Can someone point me to the explanation?
- the "register_security" just loads the pointer to "security_ops"
- most LSM modules only define subset of the function pointers, and as
far as I can tell, the rest are NULL.
- however, all security calls just seem to call blindly
"security_ops->foo(...)" without caring wether the function is NULL.
Just curious: how does this magic work?
Does same magic work for all "ops" tables in the kernel? Might get
size and speed reduction if need to test for the NULL function pointer
is removed -- at a huge cost of uncertainty, because all NULL pointer
function deferences would then go undetected.
Blah.. insert foot in mouth -- found: verify() calls
security_fixups(), which modifies the supplied table..
IMHO, misleading name for function, "verify" sort of gives impression
of non-modifying function, and thus got me fooled while reading it..
Sorry about bothering...
--
Markku Savela