lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CACLa4pu2PWErdjb0=2RZm=6w-wc_ez_5nEXET3hy90h6m6MGYw@mail.gmail.com>
Date:	Tue, 27 Mar 2012 16:22:06 -0400
From:	Eric Paris <eparis@...isplace.org>
To:	gaowanlong@...fujitsu.com
Cc:	linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	Andrew Morton <akpm@...ux-foundation.org>,
	James Morris <jmorris@...ei.org>, sds@...ho.nsa.gov
Subject: Re: [PATCH 2/2] selinux:avc:remove the useless fields in avc_add_callback

I'll get picked up when -rc1 is released and I'm allowed to start
committing for 3.5.

-Eric

On Mon, Mar 26, 2012 at 9:51 AM, Wanlong Gao <gaowanlong@...fujitsu.com> wrote:
> On 03/22/2012 07:58 AM, Wanlong Gao wrote:
>
>> Any comments?
>
>
> Ping?
>
>>
>>
>>> avc_add_callback now just used for registering reset functions
>>> in initcalls, and the callback functions just did reset operations.
>>> So, reducing the arguments to only one event is enough now.
>>>
>>> Signed-off-by: Wanlong Gao <gaowanlong@...fujitsu.com>
>>> ---
>>>  security/selinux/avc.c         |   32 ++++++--------------------------
>>>  security/selinux/include/avc.h |    6 +-----
>>>  security/selinux/netif.c       |    6 ++----
>>>  security/selinux/netnode.c     |    6 ++----
>>>  security/selinux/netport.c     |    6 ++----
>>>  security/selinux/ss/services.c |    6 ++----
>>>  6 files changed, 15 insertions(+), 47 deletions(-)
>>>
>>> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
>>> index c301679..fc8acaa 100644
>>> --- a/security/selinux/avc.c
>>> +++ b/security/selinux/avc.c
>>> @@ -65,14 +65,8 @@ struct avc_cache {
>>>  };
>>>
>>>  struct avc_callback_node {
>>> -    int (*callback) (u32 event, u32 ssid, u32 tsid,
>>> -                     u16 tclass, u32 perms,
>>> -                     u32 *out_retained);
>>> +    int (*callback) (u32 event);
>>>      u32 events;
>>> -    u32 ssid;
>>> -    u32 tsid;
>>> -    u16 tclass;
>>> -    u32 perms;
>>>      struct avc_callback_node *next;
>>>  };
>>>
>>> @@ -546,22 +540,12 @@ int avc_audit(u32 ssid, u32 tsid,
>>>   * avc_add_callback - Register a callback for security events.
>>>   * @callback: callback function
>>>   * @events: security events
>>> - * @ssid: source security identifier or %SECSID_WILD
>>> - * @tsid: target security identifier or %SECSID_WILD
>>> - * @tclass: target security class
>>> - * @perms: permissions
>>>   *
>>> - * Register a callback function for events in the set @events
>>> - * related to the SID pair (@ssid, @tsid)
>>> - * and the permissions @perms, interpreting
>>> - * @perms based on @tclass.  Returns %0 on success or
>>> - * -%ENOMEM if insufficient memory exists to add the callback.
>>> + * Register a callback function for events in the set @events.
>>> + * Returns %0 on success or -%ENOMEM if insufficient memory
>>> + * exists to add the callback.
>>>   */
>>> -int __init avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
>>> -                                 u16 tclass, u32 perms,
>>> -                                 u32 *out_retained),
>>> -                 u32 events, u32 ssid, u32 tsid,
>>> -                 u16 tclass, u32 perms)
>>> +int __init avc_add_callback(int (*callback)(u32 event), u32 events)
>>>  {
>>>      struct avc_callback_node *c;
>>>      int rc = 0;
>>> @@ -574,9 +558,6 @@ int __init avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
>>>
>>>      c->callback = callback;
>>>      c->events = events;
>>> -    c->ssid = ssid;
>>> -    c->tsid = tsid;
>>> -    c->perms = perms;
>>>      c->next = avc_callbacks;
>>>      avc_callbacks = c;
>>>  out:
>>> @@ -716,8 +697,7 @@ int avc_ss_reset(u32 seqno)
>>>
>>>      for (c = avc_callbacks; c; c = c->next) {
>>>              if (c->events & AVC_CALLBACK_RESET) {
>>> -                    tmprc = c->callback(AVC_CALLBACK_RESET,
>>> -                                        0, 0, 0, 0, NULL);
>>> +                    tmprc = c->callback(AVC_CALLBACK_RESET);
>>>                      /* save the first error encountered for the return
>>>                         value and continue processing the callbacks */
>>>                      if (!rc)
>>> diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
>>> index 47fda96..0ac5c26 100644
>>> --- a/security/selinux/include/avc.h
>>> +++ b/security/selinux/include/avc.h
>>> @@ -88,11 +88,7 @@ u32 avc_policy_seqno(void);
>>>  #define AVC_CALLBACK_AUDITDENY_ENABLE       64
>>>  #define AVC_CALLBACK_AUDITDENY_DISABLE      128
>>>
>>> -int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
