selinux: remove redundant selinux_nlmsg_perm

selinux_nlmsg_perm is used for only by selinux_netlink_send. Remove
the redundant function to simplify the code.

Fix a typo by suggestion from Stephen.

Signed-off-by: Huaisheng Ye <yehs1@lenovo.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 2c84b12..2d5352d 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -5520,44 +5520,6 @@ static int selinux_tun_dev_open(void *security)
        return 0;
 }
 
-static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
-{
-       int err = 0;
-       u32 perm;
-       struct nlmsghdr *nlh;
-       struct sk_security_struct *sksec = sk->sk_security;
-
-       if (skb->len < NLMSG_HDRLEN) {
-               err = -EINVAL;
-               goto out;
-       }
-       nlh = nlmsg_hdr(skb);
-
-       err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
-       if (err) {
-               if (err == -EINVAL) {
-                       pr_warn_ratelimited("SELinux: unrecognized netlink"
-                              " message: protocol=%hu nlmsg_type=%hu sclass=%s"
-                              " pig=%d comm=%s\n",
-                              sk->sk_protocol, nlh->nlmsg_type,
-                              secclass_map[sksec->sclass - 1].name,
-                              task_pid_nr(current), current->comm);
-                       if (!enforcing_enabled(&selinux_state) ||
-                           security_get_allow_unknown(&selinux_state))
-                               err = 0;
-               }
-
-               /* Ignore */
-               if (err == -ENOENT)
-                       err = 0;
-               goto out;
-       }
-
-       err = sock_has_perm(sk, perm);
-out:
-       return err;
-}
-
 #ifdef CONFIG_NETFILTER
 
 static unsigned int selinux_ip_forward(struct sk_buff *skb,
@@ -5886,7 +5848,40 @@ static unsigned int selinux_ipv6_postroute(void *priv,
 
 static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
 {
-       return selinux_nlmsg_perm(sk, skb);
+       int err = 0;
+       u32 perm;
+       struct nlmsghdr *nlh;
+       struct sk_security_struct *sksec = sk->sk_security;
+
+       if (skb->len < NLMSG_HDRLEN) {
+               err = -EINVAL;
+               goto out;
+       }
+       nlh = nlmsg_hdr(skb);
+
+       err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
+       if (err) {
+               if (err == -EINVAL) {
+                       pr_warn_ratelimited("SELinux: unrecognized netlink"
+                              " message: protocol=%hu nlmsg_type=%hu sclass=%s"
+                              " pid=%d comm=%s\n",
+                              sk->sk_protocol, nlh->nlmsg_type,
+                              secclass_map[sksec->sclass - 1].name,
+                              task_pid_nr(current), current->comm);
+                       if (!enforcing_enabled(&selinux_state) ||
+                           security_get_allow_unknown(&selinux_state))
+                               err = 0;
+               }
+
+               /* Ignore */
+               if (err == -ENOENT)
+                       err = 0;
+               goto out;
+       }
+
+       err = sock_has_perm(sk, perm);
+out:
+       return err;
 }
 
 static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass)