Re: [PATCH 5/9] SELinux: remove redundant exports

LKML Archive on lore.kernel.org
 help / color / Atom feed

From: Paul Moore <paul.moore@hp.com>
To: "Ahmed S. Darwish" <darwish.07@gmail.com>
Cc: Chris Wright <chrisw@sous-sol.org>,
	Stephen Smalley <sds@tycho.nsa.gov>,
	James Morris <jmorris@namei.org>,
	Eric Paris <eparis@parisplace.org>,
	Casey Schaufler <casey@schaufler-ca.com>,
	David Woodhouse <dwmw2@infradead.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	LKML <linux-kernel@vger.kernel.org>,
	Audit-ML <linux-audit@redhat.com>,
	LSM-ML <linux-security-module@vger.kernel.org>
Subject: Re: [PATCH 5/9] SELinux: remove redundant exports
Date: Mon, 3 Mar 2008 18:41:55 -0500
Message-ID: <200803031841.55587.paul.moore@hp.com> (raw)
In-Reply-To: <20080301195832.GF19636@ubuntu>

On Saturday 01 March 2008 2:58:32 pm Ahmed S. Darwish wrote:
> Remove the following exported SELinux interfaces:
> selinux_get_inode_sid(inode, sid)
> selinux_get_ipc_sid(ipcp, sid)
> selinux_get_task_sid(tsk, sid)
> selinux_sid_to_string(sid, ctx, len)
>
> They can be substitued with the following generic equivalents
> respectively:
> new LSM hook, inode_getsecid(inode, secid)
> new LSM hook, ipc_getsecid*(ipcp, secid)
> LSM hook, task_getsecid(tsk, secid)
> LSM hook, sid_to_secctx(sid, ctx, len)
>
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>

Reviewed-by: Paul Moore <paul.moore@hp.com>

> ---
>
>  include/linux/selinux.h    |   62
> ---------------------------------------------
> security/selinux/exports.c |   42 ------------------------------ 2
> files changed, 104 deletions(-)
>
> diff --git a/include/linux/selinux.h b/include/linux/selinux.h
> index 8c2cc4c..24b0af1 100644
> --- a/include/linux/selinux.h
> +++ b/include/linux/selinux.h
> @@ -16,7 +16,6 @@
>
>  struct selinux_audit_rule;
>  struct audit_context;
> -struct inode;
>  struct kern_ipc_perm;
>
>  #ifdef CONFIG_SECURITY_SELINUX
> @@ -70,45 +69,6 @@ int selinux_audit_rule_match(u32 sid, u32 field,
> u32 op, void selinux_audit_set_callback(int (*callback)(void));
>
>  /**
> - *     selinux_sid_to_string - map a security context ID to a string
> - *     @sid: security context ID to be converted.
> - *     @ctx: address of context string to be returned
> - *     @ctxlen: length of returned context string.
> - *
> - *     Returns 0 if successful, -errno if not.  On success, the
> context - *     string will be allocated internally, and the caller
> must call - *     kfree() on it after use.
> - */
> -int selinux_sid_to_string(u32 sid, char **ctx, u32 *ctxlen);
> -
> -/**
> - *     selinux_get_inode_sid - get the inode's security context ID
> - *     @inode: inode structure to get the sid from.
> - *     @sid: pointer to security context ID to be filled in.
> - *
> - *     Returns nothing
> - */
> -void selinux_get_inode_sid(const struct inode *inode, u32 *sid);
> -
> -/**
> - *     selinux_get_ipc_sid - get the ipc security context ID
> - *     @ipcp: ipc structure to get the sid from.
> - *     @sid: pointer to security context ID to be filled in.
> - *
> - *     Returns nothing
> - */
> -void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32
> *sid); -
> -/**
> - *     selinux_get_task_sid - return the SID of task
> - *     @tsk: the task whose SID will be returned
> - *     @sid: pointer to security context ID to be filled in.
> - *
> - *     Returns nothing
> - */
> -void selinux_get_task_sid(struct task_struct *tsk, u32 *sid);
> -
> -/**
>   *     selinux_string_to_sid - map a security context string to a
> security ID *     @str: the security context string to be mapped
>   *     @sid: ID value returned via this.
> @@ -175,28 +135,6 @@ static inline void
> selinux_audit_set_callback(int (*callback)(void)) return;
>  }
>
> -static inline int selinux_sid_to_string(u32 sid, char **ctx, u32
> *ctxlen) -{
> -       *ctx = NULL;
> -       *ctxlen = 0;
> -       return 0;
> -}
> -
> -static inline void selinux_get_inode_sid(const struct inode *inode,
> u32 *sid) -{
> -	*sid = 0;
> -}
> -
> -static inline void selinux_get_ipc_sid(const struct kern_ipc_perm
> *ipcp, u32 *sid) -{
> -	*sid = 0;
> -}
> -
> -static inline void selinux_get_task_sid(struct task_struct *tsk, u32
> *sid) -{
> -	*sid = 0;
> -}
> -
>  static inline int selinux_string_to_sid(const char *str, u32 *sid)
>  {
>         *sid = 0;
> diff --git a/security/selinux/exports.c b/security/selinux/exports.c
> index 87d2bb3..64af2d3 100644
> --- a/security/selinux/exports.c
> +++ b/security/selinux/exports.c
> @@ -25,48 +25,6 @@
>  /* SECMARK reference count */
>  extern atomic_t selinux_secmark_refcount;
>
> -int selinux_sid_to_string(u32 sid, char **ctx, u32 *ctxlen)
> -{
> -	if (selinux_enabled)
> -		return security_sid_to_context(sid, ctx, ctxlen);
> -	else {
> -		*ctx = NULL;
> -		*ctxlen = 0;
> -	}
> -
> -	return 0;
> -}
> -
> -void selinux_get_inode_sid(const struct inode *inode, u32 *sid)
> -{
> -	if (selinux_enabled) {
> -		struct inode_security_struct *isec = inode->i_security;
> -		*sid = isec->sid;
> -		return;
> -	}
> -	*sid = 0;
> -}
> -
> -void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid)
> -{
> -	if (selinux_enabled) {
> -		struct ipc_security_struct *isec = ipcp->security;
> -		*sid = isec->sid;
> -		return;
> -	}
> -	*sid = 0;
> -}
> -
> -void selinux_get_task_sid(struct task_struct *tsk, u32 *sid)
> -{
> -	if (selinux_enabled) {
> -		struct task_security_struct *tsec = tsk->security;
> -		*sid = tsec->sid;
> -		return;
> -	}
> -	*sid = 0;
> -}
> -
>  int selinux_string_to_sid(char *str, u32 *sid)
>  {
>  	if (selinux_enabled)



