From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756561AbcDDXF1 (ORCPT <rfc822;w@1wt.eu>);
	Mon, 4 Apr 2016 19:05:27 -0400
Received: from e23smtp05.au.ibm.com ([202.81.31.147]:60051 "EHLO
	e23smtp05.au.ibm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751605AbcDDXFZ (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 4 Apr 2016 19:05:25 -0400
X-IBM-Helo: d23dlp01.au.ibm.com
X-IBM-MailFrom: zohar@linux.vnet.ibm.com
X-IBM-RcptTo: linux-kernel@vger.kernel.org;linux-security-module@vger.kernel.org
Message-ID: <1459811036.6228.30.camel@linux.vnet.ibm.com>
Subject: Re: [PATCH v2 5/5] LSM: LoadPin for kernel file loading restrictions
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Kees Cook <keescook@chromium.org>
Cc: James Morris <jmorris@namei.org>, "Serge E. Hallyn" <serge@hallyn.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Kalle Valo <kvalo@codeaurora.org>,
        Mauro Carvalho Chehab <mchehab@osg.samsung.com>,
        Joe Perches <joe@perches.com>, Guenter Roeck <linux@roeck-us.net>,
        Jiri Slaby <jslaby@suse.com>, Paul Moore <pmoore@redhat.com>,
        Stephen Smalley <sds@tycho.nsa.gov>,
        Casey Schaufler <casey@schaufler-ca.com>,
        Andreas Gruenbacher <agruenba@redhat.com>,
        Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
        Rasmus Villemoes <linux@rasmusvillemoes.dk>,
        Ulf Hansson <ulf.hansson@linaro.org>,
        Vitaly Kuznetsov <vkuznets@redhat.com>,
        linux-security-module <linux-security-module@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>
Date: Mon, 04 Apr 2016 19:03:56 -0400
In-Reply-To: <CAGXu5jLkS8HhJWLZmE1+Jw-A_DxwK57rWwnA5YxQViH56r_Krw@mail.gmail.com>
References: <1459199662-16558-1-git-send-email-keescook@chromium.org>
	 <1459199662-16558-6-git-send-email-keescook@chromium.org>
	 <1459459442.2657.51.camel@linux.vnet.ibm.com>
	 <CAGXu5jLkS8HhJWLZmE1+Jw-A_DxwK57rWwnA5YxQViH56r_Krw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.12.11 (3.12.11-1.fc21) 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-TM-AS-MML: disable
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 16040423-0017-0000-0000-00000416876D
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, 2016-04-04 at 12:31 -0700, Kees Cook wrote:
> On Thu, Mar 31, 2016 at 2:24 PM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> > On Mon, 2016-03-28 at 14:14 -0700, Kees Cook wrote:
> >
> >> +static const char *id_str[READING_MAX_ID] = {
> >> +     [READING_FIRMWARE] = "firmware",
> >> +     [READING_MODULE] = "kernel module",
> >> +     [READING_KEXEC_IMAGE] = "kexec image",
> >> +     [READING_KEXEC_INITRAMFS] = "kexec initramfs",
> >> +     [READING_POLICY] = "security policy",
> >> +};
> >> +

> I wonder if there should be a function that returns a const string for
> each kernel_read_file_id enum so users of the enum don't need to do
> it?

Right, having a single, corresponding, string array would be good.  Some
of the strings in id_str[] have blanks, which might be problematic for
the audit subsystem, and would need to be replaced with a hyphen or
underscore.

Mimi