Commit 19b5b517 authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
  SELinux: one little, two little, three little whitespaces, the avc.c saga.
  SELinux: cleanup on isle selinuxfs.c
  changing whitespace for fun and profit: policydb.c
  SELinux: whitespace and formating fixes for hooks.c
  SELinux: clean up printks
  SELinux: sidtab.c whitespace, syntax, and static declaraction cleanups
  SELinux: services.c whitespace, syntax, and static declaraction cleanups
  SELinux: mls.c whitespace, syntax, and static declaraction cleanups
  SELinux: hashtab.c whitespace, syntax, and static declaraction cleanups
  SELinux: ebitmap.c whitespace, syntax, and static declaraction cleanups
  SELinux: conditional.c whitespace, syntax, and static declaraction cleanups
  SELinux: avtab.c whitespace, syntax, and static declaraction cleanups
  SELinux: xfrm.c whitespace, syntax, and static declaraction cleanups
  SELinux: nlmsgtab.c whitespace, syntax, and static declaraction cleanups
  SELinux: netnode.c whitespace, syntax, and static declaraction cleanups
  SELinux: netlink.c whitespace, syntax, and static declaraction cleanups
  SELinux: netlabel.c whitespace, syntax, and static declaraction cleanups
  SELinux: netif.c whitespace, syntax, and static declaraction cleanups
parents bda0c0af 95fff33b
......@@ -2,16 +2,16 @@
* Implementation of the kernel access vector cache (AVC).
*
* Authors: Stephen Smalley, <sds@epoch.ncsc.mil>
* James Morris <jmorris@redhat.com>
* James Morris <jmorris@redhat.com>
*
* Update: KaiGai, Kohei <kaigai@ak.jp.nec.com>
* Replaced the avc_lock spinlock by RCU.
* Replaced the avc_lock spinlock by RCU.
*
* Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2,
* as published by the Free Software Foundation.
* as published by the Free Software Foundation.
*/
#include <linux/types.h>
#include <linux/stddef.h>
......@@ -44,7 +44,7 @@ static const char *class_to_string[] = {
#undef S_
};
#define TB_(s) static const char * s [] = {
#define TB_(s) static const char *s[] = {
#define TE_(s) };
#define S_(s) s,
#include "common_perm_to_string.h"
......@@ -72,7 +72,7 @@ const struct selinux_class_perm selinux_class_perm = {
#define AVC_CACHE_RECLAIM 16
#ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
#define avc_cache_stats_incr(field) \
#define avc_cache_stats_incr(field) \
do { \
per_cpu(avc_cache_stats, get_cpu()).field++; \
put_cpu(); \
......@@ -92,7 +92,7 @@ struct avc_entry {
struct avc_node {
struct avc_entry ae;
struct list_head list;
struct rcu_head rhead;
struct rcu_head rhead;
};
struct avc_cache {
......@@ -105,8 +105,8 @@ struct avc_cache {
struct avc_callback_node {
int (*callback) (u32 event, u32 ssid, u32 tsid,
u16 tclass, u32 perms,
u32 *out_retained);
u16 tclass, u32 perms,
u32 *out_retained);
u32 events;
u32 ssid;
u32 tsid;
......@@ -202,7 +202,7 @@ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tcla
char *scontext;
u32 scontext_len;
rc = security_sid_to_context(ssid, &scontext, &scontext_len);
rc = security_sid_to_context(ssid, &scontext, &scontext_len);
if (rc)
audit_log_format(ab, "ssid=%d", ssid);
else {
......@@ -306,7 +306,7 @@ static inline int avc_reclaim_node(void)
int hvalue, try, ecx;
unsigned long flags;
for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++ ) {
for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++) {
hvalue = atomic_inc_return(&avc_cache.lru_hint) & (AVC_CACHE_SLOTS - 1);
if (!spin_trylock_irqsave(&avc_cache.slots_lock[hvalue], flags))
......@@ -426,7 +426,7 @@ static int avc_latest_notif_update(int seqno, int is_insert)
spin_lock_irqsave(&notif_lock, flag);
if (is_insert) {
if (seqno < avc_cache.latest_notif) {
printk(KERN_WARNING "avc: seqno %d < latest_notif %d\n",
printk(KERN_WARNING "SELinux: avc: seqno %d < latest_notif %d\n",
seqno, avc_cache.latest_notif);
ret = -EAGAIN;
}
......@@ -475,7 +475,7 @@ static struct avc_node *avc_insert(u32 ssid, u32 tsid, u16 tclass, struct avc_en
if (pos->ae.ssid == ssid &&
pos->ae.tsid == tsid &&
pos->ae.tclass == tclass) {
avc_node_replace(node, pos);
avc_node_replace(node, pos);
goto found;
}
}
......@@ -526,8 +526,8 @@ static inline void avc_print_ipv4_addr(struct audit_buffer *ab, __be32 addr,
* before calling the auditing code.