-- 
paul moore
linux security @ hp

next prev parent reply index

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-01 19:47 [PATCH-v2 -mm 0/9] LSM-neutral Audit (SELinux audit separation) Ahmed S. Darwish
2008-03-01 19:51 ` [PATCH 1/9] LSM: Introduce inode_getsecid and ipc_getsecid hooks Ahmed S. Darwish
2008-03-03 21:18   ` James Morris
2008-03-03 23:26   ` Paul Moore
2008-03-01 19:52 ` [PATCH 2/9] SELinux: setup new inode/ipc getsecid hooks Ahmed S. Darwish
2008-03-03 21:19   ` James Morris
2008-03-03 23:25   ` Paul Moore
2008-03-01 19:54 ` [PATCH 3/9] Audit: use new LSM hooks instead of SELinux exports Ahmed S. Darwish
2008-03-03 21:19   ` James Morris
2008-03-03 23:31   ` Paul Moore
2008-03-01 19:56 ` [PATCH 4/9] Netlink: Use generic LSM hook Ahmed S. Darwish
2008-03-03 21:19   ` James Morris
2008-03-03 21:30     ` David Miller
2008-03-03 23:33   ` Paul Moore
2008-03-01 19:58 ` [PATCH 5/9] SELinux: remove redundant exports Ahmed S. Darwish
2008-03-03 21:20   ` James Morris
2008-03-03 23:41   ` Paul Moore [this message]
2008-03-01 20:00 ` [PATCH 6/9] LSM/Audit: Introduce generic Audit LSM hooks Ahmed S. Darwish
2008-03-03 21:20   ` James Morris
2008-03-03 23:36   ` Paul Moore
2008-03-01 20:01 ` [PATCH 7/9] Audit: internally use the new LSM audit hooks Ahmed S. Darwish
2008-03-03 21:20   ` James Morris
2008-03-03 23:51   ` Paul Moore
2008-03-04  3:31     ` Ahmed S. Darwish
2008-03-04  4:09       ` James Morris
2008-03-04  4:15     ` James Morris
2008-03-01 20:03 ` [PATCH 8/9] SELinux: use new audit hooks, remove redundant exports Ahmed S. Darwish
2008-03-03 21:20   ` James Morris
2008-03-01 20:05 ` [PATCH 9/9] Audit: Final renamings and cleanup Ahmed S. Darwish
2008-03-03 21:21   ` James Morris
2008-03-05  5:29 ` [PATCH-v2 -mm 0/9] LSM-neutral Audit (SELinux audit separation) James Morris

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200803031841.55587.paul.moore@hp.com \
    --to=paul.moore@hp.com \
    --cc=akpm@linux-foundation.org \
    --cc=casey@schaufler-ca.com \
    --cc=chrisw@sous-sol.org \
    --cc=darwish.07@gmail.com \
    --cc=dwmw2@infradead.org \
    --cc=eparis@parisplace.org \
    --cc=jmorris@namei.org \
    --cc=linux-audit@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=sds@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

LKML Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lkml.kernel.org/lkml/0 lkml/git/0.git
	git clone --mirror https://lkml.kernel.org/lkml/1 lkml/git/1.git
	git clone --mirror https://lkml.kernel.org/lkml/2 lkml/git/2.git
	git clone --mirror https://lkml.kernel.org/lkml/3 lkml/git/3.git
	git clone --mirror https://lkml.kernel.org/lkml/4 lkml/git/4.git
	git clone --mirror https://lkml.kernel.org/lkml/5 lkml/git/5.git
	git clone --mirror https://lkml.kernel.org/lkml/6 lkml/git/6.git
	git clone --mirror https://lkml.kernel.org/lkml/7 lkml/git/7.git
	git clone --mirror https://lkml.kernel.org/lkml/8 lkml/git/8.git
	git clone --mirror https://lkml.kernel.org/lkml/9 lkml/git/9.git
	git clone --mirror https://lkml.kernel.org/lkml/10 lkml/git/10.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 lkml lkml/ https://lkml.kernel.org/lkml \
		linux-kernel@vger.kernel.org
	public-inbox-index lkml

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git