From: kernel test robot <lkp@intel.com>
To: stephen.smalley.work@gmail.com
Cc: oe-kbuild-all@lists.linux.dev
Subject: [ssmalley-selinuxns:working-selinuxns 35/42] security/selinux/avc.c:1606: warning: Function parameter or struct member 'ad' not described in 'cred_obj_has_perm'
Date: Sat, 22 Feb 2025 23:26:43 +0800 [thread overview]
Message-ID: <202502222318.2f2ygMSQ-lkp@intel.com> (raw)
tree: https://github.com/stephensmalley/selinux-kernel working-selinuxns
head: 8e33da6864e173556431920c74deb653617db98e
commit: 211533f0f5ee0a6424d42082f37da03d397f1ae8 [35/42] selinux: split cred_ssid_has_perm() into two cases
config: i386-buildonly-randconfig-001-20250222 (https://download.01.org/0day-ci/archive/20250222/202502222318.2f2ygMSQ-lkp@intel.com/config)
compiler: clang version 19.1.3 (https://github.com/llvm/llvm-project ab51eccf88f5321e7c60591c5546b254b6afab99)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250222/202502222318.2f2ygMSQ-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202502222318.2f2ygMSQ-lkp@intel.com/
All warnings (new ones prefixed by >>):
security/selinux/avc.c:1286: warning: Function parameter or struct member 'ad' not described in 'cred_task_has_perm'
security/selinux/avc.c:1286: warning: Excess function parameter 'auditdata' description in 'cred_task_has_perm'
security/selinux/avc.c:1342: warning: Function parameter or struct member 'ad' not described in 'task_obj_has_perm'
security/selinux/avc.c:1342: warning: Excess function parameter 'auditdata' description in 'task_obj_has_perm'
security/selinux/avc.c:1401: warning: Function parameter or struct member 'base_perm' not described in 'cred_has_extended_perms'
security/selinux/avc.c:1401: warning: Function parameter or struct member 'ad' not described in 'cred_has_extended_perms'
security/selinux/avc.c:1401: warning: Excess function parameter 'auditdata' description in 'cred_has_extended_perms'
security/selinux/avc.c:1440: warning: Function parameter or struct member 'ad' not described in 'cred_self_has_perm'
security/selinux/avc.c:1440: warning: Excess function parameter 'auditdata' description in 'cred_self_has_perm'
security/selinux/avc.c:1518: warning: Function parameter or struct member 'ad' not described in 'cred_tsid_has_perm'
security/selinux/avc.c:1518: warning: Excess function parameter 'auditdata' description in 'cred_tsid_has_perm'
>> security/selinux/avc.c:1606: warning: Function parameter or struct member 'ad' not described in 'cred_obj_has_perm'
>> security/selinux/avc.c:1606: warning: Excess function parameter 'auditdata' description in 'cred_obj_has_perm'
security/selinux/avc.c:1645: warning: Function parameter or struct member 'ad' not described in 'cred_ssid_has_perm'
security/selinux/avc.c:1645: warning: Excess function parameter 'auditdata' description in 'cred_ssid_has_perm'
security/selinux/avc.c:1710: warning: Function parameter or struct member 'ad' not described in 'cred_other_has_perm'
security/selinux/avc.c:1710: warning: Excess function parameter 'auditdata' description in 'cred_other_has_perm'
security/selinux/avc.c:1755: warning: Function parameter or struct member 'ad' not described in 'selinux_state_has_perm'
security/selinux/avc.c:1755: warning: Excess function parameter 'auditdata' description in 'selinux_state_has_perm'
vim +1606 security/selinux/avc.c
ea5452c91df1901 Stephen Smalley 2024-09-25 1584
77119259f8191e6 Stephen Smalley 2024-09-30 1585 /**
211533f0f5ee0a6 Stephen Smalley 2024-10-07 1586 * cred_obj_has_perm - Check and audit permissions on a (ssid, tsid) pair
77119259f8191e6 Stephen Smalley 2024-09-30 1587 * @cred: subject credentials
77119259f8191e6 Stephen Smalley 2024-09-30 1588 * @ssid: source security identifier
77119259f8191e6 Stephen Smalley 2024-09-30 1589 * @tsid: target security identifier
77119259f8191e6 Stephen Smalley 2024-09-30 1590 * @tclass: target security class
77119259f8191e6 Stephen Smalley 2024-09-30 1591 * @requested: requested permissions, interpreted based on @tclass
77119259f8191e6 Stephen Smalley 2024-09-30 1592 * @auditdata: auxiliary audit data
77119259f8191e6 Stephen Smalley 2024-09-30 1593 *
77119259f8191e6 Stephen Smalley 2024-09-30 1594 * Check permissions between a source SID @ssid and a target SID @tsid for
77119259f8191e6 Stephen Smalley 2024-09-30 1595 * @cred's namespace and all ancestors to determine whether the
77119259f8191e6 Stephen Smalley 2024-09-30 1596 * @requested permissions are granted.
