Commit 454d972c authored by James Morris's avatar James Morris

SELinux: unify printk messages

Replace "security:" prefixes in printk messages with "SELinux"
to help users identify the source of the messages.  Also fix a
couple of minor formatting issues.
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 98e98946
...@@ -280,8 +280,8 @@ int avtab_alloc(struct avtab *h, u32 nrules) ...@@ -280,8 +280,8 @@ int avtab_alloc(struct avtab *h, u32 nrules)
h->nel = 0; h->nel = 0;
h->nslot = nslot; h->nslot = nslot;
h->mask = mask; h->mask = mask;
printk(KERN_DEBUG "SELinux:%d avtab hash slots allocated. " printk(KERN_DEBUG "SELinux: %d avtab hash slots, %d rules.\n",
"Num of rules:%d\n", h->nslot, nrules); h->nslot, nrules);
return 0; return 0;
} }
...@@ -345,18 +345,18 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, ...@@ -345,18 +345,18 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
if (vers < POLICYDB_VERSION_AVTAB) { if (vers < POLICYDB_VERSION_AVTAB) {
rc = next_entry(buf32, fp, sizeof(u32)); rc = next_entry(buf32, fp, sizeof(u32));
if (rc < 0) { if (rc < 0) {
printk(KERN_ERR "security: avtab: truncated entry\n"); printk(KERN_ERR "SELinux: avtab: truncated entry\n");
return -1; return -1;
} }
items2 = le32_to_cpu(buf32[0]); items2 = le32_to_cpu(buf32[0]);
if (items2 > ARRAY_SIZE(buf32)) { if (items2 > ARRAY_SIZE(buf32)) {
printk(KERN_ERR "security: avtab: entry overflow\n"); printk(KERN_ERR "SELinux: avtab: entry overflow\n");
return -1; return -1;
} }
rc = next_entry(buf32, fp, sizeof(u32)*items2); rc = next_entry(buf32, fp, sizeof(u32)*items2);
if (rc < 0) { if (rc < 0) {
printk(KERN_ERR "security: avtab: truncated entry\n"); printk(KERN_ERR "SELinux: avtab: truncated entry\n");
return -1; return -1;
} }
items = 0; items = 0;
...@@ -364,19 +364,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, ...@@ -364,19 +364,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
val = le32_to_cpu(buf32[items++]); val = le32_to_cpu(buf32[items++]);
key.source_type = (u16)val; key.source_type = (u16)val;
if (key.source_type != val) { if (key.source_type != val) {
printk("security: avtab: truncated source type\n"); printk("SELinux: avtab: truncated source type\n");
return -1; return -1;
} }
val = le32_to_cpu(buf32[items++]); val = le32_to_cpu(buf32[items++]);
key.target_type = (u16)val; key.target_type = (u16)val;
if (key.target_type != val) { if (key.target_type != val) {
printk("security: avtab: truncated target type\n"); printk("SELinux: avtab: truncated target type\n");
return -1; return -1;
} }
val = le32_to_cpu(buf32[items++]); val = le32_to_cpu(buf32[items++]);
key.target_class = (u16)val; key.target_class = (u16)val;
if (key.target_class != val) { if (key.target_class != val) {
printk("security: avtab: truncated target class\n"); printk("SELinux: avtab: truncated target class\n");
return -1; return -1;
} }
...@@ -384,12 +384,12 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, ...@@ -384,12 +384,12 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0; enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0;
if (!(val & (AVTAB_AV | AVTAB_TYPE))) { if (!(val & (AVTAB_AV | AVTAB_TYPE))) {
printk("security: avtab: null entry\n"); printk("SELinux: avtab: null entry\n");
return -1; return -1;
} }
if ((val & AVTAB_AV) && if ((val & AVTAB_AV) &&
(val & AVTAB_TYPE)) { (val & AVTAB_TYPE)) {
printk("security: avtab: entry has both access vectors and types\n"); printk("SELinux: avtab: entry has both access vectors and types\n");
return -1; return -1;
} }
...@@ -403,7 +403,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, ...@@ -403,7 +403,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
