Re: [PATCH 26/33] apparmor: use match_string() helper
Hi John, On 2018/5/21 23:33, John Johansen wrote: > On 05/21/2018 04:58 AM, Yisheng Xie wrote: >> match_string() returns the index of an array for a matching string, >> which can be used intead of open coded variant. >> > > Andy Shevchenko patch to do the same thing is already in apparmor-next Sorry, I will drop this one. Thanks Yisheng > >> Cc: John Johansen>> Cc: James Morris >> Cc: "Serge E. Hallyn" >> Cc: linux-security-mod...@vger.kernel.org >> Signed-off-by: Yisheng Xie >> --- >> security/apparmor/lsm.c | 25 +++-- >> 1 file changed, 11 insertions(+), 14 deletions(-) >> >> diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c >> index ce2b89e..9b5904f 100644 >> --- a/security/apparmor/lsm.c >> +++ b/security/apparmor/lsm.c >> @@ -1378,14 +1378,12 @@ static int param_set_audit(const char *val, const >> struct kernel_param *kp) >> if (apparmor_initialized && !policy_admin_capable(NULL)) >> return -EPERM; >> >> -for (i = 0; i < AUDIT_MAX_INDEX; i++) { >> -if (strcmp(val, audit_mode_names[i]) == 0) { >> -aa_g_audit = i; >> -return 0; >> -} >> -} >> +i = match_string(audit_mode_names, AUDIT_MAX_INDEX, val); >> +if (i < 0) >> +return -EINVAL; >> >> -return -EINVAL; >> +aa_g_audit = i; >> +return 0; >> } >> >> static int param_get_mode(char *buffer, const struct kernel_param *kp) >> @@ -1409,14 +1407,13 @@ static int param_set_mode(const char *val, const >> struct kernel_param *kp) >> if (apparmor_initialized && !policy_admin_capable(NULL)) >> return -EPERM; >> >> -for (i = 0; i < APPARMOR_MODE_NAMES_MAX_INDEX; i++) { >> -if (strcmp(val, aa_profile_mode_names[i]) == 0) { >> -aa_g_profile_mode = i; >> -return 0; >> -} >> -} >> +i = match_string(aa_profile_mode_names, >> + APPARMOR_MODE_NAMES_MAX_INDEX, val); >> +if (i) >> +return -EINVAL; >> >> -return -EINVAL; >> +aa_g_profile_mode = i; >> +return 0; >> } >> >> /* >> > > >
Re: [PATCH 26/33] apparmor: use match_string() helper
Hi John, On 2018/5/21 23:33, John Johansen wrote: > On 05/21/2018 04:58 AM, Yisheng Xie wrote: >> match_string() returns the index of an array for a matching string, >> which can be used intead of open coded variant. >> > > Andy Shevchenko patch to do the same thing is already in apparmor-next Sorry, I will drop this one. Thanks Yisheng > >> Cc: John Johansen >> Cc: James Morris >> Cc: "Serge E. Hallyn" >> Cc: linux-security-mod...@vger.kernel.org >> Signed-off-by: Yisheng Xie >> --- >> security/apparmor/lsm.c | 25 +++-- >> 1 file changed, 11 insertions(+), 14 deletions(-) >> >> diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c >> index ce2b89e..9b5904f 100644 >> --- a/security/apparmor/lsm.c >> +++ b/security/apparmor/lsm.c >> @@ -1378,14 +1378,12 @@ static int param_set_audit(const char *val, const >> struct kernel_param *kp) >> if (apparmor_initialized && !policy_admin_capable(NULL)) >> return -EPERM; >> >> -for (i = 0; i < AUDIT_MAX_INDEX; i++) { >> -if (strcmp(val, audit_mode_names[i]) == 0) { >> -aa_g_audit = i; >> -return 0; >> -} >> -} >> +i = match_string(audit_mode_names, AUDIT_MAX_INDEX, val); >> +if (i < 0) >> +return -EINVAL; >> >> -return -EINVAL; >> +aa_g_audit = i; >> +return 0; >> } >> >> static int param_get_mode(char *buffer, const struct kernel_param *kp) >> @@ -1409,14 +1407,13 @@ static int param_set_mode(const char *val, const >> struct kernel_param *kp) >> if (apparmor_initialized && !policy_admin_capable(NULL)) >> return -EPERM; >> >> -for (i = 0; i < APPARMOR_MODE_NAMES_MAX_INDEX; i++) { >> -if (strcmp(val, aa_profile_mode_names[i]) == 0) { >> -aa_g_profile_mode = i; >> -return 0; >> -} >> -} >> +i = match_string(aa_profile_mode_names, >> + APPARMOR_MODE_NAMES_MAX_INDEX, val); >> +if (i) >> +return -EINVAL; >> >> -return -EINVAL; >> +aa_g_profile_mode = i; >> +return 0; >> } >> >> /* >> > > >
