On Wed, Nov 9, 2022 at 4:26 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote > On Wed, Nov 9, 2022 at 5:02 AM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > The sidtab conversion code has support for multiple context > > conversion routines through the use of function pointers and > > indirect calls. However, the reality is that all current users rely > > on the same conversion routine: convert_context(). This patch does > > away with this extra complexity and replaces the indirect calls > > with direct function calls; allowing us to remove a layer of > > obfuscation and create cleaner, more maintainable code. > > > > Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx> > > --- > > security/selinux/ss/services.c | 51 ++++++++++++++-------------------- > > security/selinux/ss/services.h | 14 ++++++++-- > > security/selinux/ss/sidtab.c | 21 ++++++++------ > > security/selinux/ss/sidtab.h | 3 +- > > 4 files changed, 45 insertions(+), 44 deletions(-) > > The goal of the callback abstraction was to avoid the awkward coupling > between services.c and sidtab.c, but both ways are ugly in some way, > so I consider it a matter of maintainer preference. So if you prefer > this version, feel free to go with it :) While function pointers do have their place, e.g. the network stack and VFS, history has shown that indirect calls aren't without risk. In addition, Linus implied that he wanted this removed, and I don't feel strongly enough about it to argue. Merged into selinux/next. -- paul-moore.com
