mirror of
https://github.com/torvalds/linux
synced 2024-10-14 23:39:09 +00:00
selinux: introduce SECURITY_SELINUX_DEBUG configuration
The policy database code contains several debug output statements related to hashtable utilization. Those are guarded by the macro DEBUG_HASHES, which is neither documented nor set anywhere. Introduce a new Kconfig configuration guarding this and potential other future debugging related code. Disable the setting by default. Suggested-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Christian Göttsche <cgzones@googlemail.com> [PM: fixed line lengths in the help text] Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
dd51fcd42f
commit
55a0e73806
|
@ -68,3 +68,12 @@ config SECURITY_SELINUX_SID2STR_CACHE_SIZE
|
|||
conversion. Setting this option to 0 disables the cache completely.
|
||||
|
||||
If unsure, keep the default value.
|
||||
|
||||
config SECURITY_SELINUX_DEBUG
|
||||
bool "SELinux kernel debugging support"
|
||||
depends on SECURITY_SELINUX
|
||||
default n
|
||||
help
|
||||
This enables debugging code designed to help SELinux kernel
|
||||
developers, unless you know what this does in the kernel code you
|
||||
should leave this disabled.
|
||||
|
|
|
@ -41,7 +41,7 @@
|
|||
#include "mls.h"
|
||||
#include "services.h"
|
||||
|
||||
#ifdef DEBUG_HASHES
|
||||
#ifdef CONFIG_SECURITY_SELINUX_DEBUG
|
||||
static const char *const symtab_name[SYM_NUM] = {
|
||||
"common prefixes",
|
||||
"classes",
|
||||
|
@ -678,7 +678,7 @@ static int (*const index_f[SYM_NUM]) (void *key, void *datum, void *datap) = {
|
|||
cat_index,
|
||||
};
|
||||
|
||||
#ifdef DEBUG_HASHES
|
||||
#ifdef CONFIG_SECURITY_SELINUX_DEBUG
|
||||
static void hash_eval(struct hashtab *h, const char *hash_name)
|
||||
{
|
||||
struct hashtab_info info;
|
||||
|
@ -701,7 +701,7 @@ static void symtab_hash_eval(struct symtab *s)
|
|||
static inline void hash_eval(struct hashtab *h, const char *hash_name)
|
||||
{
|
||||
}
|
||||
#endif
|
||||
#endif /* CONFIG_SECURITY_SELINUX_DEBUG */
|
||||
|
||||
/*
|
||||
* Define the other val_to_name and val_to_struct arrays
|
||||
|
@ -725,7 +725,7 @@ static int policydb_index(struct policydb *p)
|
|||
pr_debug("SELinux: %d classes, %d rules\n",
|
||||
p->p_classes.nprim, p->te_avtab.nel);
|
||||
|
||||
#ifdef DEBUG_HASHES
|
||||
#ifdef CONFIG_SECURITY_SELINUX_DEBUG
|
||||
avtab_hash_eval(&p->te_avtab, "rules");
|
||||
symtab_hash_eval(p->symtab);
|
||||
#endif
|
||||
|
|
Loading…
Reference in a new issue