On Mon, 2024-11-25 at 12:38 +0100, Christian Göttsche wrote:
> Hi,
>
> I noticed that the `prop` parameter of `ima_match_rules()` is
> currently unused (due to shadowing).
> Is that by design or a mishap of the recent rework?
>
> Related commits:
>
> 37f670a ("lsm: use lsm_prop in security_current_getsecid")
> 870b7fd ("lsm: use lsm_prop in security_audit_rule_match")
> 07f9d2c ("lsm: use lsm_prop in security_inode_getsecid")
Uhm, interesting...
To me it seems a variable naming collision.
We are first declaring a new variable:
- u32 osid;
+ struct lsm_prop prop = { };
And then, we are introducing a parameter with the same name:
static bool ima_match_rules(struct ima_rule_entry *rule,
struct mnt_idmap *idmap,
struct inode *inode, const struct cred *cred,
- u32 secid, enum ima_hooks func, int mask,
+ struct lsm_prop *prop, enum ima_hooks func, int mask,
I think we should call the first variable inode_prop, and we should pass prop here:
case LSM_SUBJ_TYPE:
- /* scaffolding */
- prop.scaffold.secid = secid;
rc = ima_filter_rule_match(&prop, lsm_rule->lsm[i].type,
Audit_equal,
Roberto