*/
void avc_audit(u32 ssid, u32 tsid,
u16 tclass, u32 requested,
struct av_decision *avd, int result, struct avc_audit_data *a)
u16 tclass, u32 requested,
struct av_decision *avd, int result, struct avc_audit_data *a)
{
struct task_struct *tsk = current;
struct inode *inode = NULL;
......@@ -541,7 +541,7 @@ void avc_audit(u32 ssid, u32 tsid,
return;
} else if (result) {
audited = denied = requested;
} else {
} else {
audited = requested;
if (!(audited & avd->auditallow))
return;
......@@ -551,7 +551,7 @@ void avc_audit(u32 ssid, u32 tsid,
if (!ab)
return; /* audit_panic has been called */
audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted");
avc_dump_av(ab, tclass,audited);
avc_dump_av(ab, tclass, audited);
audit_log_format(ab, " for ");
if (a && a->tsk)
tsk = a->tsk;
......@@ -647,7 +647,7 @@ void avc_audit(u32 ssid, u32 tsid,
break;
}
}
switch (a->u.net.family) {
case AF_INET:
avc_print_ipv4_addr(ab, a->u.net.v4info.saddr,
......@@ -702,10 +702,10 @@ void avc_audit(u32 ssid, u32 tsid,
* -%ENOMEM if insufficient memory exists to add the callback.
*/
int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
u16 tclass, u32 perms,
u32 *out_retained),
u32 events, u32 ssid, u32 tsid,
u16 tclass, u32 perms)
u16 tclass, u32 perms,
u32 *out_retained),
u32 events, u32 ssid, u32 tsid,
u16 tclass, u32 perms)
{
struct avc_callback_node *c;
int rc = 0;
......@@ -759,10 +759,10 @@ static int avc_update_node(u32 event, u32 perms, u32 ssid, u32 tsid, u16 tclass)
hvalue = avc_hash(ssid, tsid, tclass);
spin_lock_irqsave(&avc_cache.slots_lock[hvalue], flag);
list_for_each_entry(pos, &avc_cache.slots[hvalue], list){
if ( ssid==pos->ae.ssid &&
tsid==pos->ae.tsid &&
tclass==pos->ae.tclass ){
list_for_each_entry(pos, &avc_cache.slots[hvalue], list) {
if (ssid == pos->ae.ssid &&
tsid == pos->ae.tsid &&
tclass == pos->ae.tclass){
orig = pos;
break;
}
......@@ -829,7 +829,7 @@ int avc_ss_reset(u32 seqno)
for (c = avc_callbacks; c; c = c->next) {
if (c->events & AVC_CALLBACK_RESET) {
tmprc = c->callback(AVC_CALLBACK_RESET,
0, 0, 0, 0, NULL);
0, 0, 0, 0, NULL);
/* save the first error encountered for the return
value and continue processing the callbacks */
if (!rc)
......@@ -878,11 +878,11 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
node = avc_lookup(ssid, tsid, tclass, requested);
if (!node) {
rcu_read_unlock();
rc = security_compute_av(ssid,tsid,tclass,requested,&entry.avd);
rc = security_compute_av(ssid, tsid, tclass, requested, &entry.avd);
if (rc)
goto out;
rcu_read_lock();
node = avc_insert(ssid,tsid,tclass,&entry);
node = avc_insert(ssid, tsid, tclass, &entry);
}
p_ae = node ? &node->ae : &entry;
......@@ -924,7 +924,7 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
* another -errno upon other errors.
