Thanks Paul and Casey for taking the time to review. I'll let that be, as it may not be needed until further particularity. BR, ronald On Tue, Jan 30, 2024 at 7:58 AM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > On Sun, Jan 28, 2024 at 5:02 AM Ronald Monthero > <debug.penguin32@xxxxxxxxx> wrote: > > > > As with kfree_sensitive() it does kfree() and memzero_explicit() > > internally to clear sensitive data. The patch includes some of > > the code paths to free data such as keys, hash table and > > scontext and tcontext of selinux, which would benefit > > from kfree_sensitive() to replace kfree() > > > > Signed-off-by: Ronald Monthero <debug.penguin32@xxxxxxxxx> > > --- > > security/selinux/avc.c | 4 ++-- > > security/selinux/ima.c | 2 +- > > security/selinux/selinuxfs.c | 16 ++++++++-------- > > security/selinux/ss/conditional.c | 4 ++-- > > security/selinux/ss/hashtab.c | 2 +- > > security/selinux/ss/policydb.c | 6 +++--- > > 6 files changed, 17 insertions(+), 17 deletions(-) > > I agree with Casey's comment, I'm not seeing anything in the SELinux > code that would warrant the use of kfree_sensitive(). > > -- > paul-moore.com
