diff mbox series

[v2] selinux: move debug functions into debug configuration

Message ID 20230728151932.30160-1-cgzones@googlemail.com
State New
Headers
Series [v2] selinux: move debug functions into debug configuration |

Commit Message

Christian Göttsche July 28, 2023, 3:19 p.m. UTC 
  avtab_hash_eval() and hashtab_stat() are only used in policydb.c when
the configuration SECURITY_SELINUX_DEBUG is enabled.

Move the function definitions under that configuration as well and
provide empty definitions in case SECURITY_SELINUX_DEBUG is disabled, to
avoid using #ifdef in the callers.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
v2:
  - provide empty definitions for !SECURITY_SELINUX_DEBUG
  - drop #ifdef in caller
---
 security/selinux/ss/avtab.c    | 2 ++
 security/selinux/ss/avtab.h    | 7 +++++++
 security/selinux/ss/hashtab.c  | 3 ++-
 security/selinux/ss/hashtab.h  | 6 ++++++
 security/selinux/ss/policydb.c | 5 +++--
 5 files changed, 20 insertions(+), 3 deletions(-)

Comments

Paul Moore July 28, 2023, 6:09 p.m. UTC | #1 
On Jul 28, 2023 =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com> wrote:
> 
> avtab_hash_eval() and hashtab_stat() are only used in policydb.c when
> the configuration SECURITY_SELINUX_DEBUG is enabled.
> 
> Move the function definitions under that configuration as well and
> provide empty definitions in case SECURITY_SELINUX_DEBUG is disabled, to
> avoid using #ifdef in the callers.
> 
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
> v2:
>   - provide empty definitions for !SECURITY_SELINUX_DEBUG
>   - drop #ifdef in caller
> ---
>  security/selinux/ss/avtab.c    | 2 ++
>  security/selinux/ss/avtab.h    | 7 +++++++
>  security/selinux/ss/hashtab.c  | 3 ++-
>  security/selinux/ss/hashtab.h  | 6 ++++++
>  security/selinux/ss/policydb.c | 5 +++--
>  5 files changed, 20 insertions(+), 3 deletions(-)

Merged into selinux/next, thanks!

--
paul-moore.com
diff mbox series

Patch

diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
index 32f92da00b0e..243e5dabfa86 100644
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@@ -322,6 +322,7 @@  int avtab_alloc_dup(struct avtab *new, const struct avtab *orig)
 	return avtab_alloc_common(new, orig->nslot);
 }
 
+#ifdef CONFIG_SECURITY_SELINUX_DEBUG
 void avtab_hash_eval(struct avtab *h, const char *tag)
 {
 	int i, chain_len, slots_used, max_chain_len;
@@ -352,6 +353,7 @@  void avtab_hash_eval(struct avtab *h, const char *tag)
 	       tag, h->nel, slots_used, h->nslot, max_chain_len,
 	       chain2_len_sum);
 }
+#endif /* CONFIG_SECURITY_SELINUX_DEBUG */
 
 static const uint16_t spec_order[] = {
 	AVTAB_ALLOWED,
diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h
index 2ef5d1ae2844..3c3904bf02b0 100644
--- a/security/selinux/ss/avtab.h
+++ b/security/selinux/ss/avtab.h
@@ -91,7 +91,14 @@  void avtab_init(struct avtab *h);
 int avtab_alloc(struct avtab *, u32);
 int avtab_alloc_dup(struct avtab *new, const struct avtab *orig);
 void avtab_destroy(struct avtab *h);
+
+#ifdef CONFIG_SECURITY_SELINUX_DEBUG
 void avtab_hash_eval(struct avtab *h, const char *tag);
+#else
+static inline void avtab_hash_eval(struct avtab *h, const char *tag)
+{
+}
+#endif
 
 struct policydb;
 int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c
index 30532ec319ce..e3747b5dd3e7 100644
--- a/security/selinux/ss/hashtab.c
+++ b/security/selinux/ss/hashtab.c
@@ -103,7 +103,7 @@  int hashtab_map(struct hashtab *h,
 	return 0;
 }
 
-
+#ifdef CONFIG_SECURITY_SELINUX_DEBUG
 void hashtab_stat(struct hashtab *h, struct hashtab_info *info)
 {
 	u32 i, chain_len, slots_used, max_chain_len;
@@ -129,6 +129,7 @@  void hashtab_stat(struct hashtab *h, struct hashtab_info *info)
 	info->slots_used = slots_used;
 	info->max_chain_len = max_chain_len;
 }
+#endif /* CONFIG_SECURITY_SELINUX_DEBUG */
 
 int hashtab_duplicate(struct hashtab *new, struct hashtab *orig,
 		int (*copy)(struct hashtab_node *new,
diff --git a/security/selinux/ss/hashtab.h b/security/selinux/ss/hashtab.h
index 9dac6da45b98..f9713b56d3d0 100644
--- a/security/selinux/ss/hashtab.h
+++ b/security/selinux/ss/hashtab.h
@@ -142,7 +142,13 @@  int hashtab_duplicate(struct hashtab *new, struct hashtab *orig,
 		int (*destroy)(void *k, void *d, void *args),
 		void *args);
 
+#ifdef CONFIG_SECURITY_SELINUX_DEBUG
 /* Fill info with some hash table statistics */
 void hashtab_stat(struct hashtab *h, struct hashtab_info *info);
+#else
+static inline void hashtab_stat(struct hashtab *h, struct hashtab_info *info)
+{
+}
+#endif
 
 #endif	/* _SS_HASHTAB_H */
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index dc66868ff62c..a424997c79eb 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -701,6 +701,9 @@  static void symtab_hash_eval(struct symtab *s)
 static inline void hash_eval(struct hashtab *h, const char *hash_name)
 {
 }
+static inline void symtab_hash_eval(struct symtab *s)
+{
+}
 #endif /* CONFIG_SECURITY_SELINUX_DEBUG */
 
 /*
@@ -725,10 +728,8 @@  static int policydb_index(struct policydb *p)
 	pr_debug("SELinux:  %d classes, %d rules\n",
 		 p->p_classes.nprim, p->te_avtab.nel);
 
-#ifdef CONFIG_SECURITY_SELINUX_DEBUG
 	avtab_hash_eval(&p->te_avtab, "rules");
 	symtab_hash_eval(p->symtab);
-#endif
 
 	p->class_val_to_struct = kcalloc(p->p_classes.nprim,
 					 sizeof(*p->class_val_to_struct),