*/
int avc_has_perm(u32 ssid, u32 tsid, u16 tclass,
u32 requested, struct avc_audit_data *auditdata)
u32 requested, struct avc_audit_data *auditdata)
{
struct av_decision avd;
int rc;
......
This diff is collapsed.
......@@ -8,7 +8,7 @@
*
* Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
* Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
* Paul Moore <paul.moore@hp.com>
* Paul Moore <paul.moore@hp.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2,
......@@ -31,8 +31,7 @@
#define SEL_NETIF_HASH_SIZE 64
#define SEL_NETIF_HASH_MAX 1024
struct sel_netif
{
struct sel_netif {
struct list_head list;
struct netif_security_struct nsec;
struct rcu_head rcu_head;
......@@ -92,10 +91,10 @@ static inline struct sel_netif *sel_netif_find(int ifindex)
static int sel_netif_insert(struct sel_netif *netif)
{
int idx;
if (sel_netif_total >= SEL_NETIF_HASH_MAX)
return -ENOSPC;
idx = sel_netif_hashfn(netif->nsec.ifindex);
list_add_rcu(&netif->list, &sel_netif_hash[idx]);
sel_netif_total++;
......@@ -267,7 +266,7 @@ static void sel_netif_flush(void)
}
static int sel_netif_avc_callback(u32 event, u32 ssid, u32 tsid,
u16 class, u32 perms, u32 *retained)
u16 class, u32 perms, u32 *retained)
{
if (event == AVC_CALLBACK_RESET) {
sel_netif_flush();
......@@ -277,7 +276,7 @@ static int sel_netif_avc_callback(u32 event, u32 ssid, u32 tsid,
}
static int sel_netif_netdev_notifier_handler(struct notifier_block *this,
unsigned long event, void *ptr)
unsigned long event, void *ptr)
{
struct net_device *dev = ptr;
......@@ -297,7 +296,7 @@ static struct notifier_block sel_netif_netdev_notifier = {
static __init int sel_netif_init(void)
{
int i, err;
if (!selinux_enabled)
return 0;
......@@ -305,9 +304,9 @@ static __init int sel_netif_init(void)
INIT_LIST_HEAD(&sel_netif_hash[i]);
register_netdevice_notifier(&sel_netif_netdev_notifier);
err = avc_add_callback(sel_netif_avc_callback, AVC_CALLBACK_RESET,
SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
if (err)
panic("avc_add_callback() failed, error %d\n", err);
......
......@@ -118,7 +118,7 @@ void selinux_netlbl_cache_invalidate(void)
void selinux_netlbl_sk_security_reset(struct sk_security_struct *ssec,
int family)
{
if (family == PF_INET)
if (family == PF_INET)
ssec->nlbl_state = NLBL_REQUIRE;
else
ssec->nlbl_state = NLBL_UNSET;
......
