From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752978AbcFNVHe (ORCPT <rfc822;w@1wt.eu>);
	Tue, 14 Jun 2016 17:07:34 -0400
Received: from mail-wm0-f47.google.com ([74.125.82.47]:35030 "EHLO
	mail-wm0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1750771AbcFNVHc (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 14 Jun 2016 17:07:32 -0400
MIME-Version: 1.0
In-Reply-To: <e236beea-b426-b265-e9e9-0756331beeed@schaufler-ca.com>
References: <e4357a80-22ba-1531-014b-43f2d6a085e1@schaufler-ca.com>
 <08700e20-93c7-1d5c-5215-01cd0c0c7190@schaufler-ca.com> <CAGXu5jKxexF1FZEbFzTxc7Yi64Ree-zPu7=rUSy-LD5oYorynQ@mail.gmail.com>
 <e236beea-b426-b265-e9e9-0756331beeed@schaufler-ca.com>
From: Kees Cook <keescook@chromium.org>
Date: Tue, 14 Jun 2016 14:07:30 -0700
X-Google-Sender-Auth: ZX4OOn4BwggoyG4qyfAUser_aw8
Message-ID: <CAGXu5jJY9c4YkniCg+Lm=CF9VUfFj9r=ND5_rtuhFG7nDGnCig@mail.gmail.com>
Subject: Re: [PATCH v3 3/3] LSM: Add context interface for proc attr
To: Casey Schaufler <casey@schaufler-ca.com>
Cc: LSM <linux-security-module@vger.kernel.org>,
        James Morris <jmorris@namei.org>,
        John Johansen <john.johansen@canonical.com>,
        Stephen Smalley <sds@tycho.nsa.gov>, Paul Moore <paul@paul-moore.com>,
        Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
        LKLM <linux-kernel@vger.kernel.org>,
        James Morris <james.l.morris@oracle.com>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, Jun 14, 2016 at 1:19 PM, Casey Schaufler <casey@schaufler-ca.com> wrote:
> On 6/14/2016 11:57 AM, Kees Cook wrote:

>> it's okay.) Also, should lsm == NULL be checked early and
>> rejected/skipped so the lsm != NULL test isn't needed in both loops?
>
> Ah, you miss the nuance of the code. NULL is an acceptance condition,
> not a rejection as it would be in most cases.

Ah! Yes, got it now. Thanks!

-Kees

-- 
Kees Cook
Chrome OS & Brillo Security