selinux: don't pass in NULL avd to avc_has_perm_noaudit

Right now security_get_user_sids() will pass in a NULL avd pointer to
avc_has_perm_noaudit(), which then forces that function to have a dummy
entry for that case and just generally test it.

Don't do it.  The normal callers all pass a real avd pointer, and this
helper function is incredibly hot.  So don't make avc_has_perm_noaudit()
do conditional stuff that isn't needed for the common case.

This also avoids some duplicated stack space.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

1 files changed, 2 insertions, 1 deletions

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index c3e4b52699f4..973e00e34fa9 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2217,10 +2217,11 @@ out_unlock:
                 goto out;
         }
         for (i = 0, j = 0; i < mynel; i++) {
+                struct av_decision dummy_avd;
                 rc = avc_has_perm_noaudit(fromsid, mysids[i],
                                           SECCLASS_PROCESS, /* kernel value */
                                           PROCESS__TRANSITION, AVC_STRICT,
-                                          NULL);
+                                          &dummy_avd);
                 if (!rc)
                         mysids2[j++] = mysids[i];
                 cond_resched();