diff options
author | Wanlong Gao <gaowanlong@cn.fujitsu.com> | 2012-03-07 09:17:14 -0500 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2012-04-09 12:23:44 -0400 |
commit | 562c99f20d989f222138dddfd71e275bfb3665de (patch) | |
tree | 47743a88f3aed8b77f79899f45409a597ab77263 /security | |
parent | 0b36e44cc680b355f0d1b34002b2a10c9e1cae60 (diff) |
SELinux: avc: remove the useless fields in avc_add_callback
avc_add_callback now just used for registering reset functions
in initcalls, and the callback functions just did reset operations.
So, reducing the arguments to only one event is enough now.
Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/avc.c | 32 | ||||
-rw-r--r-- | security/selinux/include/avc.h | 6 | ||||
-rw-r--r-- | security/selinux/netif.c | 6 | ||||
-rw-r--r-- | security/selinux/netnode.c | 6 | ||||
-rw-r--r-- | security/selinux/netport.c | 6 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 6 |
6 files changed, 15 insertions, 47 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 5c1326e18836..68d82daed257 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
@@ -65,14 +65,8 @@ struct avc_cache { | |||
65 | }; | 65 | }; |
66 | 66 | ||
67 | struct avc_callback_node { | 67 | struct avc_callback_node { |
68 | int (*callback) (u32 event, u32 ssid, u32 tsid, | 68 | int (*callback) (u32 event); |
69 | u16 tclass, u32 perms, | ||
70 | u32 *out_retained); | ||
71 | u32 events; | 69 | u32 events; |
72 | u32 ssid; | ||
73 | u32 tsid; | ||
74 | u16 tclass; | ||
75 | u32 perms; | ||
76 | struct avc_callback_node *next; | 70 | struct avc_callback_node *next; |
77 | }; | 71 | }; |
78 | 72 | ||
@@ -499,22 +493,12 @@ noinline int slow_avc_audit(u32 ssid, u32 tsid, u16 tclass, | |||
499 | * avc_add_callback - Register a callback for security events. | 493 | * avc_add_callback - Register a callback for security events. |
500 | * @callback: callback function | 494 | * @callback: callback function |
501 | * @events: security events | 495 | * @events: security events |
502 | * @ssid: source security identifier or %SECSID_WILD | ||
503 | * @tsid: target security identifier or %SECSID_WILD | ||
504 | * @tclass: target security class | ||
505 | * @perms: permissions | ||
506 | * | 496 | * |
507 | * Register a callback function for events in the set @events | 497 | * Register a callback function for events in the set @events. |
508 | * related to the SID pair (@ssid, @tsid) | 498 | * Returns %0 on success or -%ENOMEM if insufficient memory |
509 | * and the permissions @perms, interpreting | 499 | * exists to add the callback. |
510 | * @perms based on @tclass. Returns %0 on success or | ||
511 | * -%ENOMEM if insufficient memory exists to add the callback. | ||
512 | */ | 500 | */ |
513 | int __init avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid, | 501 | int __init avc_add_callback(int (*callback)(u32 event), u32 events) |
514 | u16 tclass, u32 perms, | ||
515 | u32 *out_retained), | ||
516 | u32 events, u32 ssid, u32 tsid, | ||
517 | u16 tclass, u32 perms) | ||
518 | { | 502 | { |
519 | struct avc_callback_node *c; | 503 | struct avc_callback_node *c; |
520 | int rc = 0; | 504 | int rc = 0; |
@@ -527,9 +511,6 @@ int __init avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid, | |||
527 | 511 | ||
528 | c->callback = callback; | 512 | c->callback = callback; |
529 | c->events = events; | 513 | c->events = events; |
