selinux: cleanup selinux_xfrm_decode_session()

Some basic simplification. Signed-off-by: Paul Moore <pmoore@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
2013-07-23 17:38:40 -04:00 · 2013-07-23 17:38:40 -04:00 · e219369580
parent 4baabeec2a
commit e219369580
1 changed files with 12 additions and 11 deletions
--- a/security/selinux/xfrm.c
+++ b/security/selinux/xfrm.c
@ -215,34 +215,35 @@ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x,
 */
 int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall)
 {
+	u32 sid_session = SECSID_NULL;
 	struct sec_path *sp;

-	*sid = SECSID_NULL;
-
 	if (skb == NULL)
-		return 0;
+		goto out;

 	sp = skb->sp;
 	if (sp) {
-		int i, sid_set = 0;
+		int i;

-		for (i = sp->len-1; i >= 0; i--) {
+		for (i = sp->len - 1; i >= 0; i--) {
 			struct xfrm_state *x = sp->xvec[i];
 			if (selinux_authorizable_xfrm(x)) {
 				struct xfrm_sec_ctx *ctx = x->security;

-				if (!sid_set) {
-					*sid = ctx->ctx_sid;
-					sid_set = 1;
-
+				if (sid_session == SECSID_NULL) {
+					sid_session = ctx->ctx_sid;
 					if (!ckall)
-						break;
-				} else if (*sid != ctx->ctx_sid)
+						goto out;
+				} else if (sid_session != ctx->ctx_sid) {
+					*sid = SECSID_NULL;
 					return -EINVAL;
+				}
 			}
 		}
 	}

+out:
+	*sid = sid_session;
 	return 0;
 }