} }
if (items != items2) { if (items != items2) {
printk("security: avtab: entry only had %d items, expected %d\n", items2, items); printk("SELinux: avtab: entry only had %d items, expected %d\n", items2, items);
return -1; return -1;
} }
return 0; return 0;
...@@ -411,7 +411,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, ...@@ -411,7 +411,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
rc = next_entry(buf16, fp, sizeof(u16)*4); rc = next_entry(buf16, fp, sizeof(u16)*4);
if (rc < 0) { if (rc < 0) {
printk("security: avtab: truncated entry\n"); printk("SELinux: avtab: truncated entry\n");
return -1; return -1;
} }
...@@ -424,7 +424,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, ...@@ -424,7 +424,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
if (!policydb_type_isvalid(pol, key.source_type) || if (!policydb_type_isvalid(pol, key.source_type) ||
!policydb_type_isvalid(pol, key.target_type) || !policydb_type_isvalid(pol, key.target_type) ||
!policydb_class_isvalid(pol, key.target_class)) { !policydb_class_isvalid(pol, key.target_class)) {
printk(KERN_WARNING "security: avtab: invalid type or class\n"); printk(KERN_WARNING "SELinux: avtab: invalid type or class\n");
return -1; return -1;
} }
...@@ -435,19 +435,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, ...@@ -435,19 +435,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
} }
if (!set || set > 1) { if (!set || set > 1) {
printk(KERN_WARNING printk(KERN_WARNING
"security: avtab: more than one specifier\n"); "SELinux: avtab: more than one specifier\n");
return -1; return -1;
} }
rc = next_entry(buf32, fp, sizeof(u32)); rc = next_entry(buf32, fp, sizeof(u32));
if (rc < 0) { if (rc < 0) {
printk("security: avtab: truncated entry\n"); printk("SELinux: avtab: truncated entry\n");
return -1; return -1;
} }
datum.data = le32_to_cpu(*buf32); datum.data = le32_to_cpu(*buf32);
if ((key.specified & AVTAB_TYPE) && if ((key.specified & AVTAB_TYPE) &&
!policydb_type_isvalid(pol, datum.data)) { !policydb_type_isvalid(pol, datum.data)) {
printk(KERN_WARNING "security: avtab: invalid type\n"); printk(KERN_WARNING "SELinux: avtab: invalid type\n");
return -1; return -1;
} }
return insertf(a, &key, &datum, p); return insertf(a, &key, &datum, p);
...@@ -468,12 +468,12 @@ int avtab_read(struct avtab *a, void *fp, struct policydb *pol) ...@@ -468,12 +468,12 @@ int avtab_read(struct avtab *a, void *fp, struct policydb *pol)
rc = next_entry(buf, fp, sizeof(u32)); rc = next_entry(buf, fp, sizeof(u32));
if (rc < 0) { if (rc < 0) {
printk(KERN_ERR "security: avtab: truncated table\n"); printk(KERN_ERR "SELinux: avtab: truncated table\n");
goto bad; goto bad;
} }
nel = le32_to_cpu(buf[0]); nel = le32_to_cpu(buf[0]);
if (!nel) { if (!nel) {
printk(KERN_ERR "security: avtab: table is empty\n"); printk(KERN_ERR "SELinux: avtab: table is empty\n");
rc = -EINVAL; rc = -EINVAL;
goto bad; goto bad;
} }
...@@ -486,9 +486,9 @@ int avtab_read(struct avtab *a, void *fp, struct policydb *pol) ...@@ -486,9 +486,9 @@ int avtab_read(struct avtab *a, void *fp, struct policydb *pol)
rc = avtab_read_item(a, fp, pol, avtab_insertf, NULL); rc = avtab_read_item(a, fp, pol, avtab_insertf, NULL);
if (rc) { if (rc) {
if (rc == -ENOMEM) if (rc == -ENOMEM)
printk(KERN_ERR "security: avtab: out of memory\n"); printk(KERN_ERR "SELinux: avtab: out of memory\n");
else if (rc == -EEXIST) else if (rc == -EEXIST)
printk(KERN_ERR "security: avtab: duplicate entry\n"); printk(KERN_ERR "SELinux: avtab: duplicate entry\n");
else else
rc = -EINVAL; rc = -EINVAL;
goto bad; goto bad;
......