......@@ -24,16 +24,16 @@ static struct sock *selnl;
static int selnl_msglen(int msgtype)
{
int ret = 0;
switch (msgtype) {
case SELNL_MSG_SETENFORCE:
ret = sizeof(struct selnl_msg_setenforce);
break;
case SELNL_MSG_POLICYLOAD:
ret = sizeof(struct selnl_msg_policyload);
break;
default:
BUG();
}
......@@ -45,15 +45,15 @@ static void selnl_add_payload(struct nlmsghdr *nlh, int len, int msgtype, void *
switch (msgtype) {
case SELNL_MSG_SETENFORCE: {
struct selnl_msg_setenforce *msg = NLMSG_DATA(nlh);
memset(msg, 0, len);
msg->val = *((int *)data);
break;
}
case SELNL_MSG_POLICYLOAD: {
struct selnl_msg_policyload *msg = NLMSG_DATA(nlh);
memset(msg, 0, len);
msg->seqno = *((u32 *)data);
break;
......@@ -70,9 +70,9 @@ static void selnl_notify(int msgtype, void *data)
sk_buff_data_t tmp;
struct sk_buff *skb;
struct nlmsghdr *nlh;
len = selnl_msglen(msgtype);
skb = alloc_skb(NLMSG_SPACE(len), GFP_USER);
if (!skb)
goto oom;
......@@ -85,7 +85,7 @@ static void selnl_notify(int msgtype, void *data)
netlink_broadcast(selnl, skb, 0, SELNLGRP_AVC, GFP_USER);
out:
return;
nlmsg_failure:
kfree_skb(skb);
oom:
......@@ -109,7 +109,7 @@ static int __init selnl_init(void)
SELNLGRP_MAX, NULL, NULL, THIS_MODULE);
if (selnl == NULL)
panic("SELinux: Cannot create netlink socket.");
netlink_set_nonroot(NETLINK_SELINUX, NL_NONROOT_RECV);
netlink_set_nonroot(NETLINK_SELINUX, NL_NONROOT_RECV);
return 0;
}
......
......@@ -344,7 +344,7 @@ static __init int sel_netnode_init(void)
INIT_LIST_HEAD(&sel_netnode_hash[iter]);
ret = avc_add_callback(sel_netnode_avc_callback, AVC_CALLBACK_RESET,
SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
if (ret != 0)
panic("avc_add_callback() failed, error %d\n", ret);
......
......@@ -23,8 +23,7 @@
#include "flask.h"
#include "av_permissions.h"
struct nlmsg_perm
{
struct nlmsg_perm {
u16 nlmsg_type;
u32 perm;
};
......@@ -159,7 +158,7 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
if ((nlmsg_type >= AUDIT_FIRST_USER_MSG &&
nlmsg_type <= AUDIT_LAST_USER_MSG) ||
(nlmsg_type >= AUDIT_FIRST_USER_MSG2 &&
nlmsg_type <= AUDIT_LAST_USER_MSG2)) {
nlmsg_type <= AUDIT_LAST_USER_MSG2)) {
*perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY;
} else {
err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,
......
This diff is collapsed.
......@@ -6,15 +6,15 @@
/* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
*
* Added conditional policy language extensions
* Added conditional policy language extensions
*
* Copyright (C) 2003 Tresys Technology, LLC
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 2.
*
* Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>
* Tuned number of hash slots for avtab to reduce memory usage
* Tuned number of hash slots for avtab to reduce memory usage
*/
#include <linux/kernel.h>
......@@ -33,10 +33,10 @@ static inline int avtab_hash(struct avtab_key *keyp, u16 mask)
static struct avtab_node*
avtab_insert_node(struct avtab *h, int hvalue,
struct avtab_node * prev, struct avtab_node * cur,
struct avtab_node *prev, struct avtab_node *cur,
struct avtab_key *key, struct avtab_datum *datum)
{
struct avtab_node * newnode;
struct avtab_node *newnode;
newnode = kmem_cache_zalloc(avtab_node_cachep, GFP_KERNEL);
if (newnode == NULL)
return NULL;
......@@ -84,7 +84,7 @@ static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_dat
}
newnode = avtab_insert_node(h, hvalue, prev, cur, key, datum);
if(!newnode)
if (!newnode)
return -ENOMEM;
return 0;
......@@ -95,7 +95,7 @@ static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_dat
* It also returns a pointer to the node inserted.
