Re: [PATCH v4] selinux: move ibpkeys code under CONFIG_SECURITY_INFINIBAND.

Paul Moore <paul@xxxxxxxxxxxxxx> · Fri, 10 Jan 2020 12:23:08 -0500

On Thu, Jan 9, 2020 at 6:11 AM Ravi Kumar Siddojigari
<rsiddoji@xxxxxxxxxxxxxx> wrote:
>
> Move cache based  pkey sid  retrieval code which was added
> with  Commit "409dcf31" under CONFIG_SECURITY_INFINIBAND.
> As its  going to alloc a new cache which impacts
> low ram devices which was enabled by default.
>
> Suggested-by: Paul Moore <paul@xxxxxxxxxxxxxx>
> Signed-off-by: Ravi Kumar Siddojigari <rsiddoji@xxxxxxxxxxxxxx>
> ---
>  security/selinux/Makefile         |  4 +++-
>  security/selinux/include/ibpkey.h | 12 ++++++++++++
>  2 files changed, 15 insertions(+), 1 deletion(-)

I just merged this into selinux/next but I had to fix a few style
errors that were found by scripts/checkpatch.pl (whitespace, function
braces); please remember to run checkpatch.pl on all your patch
submissions.

-Paul

> diff --git a/security/selinux/Makefile b/security/selinux/Makefile
> index ccf950409384..2000f95fb197 100644
> --- a/security/selinux/Makefile
> +++ b/security/selinux/Makefile
> @@ -6,7 +6,7 @@
>  obj-$(CONFIG_SECURITY_SELINUX) := selinux.o
>
>  selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o \
> -            netnode.o netport.o ibpkey.o \
> +            netnode.o netport.o \
>              ss/ebitmap.o ss/hashtab.o ss/symtab.o ss/sidtab.o ss/avtab.o \
>              ss/policydb.o ss/services.o ss/conditional.o ss/mls.o ss/status.o
>
> @@ -14,6 +14,8 @@ selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o
>
>  selinux-$(CONFIG_NETLABEL) += netlabel.o
>
> +selinux-$(CONFIG_SECURITY_INFINIBAND) += ibpkey.o
> +
>  ccflags-y := -I$(srctree)/security/selinux -I$(srctree)/security/selinux/include
>
>  $(addprefix $(obj)/,$(selinux-y)): $(obj)/flask.h
> diff --git a/security/selinux/include/ibpkey.h b/security/selinux/include/ibpkey.h
> index a2ebe397bcb7..e3c08287fd9a 100644
> --- a/security/selinux/include/ibpkey.h
> +++ b/security/selinux/include/ibpkey.h
> @@ -14,8 +14,20 @@
>  #ifndef _SELINUX_IB_PKEY_H
>  #define _SELINUX_IB_PKEY_H
>
> +#ifdef CONFIG_SECURITY_INFINIBAND
>  void sel_ib_pkey_flush(void);
>
>  int sel_ib_pkey_sid(u64 subnet_prefix, u16 pkey, u32 *sid);
>
> +#else
> +static inline void sel_ib_pkey_flush(void) {
> +  return;
> +}
> +
> +static inline int sel_ib_pkey_sid(u64 subnet_prefix, u16 pkey, u32 *sid) {
> +  *sid = SECINITSID_UNLABELED;
> +  return 0;
> +}
> +#endif
> +
>  #endif
> --
> The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
> a Linux Foundation Collaborative Project

-- 
paul moore
www.paul-moore.com