...@@ -96,7 +96,7 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node) ...@@ -96,7 +96,7 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node)
if (new_state != node->cur_state) { if (new_state != node->cur_state) {
node->cur_state = new_state; node->cur_state = new_state;
if (new_state == -1) if (new_state == -1)
printk(KERN_ERR "security: expression result was undefined - disabling all rules.\n"); printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n");
/* turn the rules on or off */ /* turn the rules on or off */
for (cur = node->true_list; cur != NULL; cur = cur->next) { for (cur = node->true_list; cur != NULL; cur = cur->next) {
if (new_state <= 0) { if (new_state <= 0) {
...@@ -276,7 +276,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum ...@@ -276,7 +276,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
*/ */
if (k->specified & AVTAB_TYPE) { if (k->specified & AVTAB_TYPE) {
if (avtab_search(&p->te_avtab, k)) { if (avtab_search(&p->te_avtab, k)) {
printk("security: type rule already exists outside of a conditional."); printk("SELinux: type rule already exists outside of a conditional.");
goto err; goto err;
} }
/* /*
...@@ -291,7 +291,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum ...@@ -291,7 +291,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
node_ptr = avtab_search_node(&p->te_cond_avtab, k); node_ptr = avtab_search_node(&p->te_cond_avtab, k);
if (node_ptr) { if (node_ptr) {
if (avtab_search_node_next(node_ptr, k->specified)) { if (avtab_search_node_next(node_ptr, k->specified)) {
printk("security: too many conflicting type rules."); printk("SELinux: too many conflicting type rules.");
goto err; goto err;
} }
found = 0; found = 0;
...@@ -302,13 +302,13 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum ...@@ -302,13 +302,13 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
} }
} }
if (!found) { if (!found) {
printk("security: conflicting type rules.\n"); printk("SELinux: conflicting type rules.\n");
goto err; goto err;
} }
} }
} else { } else {
if (avtab_search(&p->te_cond_avtab, k)) { if (avtab_search(&p->te_cond_avtab, k)) {
printk("security: conflicting type rules when adding type rule for true.\n"); printk("SELinux: conflicting type rules when adding type rule for true.\n");
goto err; goto err;
} }
} }
...@@ -316,7 +316,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum ...@@ -316,7 +316,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d); node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);
if (!node_ptr) { if (!node_ptr) {
printk("security: could not insert rule."); printk("SELinux: could not insert rule.");
goto err; goto err;
} }
...@@ -376,12 +376,12 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list * ...@@ -376,12 +376,12 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list *
static int expr_isvalid(struct policydb *p, struct cond_expr *expr) static int expr_isvalid(struct policydb *p, struct cond_expr *expr)
{ {
if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) { if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) {
printk("security: conditional expressions uses unknown operator.\n"); printk("SELinux: conditional expressions uses unknown operator.\n");
return 0; return 0;
} }
if (expr->bool > p->p_bools.nprim) { if (expr->bool > p->p_bools.nprim) {
printk("security: conditional expressions uses unknown bool.\n"); printk("SELinux: conditional expressions uses unknown bool.\n");
return 0; return 0;
} }
return 1; return 1;
......
...@@ -364,7 +364,7 @@ int ebitmap_read(struct ebitmap *e, void *fp) ...@@ -364,7 +364,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)
count = le32_to_cpu(buf[2]); count = le32_to_cpu(buf[2]);
if (mapunit != sizeof(u64) * 8) { if (mapunit != sizeof(u64) * 8) {
printk(KERN_ERR "security: ebitmap: map size %u does not " printk(KERN_ERR "SELinux: ebitmap: map size %u does not "
"match my size %Zd (high bit was %d)\n", "match my size %Zd (high bit was %d)\n",
mapunit, sizeof(u64) * 8, e->highbit); mapunit, sizeof(u64) * 8, e->highbit);
goto bad; goto bad;
...@@ -382,19 +382,19 @@ int ebitmap_read(struct ebitmap *e, void *fp) ...@@ -382,19 +382,19 @@ int ebitmap_read(struct ebitmap *e, void *fp)
for (i = 0; i < count; i++) { for (i = 0; i < count; i++) {
rc = next_entry(&startbit, fp, sizeof(u32)); rc = next_entry(&startbit, fp, sizeof(u32));
if (rc < 0) { if (rc < 0) {
printk(KERN_ERR "security: ebitmap: truncated map\n"); printk(KERN_ERR "SELinux: ebitmap: truncated map\n");
goto bad; goto bad;
} }
startbit = le32_to_cpu(startbit); startbit = le32_to_cpu(startbit);
if (startbit & (mapunit - 1)) { if (startbit & (mapunit - 1)) {
printk(KERN_ERR "security: ebitmap start bit (%d) is " printk(KERN_ERR "SELinux: ebitmap start bit (%d) is "
"not a multiple of the map unit size (%u)\n", "not a multiple of the map unit size (%u)\n",
startbit, mapunit); startbit, mapunit);
goto bad; goto bad;
} }
if (startbit > e->highbit - mapunit) { if (startbit > e->highbit - mapunit) {
printk(KERN_ERR "security: ebitmap start bit (%d) is " printk(KERN_ERR "SELinux: ebitmap start bit (%d) is "
"beyond the end of the bitmap (%u)\n", "beyond the end of the bitmap (%u)\n",
startbit, (e->highbit - mapunit)); startbit, (e->highbit - mapunit));
goto bad; goto bad;
...@@ -405,7 +405,7 @@ int ebitmap_read(struct ebitmap *e, void *fp) ...@@ -405,7 +405,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)
tmp = kzalloc(sizeof(*tmp), GFP_KERNEL); tmp = kzalloc(sizeof(*tmp), GFP_KERNEL);
if (!tmp) { if (!tmp) {
printk(KERN_ERR printk(KERN_ERR
"security: ebitmap: out of memory\n"); "SELinux: ebitmap: out of memory\n");
rc = -ENOMEM; rc = -ENOMEM;
goto bad; goto bad;
} }
...@@ -418,7 +418,7 @@ int ebitmap_read(struct ebitmap *e, void *fp) ...@@ -418,7 +418,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)
} }
n = tmp; n = tmp;
} else if (startbit <= n->startbit) { } else if (startbit <= n->startbit) {
printk(KERN_ERR "security: ebitmap: start bit %d" printk(KERN_ERR "SELinux: ebitmap: start bit %d"
" comes after start bit %d\n", " comes after start bit %d\n",
startbit, n->startbit); startbit, n->startbit);
goto bad; goto bad;
...@@ -426,7 +426,7 @@ int ebitmap_read(struct ebitmap *e, void *fp) ...@@ -426,7 +426,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)
rc = next_entry(&map, fp, sizeof(u64)); rc = next_entry(&map, fp, sizeof(u64));
if (rc < 0) { if (rc < 0) {
printk(KERN_ERR "security: ebitmap: truncated map\n"); printk(KERN_ERR "SELinux: ebitmap: truncated map\n");
goto bad; goto bad;
} }
map = le64_to_cpu(map); map = le64_to_cpu(map);
......
