Re: [2.6 patch] selinux: possible cleanups

[Stephen Smalley]

On Sun, 2004-11-28 at 14:01, Adrian Bunk wrote:
> The patch below contains the following possible cleanups:
> - make needlessly global code static
> - remove the following unused global functions:
>   - avc.c: avc_ss_grant
>   - avc.c: avc_ss_try_revoke
>   - avc.c: avc_ss_revoke
>   - avc.c: avc_ss_set_auditallow
>   - avc.c: avc_ss_set_auditdeny
>   - ss/avtab.c: avtab_map
>   - ss/ebitmap.c: ebitmap_or
>   - ss/hashtab.c: hashtab_remove
>   - ss/hashtab.c: hashtab_replace
>   - ss/hashtab.c: hashtab_map_remove_on_error
>   - ss/services.c: security_member_sid
>   - ss/sidtab.c: sidtab_remove
> - remove the following unused static functions:
>   - avc.c: avc_update_cache
>   - avc.c: avc_control
> 
> 
> Please review and comment on which of these changes are correct and 
> which conflict with pending patches for in-kernel users of the functions 
> affected.

Thanks for working on these cleanups.  I've separately submitted a patch
to export security_member_sid via selinuxfs, as it is part of the
security policy API and is needed for further work on security
polyinstantiation (e.g. multi-level directory support), so please remove
the diffs related to removing that function.  Two other comments:
- Did you mean to make avtab_insert static (you only removed the
function prototype for it)?
- Shouldn't the AVC_CALLBACK_* definitions other than RESET be removed
since you are removing the other avc_ss interfaces?

Otherwise, the patch seems sane to me.
  
-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/