From: Daniel Burgener <dburgener@linux.microsoft.com>
To: cgzones@googlemail.com, selinux@vger.kernel.org
Cc: "Paul Moore" <paul@paul-moore.com>,
"Stephen Smalley" <stephen.smalley.work@gmail.com>,
"Ondrej Mosnacek" <omosnace@redhat.com>,
"John Johansen" <john.johansen@canonical.com>,
"Casey Schaufler" <casey@schaufler-ca.com>,
"Thiébaud Weksteen" <tweek@google.com>,
"Canfeng Guo" <guocanfeng@uniontech.com>,
"GUO Zihua" <guozihua@huawei.com>,
linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH 06/22] selinux: rename comparison functions for clarity
Date: Mon, 16 Dec 2024 09:28:10 -0500 [thread overview]
Message-ID: <f00152c1-6eb9-487d-af69-42573b5f79bc@linux.microsoft.com> (raw)
In-Reply-To: <20241115133619.114393-6-cgoettsche@seltendoof.de>
On 11/15/2024 8:35 AM, Christian Göttsche wrote:
> From: Christian Göttsche <cgzones@googlemail.com>
>
> The functions context_cmp() and mls_context_cmp() are not traditional
> C style compare functions returning -1, 0, and 1 for less than, equal,
> and greater than; they only return whether their arguments are equal.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
> security/selinux/ss/context.c | 2 +-
> security/selinux/ss/context.h | 10 +++++-----
> security/selinux/ss/services.c | 2 +-
> security/selinux/ss/sidtab.c | 2 +-
> 4 files changed, 8 insertions(+), 8 deletions(-)
>
> diff --git a/security/selinux/ss/context.c b/security/selinux/ss/context.c
> index e39990f494dd..a528b7f76280 100644
> --- a/security/selinux/ss/context.c
> +++ b/security/selinux/ss/context.c
> @@ -20,7 +20,7 @@ u32 context_compute_hash(const struct context *c)
> * context struct with only the len & str set (and vice versa)
> * under a given policy. Since context structs from different
> * policies should never meet, it is safe to hash valid and
> - * invalid contexts differently. The context_cmp() function
> + * invalid contexts differently. The context_equal() function
> * already operates under the same assumption.
> */
> if (c->len)
> diff --git a/security/selinux/ss/context.h b/security/selinux/ss/context.h
> index 7ccab2e6965f..e1307f6f7f50 100644
> --- a/security/selinux/ss/context.h
> +++ b/security/selinux/ss/context.h
> @@ -132,8 +132,8 @@ static inline int mls_context_glblub(struct context *dst,
> return rc;
> }
>
> -static inline int mls_context_cmp(const struct context *c1,
> - const struct context *c2)
> +static inline bool mls_context_equal(const struct context *c1,
> + const struct context *c2)
> {
> return ((c1->range.level[0].sens == c2->range.level[0].sens) &&
> ebitmap_cmp(&c1->range.level[0].cat, &c2->range.level[0].cat) &&
Should the same logic in this patch be applied to ebitmap_cmp as well?
-Daniel
next prev parent reply other threads:[~2024-12-16 14:28 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-15 13:35 [RFC PATCH 01/22] selinux: supply missing field initializers Christian Göttsche
2024-11-15 13:35 ` [RFC PATCH 02/22] selinux: avoid using types indicating user space interaction Christian Göttsche
2024-11-15 13:35 ` [RFC PATCH 03/22] selinux: align and constify functions Christian Göttsche
2024-11-15 13:35 ` [RFC PATCH 04/22] selinux: rework match_ipv6_addrmask() Christian Göttsche
2024-11-15 13:35 ` [RFC PATCH 05/22] selinux: avoid nontransitive comparison Christian Göttsche
2024-11-15 13:35 ` [RFC PATCH 06/22] selinux: rename comparison functions for clarity Christian Göttsche
2024-12-16 14:28 ` Daniel Burgener [this message]
2024-11-15 13:35 ` [RFC PATCH 07/22] selinux: use known type instead of void pointer Christian Göttsche
2024-12-16 14:36 ` Daniel Burgener
2024-11-15 13:35 ` [RFC PATCH 08/22] selinux: avoid unnecessary indirection in struct level_datum Christian Göttsche
2024-11-15 13:35 ` [RFC PATCH 09/22] selinux: make use of str_read() Christian Göttsche
2024-11-15 13:35 ` [RFC PATCH 10/22] selinux: use u16 for security classes Christian Göttsche
2024-11-15 13:35 ` [RFC PATCH 11/22] selinux: more strict policy parsing Christian Göttsche
2024-12-03 0:34 ` Thiébaud Weksteen
2024-11-15 13:35 ` [RFC PATCH 12/22] selinux: check length fields in policies Christian Göttsche
2024-11-15 13:35 ` [RFC PATCH 13/22] selinux: validate constraints Christian Göttsche
2024-11-15 13:35 ` [RFC PATCH 14/22] selinux: pre-validate conditional expressions Christian Göttsche
2024-11-15 13:35 ` [RFC PATCH 15/22] selinux: introduce ebitmap_highest_set_bit() Christian Göttsche
2024-11-15 13:35 ` [RFC PATCH 16/22] selinux: check type attr map overflows Christian Göttsche
2024-11-15 13:35 ` [RFC PATCH 17/22] selinux: reorder policydb_index() Christian Göttsche
2024-11-15 13:35 ` [RFC PATCH 18/22] selinux: beef up isvalid checks Christian Göttsche
2024-11-15 13:35 ` [RFC PATCH 19/22] selinux: validate symbols Christian Göttsche
2024-11-15 13:35 ` [RFC PATCH 20/22] selinux: more strict bounds check Christian Göttsche
2024-11-15 13:35 ` [RFC PATCH 21/22] selinux: check for simple types Christian Göttsche
2024-11-15 13:35 ` [RFC PATCH 22/22] selinux: restrict policy strings Christian Göttsche
2024-12-13 22:14 ` Daniel Burgener
2024-12-16 16:02 ` Christian Göttsche
2024-11-15 13:35 ` [RFC PATCH 00/22] selinux: harden against malformed policies Christian Göttsche
2024-11-18 15:35 ` Daniel Burgener
2024-11-25 17:26 ` Christian Göttsche
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f00152c1-6eb9-487d-af69-42573b5f79bc@linux.microsoft.com \
--to=dburgener@linux.microsoft.com \
--cc=casey@schaufler-ca.com \
--cc=cgzones@googlemail.com \
--cc=guocanfeng@uniontech.com \
--cc=guozihua@huawei.com \
--cc=john.johansen@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=omosnace@redhat.com \
--cc=paul@paul-moore.com \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
--cc=tweek@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.