*/
struct avtab_node *
avtab_insert_nonunique(struct avtab * h, struct avtab_key * key, struct avtab_datum * datum)
avtab_insert_nonunique(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum)
{
int hvalue;
struct avtab_node *prev, *cur, *newnode;
......@@ -310,8 +310,8 @@ void avtab_hash_eval(struct avtab *h, char *tag)
}
}
printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, longest "
"chain length %d sum of chain length^2 %Lu\n",
printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, "
"longest chain length %d sum of chain length^2 %Lu\n",
tag, h->nel, slots_used, h->nslot, max_chain_len,
chain2_len_sum);
}
......@@ -326,7 +326,7 @@ static uint16_t spec_order[] = {
};
int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
int (*insertf)(struct avtab *a, struct avtab_key *k,
int (*insertf)(struct avtab *a, struct avtab_key *k,
struct avtab_datum *d, void *p),
void *p)
{
......@@ -364,19 +364,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
val = le32_to_cpu(buf32[items++]);
key.source_type = (u16)val;
if (key.source_type != val) {
printk("SELinux: avtab: truncated source type\n");
printk(KERN_ERR "SELinux: avtab: truncated source type\n");
return -1;
}
val = le32_to_cpu(buf32[items++]);
key.target_type = (u16)val;
if (key.target_type != val) {
printk("SELinux: avtab: truncated target type\n");
printk(KERN_ERR "SELinux: avtab: truncated target type\n");
return -1;
}
val = le32_to_cpu(buf32[items++]);
key.target_class = (u16)val;
if (key.target_class != val) {
printk("SELinux: avtab: truncated target class\n");
printk(KERN_ERR "SELinux: avtab: truncated target class\n");
return -1;
}
......@@ -384,12 +384,12 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0;
if (!(val & (AVTAB_AV | AVTAB_TYPE))) {
printk("SELinux: avtab: null entry\n");
printk(KERN_ERR "SELinux: avtab: null entry\n");
return -1;
}
if ((val & AVTAB_AV) &&
(val & AVTAB_TYPE)) {
printk("SELinux: avtab: entry has both access vectors and types\n");
printk(KERN_ERR "SELinux: avtab: entry has both access vectors and types\n");
return -1;
}
......@@ -398,12 +398,13 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
key.specified = spec_order[i] | enabled;
datum.data = le32_to_cpu(buf32[items++]);
rc = insertf(a, &key, &datum, p);
if (rc) return rc;
if (rc)
return rc;
}
}
if (items != items2) {
printk("SELinux: avtab: entry only had %d items, expected %d\n", items2, items);
printk(KERN_ERR "SELinux: avtab: entry only had %d items, expected %d\n", items2, items);
return -1;
}
return 0;
......@@ -411,7 +412,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
rc = next_entry(buf16, fp, sizeof(u16)*4);
if (rc < 0) {
printk("SELinux: avtab: truncated entry\n");
printk(KERN_ERR "SELinux: avtab: truncated entry\n");
return -1;
}
......@@ -424,7 +425,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
if (!policydb_type_isvalid(pol, key.source_type) ||
!policydb_type_isvalid(pol, key.target_type) ||
!policydb_class_isvalid(pol, key.target_class)) {
printk(KERN_WARNING "SELinux: avtab: invalid type or class\n");
printk(KERN_ERR "SELinux: avtab: invalid type or class\n");
return -1;
}
......@@ -434,20 +435,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
set++;
}
if (!set || set > 1) {
printk(KERN_WARNING
"SELinux: avtab: more than one specifier\n");
printk(KERN_ERR "SELinux: avtab: more than one specifier\n");
return -1;
}
rc = next_entry(buf32, fp, sizeof(u32));
if (rc < 0) {
printk("SELinux: avtab: truncated entry\n");
printk(KERN_ERR "SELinux: avtab: truncated entry\n");
return -1;
}
datum.data = le32_to_cpu(*buf32);
if ((key.specified & AVTAB_TYPE) &&
!policydb_type_isvalid(pol, datum.data)) {
printk(KERN_WARNING "SELinux: avtab: invalid type\n");
printk(KERN_ERR "SELinux: avtab: invalid type\n");
return -1;
}
return insertf(a, &key, &datum, p);
......@@ -513,5 +513,5 @@ void avtab_cache_init(void)
void avtab_cache_destroy(void)
{
kmem_cache_destroy (avtab_node_cachep);
kmem_cache_destroy(avtab_node_cachep);
}
/* Authors: Karl MacMillan <kmacmillan@tresys.com>
* Frank Mayer <mayerf@tresys.com>
* Frank Mayer <mayerf@tresys.com>
*
* Copyright (C) 2003 - 2004 Tresys Technology, LLC
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 2.