530 | c->ssid = ssid; | ||
531 | c->tsid = tsid; | ||
532 | c->perms = perms; | ||
533 | c->next = avc_callbacks; | 514 | c->next = avc_callbacks; |
534 | avc_callbacks = c; | 515 | avc_callbacks = c; |
535 | out: | 516 | out: |
@@ -669,8 +650,7 @@ int avc_ss_reset(u32 seqno) | |||
669 | 650 | ||
670 | for (c = avc_callbacks; c; c = c->next) { | 651 | for (c = avc_callbacks; c; c = c->next) { |
671 | if (c->events & AVC_CALLBACK_RESET) { | 652 | if (c->events & AVC_CALLBACK_RESET) { |
672 | tmprc = c->callback(AVC_CALLBACK_RESET, | 653 | tmprc = c->callback(AVC_CALLBACK_RESET); |
673 | 0, 0, 0, 0, NULL); | ||
674 | /* save the first error encountered for the return | 654 | /* save the first error encountered for the return |
675 | value and continue processing the callbacks */ | 655 | value and continue processing the callbacks */ |
676 | if (!rc) | 656 | if (!rc) |
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h index d97fadc4d963..92d0ab561db8 100644 --- a/security/selinux/include/avc.h +++ b/security/selinux/include/avc.h | |||
@@ -170,11 +170,7 @@ u32 avc_policy_seqno(void); | |||
170 | #define AVC_CALLBACK_AUDITDENY_ENABLE 64 | 170 | #define AVC_CALLBACK_AUDITDENY_ENABLE 64 |
171 | #define AVC_CALLBACK_AUDITDENY_DISABLE 128 | 171 | #define AVC_CALLBACK_AUDITDENY_DISABLE 128 |
172 | 172 | ||
173 | int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid, | 173 | int avc_add_callback(int (*callback)(u32 event), u32 events); |
174 | u16 tclass, u32 perms, | ||
175 | u32 *out_retained), | ||
176 | u32 events, u32 ssid, u32 tsid, | ||
177 | u16 tclass, u32 perms); | ||
178 | 174 | ||
179 | /* Exported to selinuxfs */ | 175 | /* Exported to selinuxfs */ |
180 | int avc_get_hash_stats(char *page); | 176 | int avc_get_hash_stats(char *page); |
diff --git a/security/selinux/netif.c b/security/selinux/netif.c index 326f22cbe405..47a49d1a6f6a 100644 --- a/security/selinux/netif.c +++ b/security/selinux/netif.c | |||
@@ -252,8 +252,7 @@ static void sel_netif_flush(void) | |||
252 | spin_unlock_bh(&sel_netif_lock); | 252 | spin_unlock_bh(&sel_netif_lock); |
253 | } | 253 | } |
254 | 254 | ||
255 | static int sel_netif_avc_callback(u32 event, u32 ssid, u32 tsid, | 255 | static int sel_netif_avc_callback(u32 event) |
256 | u16 class, u32 perms, u32 *retained) | ||
257 | { | 256 | { |
258 | if (event == AVC_CALLBACK_RESET) { | 257 | if (event == AVC_CALLBACK_RESET) { |
259 | sel_netif_flush(); | 258 | sel_netif_flush(); |
@@ -292,8 +291,7 @@ static __init int sel_netif_init(void) | |||
292 | 291 | ||
293 | register_netdevice_notifier(&sel_netif_netdev_notifier); | 292 | register_netdevice_notifier(&sel_netif_netdev_notifier); |
294 | 293 | ||
295 | err = avc_add_callback(sel_netif_avc_callback, AVC_CALLBACK_RESET, | 294 | err = avc_add_callback(sel_netif_avc_callback, AVC_CALLBACK_RESET); |
296 | SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0); | ||
297 | if (err) | 295 | if (err) |
298 | panic("avc_add_callback() failed, error %d\n", err); | 296 | panic("avc_add_callback() failed, error %d\n", err); |
299 | 297 | ||
diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c index 86365857c088..28f911cdd7c7 100644 --- a/security/selinux/netnode.c +++ b/security/selinux/netnode.c | |||
@@ -297,8 +297,7 @@ static void sel_netnode_flush(void) | |||
297 | spin_unlock_bh(&sel_netnode_lock); | 297 | spin_unlock_bh(&sel_netnode_lock); |
