selinux: reduce the object class calculations at inode init time

We only need to call inode_mode_to_security_class() once in
selinux_inode_init_security().

Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index a6bf90ace84c74bdb11330d7bb278183dfb13275..48ae90327fa4e3d09957d6626dab0c636982068d 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2920,23 +2920,22 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
        struct superblock_security_struct *sbsec;
        struct xattr *xattr = lsm_get_xattr_slot(xattrs, xattr_count);
        u32 newsid, clen;
+       u16 newsclass;
        int rc;
        char *context;
 
        sbsec = selinux_superblock(dir->i_sb);
 
        newsid = tsec->create_sid;
-
-       rc = selinux_determine_inode_label(tsec, dir, qstr,
-               inode_mode_to_security_class(inode->i_mode),
-               &newsid);
+       newsclass = inode_mode_to_security_class(inode->i_mode);
+       rc = selinux_determine_inode_label(tsec, dir, qstr, newsclass, &newsid);
        if (rc)
                return rc;
 
        /* Possibly defer initialization to selinux_complete_init. */
        if (sbsec->flags & SE_SBINITIALIZED) {
                struct inode_security_struct *isec = selinux_inode(inode);
-               isec->sclass = inode_mode_to_security_class(inode->i_mode);
+               isec->sclass = newsclass;
                isec->sid = newsid;
                isec->initialized = LABEL_INITIALIZED;
        }