Re: [PATCH 2/2] selinux:avc:remove the useless fields in avc_add_callback

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Wanlong Gao <gaowanlong@cn.fujitsu.com>
To: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Wanlong Gao <gaowanlong@cn.fujitsu.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Eric Paris <eparis@parisplace.org>,
	James Morris <jmorris@namei.org>,
	sds@tycho.nsa.gov
Subject: Re: [PATCH 2/2] selinux:avc:remove the useless fields in avc_add_callback
Date: Thu, 22 Mar 2012 07:58:36 +0800	[thread overview]
Message-ID: <4F6A6B2C.7030206@cn.fujitsu.com> (raw)
In-Reply-To: <1331129834-1554-2-git-send-email-gaowanlong@cn.fujitsu.com>

Any comments?


> avc_add_callback now just used for registering reset functions
> in initcalls, and the callback functions just did reset operations.
> So, reducing the arguments to only one event is enough now.
> 
> Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
> ---
>  security/selinux/avc.c         |   32 ++++++--------------------------
>  security/selinux/include/avc.h |    6 +-----
>  security/selinux/netif.c       |    6 ++----
>  security/selinux/netnode.c     |    6 ++----
>  security/selinux/netport.c     |    6 ++----
>  security/selinux/ss/services.c |    6 ++----
>  6 files changed, 15 insertions(+), 47 deletions(-)
> 
> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index c301679..fc8acaa 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -65,14 +65,8 @@ struct avc_cache {
>  };
>  
>  struct avc_callback_node {
> -	int (*callback) (u32 event, u32 ssid, u32 tsid,
> -			 u16 tclass, u32 perms,
> -			 u32 *out_retained);
> +	int (*callback) (u32 event);
>  	u32 events;
> -	u32 ssid;
> -	u32 tsid;
> -	u16 tclass;
> -	u32 perms;
>  	struct avc_callback_node *next;
>  };
>  
> @@ -546,22 +540,12 @@ int avc_audit(u32 ssid, u32 tsid,
>   * avc_add_callback - Register a callback for security events.
>   * @callback: callback function
>   * @events: security events
> - * @ssid: source security identifier or %SECSID_WILD
> - * @tsid: target security identifier or %SECSID_WILD
> - * @tclass: target security class
> - * @perms: permissions
>   *
> - * Register a callback function for events in the set @events
> - * related to the SID pair (@ssid, @tsid) 
> - * and the permissions @perms, interpreting
> - * @perms based on @tclass.  Returns %0 on success or
> - * -%ENOMEM if insufficient memory exists to add the callback.
> + * Register a callback function for events in the set @events.
> + * Returns %0 on success or -%ENOMEM if insufficient memory
> + * exists to add the callback.
>   */
> -int __init avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
> -				     u16 tclass, u32 perms,
> -				     u32 *out_retained),
> -		     u32 events, u32 ssid, u32 tsid,
> -		     u16 tclass, u32 perms)
> +int __init avc_add_callback(int (*callback)(u32 event), u32 events)
>  {
>  	struct avc_callback_node *c;
>  	int rc = 0;
> @@ -574,9 +558,6 @@ int __init avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
>  
>  	c->callback = callback;
>  	c->events = events;
> -	c->ssid = ssid;
> -	c->tsid = tsid;
> -	c->perms = perms;
>  	c->next = avc_callbacks;
>  	avc_callbacks = c;
>  out:
> @@ -716,8 +697,7 @@ int avc_ss_reset(u32 seqno)
>  
>  	for (c = avc_callbacks; c; c = c->next) {
>  		if (c->events & AVC_CALLBACK_RESET) {
> -			tmprc = c->callback(AVC_CALLBACK_RESET,
> -					    0, 0, 0, 0, NULL);
> +			tmprc = c->callback(AVC_CALLBACK_RESET);
>  			/* save the first error encountered for the return
>  			   value and continue processing the callbacks */
>  			if (!rc)
> diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
> index 47fda96..0ac5c26 100644
> --- a/security/selinux/include/avc.h
> +++ b/security/selinux/include/avc.h
> @@ -88,11 +88,7 @@ u32 avc_policy_seqno(void);
>  #define AVC_CALLBACK_AUDITDENY_ENABLE	64
>  #define AVC_CALLBACK_AUDITDENY_DISABLE	128
>  
> -int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
> -				     u16 tclass, u32 perms,
> -				     u32 *out_retained),
> -		     u32 events, u32 ssid, u32 tsid,
> -		     u16 tclass, u32 perms);
> +int avc_add_callback(int (*callback)(u32 event), u32 events);
>  
>  /* Exported to selinuxfs */
>  int avc_get_hash_stats(char *page);
> diff --git a/security/selinux/netif.c b/security/selinux/netif.c