Re: [PATCH 26/33] apparmor: use match_string() helper
On Mon, May 21, 2018 at 2:58 PM, Yisheng Xiewrote: > match_string() returns the index of an array for a matching string, > which can be used intead of open coded variant. http://kernsec.org/pipermail/linux-security-module-archi > Cc: John Johansen > Cc: James Morris > Cc: "Serge E. Hallyn" > Cc: linux-security-mod...@vger.kernel.org -- With Best Regards, Andy Shevchenko
Re: [PATCH 26/33] apparmor: use match_string() helper
On Mon, May 21, 2018 at 2:58 PM, Yisheng Xie wrote: > match_string() returns the index of an array for a matching string, > which can be used intead of open coded variant. http://kernsec.org/pipermail/linux-security-module-archi > Cc: John Johansen > Cc: James Morris > Cc: "Serge E. Hallyn" > Cc: linux-security-mod...@vger.kernel.org -- With Best Regards, Andy Shevchenko
Re: [PATCH 26/33] apparmor: use match_string() helper
On 05/21/2018 04:58 AM, Yisheng Xie wrote: > match_string() returns the index of an array for a matching string, > which can be used intead of open coded variant. > Andy Shevchenko patch to do the same thing is already in apparmor-next > Cc: John Johansen> Cc: James Morris > Cc: "Serge E. Hallyn" > Cc: linux-security-mod...@vger.kernel.org > Signed-off-by: Yisheng Xie > --- > security/apparmor/lsm.c | 25 +++-- > 1 file changed, 11 insertions(+), 14 deletions(-) > > diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c > index ce2b89e..9b5904f 100644 > --- a/security/apparmor/lsm.c > +++ b/security/apparmor/lsm.c > @@ -1378,14 +1378,12 @@ static int param_set_audit(const char *val, const > struct kernel_param *kp) > if (apparmor_initialized && !policy_admin_capable(NULL)) > return -EPERM; > > - for (i = 0; i < AUDIT_MAX_INDEX; i++) { > - if (strcmp(val, audit_mode_names[i]) == 0) { > - aa_g_audit = i; > - return 0; > - } > - } > + i = match_string(audit_mode_names, AUDIT_MAX_INDEX, val); > + if (i < 0) > + return -EINVAL; > > - return -EINVAL; > + aa_g_audit = i; > + return 0; > } > > static int param_get_mode(char *buffer, const struct kernel_param *kp) > @@ -1409,14 +1407,13 @@ static int param_set_mode(const char *val, const > struct kernel_param *kp) > if (apparmor_initialized && !policy_admin_capable(NULL)) > return -EPERM; > > - for (i = 0; i < APPARMOR_MODE_NAMES_MAX_INDEX; i++) { > - if (strcmp(val, aa_profile_mode_names[i]) == 0) { > - aa_g_profile_mode = i; > - return 0; > - } > - } > + i = match_string(aa_profile_mode_names, > + APPARMOR_MODE_NAMES_MAX_INDEX, val); > + if (i) > + return -EINVAL; > > - return -EINVAL; > + aa_g_profile_mode = i; > + return 0; > } > > /* >
Re: [PATCH 26/33] apparmor: use match_string() helper
On 05/21/2018 04:58 AM, Yisheng Xie wrote: > match_string() returns the index of an array for a matching string, > which can be used intead of open coded variant. > Andy Shevchenko patch to do the same thing is already in apparmor-next > Cc: John Johansen > Cc: James Morris > Cc: "Serge E. Hallyn" > Cc: linux-security-mod...@vger.kernel.org > Signed-off-by: Yisheng Xie > --- > security/apparmor/lsm.c | 25 +++-- > 1 file changed, 11 insertions(+), 14 deletions(-) > > diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c > index ce2b89e..9b5904f 100644 > --- a/security/apparmor/lsm.c > +++ b/security/apparmor/lsm.c > @@ -1378,14 +1378,12 @@ static int param_set_audit(const char *val, const > struct kernel_param *kp) > if (apparmor_initialized && !policy_admin_capable(NULL)) > return -EPERM; > > - for (i = 0; i < AUDIT_MAX_INDEX; i++) { > - if (strcmp(val, audit_mode_names[i]) == 0) { > - aa_g_audit = i; > - return 