...@@ -401,14 +401,14 @@ static int policydb_index_others(struct policydb *p) ...@@ -401,14 +401,14 @@ static int policydb_index_others(struct policydb *p)
{ {
int i, rc = 0; int i, rc = 0;
printk(KERN_DEBUG "security: %d users, %d roles, %d types, %d bools", printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools",
p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
if (selinux_mls_enabled) if (selinux_mls_enabled)
printk(", %d sens, %d cats", p->p_levels.nprim, printk(", %d sens, %d cats", p->p_levels.nprim,
p->p_cats.nprim); p->p_cats.nprim);
printk("\n"); printk("\n");
printk(KERN_DEBUG "security: %d classes, %d rules\n", printk(KERN_DEBUG "SELinux: %d classes, %d rules\n",
p->p_classes.nprim, p->te_avtab.nel); p->p_classes.nprim, p->te_avtab.nel);
#ifdef DEBUG_HASHES #ifdef DEBUG_HASHES
...@@ -702,20 +702,20 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s) ...@@ -702,20 +702,20 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s)
rc = sidtab_init(s); rc = sidtab_init(s);
if (rc) { if (rc) {
printk(KERN_ERR "security: out of memory on SID table init\n"); printk(KERN_ERR "SELinux: out of memory on SID table init\n");
goto out; goto out;
} }
head = p->ocontexts[OCON_ISID]; head = p->ocontexts[OCON_ISID];
for (c = head; c; c = c->next) { for (c = head; c; c = c->next) {
if (!c->context[0].user) { if (!c->context[0].user) {
printk(KERN_ERR "security: SID %s was never " printk(KERN_ERR "SELinux: SID %s was never "
"defined.\n", c->u.name); "defined.\n", c->u.name);
rc = -EINVAL; rc = -EINVAL;
goto out; goto out;
} }
if (sidtab_insert(s, c->sid[0], &c->context[0])) { if (sidtab_insert(s, c->sid[0], &c->context[0])) {
printk(KERN_ERR "security: unable to load initial " printk(KERN_ERR "SELinux: unable to load initial "
"SID %s.\n", c->u.name); "SID %s.\n", c->u.name);
rc = -EINVAL; rc = -EINVAL;
goto out; goto out;
...@@ -809,13 +809,13 @@ static int mls_read_range_helper(struct mls_range *r, void *fp) ...@@ -809,13 +809,13 @@ static int mls_read_range_helper(struct mls_range *r, void *fp)
items = le32_to_cpu(buf[0]); items = le32_to_cpu(buf[0]);
if (items > ARRAY_SIZE(buf)) { if (items > ARRAY_SIZE(buf)) {
printk(KERN_ERR "security: mls: range overflow\n"); printk(KERN_ERR "SELinux: mls: range overflow\n");
rc = -EINVAL; rc = -EINVAL;
goto out; goto out;
} }
rc = next_entry(buf, fp, sizeof(u32) * items); rc = next_entry(buf, fp, sizeof(u32) * items);
if (rc < 0) { if (rc < 0) {
printk(KERN_ERR "security: mls: truncated range\n"); printk(KERN_ERR "SELinux: mls: truncated range\n");
goto out; goto out;
} }
r->level[0].sens = le32_to_cpu(buf[0]); r->level[0].sens = le32_to_cpu(buf[0]);
...@@ -826,21 +826,21 @@ static int mls_read_range_helper(struct mls_range *r, void *fp) ...@@ -826,21 +826,21 @@ static int mls_read_range_helper(struct mls_range *r, void *fp)
rc = ebitmap_read(&r->level[0].cat, fp); rc = ebitmap_read(&r->level[0].cat, fp);
if (rc) { if (rc) {
printk(KERN_ERR "security: mls: error reading low " printk(KERN_ERR "SELinux: mls: error reading low "
"categories\n"); "categories\n");
goto out; goto out;
} }
if (items > 1) { if (items > 1) {
rc = ebitmap_read(&r->level[1].cat, fp); rc = ebitmap_read(&r->level[1].cat, fp);
if (rc) { if (rc) {
printk(KERN_ERR "security: mls: error reading high " printk(KERN_ERR "SELinux: mls: error reading high "
"categories\n"); "categories\n");
goto bad_high; goto bad_high;
} }
} else { } else {
rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
if (rc) { if (rc) {
printk(KERN_ERR "security: mls: out of memory\n"); printk(KERN_ERR "SELinux: mls: out of memory\n");
goto bad_high; goto bad_high;
} }
} }
