[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e556e93a-9e2c-8045-b191-629f78dbb7fd@schaufler-ca.com>
Date: Fri, 10 Jan 2020 08:44:25 -0800
From: Casey Schaufler <casey@...aufler-ca.com>
To: Stephen Smalley <sds@...ho.nsa.gov>,
Huaisheng Ye <yehs2007@...o.com>, paul@...l-moore.com,
eparis@...isplace.org, jmorris@...ei.org, serge@...lyn.com
Cc: tyu1@...ovo.com, linux-security-module@...r.kernel.org,
selinux@...r.kernel.org, linux-kernel@...r.kernel.org,
Huaisheng Ye <yehs1@...ovo.com>,
Casey Schaufler <casey@...aufler-ca.com>
Subject: Re: [PATCH] selinux: remove redundant msg_msg_alloc_security
On 1/10/2020 7:13 AM, Stephen Smalley wrote:
> On 1/10/20 4:58 AM, Huaisheng Ye wrote:
>> From: Huaisheng Ye <yehs1@...ovo.com>
>>
>> selinux_msg_msg_alloc_security only calls msg_msg_alloc_security but
>> do nothing else. And also msg_msg_alloc_security is just used by the
>> former.
>>
>> Remove the redundant function to simplify the code.
>
> This seems to also be true of other _alloc_security functions, probably due to historical reasons. Further, at least some of these functions no longer perform any allocation; they are just initialization functions now that allocation has been taken to the LSM framework, so possibly could be renamed and made to return void at some point.
That's something I've been eyeing. I'm not 100% sure that no module will
ever fail doing the new style initialization. The int to void and name
change will probably happen after the next round of modules come in and
we can see that failure of initialization isn't a rational situation.
>
>>
>> Signed-off-by: Huaisheng Ye <yehs1@...ovo.com>
>
> Acked-by: Stephen Smalley <sds@...ho.nsa.gov>
>
>> ---
>> security/selinux/hooks.c | 17 ++++++-----------
>> 1 file changed, 6 insertions(+), 11 deletions(-)
>>
>> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
>> index 9625b99..fb1b9da 100644
>> --- a/security/selinux/hooks.c
>> +++ b/security/selinux/hooks.c
>> @@ -5882,16 +5882,6 @@ static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass)
>> isec->sid = current_sid();
>> }
>> -static int msg_msg_alloc_security(struct msg_msg *msg)
>> -{
>> - struct msg_security_struct *msec;
>> -
>> - msec = selinux_msg_msg(msg);
>> - msec->sid = SECINITSID_UNLABELED;
>> -
>> - return 0;
>> -}
>> -
>> static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
>> u32 perms)
>> {
>> @@ -5910,7 +5900,12 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
>> static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
>> {
>> - return msg_msg_alloc_security(msg);
>> + struct msg_security_struct *msec;
>> +
>> + msec = selinux_msg_msg(msg);
>> + msec->sid = SECINITSID_UNLABELED;
>> +
>> + return 0;
>> }
>> /* message queue security operations */
>>
>
>
Powered by blists - more mailing lists