[PATCH] tomoyo: Swicth from cred->security to task_struct->security.
Casey Schaufler
casey at schaufler-ca.com
Fri Jan 18 18:02:51 UTC 2019
On 1/18/2019 9:17 AM, Tetsuo Handa wrote:
> On 2019/01/19 2:01, Casey Schaufler wrote:
>>> -/**
>>> - * tomoyo_real_domain - Get "struct tomoyo_domain_info" for specified thread.
>>> - *
>>> - * @task: Pointer to "struct task_struct".
>>> + * @task - Pointer to "struct task_struct".
>>> *
>>> * Returns pointer to "struct tomoyo_security" for specified thread.
>>> */
>>> -static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct
>>> - *task)
>>> +static inline struct tomoyo_security *tomoyo_security(struct task_struct *task)
>> Could you use tomoyo_task() instead of tomoyo_security()?
> Possible. But tomoyo_task() might be more confusing because it sounds like
> "struct task_struct" when it actually returns "struct task_struct"->security.
>
> Isn't tomoyo_task_security() better if I rename?
To my mind that just adds a _security suffix in a place where
we pretty well know you're doing something about security. I
used the <lsm>_<blob>() convention in part because it was usually
no longer than referencing the blob. smack_cred(cred) isn't
much longer than cred->security, whereas smack_cred_blob()
or smack_cred_security_blob() would be. I admit that I'm
looking at it from the viewpoint of someone who cares more about
how security modules are structured in general than I am in
how a specific module works.
In the end it's your code, but I hate to see divergence so
soon after I put a bit of order in place.
>> To the extent that it's been possible I've worked to add
>> consistency in the security modules, and this breaks it.
> Do you want me to rename
>
> /* Structure for "struct task_struct"->security. */
> struct tomoyo_security {
> struct tomoyo_domain_info *domain_info;
> struct tomoyo_domain_info *old_domain_info;
> };
>
> to "struct tomoyo_task" or "struct tomoyo_task_security" as well?
tomoyo_task would be my choice. Again, isn't appending _security
to things just adding keystrokes?
More information about the Linux-security-module-archive
mailing list