From: Daniel Burgener <dburgener@linux.microsoft.com>
To: stable@vger.kernel.org
Cc: stephen.smalley.work@gmail.com, paul@paul-moore.com,
selinux@vger.kernel.org, jmorris@namei.org, sashal@kernel.org
Subject: [PATCH v5.4 2/3] selinux: Refactor selinuxfs directory populating functions
Date: Thu, 15 Oct 2020 15:29:55 -0400 [thread overview]
Message-ID: <20201015192956.1797021-3-dburgener@linux.microsoft.com> (raw)
In-Reply-To: <20201015192956.1797021-1-dburgener@linux.microsoft.com>
Make sel_make_bools and sel_make_classes take the specific elements of
selinux_fs_info that they need rather than the entire struct.
This will allow a future patch to pass temporary elements that are not in
the selinux_fs_info struct to these functions so that the original elements
can be preserved until we are ready to perform the switch over.
Signed-off-by: Daniel Burgener <dburgener@linux.microsoft.com>
---
security/selinux/selinuxfs.c | 40 +++++++++++++++++++++---------------
1 file changed, 24 insertions(+), 16 deletions(-)
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 092c7295f78d..ea21f3ef4a6f 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -340,8 +340,11 @@ static const struct file_operations sel_policyvers_ops = {
};
/* declaration for sel_write_load */
-static int sel_make_bools(struct selinux_fs_info *fsi);
-static int sel_make_classes(struct selinux_fs_info *fsi);
+static int sel_make_bools(struct selinux_fs_info *fsi, struct dentry *bool_dir,
+ unsigned int *bool_num, char ***bool_pending_names,
+ unsigned int **bool_pending_values);
+static int sel_make_classes(struct selinux_fs_info *fsi, struct dentry *class_dir,
+ unsigned long *last_class_ino);
static int sel_make_policycap(struct selinux_fs_info *fsi);
/* declaration for sel_make_class_dirs */
@@ -531,13 +534,15 @@ static int sel_make_policy_nodes(struct selinux_fs_info *fsi)
sel_remove_old_policy_nodes(fsi);
- ret = sel_make_bools(fsi);
+ ret = sel_make_bools(fsi, fsi->bool_dir, &fsi->bool_num,
+ &fsi->bool_pending_names, &fsi->bool_pending_values);
if (ret) {
pr_err("SELinux: failed to load policy booleans\n");
return ret;
}
- ret = sel_make_classes(fsi);
+ ret = sel_make_classes(fsi, fsi->class_dir,
+ &fsi->last_class_ino);
if (ret) {
pr_err("SELinux: failed to load policy classes\n");
return ret;
@@ -1348,12 +1353,13 @@ static void sel_remove_entries(struct dentry *de)
#define BOOL_DIR_NAME "booleans"
-static int sel_make_bools(struct selinux_fs_info *fsi)
+static int sel_make_bools(struct selinux_fs_info *fsi, struct dentry *bool_dir,
+ unsigned int *bool_num, char ***bool_pending_names,
+ unsigned int **bool_pending_values)
{
int i, ret;
ssize_t len;
struct dentry *dentry = NULL;
- struct dentry *dir = fsi->bool_dir;
struct inode *inode = NULL;
struct inode_security_struct *isec;
char **names = NULL, *page;
@@ -1372,12 +1378,12 @@ static int sel_make_bools(struct selinux_fs_info *fsi)
for (i = 0; i < num; i++) {
ret = -ENOMEM;
- dentry = d_alloc_name(dir, names[i]);
+ dentry = d_alloc_name(bool_dir, names[i]);
if (!dentry)
goto out;
ret = -ENOMEM;
- inode = sel_make_inode(dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR);
+ inode = sel_make_inode(bool_dir->d_sb, S_IFREG | S_IRUGO | S_IWUSR);
if (!inode) {
dput(dentry);
goto out;
@@ -1406,9 +1412,9 @@ static int sel_make_bools(struct selinux_fs_info *fsi)
inode->i_ino = i|SEL_BOOL_INO_OFFSET;
d_add(dentry, inode);
}
- fsi->bool_num = num;
- fsi->bool_pending_names = names;
- fsi->bool_pending_values = values;
+ *bool_num = num;
+ *bool_pending_names = names;
+ *bool_pending_values = values;
free_page((unsigned long)page);
return 0;
@@ -1421,7 +1427,7 @@ static int sel_make_bools(struct selinux_fs_info *fsi)
kfree(names);
}
kfree(values);
- sel_remove_entries(dir);
+ sel_remove_entries(bool_dir);
return ret;
}
@@ -1806,7 +1812,9 @@ static int sel_make_class_dir_entries(char *classname, int index,
return rc;
}
-static int sel_make_classes(struct selinux_fs_info *fsi)
+static int sel_make_classes(struct selinux_fs_info *fsi,
+ struct dentry *class_dir,
+ unsigned long *last_class_ino)
{
int rc, nclasses, i;
@@ -1817,13 +1825,13 @@ static int sel_make_classes(struct selinux_fs_info *fsi)
return rc;
/* +2 since classes are 1-indexed */
- fsi->last_class_ino = sel_class_to_ino(nclasses + 2);
+ *last_class_ino = sel_class_to_ino(nclasses + 2);
for (i = 0; i < nclasses; i++) {
struct dentry *class_name_dir;
- class_name_dir = sel_make_dir(fsi->class_dir, classes[i],
- &fsi->last_class_ino);
+ class_name_dir = sel_make_dir(class_dir, classes[i],
+ last_class_ino);
if (IS_ERR(class_name_dir)) {
rc = PTR_ERR(class_name_dir);
goto out;
--
2.25.4
next prev parent reply other threads:[~2020-10-15 19:30 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-15 19:29 [PATCH v5.4 0/3] Update SELinuxfs out of tree and then swapover Daniel Burgener
2020-10-15 19:29 ` [PATCH v5.4 1/3] selinux: Create function for selinuxfs directory cleanup Daniel Burgener
2020-10-16 4:59 ` Greg KH
2020-10-15 19:29 ` Daniel Burgener [this message]
2020-10-15 19:29 ` [PATCH v5.4 3/3] selinux: Create new booleans and class dirs out of tree Daniel Burgener
2020-10-16 1:50 ` Sasha Levin
2020-10-16 5:00 ` [PATCH v5.4 0/3] Update SELinuxfs out of tree and then swapover Greg KH
2020-10-16 13:05 ` Daniel Burgener
2020-10-16 13:55 ` Paul Moore
2020-10-16 14:02 ` Daniel Burgener
2020-10-16 14:22 ` Sasha Levin
2020-10-16 14:36 ` Daniel Burgener
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201015192956.1797021-3-dburgener@linux.microsoft.com \
--to=dburgener@linux.microsoft.com \
--cc=jmorris@namei.org \
--cc=paul@paul-moore.com \
--cc=sashal@kernel.org \
--cc=selinux@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).