...@@ -866,7 +866,7 @@ static int context_read_and_validate(struct context *c, ...@@ -866,7 +866,7 @@ static int context_read_and_validate(struct context *c,
rc = next_entry(buf, fp, sizeof buf); rc = next_entry(buf, fp, sizeof buf);
if (rc < 0) { if (rc < 0) {
printk(KERN_ERR "security: context truncated\n"); printk(KERN_ERR "SELinux: context truncated\n");
goto out; goto out;
} }
c->user = le32_to_cpu(buf[0]); c->user = le32_to_cpu(buf[0]);
...@@ -874,7 +874,7 @@ static int context_read_and_validate(struct context *c, ...@@ -874,7 +874,7 @@ static int context_read_and_validate(struct context *c,
c->type = le32_to_cpu(buf[2]); c->type = le32_to_cpu(buf[2]);
if (p->policyvers >= POLICYDB_VERSION_MLS) { if (p->policyvers >= POLICYDB_VERSION_MLS) {
if (mls_read_range_helper(&c->range, fp)) { if (mls_read_range_helper(&c->range, fp)) {
printk(KERN_ERR "security: error reading MLS range of " printk(KERN_ERR "SELinux: error reading MLS range of "
"context\n"); "context\n");
rc = -EINVAL; rc = -EINVAL;
goto out; goto out;
...@@ -882,7 +882,7 @@ static int context_read_and_validate(struct context *c, ...@@ -882,7 +882,7 @@ static int context_read_and_validate(struct context *c,
} }
if (!policydb_context_isvalid(p, c)) { if (!policydb_context_isvalid(p, c)) {
printk(KERN_ERR "security: invalid security context\n"); printk(KERN_ERR "SELinux: invalid security context\n");
context_destroy(c); context_destroy(c);
rc = -EINVAL; rc = -EINVAL;
} }
...@@ -1128,7 +1128,7 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp) ...@@ -1128,7 +1128,7 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp)
cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comdatum = hashtab_search(p->p_commons.table,
cladatum->comkey); cladatum->comkey);
if (!cladatum->comdatum) { if (!cladatum->comdatum) {
printk(KERN_ERR "security: unknown common %s\n", printk(KERN_ERR "SELinux: unknown common %s\n",
cladatum->comkey); cladatum->comkey);
rc = -EINVAL; rc = -EINVAL;
goto bad; goto bad;
...@@ -1283,13 +1283,13 @@ static int mls_read_level(struct mls_level *lp, void *fp) ...@@ -1283,13 +1283,13 @@ static int mls_read_level(struct mls_level *lp, void *fp)
rc = next_entry(buf, fp, sizeof buf); rc = next_entry(buf, fp, sizeof buf);
if (rc < 0) { if (rc < 0) {
printk(KERN_ERR "security: mls: truncated level\n"); printk(KERN_ERR "SELinux: mls: truncated level\n");
goto bad; goto bad;
} }
lp->sens = le32_to_cpu(buf[0]); lp->sens = le32_to_cpu(buf[0]);
if (ebitmap_read(&lp->cat, fp)) { if (ebitmap_read(&lp->cat, fp)) {
printk(KERN_ERR "security: mls: error reading level " printk(KERN_ERR "SELinux: mls: error reading level "
"categories\n"); "categories\n");
goto bad; goto bad;
} }
...@@ -1491,7 +1491,7 @@ int policydb_read(struct policydb *p, void *fp) ...@@ -1491,7 +1491,7 @@ int policydb_read(struct policydb *p, void *fp)
goto bad; goto bad;
if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
printk(KERN_ERR "security: policydb magic number 0x%x does " printk(KERN_ERR "SELinux: policydb magic number 0x%x does "
"not match expected magic number 0x%x\n", "not match expected magic number 0x%x\n",
le32_to_cpu(buf[0]), POLICYDB_MAGIC); le32_to_cpu(buf[0]), POLICYDB_MAGIC);
goto bad; goto bad;
...@@ -1499,27 +1499,27 @@ int policydb_read(struct policydb *p, void *fp) ...@@ -1499,27 +1499,27 @@ int policydb_read(struct policydb *p, void *fp)
len = le32_to_cpu(buf[1]); len = le32_to_cpu(buf[1]);
if (len != strlen(POLICYDB_STRING)) { if (len != strlen(POLICYDB_STRING)) {
printk(KERN_ERR "security: policydb string length %d does not " printk(KERN_ERR "SELinux: policydb string length %d does not "
"match expected length %Zu\n", "match expected length %Zu\n",
len, strlen(POLICYDB_STRING)); len, strlen(POLICYDB_STRING));
goto bad; goto bad;
