[PATCH 2/2] xsm: move FLASK_AVC_STATS to Kconfig

From: Doug Goldstein <cardoe@cardoe.com>
To: xen-devel@lists.xen.org
Cc: Daniel De Graaf <dgdegra@tycho.nsa.gov>,
	Doug Goldstein <cardoe@cardoe.com>
Subject: [PATCH 2/2] xsm: move FLASK_AVC_STATS to Kconfig
Date: Mon,  7 Mar 2016 12:42:41 -0600	[thread overview]
Message-ID: <1457376161-24982-2-git-send-email-cardoe@cardoe.com> (raw)
In-Reply-To: <1457376161-24982-1-git-send-email-cardoe@cardoe.com>

Have Kconfig set CONFIG_FLASK_AVC_STATS and prefix all uses with CONFIG_
to use the Kconfig variable.

Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
---
CC: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
 xen/common/Kconfig          | 8 +++++++-
 xen/include/xen/config.h    | 5 -----
 xen/xsm/flask/avc.c         | 4 ++--
 xen/xsm/flask/flask_op.c    | 4 ++--
 xen/xsm/flask/include/avc.h | 2 +-
 5 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/xen/common/Kconfig b/xen/common/Kconfig
index d661da3..db23edc 100644
--- a/xen/common/Kconfig
+++ b/xen/common/Kconfig
@@ -23,6 +23,12 @@ config FLASK
 
 	  If unsure, say N.
 
+config FLASK_AVC_STATS
+    def_bool y if FLASK
+    depends on FLASK
+    ---help---
+      Maintain statistics on the access vector cache
+
 # Select HAS_DEVICE_TREE if device tree is supported
 config HAS_DEVICE_TREE
 	bool
@@ -117,7 +123,7 @@ config XSM
 config XSM_MAGIC
     hex
     default 0xf97cff8c if FLASK
-    default 0 if !FLASK
+    default 0
     ---help---
       Identifies a FLASK XSM policy start point
 
diff --git a/xen/include/xen/config.h b/xen/include/xen/config.h
index 3f8c53d..ef6e5ee 100644
--- a/xen/include/xen/config.h
+++ b/xen/include/xen/config.h
@@ -78,11 +78,6 @@
 #define __STR(...) #__VA_ARGS__
 #define STR(...) __STR(__VA_ARGS__)
 
-#ifdef CONFIG_FLASK
-/* Maintain statistics on the access vector cache */
-#define FLASK_AVC_STATS 1
-#endif
-
 /* allow existing code to work with Kconfig variable */
 #define NR_CPUS CONFIG_NR_CPUS
 
diff --git a/xen/xsm/flask/avc.c b/xen/xsm/flask/avc.c
index 31bc702..7764379 100644
--- a/xen/xsm/flask/avc.c
+++ b/xen/xsm/flask/avc.c
@@ -56,7 +56,7 @@ const struct selinux_class_perm selinux_class_perm = {
 #define AVC_DEF_CACHE_THRESHOLD        512
 #define AVC_CACHE_RECLAIM        16
 
-#ifdef FLASK_AVC_STATS
+#ifdef CONFIG_FLASK_AVC_STATS
 #define avc_cache_stats_incr(field)                 \
 do {                                \
     __get_cpu_var(avc_cache_stats).field++;        \
@@ -101,7 +101,7 @@ struct avc_callback_node {
 /* Exported via Flask hypercall */
 unsigned int avc_cache_threshold = AVC_DEF_CACHE_THRESHOLD;
 
-#ifdef FLASK_AVC_STATS
+#ifdef CONFIG_FLASK_AVC_STATS
 DEFINE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
 #endif
 
diff --git a/xen/xsm/flask/flask_op.c b/xen/xsm/flask/flask_op.c
index f4f5dd1..3c9c99e 100644
--- a/xen/xsm/flask/flask_op.c
+++ b/xen/xsm/flask/flask_op.c
@@ -469,7 +469,7 @@ static int flask_security_make_bools(void)
     return ret;
 }
 
-#ifdef FLASK_AVC_STATS
+#ifdef CONFIG_FLASK_AVC_STATS
 
 static int flask_security_avc_cachestats(struct xen_flask_cache_stats *arg)
 {
@@ -761,7 +761,7 @@ ret_t do_flask_op(XEN_GUEST_HANDLE_PARAM(xsm_op_t) u_flask_op)
         rv = avc_get_hash_stats(&op.u.hash_stats);
         break;
 
-#ifdef FLASK_AVC_STATS
+#ifdef CONFIG_FLASK_AVC_STATS
     case FLASK_AVC_CACHESTATS:
         rv = flask_security_avc_cachestats(&op.u.cache_stats);
         break;
diff --git a/xen/xsm/flask/include/avc.h b/xen/xsm/flask/include/avc.h
index 4283562..729856e 100644
--- a/xen/xsm/flask/include/avc.h
+++ b/xen/xsm/flask/include/avc.h
@@ -108,7 +108,7 @@ struct xen_flask_hash_stats;
 int avc_get_hash_stats(struct xen_flask_hash_stats *arg);
 extern unsigned int avc_cache_threshold;
 
-#ifdef FLASK_AVC_STATS
+#ifdef CONFIG_FLASK_AVC_STATS
 DECLARE_PER_CPU(struct avc_cache_stats, avc_cache_stats);
 #endif
 
-- 
2.4.10


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