*/
......@@ -89,7 +89,7 @@ static int cond_evaluate_expr(struct policydb *p, struct cond_expr *expr)
int evaluate_cond_node(struct policydb *p, struct cond_node *node)
{
int new_state;
struct cond_av_list* cur;
struct cond_av_list *cur;
new_state = cond_evaluate_expr(p, node->expr);
if (new_state != node->cur_state) {
......@@ -98,20 +98,18 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node)
printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n");
/* turn the rules on or off */
for (cur = node->true_list; cur != NULL; cur = cur->next) {
if (new_state <= 0) {
if (new_state <= 0)
cur->node->key.specified &= ~AVTAB_ENABLED;
} else {
else
cur->node->key.specified |= AVTAB_ENABLED;
}
}
for (cur = node->false_list; cur != NULL; cur = cur->next) {
/* -1 or 1 */
if (new_state) {
if (new_state)
cur->node->key.specified &= ~AVTAB_ENABLED;
} else {
else
cur->node->key.specified |= AVTAB_ENABLED;
}
}
}
return 0;
......@@ -173,8 +171,8 @@ void cond_policydb_destroy(struct policydb *p)
int cond_init_bool_indexes(struct policydb *p)
{
kfree(p->bool_val_to_struct);
p->bool_val_to_struct = (struct cond_bool_datum**)
kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum*), GFP_KERNEL);
p->bool_val_to_struct = (struct cond_bool_datum **)
kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum *), GFP_KERNEL);
if (!p->bool_val_to_struct)
return -1;
return 0;
......@@ -199,7 +197,7 @@ int cond_index_bool(void *key, void *datum, void *datap)
return -EINVAL;
p->p_bool_val_to_name[booldatum->value - 1] = key;
p->bool_val_to_struct[booldatum->value -1] = booldatum;
p->bool_val_to_struct[booldatum->value - 1] = booldatum;
return 0;
}
......@@ -251,8 +249,7 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp)
return -1;
}
struct cond_insertf_data
{
struct cond_insertf_data {
struct policydb *p;
struct cond_av_list *other;
struct cond_av_list *head;
......@@ -275,7 +272,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
*/
if (k->specified & AVTAB_TYPE) {
if (avtab_search(&p->te_avtab, k)) {
printk("SELinux: type rule already exists outside of a conditional.");
printk(KERN_ERR "SELinux: type rule already exists outside of a conditional.\n");
goto err;
}
/*
......@@ -290,7 +287,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
node_ptr = avtab_search_node(&p->te_cond_avtab, k);
if (node_ptr) {
if (avtab_search_node_next(node_ptr, k->specified)) {
printk("SELinux: too many conflicting type rules.");
printk(KERN_ERR "SELinux: too many conflicting type rules.\n");
goto err;
}
found = 0;
......@@ -301,13 +298,13 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
}
}
if (!found) {
printk("SELinux: conflicting type rules.\n");
printk(KERN_ERR "SELinux: conflicting type rules.\n");
goto err;
}
}
} else {
if (avtab_search(&p->te_cond_avtab, k)) {
printk("SELinux: conflicting type rules when adding type rule for true.\n");
printk(KERN_ERR "SELinux: conflicting type rules when adding type rule for true.\n");
goto err;
}
}
......@@ -315,7 +312,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);
if (!node_ptr) {
printk("SELinux: could not insert rule.");
printk(KERN_ERR "SELinux: could not insert rule.\n");
goto err;
}
......@@ -352,9 +349,8 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list *
return -1;
len = le32_to_cpu(buf[0]);
if (len == 0) {
if (len == 0)
return 0;
}
data.p = p;
data.other = other;
......@@ -375,12 +371,12 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list *
