Linux Security Modules development
 help / color / mirror / Atom feed
From: Casey Schaufler <casey@schaufler-ca.com>
To: Stephen Smalley <sds@tycho.nsa.gov>,
	Huaisheng Ye <yehs2007@zoho.com>,
	paul@paul-moore.com, eparis@parisplace.org, jmorris@namei.org,
	serge@hallyn.com
Cc: tyu1@lenovo.com, linux-security-module@vger.kernel.org,
	selinux@vger.kernel.org, linux-kernel@vger.kernel.org,
	Huaisheng Ye <yehs1@lenovo.com>,
	Casey Schaufler <casey@schaufler-ca.com>
Subject: Re: [PATCH] selinux: remove redundant msg_msg_alloc_security
Date: Fri, 10 Jan 2020 08:44:25 -0800	[thread overview]
Message-ID: <e556e93a-9e2c-8045-b191-629f78dbb7fd@schaufler-ca.com> (raw)
In-Reply-To: <e71932ce-0687-02e5-5f34-980c0cad4ae9@tycho.nsa.gov>

On 1/10/2020 7:13 AM, Stephen Smalley wrote:
> On 1/10/20 4:58 AM, Huaisheng Ye wrote:
>> From: Huaisheng Ye <yehs1@lenovo.com>
>>
>> selinux_msg_msg_alloc_security only calls msg_msg_alloc_security but
>> do nothing else. And also msg_msg_alloc_security is just used by the
>> former.
>>
>> Remove the redundant function to simplify the code.
>
> This seems to also be true of other _alloc_security functions, probably due to historical reasons.  Further, at least some of these functions no longer perform any allocation; they are just initialization functions now that allocation has been taken to the LSM framework, so possibly could be renamed and made to return void at some point.

That's something I've been eyeing. I'm not 100% sure that no module will
ever fail doing the new style initialization. The int to void and name
change will probably happen after the next round of modules come in and
we can see that failure of initialization isn't a rational situation.

>
>>
>> Signed-off-by: Huaisheng Ye <yehs1@lenovo.com>
>
> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
>
>> ---
>>   security/selinux/hooks.c | 17 ++++++-----------
>>   1 file changed, 6 insertions(+), 11 deletions(-)
>>
>> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
>> index 9625b99..fb1b9da 100644
>> --- a/security/selinux/hooks.c
>> +++ b/security/selinux/hooks.c
>> @@ -5882,16 +5882,6 @@ static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass)
>>       isec->sid = current_sid();
>>   }
>>   -static int msg_msg_alloc_security(struct msg_msg *msg)
>> -{
>> -    struct msg_security_struct *msec;
>> -
>> -    msec = selinux_msg_msg(msg);
>> -    msec->sid = SECINITSID_UNLABELED;
>> -
>> -    return 0;
>> -}
>> -
>>   static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
>>               u32 perms)
>>   {
>> @@ -5910,7 +5900,12 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
>>     static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
>>   {
>> -    return msg_msg_alloc_security(msg);
>> +    struct msg_security_struct *msec;
>> +
>> +    msec = selinux_msg_msg(msg);
>> +    msec->sid = SECINITSID_UNLABELED;
>> +
>> +    return 0;
>>   }
>>     /* message queue security operations */
>>
>
>

  reply	other threads:[~2020-01-10 16:44 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-01-10  9:58 [PATCH] selinux: remove redundant msg_msg_alloc_security Huaisheng Ye
2020-01-10 15:13 ` Stephen Smalley
2020-01-10 16:44   ` Casey Schaufler [this message]
2020-01-10 16:50   ` Paul Moore
2020-01-12 15:45     ` [External] " Huaisheng HS1 Ye
2020-01-10 16:43 ` Paul Moore
  -- strict thread matches above, loose matches on Subject: below --
2020-01-10 16:46 Huaisheng HS1 Ye

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e556e93a-9e2c-8045-b191-629f78dbb7fd@schaufler-ca.com \
    --to=casey@schaufler-ca.com \
    --cc=eparis@parisplace.org \
    --cc=jmorris@namei.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=paul@paul-moore.com \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@vger.kernel.org \
    --cc=serge@hallyn.com \
    --cc=tyu1@lenovo.com \
    --cc=yehs1@lenovo.com \
    --cc=yehs2007@zoho.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox