| Message ID | 20230718184921.112786-2-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | [1/3] selinux: introduce SECURITY_SELINUX_DEBUG configuration | expand |
On Jul 18, 2023 =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com> wrote: > > avtab_hash_eval() and hashtab_stat() are only used in policydb.c when > the configuration SECURITY_SELINUX_DEBUG is enabled. > > Move the function declarations and definitions under that configuration > as well. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > --- > security/selinux/ss/avtab.c | 2 ++ > security/selinux/ss/avtab.h | 3 +++ > security/selinux/ss/hashtab.c | 3 ++- > security/selinux/ss/hashtab.h | 2 ++ > 4 files changed, 9 insertions(+), 1 deletion(-) ... > diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h > index d6742fd9c560..0ea1ee9d4dae 100644 > --- a/security/selinux/ss/avtab.h > +++ b/security/selinux/ss/avtab.h > @@ -92,7 +92,10 @@ int avtab_alloc(struct avtab *, u32); > int avtab_alloc_dup(struct avtab *new, const struct avtab *orig); > struct avtab_datum *avtab_search(struct avtab *h, const struct avtab_key *k); > void avtab_destroy(struct avtab *h); > + > +#ifdef CONFIG_SECURITY_SELINUX_DEBUG > void avtab_hash_eval(struct avtab *h, const char *tag); > +#endif Let's do the usual dummy function here so we don't have to use the CONFIG_SECURITY_SELINUX_DEBUG more than we have to ... #ifdef CONFIG_SECURITY_SELINUX_DEBUG void avtab_hash_eval(struct avtab *h, const char *tag); #else void avtab_hash_eval(struct avtab *h, const char *tag) { return; } #endif Please do the same for symtab_hash_eval() too so we can get rid of the #ifdef in the callers. > diff --git a/security/selinux/ss/hashtab.h b/security/selinux/ss/hashtab.h > index 043a773bf0b7..7836c0995871 100644 > --- a/security/selinux/ss/hashtab.h > +++ b/security/selinux/ss/hashtab.h > @@ -142,7 +142,9 @@ int hashtab_duplicate(struct hashtab *new, struct hashtab *orig, > int (*destroy)(void *k, void *d, void *args), > void *args); > > +#ifdef CONFIG_SECURITY_SELINUX_DEBUG > /* Fill info with some hash table statistics */ > void hashtab_stat(struct hashtab *h, struct hashtab_info *info); > +#endif Same thing here. -- paul-moore.com
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index 6766edc0fe68..1f44d277ff61 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c @@ -354,6 +354,7 @@ int avtab_alloc_dup(struct avtab *new, const struct avtab *orig) return avtab_alloc_common(new, orig->nslot); } +#ifdef CONFIG_SECURITY_SELINUX_DEBUG void avtab_hash_eval(struct avtab *h, const char *tag) { int i, chain_len, slots_used, max_chain_len; @@ -384,6 +385,7 @@ void avtab_hash_eval(struct avtab *h, const char *tag) tag, h->nel, slots_used, h->nslot, max_chain_len, chain2_len_sum); } +#endif /* CONFIG_SECURITY_SELINUX_DEBUG */ static const uint16_t spec_order[] = { AVTAB_ALLOWED, diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h index d6742fd9c560..0ea1ee9d4dae 100644 --- a/security/selinux/ss/avtab.h +++ b/security/selinux/ss/avtab.h @@ -92,7 +92,10 @@ int avtab_alloc(struct avtab *, u32); int avtab_alloc_dup(struct avtab *new, const struct avtab *orig); struct avtab_datum *avtab_search(struct avtab *h, const struct avtab_key *k); void avtab_destroy(struct avtab *h); + +#ifdef CONFIG_SECURITY_SELINUX_DEBUG void avtab_hash_eval(struct avtab *h, const char *tag); +#endif struct policydb; int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c index 3fb8f9026e9b..b44e62f2b1e4 100644 --- a/security/selinux/ss/hashtab.c +++ b/security/selinux/ss/hashtab.c @@ -103,7 +103,7 @@ int hashtab_map(struct hashtab *h, return 0; } - +#ifdef CONFIG_SECURITY_SELINUX_DEBUG void hashtab_stat(struct hashtab *h, struct hashtab_info *info) { u32 i, chain_len, slots_used, max_chain_len; @@ -129,6 +129,7 @@ void hashtab_stat(struct hashtab *h, struct hashtab_info *info) info->slots_used = slots_used; info->max_chain_len = max_chain_len; } +#endif /* CONFIG_SECURITY_SELINUX_DEBUG */ int hashtab_duplicate(struct hashtab *new, struct hashtab *orig, int (*copy)(struct hashtab_node *new, diff --git a/security/selinux/ss/hashtab.h b/security/selinux/ss/hashtab.h index 043a773bf0b7..7836c0995871 100644 --- a/security/selinux/ss/hashtab.h +++ b/security/selinux/ss/hashtab.h @@ -142,7 +142,9 @@ int hashtab_duplicate(struct hashtab *new, struct hashtab *orig, int (*destroy)(void *k, void *d, void *args), void *args); +#ifdef CONFIG_SECURITY_SELINUX_DEBUG /* Fill info with some hash table statistics */ void hashtab_stat(struct hashtab *h, struct hashtab_info *info); +#endif #endif /* _SS_HASHTAB_H */
avtab_hash_eval() and hashtab_stat() are only used in policydb.c when the configuration SECURITY_SELINUX_DEBUG is enabled. Move the function declarations and definitions under that configuration as well. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- security/selinux/ss/avtab.c | 2 ++ security/selinux/ss/avtab.h | 3 +++ security/selinux/ss/hashtab.c | 3 ++- security/selinux/ss/hashtab.h | 2 ++ 4 files changed, 9 insertions(+), 1 deletion(-)