The patch available from
http://www.nsa.gov/selinux/lk/2.6.0-test1-addselinux.patch.gz adds the
SELinux module under security/selinux and modifies the security/Makefile
and security/Kconfig files for SELinux. The header files are still
under security/selinux since they are private to the module. The
hashtab code is still part of the SELinux module, as it does not appear
to be generally applicable, but a number of cleanups have been made by
James Morris to the hashtab code and the rest of the ss code based on
the earlier comments. diffstat -p1 output is below. Please consider
applying.
security/Kconfig | 2
security/Makefile | 6
security/selinux/Kconfig | 34
security/selinux/Makefile | 10
security/selinux/avc.c | 1144 +++++++
security/selinux/hooks.c | 3372 +++++++++++++++++++++++
security/selinux/include/av_inherit.h | 37
security/selinux/include/av_perm_to_string.h | 122
security/selinux/include/av_permissions.h | 550 +++
security/selinux/include/avc.h | 234 +
security/selinux/include/avc_ss.h | 81
security/selinux/include/class_to_string.h | 39
security/selinux/include/common_perm_to_string.h | 65
security/selinux/include/flask.h | 71
security/selinux/include/flask_types.h | 73
security/selinux/include/initial_sid_to_string.h | 32
security/selinux/include/objsec.h | 87
security/selinux/include/security.h | 180 +
security/selinux/selinuxfs.c | 592 ++++
security/selinux/ss/Makefile | 14
security/selinux/ss/avtab.c | 261 +
security/selinux/ss/avtab.h | 68
security/selinux/ss/constraint.h | 54
security/selinux/ss/context.h | 117
security/selinux/ss/ebitmap.c | 331 ++
security/selinux/ss/ebitmap.h | 49
security/selinux/ss/global.h | 17
security/selinux/ss/hashtab.c | 277 +
security/selinux/ss/hashtab.h | 125
security/selinux/ss/mls.c | 738 +++++
security/selinux/ss/mls.h | 99
security/selinux/ss/mls_types.h | 58
security/selinux/ss/policydb.c | 1423 +++++++++
security/selinux/ss/policydb.h | 256 +
security/selinux/ss/services.c | 1385 +++++++++
security/selinux/ss/services.h | 21
security/selinux/ss/sidtab.c | 328 ++
security/selinux/ss/sidtab.h | 59
security/selinux/ss/symtab.c | 40
security/selinux/ss/symtab.h | 23
40 files changed, 12474 insertions(+)
--
Stephen Smalley <[email protected]>
National Security Agency
On Mon, Jul 14, 2003 at 03:05:04PM -0400, Stephen Smalley wrote:
> The patch available from
> http://www.nsa.gov/selinux/lk/2.6.0-test1-addselinux.patch.gz adds the
> SELinux module under security/selinux and modifies the security/Makefile
> and security/Kconfig files for SELinux.
Some minor coding style nits:
- you are creating your own typedefs, please don't. Use the
"struct foo" style instead.
- you have a number of printk() calls without a logging level.
Hm, looks like some of the functions doing this aren't ever
called at all (avc_dump_cache() is one example)...
- your function style should be changed to take advantage of the
kerneldoc functionality. avc_lookup() is a good example of
something that could benifit from this (don't put comments
within a function declaration...)
Other than that, the coding style looks real good.
thanks,
greg k-h
Stephen Smalley <[email protected]> wrote:
>
> The patch available from
> http://www.nsa.gov/selinux/lk/2.6.0-test1-addselinux.patch.gz adds the
> SELinux module under security/selinux and modifies the security/Makefile
> and security/Kconfig files for SELinux.
I'll drop this into -mm, take a look at it.
The diff adds five or six hundred lines-with-trailing-whitespace, which I
trimmed off.