static int expr_isvalid(struct policydb *p, struct cond_expr *expr)
{
if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) {
printk("SELinux: conditional expressions uses unknown operator.\n");
printk(KERN_ERR "SELinux: conditional expressions uses unknown operator.\n");
return 0;
}
if (expr->bool > p->p_bools.nprim) {
printk("SELinux: conditional expressions uses unknown bool.\n");
printk(KERN_ERR "SELinux: conditional expressions uses unknown bool.\n");
return 0;
}
return 1;
......@@ -407,15 +403,14 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
/* expr */
len = le32_to_cpu(buf[0]);
for (i = 0; i < len; i++ ) {
for (i = 0; i < len; i++) {
rc = next_entry(buf, fp, sizeof(u32) * 2);
if (rc < 0)
goto err;
expr = kzalloc(sizeof(struct cond_expr), GFP_KERNEL);
if (!expr) {
if (!expr)
goto err;
}
expr->expr_type = le32_to_cpu(buf[0]);
expr->bool = le32_to_cpu(buf[1]);
......@@ -425,11 +420,10 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
goto err;
}
if (i == 0) {
if (i == 0)
node->expr = expr;
} else {
else
last->next = expr;
}
last = expr;
}
......@@ -468,11 +462,10 @@ int cond_read_list(struct policydb *p, void *fp)
if (cond_read_node(p, node, fp) != 0)
goto err;
if (i == 0) {
if (i == 0)
p->cond_list = node;
} else {
else
last->next = node;
}
last = node;
}
return 0;
......@@ -489,24 +482,24 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decisi
{
struct avtab_node *node;
if(!ctab || !key || !avd)
if (!ctab || !key || !avd)
return;
for(node = avtab_search_node(ctab, key); node != NULL;
for (node = avtab_search_node(ctab, key); node != NULL;
node = avtab_search_node_next(node, key->specified)) {
if ( (u16) (AVTAB_ALLOWED|AVTAB_ENABLED) ==
(node->key.specified & (AVTAB_ALLOWED|AVTAB_ENABLED)))
if ((u16)(AVTAB_ALLOWED|AVTAB_ENABLED) ==
(node->key.specified & (AVTAB_ALLOWED|AVTAB_ENABLED)))
avd->allowed |= node->datum.data;
if ( (u16) (AVTAB_AUDITDENY|AVTAB_ENABLED) ==
(node->key.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED)))
if ((u16)(AVTAB_AUDITDENY|AVTAB_ENABLED) ==
(node->key.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED)))
/* Since a '0' in an auditdeny mask represents a
* permission we do NOT want to audit (dontaudit), we use
* the '&' operand to ensure that all '0's in the mask
* are retained (much unlike the allow and auditallow cases).
*/
avd->auditdeny &= node->datum.data;
if ( (u16) (AVTAB_AUDITALLOW|AVTAB_ENABLED) ==
(node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED)))
if ((u16)(AVTAB_AUDITALLOW|AVTAB_ENABLED) ==
(node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED)))
avd->auditallow |= node->datum.data;
}
return;
......
......@@ -411,11 +411,10 @@ int ebitmap_read(struct ebitmap *e, void *fp)
}
/* round down */
tmp->startbit = startbit - (startbit % EBITMAP_SIZE);
if (n) {
if (n)
n->next = tmp;
} else {
else
e->node = tmp;
}
n = tmp;
} else if (startbit <= n->startbit) {
printk(KERN_ERR "SELinux: ebitmap: start bit %d"
......
......@@ -9,8 +9,8 @@
#include "hashtab.h"
struct hashtab *hashtab_create(u32 (*hash_value)(struct hashtab *h, const void *key),
int (*keycmp)(struct hashtab *h, const void *key1, const void *key2),
u32 size)
int (*keycmp)(struct hashtab *h, const void *key1, const void *key2),
u32 size)
{
struct hashtab *p;
u32 i;
......
......@@ -32,7 +32,7 @@
* Return the length in bytes for the MLS fields of the
* security context string representation of `context'.
