Re: [PATCH 5/9] SELinux: remove redundant exports

From: Paul Moore
Date: Mon Mar 03 2008 - 18:43:36 EST

Next message: Anton Vorontsov: "Re: [PATCH RFC] introduce pm_call() macro to get rid of most#ifdef CONFIG_PM"
Previous message: Paul Moore: "Re: [PATCH 6/9] LSM/Audit: Introduce generic Audit LSM hooks"
In reply to: James Morris: "Re: [PATCH 5/9] SELinux: remove redundant exports"
Next in thread: Ahmed S. Darwish: "[PATCH 6/9] LSM/Audit: Introduce generic Audit LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Saturday 01 March 2008 2:58:32 pm Ahmed S. Darwish wrote:
> Remove the following exported SELinux interfaces:
> selinux_get_inode_sid(inode, sid)
> selinux_get_ipc_sid(ipcp, sid)
> selinux_get_task_sid(tsk, sid)
> selinux_sid_to_string(sid, ctx, len)
>
> They can be substitued with the following generic equivalents
> respectively:
> new LSM hook, inode_getsecid(inode, secid)
> new LSM hook, ipc_getsecid*(ipcp, secid)
> LSM hook, task_getsecid(tsk, secid)
> LSM hook, sid_to_secctx(sid, ctx, len)
>
> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
> Signed-off-by: Ahmed S. Darwish <darwish.07@xxxxxxxxx>

Reviewed-by: Paul Moore <paul.moore@xxxxxx>

> ---
>
> include/linux/selinux.h | 62
> ---------------------------------------------
> security/selinux/exports.c | 42 ------------------------------ 2
> files changed, 104 deletions(-)
>
> diff --git a/include/linux/selinux.h b/include/linux/selinux.h
> index 8c2cc4c..24b0af1 100644
> --- a/include/linux/selinux.h
> +++ b/include/linux/selinux.h
> @@ -16,7 +16,6 @@
>
> struct selinux_audit_rule;
> struct audit_context;
> -struct inode;
> struct kern_ipc_perm;
>
> #ifdef CONFIG_SECURITY_SELINUX
> @@ -70,45 +69,6 @@ int selinux_audit_rule_match(u32 sid, u32 field,
> u32 op, void selinux_audit_set_callback(int (*callback)(void));
>
> /**
> - * selinux_sid_to_string - map a security context ID to a string
> - * @sid: security context ID to be converted.
> - * @ctx: address of context string to be returned
> - * @ctxlen: length of returned context string.
> - *
> - * Returns 0 if successful, -errno if not. On success, the
> context - * string will be allocated internally, and the caller
> must call - * kfree() on it after use.
> - */
> -int selinux_sid_to_string(u32 sid, char **ctx, u32 *ctxlen);
> -
> -/**
> - * selinux_get_inode_sid - get the inode's security context ID
> - * @inode: inode structure to get the sid from.
> - * @sid: pointer to security context ID to be filled in.
> - *
> - * Returns nothing
> - */
> -void selinux_get_inode_sid(const struct inode *inode, u32 *sid);
> -
> -/**
> - * selinux_get_ipc_sid - get the ipc security context ID
> - * @ipcp: ipc structure to get the sid from.
> - * @sid: pointer to security context ID to be filled in.
> - *
> - * Returns nothing
> - */
> -void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32
> *sid); -
> -/**
> - * selinux_get_task_sid - return the SID of task
> - * @tsk: the task whose SID will be returned
> - * @sid: pointer to security context ID to be filled in.
> - *
> - * Returns nothing
> - */
> -void selinux_get_task_sid(struct task_struct *tsk, u32 *sid);
> -
> -/**
> * selinux_string_to_sid - map a security context string to a
> security ID * @str: the security context string to be mapped
> * @sid: ID value returned via this.
> @@ -175,28 +135,6 @@ static inline void
> selinux_audit_set_callback(int (*callback)(void)) return;
> }
>
> -static inline int selinux_sid_to_string(u32 sid, char **ctx, u32
> *ctxlen) -{
> - *ctx = NULL;
> - *ctxlen = 0;
> - return 0;
> -}
> -
> -static inline void selinux_get_inode_sid(const struct inode *inode,
> u32 *sid) -{
> - *sid = 0;
> -}
> -
> -static inline void selinux_get_ipc_sid(const struct kern_ipc_perm
> *ipcp, u32 *sid) -{
> - *sid = 0;
> -}
> -
> -static inline void selinux_get_task_sid(struct task_struct *tsk, u32
> *sid) -{
> - *sid = 0;
> -}
> -
> static inline int selinux_string_to_sid(const char *str, u32 *sid)
> {
> *sid = 0;
> diff --git a/security/selinux/exports.c b/security/selinux/exports.c
> index 87d2bb3..64af2d3 100644
> --- a/security/selinux/exports.c
> +++ b/security/selinux/exports.c
> @@ -25,48 +25,6 @@
> /* SECMARK reference count */
> extern atomic_t selinux_secmark_refcount;
>
> -int selinux_sid_to_string(u32 sid, char **ctx, u32 *ctxlen)
> -{
> - if (selinux_enabled)
> - return security_sid_to_context(sid, ctx, ctxlen);
> - else {
> - *ctx = NULL;
> - *ctxlen = 0;
> - }
> -
> - return 0;
> -}
> -
> -void selinux_get_inode_sid(const struct inode *inode, u32 *sid)
> -{
> - if (selinux_enabled) {
> - struct inode_security_struct *isec = inode->i_security;
> - *sid = isec->sid;
> - return;
> - }
> - *sid = 0;
> -}
> -
> -void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid)
> -{
> - if (selinux_enabled) {
> - struct ipc_security_struct *isec = ipcp->security;
> - *sid = isec->sid;
> - return;
> - }
> - *sid = 0;
> -}
> -
> -void selinux_get_task_sid(struct task_struct *tsk, u32 *sid)
> -{
> - if (selinux_enabled) {
> - struct task_security_struct *tsec = tsk->security;
> - *sid = tsec->sid;
> - return;
> - }
> - *sid = 0;
> -}
> -
> int selinux_string_to_sid(char *str, u32 *sid)
> {
> if (selinux_enabled)

--
paul moore
linux security @ hp
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Anton Vorontsov: "Re: [PATCH RFC] introduce pm_call() macro to get rid of most#ifdef CONFIG_PM"
Previous message: Paul Moore: "Re: [PATCH 6/9] LSM/Audit: Introduce generic Audit LSM hooks"
In reply to: James Morris: "Re: [PATCH 5/9] SELinux: remove redundant exports"
Next in thread: Ahmed S. Darwish: "[PATCH 6/9] LSM/Audit: Introduce generic Audit LSM hooks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]