Message ID | 20200110095856.76612-1-yehs2007@zoho.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | selinux: remove redundant msg_msg_alloc_security | expand |
On 1/10/20 4:58 AM, Huaisheng Ye wrote: > From: Huaisheng Ye <yehs1@lenovo.com> > > selinux_msg_msg_alloc_security only calls msg_msg_alloc_security but > do nothing else. And also msg_msg_alloc_security is just used by the > former. > > Remove the redundant function to simplify the code. This seems to also be true of other _alloc_security functions, probably due to historical reasons. Further, at least some of these functions no longer perform any allocation; they are just initialization functions now that allocation has been taken to the LSM framework, so possibly could be renamed and made to return void at some point. > > Signed-off-by: Huaisheng Ye <yehs1@lenovo.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> > --- > security/selinux/hooks.c | 17 ++++++----------- > 1 file changed, 6 insertions(+), 11 deletions(-) > > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 9625b99..fb1b9da 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -5882,16 +5882,6 @@ static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass) > isec->sid = current_sid(); > } > > -static int msg_msg_alloc_security(struct msg_msg *msg) > -{ > - struct msg_security_struct *msec; > - > - msec = selinux_msg_msg(msg); > - msec->sid = SECINITSID_UNLABELED; > - > - return 0; > -} > - > static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, > u32 perms) > { > @@ -5910,7 +5900,12 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, > > static int selinux_msg_msg_alloc_security(struct msg_msg *msg) > { > - return msg_msg_alloc_security(msg); > + struct msg_security_struct *msec; > + > + msec = selinux_msg_msg(msg); > + msec->sid = SECINITSID_UNLABELED; > + > + return 0; > } > > /* message queue security operations */ >
On Fri, Jan 10, 2020 at 4:59 AM Huaisheng Ye <yehs2007@zoho.com> wrote: > From: Huaisheng Ye <yehs1@lenovo.com> > > selinux_msg_msg_alloc_security only calls msg_msg_alloc_security but > do nothing else. And also msg_msg_alloc_security is just used by the > former. > > Remove the redundant function to simplify the code. > > Signed-off-by: Huaisheng Ye <yehs1@lenovo.com> > --- > security/selinux/hooks.c | 17 ++++++----------- > 1 file changed, 6 insertions(+), 11 deletions(-) Merged into selinux/next, thanks!
On 1/10/2020 7:13 AM, Stephen Smalley wrote: > On 1/10/20 4:58 AM, Huaisheng Ye wrote: >> From: Huaisheng Ye <yehs1@lenovo.com> >> >> selinux_msg_msg_alloc_security only calls msg_msg_alloc_security but >> do nothing else. And also msg_msg_alloc_security is just used by the >> former. >> >> Remove the redundant function to simplify the code. > > This seems to also be true of other _alloc_security functions, probably due to historical reasons. Further, at least some of these functions no longer perform any allocation; they are just initialization functions now that allocation has been taken to the LSM framework, so possibly could be renamed and made to return void at some point. That's something I've been eyeing. I'm not 100% sure that no module will ever fail doing the new style initialization. The int to void and name change will probably happen after the next round of modules come in and we can see that failure of initialization isn't a rational situation. > >> >> Signed-off-by: Huaisheng Ye <yehs1@lenovo.com> > > Acked-by: Stephen Smalley <sds@tycho.nsa.gov> > >> --- >> security/selinux/hooks.c | 17 ++++++----------- >> 1 file changed, 6 insertions(+), 11 deletions(-) >> >> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c >> index 9625b99..fb1b9da 100644 >> --- a/security/selinux/hooks.c >> +++ b/security/selinux/hooks.c >> @@ -5882,16 +5882,6 @@ static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass) >> isec->sid = current_sid(); >> } >> -static int msg_msg_alloc_security(struct msg_msg *msg) >> -{ >> - struct msg_security_struct *msec; >> - >> - msec = selinux_msg_msg(msg); >> - msec->sid = SECINITSID_UNLABELED; >> - >> - return 0; >> -} >> - >> static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, >> u32 perms) >> { >> @@ -5910,7 +5900,12 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, >> static int selinux_msg_msg_alloc_security(struct msg_msg *msg) >> { >> - return msg_msg_alloc_security(msg); >> + struct msg_security_struct *msec; >> + >> + msec = selinux_msg_msg(msg); >> + msec->sid = SECINITSID_UNLABELED; >> + >> + return 0; >> } >> /* message queue security operations */ >> > >