77119259f8191e6 Stephen Smalley 2024-09-30 1597 * Audit the granting or denial of permissions in accordance with the policy.
77119259f8191e6 Stephen Smalley 2024-09-30 1598 * Return %0 if all @requested permissions are granted, -%EACCES if any
77119259f8191e6 Stephen Smalley 2024-09-30 1599 * permissions are denied, or another -errno upon other errors.
77119259f8191e6 Stephen Smalley 2024-09-30 1600 * DO NOT USE when checking permissions involving cred/task SIDs; this
77119259f8191e6 Stephen Smalley 2024-09-30 1601 * helper is only for object-to-object checks.
77119259f8191e6 Stephen Smalley 2024-09-30 1602 */
211533f0f5ee0a6 Stephen Smalley 2024-10-07 1603 int cred_obj_has_perm(const struct cred *cred, u32 ssid, u32 tsid,
211533f0f5ee0a6 Stephen Smalley 2024-10-07 1604 u16 tclass, u32 requested,
211533f0f5ee0a6 Stephen Smalley 2024-10-07 1605 struct common_audit_data *ad)
f7b87de4186db2b Stephen Smalley 2024-09-27 @1606 {
f7b87de4186db2b Stephen Smalley 2024-09-27 1607 struct task_security_struct *tsec;
f7b87de4186db2b Stephen Smalley 2024-09-27 1608 struct selinux_state *state;
f7b87de4186db2b Stephen Smalley 2024-09-27 1609 int rc;
f7b87de4186db2b Stephen Smalley 2024-09-27 1610
f7b87de4186db2b Stephen Smalley 2024-09-27 1611 do {
f7b87de4186db2b Stephen Smalley 2024-09-27 1612 tsec = selinux_cred(cred);
f7b87de4186db2b Stephen Smalley 2024-09-27 1613 state = tsec->state;
f7b87de4186db2b Stephen Smalley 2024-09-27 1614 rc = avc_has_perm(state, ssid, tsid, tclass, requested, ad);
f7b87de4186db2b Stephen Smalley 2024-09-27 1615 if (rc)
f7b87de4186db2b Stephen Smalley 2024-09-27 1616 return rc;
f7b87de4186db2b Stephen Smalley 2024-09-27 1617
f7b87de4186db2b Stephen Smalley 2024-09-27 1618 cred = tsec->parent_cred;
f7b87de4186db2b Stephen Smalley 2024-09-27 1619 } while (cred);
f7b87de4186db2b Stephen Smalley 2024-09-27 1620
f7b87de4186db2b Stephen Smalley 2024-09-27 1621 return 0;
f7b87de4186db2b Stephen Smalley 2024-09-27 1622 }
f7b87de4186db2b Stephen Smalley 2024-09-27 1623
:::::: The code at line 1606 was first introduced by commit
:::::: f7b87de4186db2b1cb21bc7239f9a08e60f5dfb0 selinux: introduce cred_ssid_has_perm() and cred_other_has_perm()
:::::: TO: Stephen Smalley <stephen.smalley.work@gmail.com>
:::::: CC: Stephen Smalley <stephen.smalley.work@gmail.com>
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
reply other threads:[~2025-02-22 15:26 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202502222318.2f2ygMSQ-lkp@intel.com \
--to=lkp@intel.com \
--cc=oe-kbuild-all@lists.linux.dev \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.