All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v4] selinux: move ibpkeys code under CONFIG_SECURITY_INFINIBAND.
@ 2020-01-09 11:10 Ravi Kumar Siddojigari
  2020-01-10 17:23 ` Paul Moore
  0 siblings, 1 reply; 2+ messages in thread
From: Ravi Kumar Siddojigari @ 2020-01-09 11:10 UTC (permalink / raw)
  To: selinux; +Cc: Ravi Kumar Siddojigari

Move cache based  pkey sid  retrieval code which was added
with  Commit "409dcf31" under CONFIG_SECURITY_INFINIBAND.
As its  going to alloc a new cache which impacts
low ram devices which was enabled by default.

Suggested-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Ravi Kumar Siddojigari <rsiddoji@codeaurora.org>
---
 security/selinux/Makefile         |  4 +++-
 security/selinux/include/ibpkey.h | 12 ++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/security/selinux/Makefile b/security/selinux/Makefile
index ccf950409384..2000f95fb197 100644
--- a/security/selinux/Makefile
+++ b/security/selinux/Makefile
@@ -6,7 +6,7 @@
 obj-$(CONFIG_SECURITY_SELINUX) := selinux.o
 
 selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \
-	     netnode.o netport.o ibpkey.o \
+	     netnode.o netport.o \
 	     ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \
 	     ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/status.o
 
@@ -14,6 +14,8 @@ selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o
 
 selinux-$(CONFIG_NETLABEL) += netlabel.o
 
+selinux-$(CONFIG_SECURITY_INFINIBAND) += ibpkey.o
+
 ccflags-y := -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include
 
 $(addprefix $(obj)/,$(selinux-y)): $(obj)/flask.h
diff --git a/security/selinux/include/ibpkey.h b/security/selinux/include/ibpkey.h
index a2ebe397bcb7..e3c08287fd9a 100644
--- a/security/selinux/include/ibpkey.h
+++ b/security/selinux/include/ibpkey.h
@@ -14,8 +14,20 @@
 #ifndef _SELINUX_IB_PKEY_H
 #define _SELINUX_IB_PKEY_H
 
+#ifdef CONFIG_SECURITY_INFINIBAND
 void sel_ib_pkey_flush(void);
 
 int sel_ib_pkey_sid(u64 subnet_prefix, u16 pkey, u32 *sid);
 
+#else
+static inline void sel_ib_pkey_flush(void) {
+  return;
+}
+
+static inline int sel_ib_pkey_sid(u64 subnet_prefix, u16 pkey, u32 *sid) {
+  *sid = SECINITSID_UNLABELED;
+  return 0;
+}
+#endif
+
 #endif
-- 
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH v4] selinux: move ibpkeys code under CONFIG_SECURITY_INFINIBAND.
  2020-01-09 11:10 [PATCH v4] selinux: move ibpkeys code under CONFIG_SECURITY_INFINIBAND Ravi Kumar Siddojigari
@ 2020-01-10 17:23 ` Paul Moore
  0 siblings, 0 replies; 2+ messages in thread
From: Paul Moore @ 2020-01-10 17:23 UTC (permalink / raw)
  To: Ravi Kumar Siddojigari; +Cc: selinux

On Thu, Jan 9, 2020 at 6:11 AM Ravi Kumar Siddojigari
<rsiddoji@codeaurora.org> wrote:
>
> Move cache based  pkey sid  retrieval code which was added
> with  Commit "409dcf31" under CONFIG_SECURITY_INFINIBAND.
> As its  going to alloc a new cache which impacts
> low ram devices which was enabled by default.
>
> Suggested-by: Paul Moore <paul@paul-moore.com>
> Signed-off-by: Ravi Kumar Siddojigari <rsiddoji@codeaurora.org>
> ---
>  security/selinux/Makefile         |  4 +++-
>  security/selinux/include/ibpkey.h | 12 ++++++++++++
>  2 files changed, 15 insertions(+), 1 deletion(-)

I just merged this into selinux/next but I had to fix a few style
errors that were found by scripts/checkpatch.pl (whitespace, function
braces); please remember to run checkpatch.pl on all your patch
submissions.

-Paul

> diff --git a/security/selinux/Makefile b/security/selinux/Makefile
> index ccf950409384..2000f95fb197 100644
> --- a/security/selinux/Makefile
> +++ b/security/selinux/Makefile
> @@ -6,7 +6,7 @@
>  obj-$(CONFIG_SECURITY_SELINUX) := selinux.o
>
>  selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \
> -            netnode.o netport.o ibpkey.o \
> +            netnode.o netport.o \
>              ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \
>              ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/status.o
>
> @@ -14,6 +14,8 @@ selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o
>
>  selinux-$(CONFIG_NETLABEL) += netlabel.o
>
> +selinux-$(CONFIG_SECURITY_INFINIBAND) += ibpkey.o
> +
>  ccflags-y := -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include
>
>  $(addprefix $(obj)/,$(selinux-y)): $(obj)/flask.h
> diff --git a/security/selinux/include/ibpkey.h b/security/selinux/include/ibpkey.h
> index a2ebe397bcb7..e3c08287fd9a 100644
> --- a/security/selinux/include/ibpkey.h
> +++ b/security/selinux/include/ibpkey.h
> @@ -14,8 +14,20 @@
>  #ifndef _SELINUX_IB_PKEY_H
>  #define _SELINUX_IB_PKEY_H
>
> +#ifdef CONFIG_SECURITY_INFINIBAND
>  void sel_ib_pkey_flush(void);
>
>  int sel_ib_pkey_sid(u64 subnet_prefix, u16 pkey, u32 *sid);
>
> +#else
> +static inline void sel_ib_pkey_flush(void) {
> +  return;
> +}
> +
> +static inline int sel_ib_pkey_sid(u64 subnet_prefix, u16 pkey, u32 *sid) {
> +  *sid = SECINITSID_UNLABELED;
> +  return 0;
> +}
> +#endif
> +
>  #endif
> --
> The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
> a Linux Foundation Collaborative Project



-- 
paul moore
www.paul-moore.com

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-01-10 17:23 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-09 11:10 [PATCH v4] selinux: move ibpkeys code under CONFIG_SECURITY_INFINIBAND Ravi Kumar Siddojigari
2020-01-10 17:23 ` Paul Moore

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.