>>> -                                 u16 tclass, u32 perms,
>>> -                                 u32 *out_retained),
>>> -                 u32 events, u32 ssid, u32 tsid,
>>> -                 u16 tclass, u32 perms);
>>> +int avc_add_callback(int (*callback)(u32 event), u32 events);
>>>
>>>  /* Exported to selinuxfs */
>>>  int avc_get_hash_stats(char *page);
>>> diff --git a/security/selinux/netif.c b/security/selinux/netif.c
>>> index 326f22c..47a49d1 100644
>>> --- a/security/selinux/netif.c
>>> +++ b/security/selinux/netif.c
>>> @@ -252,8 +252,7 @@ static void sel_netif_flush(void)
>>>      spin_unlock_bh(&sel_netif_lock);
>>>  }
>>>
>>> -static int sel_netif_avc_callback(u32 event, u32 ssid, u32 tsid,
>>> -                              u16 class, u32 perms, u32 *retained)
>>> +static int sel_netif_avc_callback(u32 event)
>>>  {
>>>      if (event == AVC_CALLBACK_RESET) {
>>>              sel_netif_flush();
>>> @@ -292,8 +291,7 @@ static __init int sel_netif_init(void)
>>>
>>>      register_netdevice_notifier(&sel_netif_netdev_notifier);
>>>
>>> -    err = avc_add_callback(sel_netif_avc_callback, AVC_CALLBACK_RESET,
>>> -                           SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
>>> +    err = avc_add_callback(sel_netif_avc_callback, AVC_CALLBACK_RESET);
>>>      if (err)
>>>              panic("avc_add_callback() failed, error %d\n", err);
>>>
>>> diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
>>> index 8636585..28f911c 100644
>>> --- a/security/selinux/netnode.c
>>> +++ b/security/selinux/netnode.c
>>> @@ -297,8 +297,7 @@ static void sel_netnode_flush(void)
>>>      spin_unlock_bh(&sel_netnode_lock);
>>>  }
>>>
>>> -static int sel_netnode_avc_callback(u32 event, u32 ssid, u32 tsid,
>>> -                                u16 class, u32 perms, u32 *retained)
>>> +static int sel_netnode_avc_callback(u32 event)
>>>  {
>>>      if (event == AVC_CALLBACK_RESET) {
>>>              sel_netnode_flush();
>>> @@ -320,8 +319,7 @@ static __init int sel_netnode_init(void)
>>>              sel_netnode_hash[iter].size = 0;
>>>      }
>>>
>>> -    ret = avc_add_callback(sel_netnode_avc_callback, AVC_CALLBACK_RESET,
>>> -                           SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
>>> +    ret = avc_add_callback(sel_netnode_avc_callback, AVC_CALLBACK_RESET);
>>>      if (ret != 0)
>>>              panic("avc_add_callback() failed, error %d\n", ret);
>>>
>>> diff --git a/security/selinux/netport.c b/security/selinux/netport.c
>>> index 7b9eb1f..d353797 100644
>>> --- a/security/selinux/netport.c
>>> +++ b/security/selinux/netport.c
>>> @@ -234,8 +234,7 @@ static void sel_netport_flush(void)
>>>      spin_unlock_bh(&sel_netport_lock);
>>>  }
>>>
>>> -static int sel_netport_avc_callback(u32 event, u32 ssid, u32 tsid,
>>> -                                u16 class, u32 perms, u32 *retained)
>>> +static int sel_netport_avc_callback(u32 event)
>>>  {
>>>      if (event == AVC_CALLBACK_RESET) {
>>>              sel_netport_flush();
>>> @@ -257,8 +256,7 @@ static __init int sel_netport_init(void)
>>>              sel_netport_hash[iter].size = 0;
>>>      }
>>>
>>> -    ret = avc_add_callback(sel_netport_avc_callback, AVC_CALLBACK_RESET,
>>> -                           SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
>>> +    ret = avc_add_callback(sel_netport_avc_callback, AVC_CALLBACK_RESET);
>>>      if (ret != 0)
>>>              panic("avc_add_callback() failed, error %d\n", ret);
>>>
>>> diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
>>> index 185f849..08123cd 100644
>>> --- a/security/selinux/ss/services.c
>>> +++ b/security/selinux/ss/services.c
>>> @@ -3018,8 +3018,7 @@ out:
>>>
>>>  static int (*aurule_callback)(void) = audit_update_lsm_rules;
>>>
>>> -static int aurule_avc_callback(u32 event, u32 ssid, u32 tsid,
>>> -                           u16 class, u32 perms, u32 *retained)
>>> +static int aurule_avc_callback(u32 event)
>>>  {
>>>      int err = 0;
>>>
>>> @@ -3032,8 +3031,7 @@ static int __init aurule_init(void)
>>>  {
>>>      int err;
>>>
>>> -    err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET,
>>> -                           SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
>>> +    err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET);
>>>      if (err)
>>>              panic("avc_add_callback() failed, error %d\n", err);
>>>
>>
>>
>>
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