diff mbox series

[v5.4,1/3] selinux: Create function for selinuxfs directory cleanup

Message ID 20201015192956.1797021-2-dburgener@linux.microsoft.com
State New
Headers show
Series [v5.4,1/3] selinux: Create function for selinuxfs directory cleanup | expand

Commit Message

Daniel Burgener Oct. 15, 2020, 7:29 p.m. UTC
Separating the cleanup from the creation will simplify two things in
future patches in this series.  First, the creation can be made generic,
to create directories not tied to the selinux_fs_info structure.  Second,
we will ultimately want to reorder creation and deletion so that the
deletions aren't performed until the new directory structures have already
been moved into place.

Signed-off-by: Daniel Burgener <dburgener@linux.microsoft.com>
---
 security/selinux/selinuxfs.c | 39 +++++++++++++++++++++++-------------
 1 file changed, 25 insertions(+), 14 deletions(-)

Comments

Greg KH Oct. 16, 2020, 4:59 a.m. UTC | #1
On Thu, Oct 15, 2020 at 03:29:54PM -0400, Daniel Burgener wrote:
> Separating the cleanup from the creation will simplify two things in

> future patches in this series.  First, the creation can be made generic,

> to create directories not tied to the selinux_fs_info structure.  Second,

> we will ultimately want to reorder creation and deletion so that the

> deletions aren't performed until the new directory structures have already

> been moved into place.

> 

> Signed-off-by: Daniel Burgener <dburgener@linux.microsoft.com>

> ---

>  security/selinux/selinuxfs.c | 39 +++++++++++++++++++++++-------------

>  1 file changed, 25 insertions(+), 14 deletions(-)


What is the git commit id of this patch upstream in Linus's tree?

Same for the other 2, we need those ids.

thanks,

gre gk-h
diff mbox series

Patch

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index e9eaff90cbcc..092c7295f78d 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -348,6 +348,9 @@  static int sel_make_policycap(struct selinux_fs_info *fsi);
 static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
 			unsigned long *ino);
 
+/* declaration for sel_remove_old_policy_nodes */
+static void sel_remove_entries(struct dentry *de);
+
 static ssize_t sel_read_mls(struct file *filp, char __user *buf,
 				size_t count, loff_t *ppos)
 {
@@ -502,10 +505,32 @@  static const struct file_operations sel_policy_ops = {
 	.llseek		= generic_file_llseek,
 };
 
+static void sel_remove_old_policy_nodes(struct selinux_fs_info *fsi)
+{
+	u32 i;
+
+	/* bool_dir cleanup */
+	for (i = 0; i < fsi->bool_num; i++)
+		kfree(fsi->bool_pending_names[i]);
+	kfree(fsi->bool_pending_names);
+	kfree(fsi->bool_pending_values);
+	fsi->bool_num = 0;
+	fsi->bool_pending_names = NULL;
+	fsi->bool_pending_values = NULL;
+
+	sel_remove_entries(fsi->bool_dir);
+
+	/* class_dir cleanup */
+	sel_remove_entries(fsi->class_dir);
+
+}
+
 static int sel_make_policy_nodes(struct selinux_fs_info *fsi)
 {
 	int ret;
 
+	sel_remove_old_policy_nodes(fsi);
+
 	ret = sel_make_bools(fsi);
 	if (ret) {
 		pr_err("SELinux: failed to load policy booleans\n");
@@ -1336,17 +1361,6 @@  static int sel_make_bools(struct selinux_fs_info *fsi)
 	int *values = NULL;
 	u32 sid;
 
-	/* remove any existing files */
-	for (i = 0; i < fsi->bool_num; i++)
-		kfree(fsi->bool_pending_names[i]);
-	kfree(fsi->bool_pending_names);
-	kfree(fsi->bool_pending_values);
-	fsi->bool_num = 0;
-	fsi->bool_pending_names = NULL;
-	fsi->bool_pending_values = NULL;
-
-	sel_remove_entries(dir);
-
 	ret = -ENOMEM;
 	page = (char *)get_zeroed_page(GFP_KERNEL);
 	if (!page)
@@ -1798,9 +1812,6 @@  static int sel_make_classes(struct selinux_fs_info *fsi)
 	int rc, nclasses, i;
 	char **classes;
 
-	/* delete any existing entries */
-	sel_remove_entries(fsi->class_dir);
-
 	rc = security_get_classes(fsi->state, &classes, &nclasses);
 	if (rc)
 		return rc;