0; > - } > - } > + i = match_string(audit_mode_names, AUDIT_MAX_INDEX, val); > + if (i < 0) > + return -EINVAL; > > - return -EINVAL; > + aa_g_audit = i; > + return 0; > } > > static int param_get_mode(char *buffer, const struct kernel_param *kp) > @@ -1409,14 +1407,13 @@ static int param_set_mode(const char *val, const > struct kernel_param *kp) > if (apparmor_initialized && !policy_admin_capable(NULL)) > return -EPERM; > > - for (i = 0; i < APPARMOR_MODE_NAMES_MAX_INDEX; i++) { > - if (strcmp(val, aa_profile_mode_names[i]) == 0) { > - aa_g_profile_mode = i; > - return 0; > - } > - } > + i = match_string(aa_profile_mode_names, > + APPARMOR_MODE_NAMES_MAX_INDEX, val); > + if (i) > + return -EINVAL; > > - return -EINVAL; > + aa_g_profile_mode = i; > + return 0; > } > > /* >
[PATCH 26/33] apparmor: use match_string() helper
match_string() returns the index of an array for a matching string, which can be used intead of open coded variant. Cc: John JohansenCc: James Morris Cc: "Serge E. Hallyn" Cc: linux-security-mod...@vger.kernel.org Signed-off-by: Yisheng Xie --- security/apparmor/lsm.c | 25 +++-- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index ce2b89e..9b5904f 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1378,14 +1378,12 @@ static int param_set_audit(const char *val, const struct kernel_param *kp) if (apparmor_initialized && !policy_admin_capable(NULL)) return -EPERM; - for (i = 0; i < AUDIT_MAX_INDEX; i++) { - if (strcmp(val, audit_mode_names[i]) == 0) { - aa_g_audit = i; - return 0; - } - } + i = match_string(audit_mode_names, AUDIT_MAX_INDEX, val); + if (i < 0) + return -EINVAL; - return -EINVAL; + aa_g_audit = i; + return 0; } static int param_get_mode(char *buffer, const struct kernel_param *kp) @@ -1409,14 +1407,13 @@ static int param_set_mode(const char *val, const struct kernel_param *kp) if (apparmor_initialized && !policy_admin_capable(NULL)) return -EPERM; - for (i = 0; i < APPARMOR_MODE_NAMES_MAX_INDEX; i++) { - if (strcmp(val, aa_profile_mode_names[i]) == 0) { - aa_g_profile_mode = i; - return 0; - } - } + i = match_string(aa_profile_mode_names, +APPARMOR_MODE_NAMES_MAX_INDEX, val); + if (i) + return -EINVAL; - return -EINVAL; + aa_g_profile_mode = i; + return 0; } /* -- 1.7.12.4
[PATCH 26/33] apparmor: use match_string() helper
match_string() returns the index of an array for a matching string, which can be used intead of open coded variant. Cc: John Johansen Cc: James Morris Cc: "Serge E. Hallyn" Cc: linux-security-mod...@vger.kernel.org Signed-off-by: Yisheng Xie --- security/apparmor/lsm.c | 25 +++-- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index ce2b89e..9b5904f 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -1378,14 +1378,12 @@ static int param_set_audit(const char *val, const struct kernel_param *kp) if (apparmor_initialized && !policy_admin_capable(NULL)) return -EPERM; - for (i = 0; i < AUDIT_MAX_INDEX; i++) { - if (strcmp(val, audit_mode_names[i]) == 0) { - aa_g_audit = i; - return 0; - } - } + i = match_string(audit_mode_names, AUDIT_MAX_INDEX, val); + if (i < 0) + return -EINVAL; - return -EINVAL; + aa_g_audit = i; + return 0; } static int param_get_mode(char *buffer, const struct kernel_param *kp) @@ -1409,14 +1407,13 @@ static int param_set_mode(const char *val, const struct kernel_param *kp) if (apparmor_initialized && !policy_admin_capable(NULL)) return -EPERM; - for (i = 0; i < APPARMOR_MODE_NAMES_MAX_INDEX; i++) { - if (strcmp(val, aa_profile_mode_names[i]) == 0) { - aa_g_profile_mode = i; - return 0; - } - } + i = match_string(aa_profile_mode_names, +APPARMOR_MODE_NAMES_MAX_INDEX, val); + if (i) + return -EINVAL; - return -EINVAL; + aa_g_profile_mode = i; + return 0; } /* -- 1.7.12.4