selinux/lsm-common: reorder and format security hooks
Changes to be committed:
modified: include/linux/security.h
Details:
- add default hook for security_cred_getsecid
- group hooks with functionalities and get coherent for orders
---
include/linux/security.h | 46 +++++++++++++++++++---------------------
1 file changed, 22 insertions(+), 24 deletions(-)
diff --git a/include/linux/security.h b/include/linux/security.h
index 3e8d4bacd59d..14f580e37b24 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -462,10 +462,6 @@ static inline int unregister_blocking_lsm_notifier(struct notifier_block *nb)
return 0;
}
-static inline void security_free_mnt_opts(void **mnt_opts)
-{
-}
-
/*
* This is the default capabilities functionality. Most of these functions
* are just stubbed out, but a few must call the proper capable code.
@@ -605,6 +601,9 @@ static inline int security_sb_alloc(struct super_block *sb)
static inline void security_sb_free(struct super_block *sb)
{ }
+static inline void security_free_mnt_opts(void **mnt_opts)
+{ }
+
static inline int security_sb_eat_lsm_opts(char *options,
void **mnt_opts)
{
@@ -679,20 +678,6 @@ static inline int security_move_mount(const struct path *from_path,
return 0;
}
-static inline int security_path_notify(const struct path *path, u64 mask,
- unsigned int obj_type)
-{
- return 0;
-}
-
-static inline int security_inode_alloc(struct inode *inode)
-{
- return 0;
-}
-
-static inline void security_inode_free(struct inode *inode)
-{ }
-
static inline int security_dentry_init_security(struct dentry *dentry,
int mode,
const struct qstr *name,
@@ -710,6 +695,19 @@ static inline int security_dentry_create_files_as(struct dentry *dentry,
return 0;
}
+static inline int security_path_notify(const struct path *path, u64 mask,
+ unsigned int obj_type)
+{
+ return 0;
+}
+
+static inline int security_inode_alloc(struct inode *inode)
+{
+ return 0;
+}
+
+static inline void security_inode_free(struct inode *inode)
+{ }
static inline int security_inode_init_security(struct inode *inode,
struct inode *dir,
@@ -982,8 +980,10 @@ static inline int security_prepare_creds(struct cred *new,
static inline void security_transfer_creds(struct cred *new,
const struct cred *old)
-{
-}
+{ }
+
+static inline void security_cred_getsecid(const struct cred *c, u32 *secid)
+{ }
static inline int security_kernel_act_as(struct cred *cred, u32 secid)
{
@@ -1249,12 +1249,10 @@ static inline int security_secctx_to_secid(const char *secdata,
}
static inline void security_release_secctx(char *secdata, u32 seclen)
-{
-}
+{ }
static inline void security_inode_invalidate_secctx(struct inode *inode)
-{
-}
+{ }
static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
{
--
2.17.1
On 12/26/2019 8:12 PM, wenhuizhang wrote:
> selinux/lsm-common: reorder and format security hooks
> Changes to be committed:
> modified: include/linux/security.h
> Details:
> - add default hook for security_cred_getsecid
What is this for? Who uses it?
> - group hooks with functionalities and get coherent for orders
Clean-ups should be separate from "real" code changes.
> ---
> include/linux/security.h | 46 +++++++++++++++++++---------------------
> 1 file changed, 22 insertions(+), 24 deletions(-)
>
> diff --git a/include/linux/security.h b/include/linux/security.h
> index 3e8d4bacd59d..14f580e37b24 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -462,10 +462,6 @@ static inline int unregister_blocking_lsm_notifier(struct notifier_block *nb)
> return 0;
> }
>
> -static inline void security_free_mnt_opts(void **mnt_opts)
> -{
> -}
> -
> /*
> * This is the default capabilities functionality. Most of these functions
> * are just stubbed out, but a few must call the proper capable code.
> @@ -605,6 +601,9 @@ static inline int security_sb_alloc(struct super_block *sb)
> static inline void security_sb_free(struct super_block *sb)
> { }
>
> +static inline void security_free_mnt_opts(void **mnt_opts)
> +{ }
> +
> static inline int security_sb_eat_lsm_opts(char *options,
> void **mnt_opts)
> {
> @@ -679,20 +678,6 @@ static inline int security_move_mount(const struct path *from_path,
> return 0;
> }
>
> -static inline int security_path_notify(const struct path *path, u64 mask,
> - unsigned int obj_type)
> -{
> - return 0;
> -}
> -
> -static inline int security_inode_alloc(struct inode *inode)
> -{
> - return 0;
> -}
> -
> -static inline void security_inode_free(struct inode *inode)
> -{ }
> -
> static inline int security_dentry_init_security(struct dentry *dentry,
> int mode,
> const struct qstr *name,
> @@ -710,6 +695,19 @@ static inline int security_dentry_create_files_as(struct dentry *dentry,
> return 0;
> }
>
> +static inline int security_path_notify(const struct path *path, u64 mask,
> + unsigned int obj_type)
> +{
> + return 0;
> +}
> +
> +static inline int security_inode_alloc(struct inode *inode)
> +{
> + return 0;
> +}
> +
> +static inline void security_inode_free(struct inode *inode)
> +{ }
>
> static inline int security_inode_init_security(struct inode *inode,
> struct inode *dir,
> @@ -982,8 +980,10 @@ static inline int security_prepare_creds(struct cred *new,
>
> static inline void security_transfer_creds(struct cred *new,
> const struct cred *old)
> -{
> -}
> +{ }
> +
> +static inline void security_cred_getsecid(const struct cred *c, u32 *secid)
> +{ }
>
> static inline int security_kernel_act_as(struct cred *cred, u32 secid)
> {
> @@ -1249,12 +1249,10 @@ static inline int security_secctx_to_secid(const char *secdata,
> }
>
> static inline void security_release_secctx(char *secdata, u32 seclen)
> -{
> -}
> +{ }
>
> static inline void security_inode_invalidate_secctx(struct inode *inode)
> -{
> -}
> +{ }
>
> static inline int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
> {
wenhuizhang <[email protected]> writes:
> Deadstore detected by Lukas Bulwahn's CodeChecker Tool (ELISA group).
>
> line 741 struct cifsInodeInfo *cinode;
> line 747 cinode = CIFS_I(d_inode(cfile->dentry));
> could be deleted.
>
> Signed-off-by: wenhuizhang <[email protected]>
>
> cinode on filesystem should not be deleted when files are closed, they are representations of some data fields on a physical disk, thus no further action is required.
> The virtual inode on vfs will be handled by vfs automatically, and the denotation is inode, which is different from the cinode.
This looks ok but the patch subject is wrong.
Also the signed-off tag should be the last thing in the commit msg.
Cheers,
--
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)
Wenhui Zhang <[email protected]> writes:
> In this case, should I send out another formatted patch push request?
Yes, fix the patch then you can generate a v2 and send it:
git format-patch -1 -v 2
git send-email --to=.... --in-reply-to=msgid the_fix.patch
where msgid is the Message-Id header of the email you want your v2 to be
a reply of. To reply to youself, your msg id is
[email protected]
Cheers,
--
Aurélien Aptel / SUSE Labs Samba Team
GPG: 1839 CB5F 9F5B FB9B AA97 8C99 03C8 A49B 521B D5D3
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, DE
GF: Felix Imendörffer, Mary Higgins, Sri Rasiah HRB 247165 (AG München)