On 1/18/2019 9:17 AM, Tetsuo Handa wrote:

On 2019/01/19 2:01, Casey Schaufler wrote:

quoted

quoted

-/**
- * tomoyo_real_domain - Get "struct tomoyo_domain_info" for specified thread.
- *
- * @task: Pointer to "struct task_struct".
+ * @task - Pointer to "struct task_struct".
  *
  * Returns pointer to "struct tomoyo_security" for specified thread.
  */
-static inline struct tomoyo_domain_info *tomoyo_real_domain(struct task_struct
-							    *task)
+static inline struct tomoyo_security *tomoyo_security(struct task_struct *task)

Could you use tomoyo_task() instead of tomoyo_security()?

Possible. But tomoyo_task() might be more confusing because it sounds like
"struct task_struct" when it actually returns "struct task_struct"->security.

Isn't tomoyo_task_security() better if I rename?

To my mind that just adds a _security suffix in a place where
we pretty well know you're doing something about security. I
used the <lsm>_<blob>() convention in part because it was usually
no longer than referencing the blob. smack_cred(cred) isn't
much longer than cred->security, whereas smack_cred_blob()
or smack_cred_security_blob() would be. I admit that I'm
looking at it from the viewpoint of someone who cares more about
how security modules are structured in general than I am in
how a specific module works.

In the end it's your code, but I hate to see divergence so
soon after I put a bit of order in place. 

quoted

To the extent that it's been possible I've worked to add
consistency in the security modules, and this breaks it.

Do you want me to rename

/* Structure for "struct task_struct"->security. */
struct tomoyo_security {
	struct tomoyo_domain_info *domain_info;
	struct tomoyo_domain_info *old_domain_info;
};

to "struct tomoyo_task" or "struct tomoyo_task_security" as well?

tomoyo_task would be my choice. Again, isn't appending _security
to things just adding keystrokes?