please find the updated patch based on the review comments
Move cache based pkey sid retrieval code which was added
with Commit "409dcf31" under CONFIG_SECURITY_INFINIBAND.
As its going to alloc a new cache which impacts
low ram devices which was enabled by default.
Suggested-by: Paul Moore <paul@xxxxxxxxxxxxxx>
Signed-off-by: Ravi Kumar Siddojigari <rsiddoji@xxxxxxxxxxxxxx>
---
security/selinux/Makefile | 4 +++-
security/selinux/include/ibpkey.h | 13 +++++++++++++
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/security/selinux/Makefile b/security/selinux/Makefile
index ccf950409384..2000f95fb197 100644
--- a/security/selinux/Makefile
+++ b/security/selinux/Makefile
@@ -6,7 +6,7 @@
obj-$(CONFIG_SECURITY_SELINUX) := selinux.o
selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \
- netnode.o netport.o ibpkey.o \
+ netnode.o netport.o \
ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \
ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/status.o
@@ -14,6 +14,8 @@ selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o
selinux-$(CONFIG_NETLABEL) += netlabel.o
+selinux-$(CONFIG_SECURITY_INFINIBAND) += ibpkey.o
+
ccflags-y := -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include
$(addprefix $(obj)/,$(selinux-y)): $(obj)/flask.h
diff --git a/security/selinux/include/ibpkey.h b/security/selinux/include/ibpkey.h
index a2ebe397bcb7..040b93cca486 100644
--- a/security/selinux/include/ibpkey.h
+++ b/security/selinux/include/ibpkey.h
@@ -14,8 +14,21 @@
#ifndef _SELINUX_IB_PKEY_H
#define _SELINUX_IB_PKEY_H
+#ifdef CONFIG_SECURITY_INFINIBAND
void sel_ib_pkey_flush(void);
int sel_ib_pkey_sid(u64 subnet_prefix, u16 pkey, u32 *sid);
+#else
+
+static inline void sel_ib_pkey_flush(void) {
+ return;
+}
+
+static inline int sel_ib_pkey_sid(u64 subnet_prefix, u16 pkey, u32 *sid) {
+ *sid = SECINITSID_UNLABELED;
+ return 0;
+}
Move cache based pkey sid retrieval code which was added
with Commit "409dcf31" under CONFIG_SECURITY_INFINIBAND.
As its going to alloc a new cache which impacts
low ram devices which was enabled by default.
Suggested-by: Paul Moore <paul@xxxxxxxxxxxxxx>
Signed-off-by: Ravi Kumar Siddojigari <rsiddoji@xxxxxxxxxxxxxx>
---
security/selinux/Makefile | 4 +++-
security/selinux/include/ibpkey.h | 13 +++++++++++++
2 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/security/selinux/Makefile b/security/selinux/Makefile
index ccf950409384..2000f95fb197 100644
--- a/security/selinux/Makefile
+++ b/security/selinux/Makefile
@@ -6,7 +6,7 @@
obj-$(CONFIG_SECURITY_SELINUX) := selinux.o
selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \
- netnode.o netport.o ibpkey.o \
+ netnode.o netport.o \
ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \
ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/status.o
@@ -14,6 +14,8 @@ selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o
selinux-$(CONFIG_NETLABEL) += netlabel.o
+selinux-$(CONFIG_SECURITY_INFINIBAND) += ibpkey.o
+
ccflags-y := -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include
$(addprefix $(obj)/,$(selinux-y)): $(obj)/flask.h
diff --git a/security/selinux/include/ibpkey.h b/security/selinux/include/ibpkey.h
index a2ebe397bcb7..040b93cca486 100644
--- a/security/selinux/include/ibpkey.h
+++ b/security/selinux/include/ibpkey.h
@@ -14,8 +14,21 @@
#ifndef _SELINUX_IB_PKEY_H
#define _SELINUX_IB_PKEY_H
+#ifdef CONFIG_SECURITY_INFINIBAND
void sel_ib_pkey_flush(void);
int sel_ib_pkey_sid(u64 subnet_prefix, u16 pkey, u32 *sid);
+#else
+
+static inline void sel_ib_pkey_flush(void) {
+ return;
+}
+
+static inline int sel_ib_pkey_sid(u64 subnet_prefix, u16 pkey, u32 *sid) {
+ *sid = SECINITSID_UNLABELED;
+ return 0;
+}
+#endif
+
#endif
--
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project
