security_fixup_ops

security_fixup_ops

[Simon Arlott]

[-- Attachment #1: Type: text/plain, Size: 1557 bytes --]

Shouldn't security_fixup_ops be exported?

Otherwise I have to include the kernel's security/dummy.c to use it and there's no other way to fix all the ops for a secondary module without copying a list of all the ops, which may change in future kernels, into the module's code.

Unless of course including kernel source in modules is ok, because the module will need to have been compiled with the right version of struct security_operations anyway.

---
/* http://redrum.lp0.eu/portac/portac.c */

#include <../security/dummy.c>

struct security_operations portac_ops = { 
	.register_security = portac_register_security,
	.unregister_security = portac_unregister_security,

	.socket_bind = portac_socket_bind
};
struct security_operations primary_ops;
struct security_operations *secondary_ops = NULL;

int portac_register_security(const char *name, struct security_operations *ops)
{
	struct security_operations tmp;
...
	/* Copy our current ops because they have
	 * been fixed with dummy functions.
	 *
	 * Keep a reference to the secondary ops
	 * for later use.
	 */
	primary_ops = portac_ops;
	secondary_ops = ops;

	/* Copy the secondary ops, override the
	 * functions we use and call security_fixup_ops
	 * to add missing dummy functions.
	 *
	 * Replace our current ops with these ops.
	 */
	tmp = *ops;
	tmp.socket_bind = portac_socket_bind;
	tmp.unregister_security = portac_unregister_security;
	security_fixup_ops(&tmp); /* from security/dummy.c */
	portac_ops = tmp;
...
}

-- 
Simon Arlott


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 829 bytes --]

Re: security_fixup_ops

[Serge E. Hallyn]

Quoting Simon Arlott (simon@arlott.org):
> Shouldn't security_fixup_ops be exported?
> 
> Otherwise I have to include the kernel's security/dummy.c to use it
> and there's no other way to fix all the ops for a secondary module

security_fixup_ops() is called automatically by register_security(), as
well as by mod_reg_security() before your own
security_ops->register_security() is called on it.  So you don't need to
call it.

-serge

> without copying a list of all the ops, which may change in future
> kernels, into the module's code.
> 
> Unless of course including kernel source in modules is ok, because the
> module will need to have been compiled with the right version of
> struct security_operations anyway.
> 
> ---
> /* http://redrum.lp0.eu/portac/portac.c */
> 
> #include <../security/dummy.c>
> 
> struct security_operations portac_ops = { 
> 	.register_security = portac_register_security,
> 	.unregister_security = portac_unregister_security,
> 
> 	.socket_bind = portac_socket_bind
> };
> struct security_operations primary_ops;
> struct security_operations *secondary_ops = NULL;
> 
> int portac_register_security(const char *name, struct security_operations *ops)
> {
> 	struct security_operations tmp;
> ...
> 	/* Copy our current ops because they have
> 	 * been fixed with dummy functions.
> 	 *
> 	 * Keep a reference to the secondary ops
> 	 * for later use.
> 	 */
> 	primary_ops = portac_ops;
> 	secondary_ops = ops;
> 
> 	/* Copy the secondary ops, override the
> 	 * functions we use and call security_fixup_ops
> 	 * to add missing dummy functions.
> 	 *
> 	 * Replace our current ops with these ops.
> 	 */
> 	tmp = *ops;
> 	tmp.socket_bind = portac_socket_bind;
> 	tmp.unregister_security = portac_unregister_security;
> 	security_fixup_ops(&tmp); /* from security/dummy.c */
> 	portac_ops = tmp;
> ...
> }
> 
> -- 
> Simon Arlott
>