} }
policydb_str = kmalloc(len + 1,GFP_KERNEL); policydb_str = kmalloc(len + 1,GFP_KERNEL);
if (!policydb_str) { if (!policydb_str) {
printk(KERN_ERR "security: unable to allocate memory for policydb " printk(KERN_ERR "SELinux: unable to allocate memory for policydb "
"string of length %d\n", len); "string of length %d\n", len);
rc = -ENOMEM; rc = -ENOMEM;
goto bad; goto bad;
} }
rc = next_entry(policydb_str, fp, len); rc = next_entry(policydb_str, fp, len);
if (rc < 0) { if (rc < 0) {
printk(KERN_ERR "security: truncated policydb string identifier\n"); printk(KERN_ERR "SELinux: truncated policydb string identifier\n");
kfree(policydb_str); kfree(policydb_str);
goto bad; goto bad;
} }
policydb_str[len] = 0; policydb_str[len] = 0;
if (strcmp(policydb_str, POLICYDB_STRING)) { if (strcmp(policydb_str, POLICYDB_STRING)) {
printk(KERN_ERR "security: policydb string %s does not match " printk(KERN_ERR "SELinux: policydb string %s does not match "
"my string %s\n", policydb_str, POLICYDB_STRING); "my string %s\n", policydb_str, POLICYDB_STRING);
kfree(policydb_str); kfree(policydb_str);
goto bad; goto bad;
...@@ -1536,7 +1536,7 @@ int policydb_read(struct policydb *p, void *fp) ...@@ -1536,7 +1536,7 @@ int policydb_read(struct policydb *p, void *fp)
p->policyvers = le32_to_cpu(buf[0]); p->policyvers = le32_to_cpu(buf[0]);
if (p->policyvers < POLICYDB_VERSION_MIN || if (p->policyvers < POLICYDB_VERSION_MIN ||
p->policyvers > POLICYDB_VERSION_MAX) { p->policyvers > POLICYDB_VERSION_MAX) {
printk(KERN_ERR "security: policydb version %d does not match " printk(KERN_ERR "SELinux: policydb version %d does not match "
"my version range %d-%d\n", "my version range %d-%d\n",
le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
goto bad; goto bad;
...@@ -1572,14 +1572,14 @@ int policydb_read(struct policydb *p, void *fp) ...@@ -1572,14 +1572,14 @@ int policydb_read(struct policydb *p, void *fp)
info = policydb_lookup_compat(p->policyvers); info = policydb_lookup_compat(p->policyvers);
if (!info) { if (!info) {
printk(KERN_ERR "security: unable to find policy compat info " printk(KERN_ERR "SELinux: unable to find policy compat info "
"for version %d\n", p->policyvers); "for version %d\n", p->policyvers);
goto bad; goto bad;
} }
if (le32_to_cpu(buf[2]) != info->sym_num || if (le32_to_cpu(buf[2]) != info->sym_num ||
le32_to_cpu(buf[3]) != info->ocon_num) { le32_to_cpu(buf[3]) != info->ocon_num) {
printk(KERN_ERR "security: policydb table sizes (%d,%d) do " printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do "
"not match mine (%d,%d)\n", le32_to_cpu(buf[2]), "not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
le32_to_cpu(buf[3]), le32_to_cpu(buf[3]),
info->sym_num, info->ocon_num); info->sym_num, info->ocon_num);
...@@ -1823,7 +1823,7 @@ int policydb_read(struct policydb *p, void *fp) ...@@ -1823,7 +1823,7 @@ int policydb_read(struct policydb *p, void *fp)
for (genfs_p = NULL, genfs = p->genfs; genfs; for (genfs_p = NULL, genfs = p->genfs; genfs;
genfs_p = genfs, genfs = genfs->next) { genfs_p = genfs, genfs = genfs->next) {
if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
printk(KERN_ERR "security: dup genfs " printk(KERN_ERR "SELinux: dup genfs "
"fstype %s\n", newgenfs->fstype); "fstype %s\n", newgenfs->fstype);
kfree(newgenfs->fstype); kfree(newgenfs->fstype);
kfree(newgenfs); kfree(newgenfs);
...@@ -1873,7 +1873,7 @@ int policydb_read(struct policydb *p, void *fp) ...@@ -1873,7 +1873,7 @@ int policydb_read(struct policydb *p, void *fp)
if (!strcmp(newc->u.name, c->u.name) && if (!strcmp(newc->u.name, c->u.name) &&
(!c->v.sclass || !newc->v.sclass || (!c->v.sclass || !newc->v.sclass ||
newc->v.sclass == c->v.sclass)) { newc->v.sclass == c->v.sclass)) {
