summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristian Göttsche <cgzones@googlemail.com>2023-07-28 17:19:31 +0200
committerPaul Moore <paul@paul-moore.com>2023-07-28 20:09:24 +0200
commitf01dd5904519574017a4938ffb4424b31ba79cf3 (patch)
tree687f311a9ca609cabea34daf570bdc90c4edd7d7
parentselinux: log about VM being executable by default (diff)
downloadlinux-f01dd5904519574017a4938ffb4424b31ba79cf3.tar.xz
linux-f01dd5904519574017a4938ffb4424b31ba79cf3.zip
selinux: move debug functions into debug configuration
avtab_hash_eval() and hashtab_stat() are only used in policydb.c when the configuration SECURITY_SELINUX_DEBUG is enabled. Move the function definitions under that configuration as well and provide empty definitions in case SECURITY_SELINUX_DEBUG is disabled, to avoid using #ifdef in the callers. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r--security/selinux/ss/avtab.c2
-rw-r--r--security/selinux/ss/avtab.h7
-rw-r--r--security/selinux/ss/hashtab.c3
-rw-r--r--security/selinux/ss/hashtab.h6
-rw-r--r--security/selinux/ss/policydb.c5
5 files changed, 20 insertions, 3 deletions
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
index 32f92da00b0e..243e5dabfa86 100644
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@@ -322,6 +322,7 @@ int avtab_alloc_dup(struct avtab *new, const struct avtab *orig)
return avtab_alloc_common(new, orig->nslot);
}
+#ifdef CONFIG_SECURITY_SELINUX_DEBUG
void avtab_hash_eval(struct avtab *h, const char *tag)
{
int i, chain_len, slots_used, max_chain_len;
@@ -352,6 +353,7 @@ void avtab_hash_eval(struct avtab *h, const char *tag)
tag, h->nel, slots_used, h->nslot, max_chain_len,
chain2_len_sum);
}
+#endif /* CONFIG_SECURITY_SELINUX_DEBUG */
static const uint16_t spec_order[] = {
AVTAB_ALLOWED,
diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h
index 2ef5d1ae2844..3c3904bf02b0 100644
--- a/security/selinux/ss/avtab.h
+++ b/security/selinux/ss/avtab.h
@@ -91,7 +91,14 @@ void avtab_init(struct avtab *h);
int avtab_alloc(struct avtab *, u32);
int avtab_alloc_dup(struct avtab *new, const struct avtab *orig);
void avtab_destroy(struct avtab *h);
+
+#ifdef CONFIG_SECURITY_SELINUX_DEBUG
void avtab_hash_eval(struct avtab *h, const char *tag);
+#else
+static inline void avtab_hash_eval(struct avtab *h, const char *tag)
+{
+}
+#endif
struct policydb;
int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c
index 30532ec319ce..e3747b5dd3e7 100644
--- a/security/selinux/ss/hashtab.c
+++ b/security/selinux/ss/hashtab.c
@@ -103,7 +103,7 @@ int hashtab_map(struct hashtab *h,
return 0;
}
-
+#ifdef CONFIG_SECURITY_SELINUX_DEBUG
void hashtab_stat(struct hashtab *h, struct hashtab_info *info)
{
u32 i, chain_len, slots_used, max_chain_len;
@@ -129,6 +129,7 @@ void hashtab_stat(struct hashtab *h, struct hashtab_info *info)
info->slots_used = slots_used;
info->max_chain_len = max_chain_len;
}
+#endif /* CONFIG_SECURITY_SELINUX_DEBUG */
int hashtab_duplicate(struct hashtab *new, struct hashtab *orig,
int (*copy)(struct hashtab_node *new,
diff --git a/security/selinux/ss/hashtab.h b/security/selinux/ss/hashtab.h
index 9dac6da45b98..f9713b56d3d0 100644
--- a/security/selinux/ss/hashtab.h
+++ b/security/selinux/ss/hashtab.h
@@ -142,7 +142,13 @@ int hashtab_duplicate(struct hashtab *new, struct hashtab *orig,
int (*destroy)(void *k, void *d, void *args),
void *args);
+#ifdef CONFIG_SECURITY_SELINUX_DEBUG
/* Fill info with some hash table statistics */
void hashtab_stat(struct hashtab *h, struct hashtab_info *info);
+#else
+static inline void hashtab_stat(struct hashtab *h, struct hashtab_info *info)
+{
+}
+#endif
#endif /* _SS_HASHTAB_H */
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index dc66868ff62c..a424997c79eb 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -701,6 +701,9 @@ static void symtab_hash_eval(struct symtab *s)
static inline void hash_eval(struct hashtab *h, const char *hash_name)
{
}
+static inline void symtab_hash_eval(struct symtab *s)
+{
+}
#endif /* CONFIG_SECURITY_SELINUX_DEBUG */
/*
@@ -725,10 +728,8 @@ static int policydb_index(struct policydb *p)
pr_debug("SELinux: %d classes, %d rules\n",
p->p_classes.nprim, p->te_avtab.nel);
-#ifdef CONFIG_SECURITY_SELINUX_DEBUG
avtab_hash_eval(&p->te_avtab, "rules");
symtab_hash_eval(p->symtab);
-#endif
p->class_val_to_struct = kcalloc(p->p_classes.nprim,
sizeof(*p->class_val_to_struct),