[PATCH v6 02/17] landlock: refactors landlock_find/insert_rule
Mickaël Salaün
mic at digikod.net
Thu Jul 7 16:46:36 UTC 2022
On 21/06/2022 10:22, Konstantin Meskhidze wrote:
> Adds a new object union to support a socket port
> rule type. Refactors landlock_insert_rule() and
> landlock_find_rule() to support coming network
> modifications. Now adding or searching a rule
> in a ruleset depends on a rule_type argument
> provided in refactored functions mentioned above.
>
> Signed-off-by: Konstantin Meskhidze <konstantin.meskhidze at huawei.com>
> ---
>
> Changes since v5:
> * Formats code with clang-format-14.
>
> Changes since v4:
> * Refactors insert_rule() and create_rule() functions by deleting
> rule_type from their arguments list, it helps to reduce useless code.
>
> Changes since v3:
> * Splits commit.
> * Refactors landlock_insert_rule and landlock_find_rule functions.
> * Rename new_ruleset->root_inode.
>
> ---
> security/landlock/fs.c | 7 ++-
> security/landlock/ruleset.c | 105 ++++++++++++++++++++++++++----------
> security/landlock/ruleset.h | 27 +++++-----
> 3 files changed, 96 insertions(+), 43 deletions(-)
[...]
> diff --git a/security/landlock/ruleset.h b/security/landlock/ruleset.h
> index bd7ab39859bf..a22d132c32a7 100644
> --- a/security/landlock/ruleset.h
> +++ b/security/landlock/ruleset.h
> @@ -53,15 +53,17 @@ struct landlock_rule {
> */
> struct rb_node node;
> /**
> - * @object: Pointer to identify a kernel object (e.g. an inode). This
> - * is used as a key for this ruleset element. This pointer is set once
> - * and never modified. It always points to an allocated object because
> - * each rule increments the refcount of its object.
> - */
> - struct landlock_object *object;
> - /**
> - * @num_layers: Number of entries in @layers.
> + * @object: A union to identify either a kernel object (e.g. an inode) or
> + * a raw data value (e.g. a network socket port). This is used as a key
> + * for this ruleset element. This pointer/@object.ptr/ is set once and
> + * never modified. It always points to an allocated object because each
> + * rule increments the refcount of its object (for inodes).;
Extra ";"
More information about the Linux-security-module-archive
mailing list