printk(KERN_ERR "security: dup genfs " printk(KERN_ERR "SELinux: dup genfs "
"entry (%s,%s)\n", "entry (%s,%s)\n",
newgenfs->fstype, c->u.name); newgenfs->fstype, c->u.name);
goto bad_newc; goto bad_newc;
...@@ -1931,7 +1931,7 @@ int policydb_read(struct policydb *p, void *fp) ...@@ -1931,7 +1931,7 @@ int policydb_read(struct policydb *p, void *fp)
if (rc) if (rc)
goto bad; goto bad;
if (!mls_range_isvalid(p, &rt->target_range)) { if (!mls_range_isvalid(p, &rt->target_range)) {
printk(KERN_WARNING "security: rangetrans: invalid range\n"); printk(KERN_WARNING "SELinux: rangetrans: invalid range\n");
goto bad; goto bad;
} }
lrt = rt; lrt = rt;
......
...@@ -1096,7 +1096,7 @@ static int validate_classes(struct policydb *p) ...@@ -1096,7 +1096,7 @@ static int validate_classes(struct policydb *p)
continue; continue;
if (i > p->p_classes.nprim) { if (i > p->p_classes.nprim) {
printk(KERN_INFO printk(KERN_INFO
"security: class %s not defined in policy\n", "SELinux: class %s not defined in policy\n",
def_class); def_class);
if (p->reject_unknown) if (p->reject_unknown)
return -EINVAL; return -EINVAL;
...@@ -1107,7 +1107,7 @@ static int validate_classes(struct policydb *p) ...@@ -1107,7 +1107,7 @@ static int validate_classes(struct policydb *p)
pol_class = p->p_class_val_to_name[i-1]; pol_class = p->p_class_val_to_name[i-1];
if (strcmp(pol_class, def_class)) { if (strcmp(pol_class, def_class)) {
printk(KERN_ERR printk(KERN_ERR
"security: class %d is incorrect, found %s but should be %s\n", "SELinux: class %d is incorrect, found %s but should be %s\n",
i, pol_class, def_class); i, pol_class, def_class);
return -EINVAL; return -EINVAL;
} }
...@@ -1125,7 +1125,7 @@ static int validate_classes(struct policydb *p) ...@@ -1125,7 +1125,7 @@ static int validate_classes(struct policydb *p)
nprim = 1 << (perms->nprim - 1); nprim = 1 << (perms->nprim - 1);
if (perm_val > nprim) { if (perm_val > nprim) {
printk(KERN_INFO printk(KERN_INFO
"security: permission %s in class %s not defined in policy\n", "SELinux: permission %s in class %s not defined in policy\n",
def_perm, pol_class); def_perm, pol_class);
if (p->reject_unknown) if (p->reject_unknown)
return -EINVAL; return -EINVAL;
...@@ -1136,14 +1136,14 @@ static int validate_classes(struct policydb *p) ...@@ -1136,14 +1136,14 @@ static int validate_classes(struct policydb *p)
perdatum = hashtab_search(perms->table, def_perm); perdatum = hashtab_search(perms->table, def_perm);
if (perdatum == NULL) { if (perdatum == NULL) {
printk(KERN_ERR printk(KERN_ERR
"security: permission %s in class %s not found in policy, bad policy\n", "SELinux: permission %s in class %s not found in policy, bad policy\n",
def_perm, pol_class); def_perm, pol_class);
return -EINVAL; return -EINVAL;
} }
pol_val = 1 << (perdatum->value - 1); pol_val = 1 << (perdatum->value - 1);
if (pol_val != perm_val) { if (pol_val != perm_val) {
printk(KERN_ERR printk(KERN_ERR
"security: permission %s in class %s has incorrect value\n", "SELinux: permission %s in class %s has incorrect value\n",
def_perm, pol_class); def_perm, pol_class);
return -EINVAL; return -EINVAL;
} }
...@@ -1157,7 +1157,7 @@ static int validate_classes(struct policydb *p) ...@@ -1157,7 +1157,7 @@ static int validate_classes(struct policydb *p)
BUG_ON(!cladatum); BUG_ON(!cladatum);
if (!cladatum->comdatum) { if (!cladatum->comdatum) {
printk(KERN_ERR printk(KERN_ERR
"security: class %s should have an inherits clause but does not\n", "SELinux: class %s should have an inherits clause but does not\n",
pol_class); pol_class);
return -EINVAL; return -EINVAL;
} }
...@@ -1172,7 +1172,7 @@ static int validate_classes(struct policydb *p) ...@@ -1172,7 +1172,7 @@ static int validate_classes(struct policydb *p)
