* [PATCH v4] selinux: move ibpkeys code under CONFIG_SECURITY_INFINIBAND.
@ 2020-01-09 11:10 Ravi Kumar Siddojigari
2020-01-10 17:23 ` Paul Moore
0 siblings, 1 reply; 2+ messages in thread
From: Ravi Kumar Siddojigari @ 2020-01-09 11:10 UTC (permalink / raw)
To: selinux; +Cc: Ravi Kumar Siddojigari
Move cache based pkey sid retrieval code which was added
with Commit "409dcf31" under CONFIG_SECURITY_INFINIBAND.
As its going to alloc a new cache which impacts
low ram devices which was enabled by default.
Suggested-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Ravi Kumar Siddojigari <rsiddoji@codeaurora.org>
---
security/selinux/Makefile | 4 +++-
security/selinux/include/ibpkey.h | 12 ++++++++++++
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/security/selinux/Makefile b/security/selinux/Makefile
index ccf950409384..2000f95fb197 100644
--- a/security/selinux/Makefile
+++ b/security/selinux/Makefile
@@ -6,7 +6,7 @@
obj-$(CONFIG_SECURITY_SELINUX) := selinux.o
selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \
- netnode.o netport.o ibpkey.o \
+ netnode.o netport.o \
ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \
ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/status.o
@@ -14,6 +14,8 @@ selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o
selinux-$(CONFIG_NETLABEL) += netlabel.o
+selinux-$(CONFIG_SECURITY_INFINIBAND) += ibpkey.o
+
ccflags-y := -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include
$(addprefix $(obj)/,$(selinux-y)): $(obj)/flask.h
diff --git a/security/selinux/include/ibpkey.h b/security/selinux/include/ibpkey.h
index a2ebe397bcb7..e3c08287fd9a 100644
--- a/security/selinux/include/ibpkey.h
+++ b/security/selinux/include/ibpkey.h
@@ -14,8 +14,20 @@
#ifndef _SELINUX_IB_PKEY_H
#define _SELINUX_IB_PKEY_H
+#ifdef CONFIG_SECURITY_INFINIBAND
void sel_ib_pkey_flush(void);
int sel_ib_pkey_sid(u64 subnet_prefix, u16 pkey, u32 *sid);
+#else
+static inline void sel_ib_pkey_flush(void) {
+ return;
+}
+
+static inline int sel_ib_pkey_sid(u64 subnet_prefix, u16 pkey, u32 *sid) {
+ *sid = SECINITSID_UNLABELED;
+ return 0;
+}
+#endif
+
#endif
--
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v4] selinux: move ibpkeys code under CONFIG_SECURITY_INFINIBAND.
2020-01-09 11:10 [PATCH v4] selinux: move ibpkeys code under CONFIG_SECURITY_INFINIBAND Ravi Kumar Siddojigari
@ 2020-01-10 17:23 ` Paul Moore
0 siblings, 0 replies; 2+ messages in thread
From: Paul Moore @ 2020-01-10 17:23 UTC (permalink / raw)
To: Ravi Kumar Siddojigari; +Cc: selinux
On Thu, Jan 9, 2020 at 6:11 AM Ravi Kumar Siddojigari
<rsiddoji@codeaurora.org> wrote:
>
> Move cache based pkey sid retrieval code which was added
> with Commit "409dcf31" under CONFIG_SECURITY_INFINIBAND.
> As its going to alloc a new cache which impacts
> low ram devices which was enabled by default.
>
> Suggested-by: Paul Moore <paul@paul-moore.com>
> Signed-off-by: Ravi Kumar Siddojigari <rsiddoji@codeaurora.org>
> ---
> security/selinux/Makefile | 4 +++-
> security/selinux/include/ibpkey.h | 12 ++++++++++++
> 2 files changed, 15 insertions(+), 1 deletion(-)
I just merged this into selinux/next but I had to fix a few style
errors that were found by scripts/checkpatch.pl (whitespace, function
braces); please remember to run checkpatch.pl on all your patch
submissions.
-Paul
> diff --git a/security/selinux/Makefile b/security/selinux/Makefile
> index ccf950409384..2000f95fb197 100644
> --- a/security/selinux/Makefile
> +++ b/security/selinux/Makefile
> @@ -6,7 +6,7 @@
> obj-$(CONFIG_SECURITY_SELINUX) := selinux.o
>
> selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \
> - netnode.o netport.o ibpkey.o \
> + netnode.o netport.o \
> ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \
> ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/status.o
>
> @@ -14,6 +14,8 @@ selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o
>
> selinux-$(CONFIG_NETLABEL) += netlabel.o
>
> +selinux-$(CONFIG_SECURITY_INFINIBAND) += ibpkey.o
> +
> ccflags-y := -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include
>
> $(addprefix $(obj)/,$(selinux-y)): $(obj)/flask.h
> diff --git a/security/selinux/include/ibpkey.h b/security/selinux/include/ibpkey.h
> index a2ebe397bcb7..e3c08287fd9a 100644
> --- a/security/selinux/include/ibpkey.h
> +++ b/security/selinux/include/ibpkey.h
> @@ -14,8 +14,20 @@
> #ifndef _SELINUX_IB_PKEY_H
> #define _SELINUX_IB_PKEY_H
>
> +#ifdef CONFIG_SECURITY_INFINIBAND
> void sel_ib_pkey_flush(void);
>
> int sel_ib_pkey_sid(u64 subnet_prefix, u16 pkey, u32 *sid);
>
> +#else
> +static inline void sel_ib_pkey_flush(void) {
> + return;
> +}
> +
> +static inline int sel_ib_pkey_sid(u64 subnet_prefix, u16 pkey, u32 *sid) {
> + *sid = SECINITSID_UNLABELED;
> + return 0;
> +}
> +#endif
> +
> #endif
> --
> The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
> a Linux Foundation Collaborative Project
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-01-10 17:23 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-09 11:10 [PATCH v4] selinux: move ibpkeys code under CONFIG_SECURITY_INFINIBAND Ravi Kumar Siddojigari
2020-01-10 17:23 ` Paul Moore
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.