[PATCH 2/7] audit: cull redundancy in audit_rule_change

Fri Oct 10 19:09:02 UTC 2014

On Thu, 2014-10-02 at 22:05 -0400, Richard Guy Briggs wrote:
> Re-factor audit_rule_change() to reduce the amount of code redundancy and
> simplify the logic.
> 
> Signed-off-by: Richard Guy Briggs <rgb at redhat.com>
> ---
>  kernel/auditfilter.c |   20 +++++++-------------
>  1 files changed, 7 insertions(+), 13 deletions(-)
> 
> diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
> index 4a11697..e3378a4 100644
> --- a/kernel/auditfilter.c
> +++ b/kernel/auditfilter.c
> @@ -1064,30 +1064,24 @@ int audit_rule_change(int type, __u32 portid, int seq, void *data,
>  	int err = 0;
>  	struct audit_entry *entry;
>  
> +	entry = audit_data_to_entry(data, datasz);
> +	if (IS_ERR(entry))
> +		return PTR_ERR(entry);
> +
>  	switch (type) {
>  	case AUDIT_ADD_RULE:
> -		entry = audit_data_to_entry(data, datasz);
> -		if (IS_ERR(entry))
> -			return PTR_ERR(entry);
> -
>  		err = audit_add_rule(entry);
>  		audit_log_rule_change("add_rule", &entry->rule, !err);
> -		if (err)
> -			audit_free_rule(entry);
>  		break;
>  	case AUDIT_DEL_RULE:
> -		entry = audit_data_to_entry(data, datasz);
> -		if (IS_ERR(entry))
> -			return PTR_ERR(entry);
> -
>  		err = audit_del_rule(entry);
>  		audit_log_rule_change("remove_rule", &entry->rule, !err);
> -		audit_free_rule(entry);
>  		break;
> -	default:
> -		return -EINVAL;

I left the default case and made it:

                err = -EINVAL;
                WARN_ON(1);

Seemed like better defensive coding....

>  	}
>  
> +	if (err || type == AUDIT_DEL_RULE)
> +		audit_free_rule(entry);
> +
>  	return err;
>  }
>  