On Fri, Jan 10, 2020 at 10:13 AM Stephen Smalley <sds@tycho.nsa.gov> wrote: > On 1/10/20 4:58 AM, Huaisheng Ye wrote: > > From: Huaisheng Ye <yehs1@lenovo.com> > > > > selinux_msg_msg_alloc_security only calls msg_msg_alloc_security but > > do nothing else. And also msg_msg_alloc_security is just used by the > > former. > > > > Remove the redundant function to simplify the code. > > This seems to also be true of other _alloc_security functions, probably > due to historical reasons. Further, at least some of these functions no > longer perform any allocation; they are just initialization functions > now that allocation has been taken to the LSM framework, so possibly > could be renamed and made to return void at some point. I've noticed the same thing on a few occasions, I've just never bothered to put the fixes into a patch. We might as well do that now, at least for the redundant code bits; I'll leave the return code issue for another time as that would cross LSM boundaries and that really isn't appropriate in the -rc5 timeframe IMHO. I'll put something together once I finish up the patch/review backlog from the past few days. Looking quickly with a regex, it would appear that inode_alloc_security(), file_alloc_security(), and superblock_alloc_security() are all candidates. While not an allocator, we can probably get rid of inode_doinit() as well.
> -----Original Message----- > From: Paul Moore <paul@paul-moore.com> > Sent: Saturday, January 11, 2020 12:50 AM > On Fri, Jan 10, 2020 at 10:13 AM Stephen Smalley <sds@tycho.nsa.gov> wrote: > > On 1/10/20 4:58 AM, Huaisheng Ye wrote: > > > From: Huaisheng Ye <yehs1@lenovo.com> > > > > > > selinux_msg_msg_alloc_security only calls msg_msg_alloc_security but > > > do nothing else. And also msg_msg_alloc_security is just used by the > > > former. > > > > > > Remove the redundant function to simplify the code. > > > > This seems to also be true of other _alloc_security functions, > > probably due to historical reasons. Further, at least some of these > > functions no longer perform any allocation; they are just > > initialization functions now that allocation has been taken to the LSM > > framework, so possibly could be renamed and made to return void at some point. > > I've noticed the same thing on a few occasions, I've just never bothered to put > the fixes into a patch. We might as well do that now, at least for the redundant > code bits; I'll leave the return code issue for another time as that would cross > LSM boundaries and that really isn't appropriate in the -rc5 timeframe IMHO. > > I'll put something together once I finish up the patch/review backlog from the > past few days. Looking quickly with a regex, it would appear that > inode_alloc_security(), file_alloc_security(), and > superblock_alloc_security() are all candidates. While not an allocator, we can > probably get rid of inode_doinit() as well. Besides, it looks like selinux_nlmsg_perm is candidate too. Just send a patch for this function. Cheers, Huaisheng Ye
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 9625b99..fb1b9da 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -5882,16 +5882,6 @@ static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass) isec->sid = current_sid(); } -static int msg_msg_alloc_security(struct msg_msg *msg) -{ - struct msg_security_struct *msec; - - msec = selinux_msg_msg(msg); - msec->sid = SECINITSID_UNLABELED; - - return 0; -} - static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, u32 perms) { @@ -5910,7 +5900,12 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms, static int selinux_msg_msg_alloc_security(struct msg_msg *msg) { - return msg_msg_alloc_security(msg); + struct msg_security_struct *msec; + + msec = selinux_msg_msg(msg); + msec->sid = SECINITSID_UNLABELED; + + return 0; } /* message queue security operations */