> index 326f22c..47a49d1 100644
> --- a/security/selinux/netif.c
> +++ b/security/selinux/netif.c
> @@ -252,8 +252,7 @@ static void sel_netif_flush(void)
>  	spin_unlock_bh(&sel_netif_lock);
>  }
>  
> -static int sel_netif_avc_callback(u32 event, u32 ssid, u32 tsid,
> -				  u16 class, u32 perms, u32 *retained)
> +static int sel_netif_avc_callback(u32 event)
>  {
>  	if (event == AVC_CALLBACK_RESET) {
>  		sel_netif_flush();
> @@ -292,8 +291,7 @@ static __init int sel_netif_init(void)
>  
>  	register_netdevice_notifier(&sel_netif_netdev_notifier);
>  
> -	err = avc_add_callback(sel_netif_avc_callback, AVC_CALLBACK_RESET,
> -			       SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
> +	err = avc_add_callback(sel_netif_avc_callback, AVC_CALLBACK_RESET);
>  	if (err)
>  		panic("avc_add_callback() failed, error %d\n", err);
>  
> diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
> index 8636585..28f911c 100644
> --- a/security/selinux/netnode.c
> +++ b/security/selinux/netnode.c
> @@ -297,8 +297,7 @@ static void sel_netnode_flush(void)
>  	spin_unlock_bh(&sel_netnode_lock);
>  }
>  
> -static int sel_netnode_avc_callback(u32 event, u32 ssid, u32 tsid,
> -				    u16 class, u32 perms, u32 *retained)
> +static int sel_netnode_avc_callback(u32 event)
>  {
>  	if (event == AVC_CALLBACK_RESET) {
>  		sel_netnode_flush();
> @@ -320,8 +319,7 @@ static __init int sel_netnode_init(void)
>  		sel_netnode_hash[iter].size = 0;
>  	}
>  
> -	ret = avc_add_callback(sel_netnode_avc_callback, AVC_CALLBACK_RESET,
> -			       SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
> +	ret = avc_add_callback(sel_netnode_avc_callback, AVC_CALLBACK_RESET);
>  	if (ret != 0)
>  		panic("avc_add_callback() failed, error %d\n", ret);
>  
> diff --git a/security/selinux/netport.c b/security/selinux/netport.c
> index 7b9eb1f..d353797 100644
> --- a/security/selinux/netport.c
> +++ b/security/selinux/netport.c
> @@ -234,8 +234,7 @@ static void sel_netport_flush(void)
>  	spin_unlock_bh(&sel_netport_lock);
>  }
>  
> -static int sel_netport_avc_callback(u32 event, u32 ssid, u32 tsid,
> -				    u16 class, u32 perms, u32 *retained)
> +static int sel_netport_avc_callback(u32 event)
>  {
>  	if (event == AVC_CALLBACK_RESET) {
>  		sel_netport_flush();
> @@ -257,8 +256,7 @@ static __init int sel_netport_init(void)
>  		sel_netport_hash[iter].size = 0;
>  	}
>  
> -	ret = avc_add_callback(sel_netport_avc_callback, AVC_CALLBACK_RESET,
> -			       SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
> +	ret = avc_add_callback(sel_netport_avc_callback, AVC_CALLBACK_RESET);
>  	if (ret != 0)
>  		panic("avc_add_callback() failed, error %d\n", ret);
>  
> diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
> index 185f849..08123cd 100644
> --- a/security/selinux/ss/services.c
> +++ b/security/selinux/ss/services.c
> @@ -3018,8 +3018,7 @@ out:
>  
>  static int (*aurule_callback)(void) = audit_update_lsm_rules;
>  
> -static int aurule_avc_callback(u32 event, u32 ssid, u32 tsid,
> -			       u16 class, u32 perms, u32 *retained)
> +static int aurule_avc_callback(u32 event)
>  {
>  	int err = 0;
>  
> @@ -3032,8 +3031,7 @@ static int __init aurule_init(void)
>  {
>  	int err;
>  
> -	err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET,
> -			       SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
> +	err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET);
>  	if (err)
>  		panic("avc_add_callback() failed, error %d\n", err);
>

next prev parent reply	other threads:[~2012-03-21 23:59 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-03-07 14:17 [PATCH 1/2] selinux:replace weak GFP_ATOMIC to GFP_KERNEL in avc_add_callback Wanlong Gao
2012-03-07 14:17 ` [PATCH 2/2] selinux:avc:remove the useless fields " Wanlong Gao
2012-03-21 23:58   ` Wanlong Gao [this message]
2012-03-26 13:51     ` Wanlong Gao
2012-03-27 20:22       ` Eric Paris
2012-04-03  3:00         ` Wanlong Gao

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4F6A6B2C.7030206@cn.fujitsu.com \
    --to=gaowanlong@cn.fujitsu.com \
    --cc=akpm@linux-foundation.org \
    --cc=eparis@parisplace.org \
    --cc=jmorris@namei.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=sds@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.