| Message ID | 1578568247-29760-1-git-send-email-rsiddoji@codeaurora.org (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [v4] selinux: move ibpkeys code under CONFIG_SECURITY_INFINIBAND. | expand |
On Thu, Jan 9, 2020 at 6:11 AM Ravi Kumar Siddojigari <rsiddoji@codeaurora.org> wrote: > > Move cache based pkey sid retrieval code which was added > with Commit "409dcf31" under CONFIG_SECURITY_INFINIBAND. > As its going to alloc a new cache which impacts > low ram devices which was enabled by default. > > Suggested-by: Paul Moore <paul@paul-moore.com> > Signed-off-by: Ravi Kumar Siddojigari <rsiddoji@codeaurora.org> > --- > security/selinux/Makefile | 4 +++- > security/selinux/include/ibpkey.h | 12 ++++++++++++ > 2 files changed, 15 insertions(+), 1 deletion(-) I just merged this into selinux/next but I had to fix a few style errors that were found by scripts/checkpatch.pl (whitespace, function braces); please remember to run checkpatch.pl on all your patch submissions. -Paul > diff --git a/security/selinux/Makefile b/security/selinux/Makefile > index ccf950409384..2000f95fb197 100644 > --- a/security/selinux/Makefile > +++ b/security/selinux/Makefile > @@ -6,7 +6,7 @@ > obj-$(CONFIG_SECURITY_SELINUX) := selinux.o > > selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \ > - netnode.o netport.o ibpkey.o \ > + netnode.o netport.o \ > ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \ > ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/status.o > > @@ -14,6 +14,8 @@ selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o > > selinux-$(CONFIG_NETLABEL) += netlabel.o > > +selinux-$(CONFIG_SECURITY_INFINIBAND) += ibpkey.o > + > ccflags-y := -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include > > $(addprefix $(obj)/,$(selinux-y)): $(obj)/flask.h > diff --git a/security/selinux/include/ibpkey.h b/security/selinux/include/ibpkey.h > index a2ebe397bcb7..e3c08287fd9a 100644 > --- a/security/selinux/include/ibpkey.h > +++ b/security/selinux/include/ibpkey.h > @@ -14,8 +14,20 @@ > #ifndef _SELINUX_IB_PKEY_H > #define _SELINUX_IB_PKEY_H > > +#ifdef CONFIG_SECURITY_INFINIBAND > void sel_ib_pkey_flush(void); > > int sel_ib_pkey_sid(u64 subnet_prefix, u16 pkey, u32 *sid); > > +#else > +static inline void sel_ib_pkey_flush(void) { > + return; > +} > + > +static inline int sel_ib_pkey_sid(u64 subnet_prefix, u16 pkey, u32 *sid) { > + *sid = SECINITSID_UNLABELED; > + return 0; > +} > +#endif > + > #endif > -- > The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum, > a Linux Foundation Collaborative Project
diff --git a/security/selinux/Makefile b/security/selinux/Makefile index ccf950409384..2000f95fb197 100644 --- a/security/selinux/Makefile +++ b/security/selinux/Makefile @@ -6,7 +6,7 @@ obj-$(CONFIG_SECURITY_SELINUX) := selinux.o selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \ - netnode.o netport.o ibpkey.o \ + netnode.o netport.o \ ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \ ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/status.o @@ -14,6 +14,8 @@ selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o selinux-$(CONFIG_NETLABEL) += netlabel.o +selinux-$(CONFIG_SECURITY_INFINIBAND) += ibpkey.o + ccflags-y := -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include $(addprefix $(obj)/,$(selinux-y)): $(obj)/flask.h diff --git a/security/selinux/include/ibpkey.h b/security/selinux/include/ibpkey.h index a2ebe397bcb7..e3c08287fd9a 100644 --- a/security/selinux/include/ibpkey.h +++ b/security/selinux/include/ibpkey.h @@ -14,8 +14,20 @@ #ifndef _SELINUX_IB_PKEY_H #define _SELINUX_IB_PKEY_H +#ifdef CONFIG_SECURITY_INFINIBAND void sel_ib_pkey_flush(void); int sel_ib_pkey_sid(u64 subnet_prefix, u16 pkey, u32 *sid); +#else +static inline void sel_ib_pkey_flush(void) { + return; +} + +static inline int sel_ib_pkey_sid(u64 subnet_prefix, u16 pkey, u32 *sid) { + *sid = SECINITSID_UNLABELED; + return 0; +} +#endif + #endif
Move cache based pkey sid retrieval code which was added with Commit "409dcf31" under CONFIG_SECURITY_INFINIBAND. As its going to alloc a new cache which impacts low ram devices which was enabled by default. Suggested-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Ravi Kumar Siddojigari <rsiddoji@codeaurora.org> --- security/selinux/Makefile | 4 +++- security/selinux/include/ibpkey.h | 12 ++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-)