sid(&selinux_state, protocol, pnum, sid);
165
153
 	if (ret != 0)
166
154
 		goto out;
167
-
168
-	new->psec.port = pnum;
169
-	new->psec.protocol = protocol;
170
-	new->psec.sid = *sid;
171
-	sel_netport_insert(new);
155
+	new = kzalloc(sizeof(*new), GFP_ATOMIC);
156
+	if (new) {
157
+		new->psec.port = pnum;
158
+		new->psec.protocol = protocol;
159
+		new->psec.sid = *sid;
160
+		sel_netport_insert(new);
161
+	}
172
162
 
173
163
 out:
174
164
 	spin_unlock_bh(&sel_netport_lock);
175
-	if (unlikely(ret)) {
165
+	if (unlikely(ret))
176
166
 		pr_warn("SELinux: failure in %s(), unable to determine network port label\n",
177
167
 			__func__);
178
-		kfree(new);
179
-	}
180
168
 	return ret;
181
169
 }
182
170
 
..
..
@@ -237,7 +225,7 @@
237
225
 {
238
226
 	int iter;
239
227
 
240
-	if (!selinux_enabled)
228
+	if (!selinux_enabled_boot)
241
229
 		return 0;
242
230
 
243
231
 	for (iter = 0; iter < SEL_NETPORT_HASH_SIZE; iter++) {