def_perm = kdefs->av_inherit[i].common_pts[j]; def_perm = kdefs->av_inherit[i].common_pts[j];
if (j >= perms->nprim) { if (j >= perms->nprim) {
printk(KERN_INFO printk(KERN_INFO
"security: permission %s in class %s not defined in policy\n", "SELinux: permission %s in class %s not defined in policy\n",
def_perm, pol_class); def_perm, pol_class);
if (p->reject_unknown) if (p->reject_unknown)
return -EINVAL; return -EINVAL;
...@@ -1183,13 +1183,13 @@ static int validate_classes(struct policydb *p) ...@@ -1183,13 +1183,13 @@ static int validate_classes(struct policydb *p)
perdatum = hashtab_search(perms->table, def_perm); perdatum = hashtab_search(perms->table, def_perm);
if (perdatum == NULL) { if (perdatum == NULL) {
printk(KERN_ERR printk(KERN_ERR
"security: permission %s in class %s not found in policy, bad policy\n", "SELinux: permission %s in class %s not found in policy, bad policy\n",
def_perm, pol_class); def_perm, pol_class);
return -EINVAL; return -EINVAL;
} }
if (perdatum->value != j + 1) { if (perdatum->value != j + 1) {
printk(KERN_ERR printk(KERN_ERR
"security: permission %s in class %s has incorrect value\n", "SELinux: permission %s in class %s has incorrect value\n",
def_perm, pol_class); def_perm, pol_class);
return -EINVAL; return -EINVAL;
} }
...@@ -1219,7 +1219,7 @@ static inline int convert_context_handle_invalid_context(struct context *context ...@@ -1219,7 +1219,7 @@ static inline int convert_context_handle_invalid_context(struct context *context
u32 len; u32 len;
context_struct_to_string(context, &s, &len); context_struct_to_string(context, &s, &len);
printk(KERN_ERR "security: context %s is invalid\n", s); printk(KERN_ERR "SELinux: context %s is invalid\n", s);
kfree(s); kfree(s);
} }
return rc; return rc;
...@@ -1299,7 +1299,7 @@ static int convert_context(u32 key, ...@@ -1299,7 +1299,7 @@ static int convert_context(u32 key,
bad: bad:
context_struct_to_string(&oldc, &s, &len); context_struct_to_string(&oldc, &s, &len);
context_destroy(&oldc); context_destroy(&oldc);
printk(KERN_ERR "security: invalidating context %s\n", s); printk(KERN_ERR "SELinux: invalidating context %s\n", s);
kfree(s); kfree(s);
goto out; goto out;
} }
...@@ -1350,7 +1350,7 @@ int security_load_policy(void *data, size_t len) ...@@ -1350,7 +1350,7 @@ int security_load_policy(void *data, size_t len)
/* Verify that the kernel defined classes are correct. */ /* Verify that the kernel defined classes are correct. */
if (validate_classes(&policydb)) { if (validate_classes(&policydb)) {
printk(KERN_ERR printk(KERN_ERR
"security: the definition of a class is incorrect\n"); "SELinux: the definition of a class is incorrect\n");
LOAD_UNLOCK; LOAD_UNLOCK;
sidtab_destroy(&sidtab); sidtab_destroy(&sidtab);
policydb_destroy(&policydb); policydb_destroy(&policydb);
...@@ -1384,14 +1384,14 @@ int security_load_policy(void *data, size_t len) ...@@ -1384,14 +1384,14 @@ int security_load_policy(void *data, size_t len)
/* Verify that the kernel defined classes are correct. */ /* Verify that the kernel defined classes are correct. */
if (validate_classes(&newpolicydb)) { if (validate_classes(&newpolicydb)) {
printk(KERN_ERR printk(KERN_ERR
"security: the definition of a class is incorrect\n"); "SELinux: the definition of a class is incorrect\n");
rc = -EINVAL; rc = -EINVAL;
goto err; goto err;
} }
rc = security_preserve_bools(&newpolicydb); rc = security_preserve_bools(&newpolicydb);
if (rc) { if (rc) {
printk(KERN_ERR "security: unable to preserve booleans\n"); printk(KERN_ERR "SELinux: unable to preserve booleans\n");
goto err; goto err;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment