4 files changed, 6 insertions, 14 deletions

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 2a84dec4adfe..326aa78bd421 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -381,30 +381,25 @@ static inline struct avc_node *avc_search_node(u32 ssid, u32 tsid, u16 tclass)
  * @ssid: source security identifier
  * @tsid: target security identifier
  * @tclass: target security class
- * @requested: requested permissions, interpreted based on @tclass
  *
  * Look up an AVC entry that is valid for the
- * @requested permissions between the SID pair
  * (@ssid, @tsid), interpreting the permissions
  * based on @tclass.  If a valid AVC entry exists,
  * then this function return the avc_node.
  * Otherwise, this function returns NULL.
  */
-static struct avc_node *avc_lookup(u32 ssid, u32 tsid, u16 tclass, u32 requested)
+static struct avc_node *avc_lookup(u32 ssid, u32 tsid, u16 tclass)
 {
         struct avc_node *node;
 
         avc_cache_stats_incr(lookups);
         node = avc_search_node(ssid, tsid, tclass);
 
-        if (node && ((node->ae.avd.decided & requested) == requested)) {
+        if (node)
                 avc_cache_stats_incr(hits);
-                goto out;
-        }
+        else
+                avc_cache_stats_incr(misses);
 
-        node = NULL;
-        avc_cache_stats_incr(misses);
-out:
         return node;
 }
 
@@ -875,7 +870,7 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
 
         rcu_read_lock();
 
-        node = avc_lookup(ssid, tsid, tclass, requested);
+        node = avc_lookup(ssid, tsid, tclass);
         if (!node) {
                 rcu_read_unlock();
 
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index e1d9db779983..5c3434f7626f 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -88,7 +88,6 @@ int security_policycap_supported(unsigned int req_cap);
 #define SEL_VEC_MAX 32
 struct av_decision {
         u32 allowed;
-        u32 decided;
         u32 auditallow;
         u32 auditdeny;
         u32 seqno;
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 01ec6d2c6b97..d3c8b982cfb0 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -595,7 +595,7 @@ static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
 
         length = scnprintf(buf, SIMPLE_TRANSACTION_LIMIT,
                           "%x %x %x %x %u",
-                          avd.allowed, avd.decided,
+                          avd.allowed, 0xffffffff,
                           avd.auditallow, avd.auditdeny,
                           avd.seqno);
 out2:
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index c65e4fe4a0f1..deeec6c013ae 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -407,7 +407,6 @@ static int context_struct_compute_av(struct context *scontext,
          * Initialize the access vectors to the default values.
          */
         avd->allowed = 0;
-        avd->decided = 0xffffffff;
         avd->auditallow = 0;
         avd->auditdeny = 0xffffffff;
         avd->seqno = latest_granting;
@@ -743,7 +742,6 @@ int security_compute_av(u32 ssid,
 
         if (!ss_initialized) {
                 avd->allowed = 0xffffffff;
-                avd->decided = 0xffffffff;
                 avd->auditallow = 0;
                 avd->auditdeny = 0xffffffff;
                 avd->seqno = latest_granting;