298 | } | 298 | } |
299 | 299 | ||
300 | static int sel_netnode_avc_callback(u32 event, u32 ssid, u32 tsid, | 300 | static int sel_netnode_avc_callback(u32 event) |
301 | u16 class, u32 perms, u32 *retained) | ||
302 | { | 301 | { |
303 | if (event == AVC_CALLBACK_RESET) { | 302 | if (event == AVC_CALLBACK_RESET) { |
304 | sel_netnode_flush(); | 303 | sel_netnode_flush(); |
@@ -320,8 +319,7 @@ static __init int sel_netnode_init(void) | |||
320 | sel_netnode_hash[iter].size = 0; | 319 | sel_netnode_hash[iter].size = 0; |
321 | } | 320 | } |
322 | 321 | ||
323 | ret = avc_add_callback(sel_netnode_avc_callback, AVC_CALLBACK_RESET, | 322 | ret = avc_add_callback(sel_netnode_avc_callback, AVC_CALLBACK_RESET); |
324 | SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0); | ||
325 | if (ret != 0) | 323 | if (ret != 0) |
326 | panic("avc_add_callback() failed, error %d\n", ret); | 324 | panic("avc_add_callback() failed, error %d\n", ret); |
327 | 325 | ||
diff --git a/security/selinux/netport.c b/security/selinux/netport.c index 7b9eb1faf68b..d35379781c2c 100644 --- a/security/selinux/netport.c +++ b/security/selinux/netport.c | |||
@@ -234,8 +234,7 @@ static void sel_netport_flush(void) | |||
234 | spin_unlock_bh(&sel_netport_lock); | 234 | spin_unlock_bh(&sel_netport_lock); |
235 | } | 235 | } |
236 | 236 | ||
237 | static int sel_netport_avc_callback(u32 event, u32 ssid, u32 tsid, | 237 | static int sel_netport_avc_callback(u32 event) |
238 | u16 class, u32 perms, u32 *retained) | ||
239 | { | 238 | { |
240 | if (event == AVC_CALLBACK_RESET) { | 239 | if (event == AVC_CALLBACK_RESET) { |
241 | sel_netport_flush(); | 240 | sel_netport_flush(); |
@@ -257,8 +256,7 @@ static __init int sel_netport_init(void) | |||
257 | sel_netport_hash[iter].size = 0; | 256 | sel_netport_hash[iter].size = 0; |
258 | } | 257 | } |
259 | 258 | ||
260 | ret = avc_add_callback(sel_netport_avc_callback, AVC_CALLBACK_RESET, | 259 | ret = avc_add_callback(sel_netport_avc_callback, AVC_CALLBACK_RESET); |
261 | SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0); | ||
262 | if (ret != 0) | 260 | if (ret != 0) |
263 | panic("avc_add_callback() failed, error %d\n", ret); | 261 | panic("avc_add_callback() failed, error %d\n", ret); |
264 | 262 | ||
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 9b7e7ed54e7e..4321b8fc8863 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -3044,8 +3044,7 @@ out: | |||
3044 | 3044 | ||
3045 | static int (*aurule_callback)(void) = audit_update_lsm_rules; | 3045 | static int (*aurule_callback)(void) = audit_update_lsm_rules; |
3046 | 3046 | ||
3047 | static int aurule_avc_callback(u32 event, u32 ssid, u32 tsid, | 3047 | static int aurule_avc_callback(u32 event) |
3048 | u16 class, u32 perms, u32 *retained) | ||
3049 | { | 3048 | { |
3050 | int err = 0; | 3049 | int err = 0; |
3051 | 3050 | ||
@@ -3058,8 +3057,7 @@ static int __init aurule_init(void) | |||
3058 | { | 3057 | { |
3059 | int err; | 3058 | int err; |
3060 | 3059 | ||
3061 | err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET, | 3060 | err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET); |
3062 | SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0); | ||
3063 | if (err) | 3061 | if (err) |
3064 | panic("avc_add_callback() failed, error %d\n", err); | 3062 | panic("avc_add_callback() failed, error %d\n", err); |
3065 | 3063 | ||