On Sun, Jan 28, 2024 at 5:02 AM Ronald Monthero <debug.penguin32@xxxxxxxxx> wrote: > > As with kfree_sensitive() it does kfree() and memzero_explicit() > internally to clear sensitive data. The patch includes some of > the code paths to free data such as keys, hash table and > scontext and tcontext of selinux, which would benefit > from kfree_sensitive() to replace kfree() > > Signed-off-by: Ronald Monthero <debug.penguin32@xxxxxxxxx> > --- > security/selinux/avc.c | 4 ++-- > security/selinux/ima.c | 2 +- > security/selinux/selinuxfs.c | 16 ++++++++-------- > security/selinux/ss/conditional.c | 4 ++-- > security/selinux/ss/hashtab.c | 2 +- > security/selinux/ss/policydb.c | 6 +++--- > 6 files changed, 17 insertions(+), 17 deletions(-) I agree with Casey's comment, I'm not seeing anything in the SELinux code that would warrant the use of kfree_sensitive(). -- paul-moore.com