*/
int mls_compute_context_len(struct context * context)
int mls_compute_context_len(struct context *context)
{
int i, l, len, head, prev;
char *nm;
......@@ -86,7 +86,7 @@ int mls_compute_context_len(struct context * context)
* Update `*scontext' to point to the end of the MLS fields.
*/
void mls_sid_to_context(struct context *context,
char **scontext)
char **scontext)
{
char *scontextp, *nm;
int i, l, head, prev;
......@@ -146,7 +146,7 @@ void mls_sid_to_context(struct context *context,
if (l == 0) {
if (mls_level_eq(&context->range.level[0],
&context->range.level[1]))
&context->range.level[1]))
break;
else
*scontextp++ = '-';
......@@ -305,20 +305,21 @@ int mls_context_to_sid(char oldc,
*p++ = 0;
/* Separate into range if exists */
if ((rngptr = strchr(scontextp, '.')) != NULL) {
rngptr = strchr(scontextp, '.');
if (rngptr != NULL) {
/* Remove '.' */
*rngptr++ = 0;
}
catdatum = hashtab_search(policydb.p_cats.table,
scontextp);
scontextp);
if (!catdatum) {
rc = -EINVAL;
goto out;
}
rc = ebitmap_set_bit(&context->range.level[l].cat,
catdatum->value - 1, 1);
catdatum->value - 1, 1);
if (rc)
goto out;
......@@ -395,7 +396,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask)
rc = -ENOMEM;
} else {
rc = mls_context_to_sid(':', &tmpstr, context,
NULL, SECSID_NULL);
NULL, SECSID_NULL);
kfree(freestr);
}
......@@ -406,7 +407,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask)
* Copies the MLS range `range' into `context'.
*/
static inline int mls_range_set(struct context *context,
struct mls_range *range)
struct mls_range *range)
{
int l, rc = 0;
......@@ -423,7 +424,7 @@ static inline int mls_range_set(struct context *context,
}
int mls_setup_user_range(struct context *fromcon, struct user_datum *user,
struct context *usercon)
struct context *usercon)
{
if (selinux_mls_enabled) {
struct mls_level *fromcon_sen = &(fromcon->range.level[0]);
......@@ -449,11 +450,11 @@ int mls_setup_user_range(struct context *fromcon, struct user_datum *user,
that of the user's default clearance (but
only if the "fromcon" clearance dominates
the user's computed sensitivity level) */
if (mls_level_dom(user_clr, fromcon_clr)) {
if (mls_level_dom(user_clr, fromcon_clr))
*usercon_clr = *fromcon_clr;
} else if (mls_level_dom(fromcon_clr, user_clr)) {
else if (mls_level_dom(fromcon_clr, user_clr))
*usercon_clr = *user_clr;
} else
else
return -EINVAL;
}
......@@ -525,7 +526,7 @@ int mls_compute_sid(struct context *scontext,
rtr->target_class == tclass) {
/* Set the range from the rule */
return mls_range_set(newcontext,
&rtr->target_range);
&rtr->target_range);
}
}
/* Fallthrough */
......
This diff is collapsed.
This diff is collapsed.
......@@ -156,12 +156,10 @@ void sidtab_map_remove_on_error(struct sidtab *s,
while (cur != NULL) {
ret = apply(cur->sid, &cur->context, args);
if (ret) {
if (last) {
if (last)
last->next = cur->next;
} else {
else
s->htable[i] = cur->next;
}
temp = cur;
cur = cur->next;
context_destroy(&temp->context);
......
......@@ -180,8 +180,7 @@ int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall)
if (!ckall)
break;
}
else if (*sid != ctx->ctx_sid)
} else if (*sid != ctx->ctx_sid)
return -EINVAL;
}
}
......@@ -326,8 +325,7 @@ int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
*/
void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
{
if (ctx)
kfree(ctx);
kfree(ctx);
}
/*
......@@ -372,8 +370,7 @@ int selinux_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *uct
void selinux_xfrm_state_free(struct xfrm_state *x)
{
struct xfrm_sec_ctx *ctx = x->security;
if (ctx)
kfree(ctx);
kfree(ctx);
}
/*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment