diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-21 16:01:40 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-21 16:01:40 -0700 |
| commit | 19b5b517a8b81a448be9b2bdaf18a761a7b9799e (patch) | |
| tree | b1e83e331769d44f98e564c984acf3841261c2a8 /security/selinux/ss | |
| parent | bda0c0afa7a694bb1459fd023515aca681e4d79a (diff) | |
| parent | 95fff33b8e306a4331024bbd31c0999d5bf48fcf (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
SELinux: one little, two little, three little whitespaces, the avc.c saga.
SELinux: cleanup on isle selinuxfs.c
changing whitespace for fun and profit: policydb.c
SELinux: whitespace and formating fixes for hooks.c
SELinux: clean up printks
SELinux: sidtab.c whitespace, syntax, and static declaraction cleanups
SELinux: services.c whitespace, syntax, and static declaraction cleanups
SELinux: mls.c whitespace, syntax, and static declaraction cleanups
SELinux: hashtab.c whitespace, syntax, and static declaraction cleanups
SELinux: ebitmap.c whitespace, syntax, and static declaraction cleanups
SELinux: conditional.c whitespace, syntax, and static declaraction cleanups
SELinux: avtab.c whitespace, syntax, and static declaraction cleanups
SELinux: xfrm.c whitespace, syntax, and static declaraction cleanups
SELinux: nlmsgtab.c whitespace, syntax, and static declaraction cleanups
SELinux: netnode.c whitespace, syntax, and static declaraction cleanups
SELinux: netlink.c whitespace, syntax, and static declaraction cleanups
SELinux: netlabel.c whitespace, syntax, and static declaraction cleanups
SELinux: netif.c whitespace, syntax, and static declaraction cleanups
Diffstat (limited to 'security/selinux/ss')
| -rw-r--r-- | security/selinux/ss/avtab.c | 48 | ||||
| -rw-r--r-- | security/selinux/ss/conditional.c | 73 | ||||
| -rw-r--r-- | security/selinux/ss/ebitmap.c | 5 | ||||
| -rw-r--r-- | security/selinux/ss/hashtab.c | 4 | ||||
| -rw-r--r-- | security/selinux/ss/mls.c | 27 | ||||
| -rw-r--r-- | security/selinux/ss/policydb.c | 148 | ||||
| -rw-r--r-- | security/selinux/ss/services.c | 178 | ||||
| -rw-r--r-- | security/selinux/ss/sidtab.c | 6 |
8 files changed, 235 insertions, 254 deletions
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index 916e73a18bc..9e6626362bf 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c @@ -6,15 +6,15 @@ /* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> * - * Added conditional policy language extensions + * Added conditional policy language extensions * * Copyright (C) 2003 Tresys Technology, LLC * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by + * it under the terms of the GNU General Public License as published by * the Free Software Foundation, version 2. * * Updated: Yuichi Nakamura <ynakam@hitachisoft.jp> - * Tuned number of hash slots for avtab to reduce memory usage + * Tuned number of hash slots for avtab to reduce memory usage */ #include <linux/kernel.h> @@ -33,10 +33,10 @@ static inline int avtab_hash(struct avtab_key *keyp, u16 mask) static struct avtab_node* avtab_insert_node(struct avtab *h, int hvalue, - struct avtab_node * prev, struct avtab_node * cur, + struct avtab_node *prev, struct avtab_node *cur, struct avtab_key *key, struct avtab_datum *datum) { - struct avtab_node * newnode; + struct avtab_node *newnode; newnode = kmem_cache_zalloc(avtab_node_cachep, GFP_KERNEL); if (newnode == NULL) return NULL; @@ -84,7 +84,7 @@ static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_dat } newnode = avtab_insert_node(h, hvalue, prev, cur, key, datum); - if(!newnode) + if (!newnode) return -ENOMEM; return 0; @@ -95,7 +95,7 @@ static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_dat * It also returns a pointer to the node inserted. */ struct avtab_node * -avtab_insert_nonunique(struct avtab * h, struct avtab_key * key, struct avtab_datum * datum) +avtab_insert_nonunique(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum) { int hvalue; struct avtab_node *prev, *cur, *newnode; @@ -310,8 +310,8 @@ void avtab_hash_eval(struct avtab *h, char *tag) } } - printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, longest " - "chain length %d sum of chain length^2 %Lu\n", + printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, " + "longest chain length %d sum of chain length^2 %Lu\n", tag, h->nel, slots_used, h->nslot, max_chain_len, chain2_len_sum); } @@ -326,7 +326,7 @@ static uint16_t spec_order[] = { }; int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, - int (*insertf)(struct avtab *a, struct avtab_key *k, + int (*insertf)(struct avtab *a, struct avtab_key *k, struct avtab_datum *d, void *p), void *p) { @@ -364,19 +364,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, val = le32_to_cpu(buf32[items++]); key.source_type = (u16)val; if (key.source_type != val) { - printk("SELinux: avtab: truncated source type\n"); + printk(KERN_ERR "SELinux: avtab: truncated source type\n"); return -1; } val = le32_to_cpu(buf32[items++]); key.target_type = (u16)val; if (key.target_type != val) { - printk("SELinux: avtab: truncated target type\n"); + printk(KERN_ERR "SELinux: avtab: truncated target type\n"); return -1; } val = le32_to_cpu(buf32[items++]); key.target_class = (u16)val; if (key.target_class != val) { - printk("SELinux: avtab: truncated target class\n"); + printk(KERN_ERR "SELinux: avtab: truncated target class\n"); return -1; } @@ -384,12 +384,12 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0; if (!(val & (AVTAB_AV | AVTAB_TYPE))) { - printk("SELinux: avtab: null entry\n"); + printk(KERN_ERR "SELinux: avtab: null entry\n"); return -1; } if ((val & AVTAB_AV) && (val & AVTAB_TYPE)) { - printk("SELinux: avtab: entry has both access vectors and types\n"); + printk(KERN_ERR "SELinux: avtab: entry has both access vectors and types\n"); return -1; } @@ -398,12 +398,13 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, key.specified = spec_order[i] | enabled; datum.data = le32_to_cpu(buf32[items++]); rc = insertf(a, &key, &datum, p); - if (rc) return rc; + if (rc) + return rc; } } if (items != items2) { - printk("SELinux: avtab: entry only had %d items, expected %d\n", items2, items); + printk(KERN_ERR "SELinux: avtab: entry only had %d items, expected %d\n", items2, items); return -1; } return 0; @@ -411,7 +412,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, rc = next_entry(buf16, fp, sizeof(u16)*4); if (rc < 0) { - printk("SELinux: avtab: truncated entry\n"); + printk(KERN_ERR "SELinux: avtab: truncated entry\n"); return -1; } @@ -424,7 +425,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, if (!policydb_type_isvalid(pol, key.source_type) || !policydb_type_isvalid(pol, key.target_type) || !policydb_class_isvalid(pol, key.target_class)) { - printk(KERN_WARNING "SELinux: avtab: invalid type or class\n"); + printk(KERN_ERR "SELinux: avtab: invalid type or class\n"); return -1; } @@ -434,20 +435,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, set++; } if (!set || set > 1) { - printk(KERN_WARNING - "SELinux: avtab: more than one specifier\n"); + printk(KERN_ERR "SELinux: avtab: more than one specifier\n"); return -1; } rc = next_entry(buf32, fp, sizeof(u32)); if (rc < 0) { - printk("SELinux: avtab: truncated entry\n"); + printk(KERN_ERR "SELinux: avtab: truncated entry\n"); return -1; } datum.data = le32_to_cpu(*buf32); if ((key.specified & AVTAB_TYPE) && !policydb_type_isvalid(pol, datum.data)) { - printk(KERN_WARNING "SELinux: avtab: invalid type\n"); + printk(KERN_ERR "SELinux: avtab: invalid type\n"); return -1; } return insertf(a, &key, &datum, p); @@ -513,5 +513,5 @@ void avtab_cache_init(void) void avtab_cache_destroy(void) { - kmem_cache_destroy (avtab_node_cachep); + kmem_cache_destroy(avtab_node_cachep); } diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index da0566c4f32..fb4efe4f4bc 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c @@ -1,9 +1,9 @@ /* Authors: Karl MacMillan <kmacmillan@tresys.com> - * Frank Mayer <mayerf@tresys.com> + * Frank Mayer <mayerf@tresys.com> * * Copyright (C) 2003 - 2004 Tresys Technology, LLC * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by + * it under the terms of the GNU General Public License as published by * the Free Software Foundation, version 2. */ @@ -89,7 +89,7 @@ static int cond_evaluate_expr(struct policydb *p, struct cond_expr *expr) int evaluate_cond_node(struct policydb *p, struct cond_node *node) { int new_state; - struct cond_av_list* cur; + struct cond_av_list *cur; new_state = cond_evaluate_expr(p, node->expr); if (new_state != node->cur_state) { @@ -98,20 +98,18 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node) printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n"); /* turn the rules on or off */ for (cur = node->true_list; cur != NULL; cur = cur->next) { - if (new_state <= 0) { + if (new_state <= 0) cur->node->key.specified &= ~AVTAB_ENABLED; - } else { + else cur->node->key.specified |= AVTAB_ENABLED; - } } for (cur = node->false_list; cur != NULL; cur = cur->next) { /* -1 or 1 */ - if (new_state) { + if (new_state) cur->node->key.specified &= ~AVTAB_ENABLED; - } else { + else cur->node->key.specified |= AVTAB_ENABLED; - } } } return 0; @@ -173,8 +171,8 @@ void cond_policydb_destroy(struct policydb *p) int cond_init_bool_indexes(struct policydb *p) { kfree(p->bool_val_to_struct); - p->bool_val_to_struct = (struct cond_bool_datum**) - kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum*), GFP_KERNEL); + p->bool_val_to_struct = (struct cond_bool_datum **) + kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum *), GFP_KERNEL); if (!p->bool_val_to_struct) return -1; return 0; @@ -199,7 +197,7 @@ int cond_index_bool(void *key, void *datum, void *datap) return -EINVAL; p->p_bool_val_to_name[booldatum->value - 1] = key; - p->bool_val_to_struct[booldatum->value -1] = booldatum; + p->bool_val_to_struct[booldatum->value - 1] = booldatum; return 0; } @@ -251,8 +249,7 @@ err: return -1; } -struct cond_insertf_data -{ +struct cond_insertf_data { struct policydb *p; struct cond_av_list *other; struct cond_av_list *head; @@ -275,7 +272,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum */ if (k->specified & AVTAB_TYPE) { if (avtab_search(&p->te_avtab, k)) { - printk("SELinux: type rule already exists outside of a conditional."); + printk(KERN_ERR "SELinux: type rule already exists outside of a conditional.\n"); goto err; } /* @@ -290,7 +287,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum node_ptr = avtab_search_node(&p->te_cond_avtab, k); if (node_ptr) { if (avtab_search_node_next(node_ptr, k->specified)) { - printk("SELinux: too many conflicting type rules."); + printk(KERN_ERR "SELinux: too many conflicting type rules.\n"); goto err; } found = 0; @@ -301,13 +298,13 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum } } if (!found) { - printk("SELinux: conflicting type rules.\n"); + printk(KERN_ERR "SELinux: conflicting type rules.\n"); goto err; } } } else { if (avtab_search(&p->te_cond_avtab, k)) { - printk("SELinux: conflicting type rules when adding type rule for true.\n"); + printk(KERN_ERR "SELinux: conflicting type rules when adding type rule for true.\n"); goto err; } } @@ -315,7 +312,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d); if (!node_ptr) { - printk("SELinux: could not insert rule."); + printk(KERN_ERR "SELinux: could not insert rule.\n"); goto err; } @@ -352,9 +349,8 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list * return -1; len = le32_to_cpu(buf[0]); - if (len == 0) { + if (len == 0) return 0; - } data.p = p; data.other = other; @@ -375,12 +371,12 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list * static int expr_isvalid(struct policydb *p, struct cond_expr *expr) { if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) { - printk("SELinux: conditional expressions uses unknown operator.\n"); + printk(KERN_ERR "SELinux: conditional expressions uses unknown operator.\n"); return 0; } if (expr->bool > p->p_bools.nprim) { - printk("SELinux: conditional expressions uses unknown bool.\n"); + printk(KERN_ERR "SELinux: conditional expressions uses unknown bool.\n"); return 0; } return 1; @@ -407,15 +403,14 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp) /* expr */ len = le32_to_cpu(buf[0]); - for (i = 0; i < len; i++ ) { + for (i = 0; i < len; i++) { rc = next_entry(buf, fp, sizeof(u32) * 2); if (rc < 0) goto err; expr = kzalloc(sizeof(struct cond_expr), GFP_KERNEL); - if (!expr) { + if (!expr) goto err; - } expr->expr_type = le32_to_cpu(buf[0]); expr->bool = le32_to_cpu(buf[1]); @@ -425,11 +420,10 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp) goto err; } - if (i == 0) { + if (i == 0) node->expr = expr; - } else { + else last->next = expr; - } last = expr; } @@ -468,11 +462,10 @@ int cond_read_list(struct policydb *p, void *fp) if (cond_read_node(p, node, fp) != 0) goto err; - if (i == 0) { + if (i == 0) p->cond_list = node; - } else { + else last->next = node; - } last = node; } return 0; @@ -489,24 +482,24 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decisi { struct avtab_node *node; - if(!ctab || !key || !avd) + if (!ctab || !key || !avd) return; - for(node = avtab_search_node(ctab, key); node != NULL; + for (node = avtab_search_node(ctab, key); node != NULL; node = avtab_search_node_next(node, key->specified)) { - if ( (u16) (AVTAB_ALLOWED|AVTAB_ENABLED) == - (node->key.specified & (AVTAB_ALLOWED|AVTAB_ENABLED))) + if ((u16)(AVTAB_ALLOWED|AVTAB_ENABLED) == + (node->key.specified & (AVTAB_ALLOWED|AVTAB_ENABLED))) avd->allowed |= node->datum.data; - if ( (u16) (AVTAB_AUDITDENY|AVTAB_ENABLED) == - (node->key.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED))) + if ((u16)(AVTAB_AUDITDENY|AVTAB_ENABLED) == + (node->key.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED))) /* Since a '0' in an auditdeny mask represents a * permission we do NOT want to audit (dontaudit), we use * the '&' operand to ensure that all '0's in the mask * are retained (much unlike the allow and auditallow cases). */ avd->auditdeny &= node->datum.data; - if ( (u16) (AVTAB_AUDITALLOW|AVTAB_ENABLED) == - (node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED))) + if ((u16)(AVTAB_AUDITALLOW|AVTAB_ENABLED) == + (node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED))) avd->auditallow |= node->datum.data; } return; diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c index e499af474b3..ddc275490af 100644 --- a/security/selinux/ss/ebitmap.c +++ b/security/selinux/ss/ebitmap.c @@ -411,11 +411,10 @@ int ebitmap_read(struct ebitmap *e, void *fp) } /* round down */ tmp->startbit = startbit - (startbit % EBITMAP_SIZE); - if (n) { + if (n) n->next = tmp; - } else { + else e->node = tmp; - } n = tmp; } else if (startbit <= n->startbit) { printk(KERN_ERR "SELinux: ebitmap: start bit %d" diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c index 77b530c3bbc..2e7788e1321 100644 --- a/security/selinux/ss/hashtab.c +++ b/security/selinux/ss/hashtab.c @@ -9,8 +9,8 @@ #include "hashtab.h" struct hashtab *hashtab_create(u32 (*hash_value)(struct hashtab *h, const void *key), - int (*keycmp)(struct hashtab *h, const void *key1, const void *key2), - u32 size) + int (*keycmp)(struct hashtab *h, const void *key1, const void *key2), + u32 size) { struct hashtab *p; u32 i; diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index feaf0a5b828..8b1706b7b3c 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c @@ -32,7 +32,7 @@ * Return the length in bytes for the MLS fields of the * security context string representation of `context'. */ -int mls_compute_context_len(struct context * context) +int mls_compute_context_len(struct context *context) { int i, l, len, head, prev; char *nm; @@ -86,7 +86,7 @@ int mls_compute_context_len(struct context * context) * Update `*scontext' to point to the end of the MLS fields. */ void mls_sid_to_context(struct context *context, - char **scontext) + char **scontext) { char *scontextp, *nm; int i, l, head, prev; @@ -146,7 +146,7 @@ void mls_sid_to_context(struct context *context, if (l == 0) { if (mls_level_eq(&context->range.level[0], - &context->range.level[1])) + &context->range.level[1])) break; else *scontextp++ = '-'; @@ -305,20 +305,21 @@ int mls_context_to_sid(char oldc, *p++ = 0; /* Separate into range if exists */ - if ((rngptr = strchr(scontextp, '.')) != NULL) { + rngptr = strchr(scontextp, '.'); + if (rngptr != NULL) { /* Remove '.' */ *rngptr++ = 0; } catdatum = hashtab_search(policydb.p_cats.table, - scontextp); + scontextp); if (!catdatum) { rc = -EINVAL; goto out; } rc = ebitmap_set_bit(&context->range.level[l].cat, - catdatum->value - 1, 1); + catdatum->value - 1, 1); if (rc) goto out; @@ -395,7 +396,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask) rc = -ENOMEM; } else { rc = mls_context_to_sid(':', &tmpstr, context, - NULL, SECSID_NULL); + NULL, SECSID_NULL); kfree(freestr); } @@ -406,7 +407,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask) * Copies the MLS range `range' into `context'. */ static inline int mls_range_set(struct context *context, - struct mls_range *range) + struct mls_range *range) { int l, rc = 0; @@ -423,7 +424,7 @@ static inline int mls_range_set(struct context *context, } int mls_setup_user_range(struct context *fromcon, struct user_datum *user, - struct context *usercon) + struct context *usercon) { if (selinux_mls_enabled) { struct mls_level *fromcon_sen = &(fromcon->range.level[0]); @@ -449,11 +450,11 @@ int mls_setup_user_range(struct context *fromcon, struct user_datum *user, that of the user's default clearance (but only if the "fromcon" clearance dominates the user's computed sensitivity level) */ - if (mls_level_dom(user_clr, fromcon_clr)) { + if (mls_level_dom(user_clr, fromcon_clr)) *usercon_clr = *fromcon_clr; - } else if (mls_level_dom(fromcon_clr, user_clr)) { + else if (mls_level_dom(fromcon_clr, user_clr)) *usercon_clr = *user_clr; - } else + else return -EINVAL; } @@ -525,7 +526,7 @@ int mls_compute_sid(struct context *scontext, rtr->target_class == tclass) { /* Set the range from the rule */ return mls_range_set(newcontext, - &rtr->target_range); + &rtr->target_range); } } /* Fallthrough */ diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 6bdb0ff6a92..84f8cc73c7d 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -11,7 +11,7 @@ * * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> * - * Added conditional policy language extensions + * Added conditional policy language extensions * * Updated: Hewlett-Packard <paul.moore@hp.com> * @@ -21,7 +21,7 @@ * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. * Copyright (C) 2003 - 2004 Tresys Technology, LLC * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by + * it under the terms of the GNU General Public License as published by * the Free Software Foundation, version 2. */ @@ -51,7 +51,7 @@ static char *symtab_name[SYM_NUM] = { }; #endif -int selinux_mls_enabled = 0; +int selinux_mls_enabled; static unsigned int symtab_sizes[SYM_NUM] = { 2, @@ -73,39 +73,39 @@ struct policydb_compat_info { /* These need to be updated if SYM_NUM or OCON_NUM changes */ static struct policydb_compat_info policydb_compat[] = { { - .version = POLICYDB_VERSION_BASE, - .sym_num = SYM_NUM - 3, - .ocon_num = OCON_NUM - 1, + .version = POLICYDB_VERSION_BASE, + .sym_num = SYM_NUM - 3, + .ocon_num = OCON_NUM - 1, }, { - .version = POLICYDB_VERSION_BOOL, - .sym_num = SYM_NUM - 2, - .ocon_num = OCON_NUM - 1, + .version = POLICYDB_VERSION_BOOL, + .sym_num = SYM_NUM - 2, + .ocon_num = OCON_NUM - 1, }, { - .version = POLICYDB_VERSION_IPV6, - .sym_num = SYM_NUM - 2, - .ocon_num = OCON_NUM, + .version = POLICYDB_VERSION_IPV6, + .sym_num = SYM_NUM - 2, + .ocon_num = OCON_NUM, }, { - .version = POLICYDB_VERSION_NLCLASS, - .sym_num = SYM_NUM - 2, - .ocon_num = OCON_NUM, + .version = POLICYDB_VERSION_NLCLASS, + .sym_num = SYM_NUM - 2, + .ocon_num = OCON_NUM, }, { - .version = POLICYDB_VERSION_MLS, - .sym_num = SYM_NUM, - .ocon_num = OCON_NUM, + .version = POLICYDB_VERSION_MLS, + .sym_num = SYM_NUM, + .ocon_num = OCON_NUM, }, { - .version = POLICYDB_VERSION_AVTAB, - .sym_num = SYM_NUM, - .ocon_num = OCON_NUM, + .version = POLICYDB_VERSION_AVTAB, + .sym_num = SYM_NUM, + .ocon_num = OCON_NUM, }, { - .version = POLICYDB_VERSION_RANGETRANS, - .sym_num = SYM_NUM, - .ocon_num = OCON_NUM, + .version = POLICYDB_VERSION_RANGETRANS, + .sym_num = SYM_NUM, + .ocon_num = OCON_NUM, }, { .version = POLICYDB_VERSION_POLCAP, @@ -152,7 +152,7 @@ static int roles_init(struct policydb *p) rc = -EINVAL; goto out_free_role; } - key = kmalloc(strlen(OBJECT_R)+1,GFP_KERNEL); + key = kmalloc(strlen(OBJECT_R)+1, GFP_KERNEL); if (!key) { rc = -ENOMEM; goto out_free_role; @@ -390,7 +390,7 @@ static void symtab_hash_eval(struct symtab *s) struct hashtab_info info; hashtab_stat(h, &info); - printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, " + printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, " "longest chain length %d\n", symtab_name[i], h->nel, info.slots_used, h->size, info.max_chain_len); } @@ -424,7 +424,7 @@ static int policydb_index_others(struct policydb *p) p->role_val_to_struct = kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), - GFP_KERNEL); + GFP_KERNEL); if (!p->role_val_to_struct) { rc = -ENOMEM; goto out; @@ -432,7 +432,7 @@ static int policydb_index_others(struct policydb *p) p->user_val_to_struct = kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), - GFP_KERNEL); + GFP_KERNEL); if (!p->user_val_to_struct) { rc = -ENOMEM; goto out; @@ -634,7 +634,7 @@ void policydb_destroy(struct policydb *p) while (c) { ctmp = c; c = c->next; - ocontext_destroy(ctmp,i); + ocontext_destroy(ctmp, i); } p->ocontexts[i] = NULL; } @@ -647,7 +647,7 @@ void policydb_destroy(struct policydb *p) while (c) { ctmp = c; c = c->next; - ocontext_destroy(ctmp,OCON_FSUSE); + ocontext_destroy(ctmp, OCON_FSUSE); } gtmp = g; g = g->next; @@ -664,14 +664,14 @@ void policydb_destroy(struct policydb *p) } kfree(ltr); - for (ra = p->role_allow; ra; ra = ra -> next) { + for (ra = p->role_allow; ra; ra = ra->next) { cond_resched(); kfree(lra); lra = ra; } kfree(lra); - for (rt = p->range_tr; rt; rt = rt -> next) { + for (rt = p->range_tr; rt; rt = rt->next) { cond_resched(); if (lrt) { ebitmap_destroy(&lrt->target_range.level[0].cat); @@ -924,7 +924,7 @@ static int perm_read(struct policydb *p, struct hashtab *h, void *fp) len = le32_to_cpu(buf[0]); perdatum->value = le32_to_cpu(buf[1]); - key = kmalloc(len + 1,GFP_KERNEL); + key = kmalloc(len + 1, GFP_KERNEL); if (!key) { rc = -ENOMEM; goto bad; @@ -971,7 +971,7 @@ static int common_read(struct policydb *p, struct hashtab *h, void *fp) comdatum->permissions.nprim = le32_to_cpu(buf[2]); nel = le32_to_cpu(buf[3]); - key = kmalloc(len + 1,GFP_KERNEL); + key = kmalloc(len + 1, GFP_KERNEL); if (!key) { rc = -ENOMEM; goto bad; @@ -998,7 +998,7 @@ bad: } static int read_cons_helper(struct constraint_node **nodep, int ncons, - int allowxtarget, void *fp) + int allowxtarget, void *fp) { struct constraint_node *c, *lc; struct constraint_expr *e, *le; @@ -1012,11 +1012,10 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons, if (!c) return -ENOMEM; - if (lc) { + if (lc) lc->next = c; - } else { + else *nodep = c; - } rc = next_entry(buf, fp, (sizeof(u32) * 2)); if (rc < 0) @@ -1030,11 +1029,10 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons, if (!e) return -ENOMEM; - if (le) { + if (le) le->next = e; - } else { + else c->expr = e; - } rc = next_entry(buf, fp, (sizeof(u32) * 3)); if (rc < 0) @@ -1111,7 +1109,7 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp) ncons = le32_to_cpu(buf[5]); - key = kmalloc(len + 1,GFP_KERNEL); + key = kmalloc(len + 1, GFP_KERNEL); if (!key) { rc = -ENOMEM; goto bad; @@ -1122,7 +1120,7 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp) key[len] = 0; if (len2) { - cladatum->comkey = kmalloc(len2 + 1,GFP_KERNEL); + cladatum->comkey = kmalloc(len2 + 1, GFP_KERNEL); if (!cladatum->comkey) { rc = -ENOMEM; goto bad; @@ -1195,7 +1193,7 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp) len = le32_to_cpu(buf[0]); role->value = le32_to_cpu(buf[1]); - key = kmalloc(len + 1,GFP_KERNEL); + key = kmalloc(len + 1, GFP_KERNEL); if (!key) { rc = -ENOMEM; goto bad; @@ -1215,7 +1213,7 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp) if (strcmp(key, OBJECT_R) == 0) { if (role->value != OBJECT_R_VAL) { - printk(KERN_ERR "Role %s has wrong value %d\n", + printk(KERN_ERR "SELinux: Role %s has wrong value %d\n", OBJECT_R, role->value); rc = -EINVAL; goto bad; @@ -1242,7 +1240,7 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp) __le32 buf[3]; u32 len; - typdatum = kzalloc(sizeof(*typdatum),GFP_KERNEL); + typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); if (!typdatum) { rc = -ENOMEM; return rc; @@ -1256,7 +1254,7 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp) typdatum->value = le32_to_cpu(buf[1]); typdatum->primary = le32_to_cpu(buf[2]); - key = kmalloc(len + 1,GFP_KERNEL); + key = kmalloc(len + 1, GFP_KERNEL); if (!key) { rc = -ENOMEM; goto bad; @@ -1328,7 +1326,7 @@ static int user_read(struct policydb *p, struct hashtab *h, void *fp) len = le32_to_cpu(buf[0]); usrdatum->value = le32_to_cpu(buf[1]); - key = kmalloc(len + 1,GFP_KERNEL); + key = kmalloc(len + 1, GFP_KERNEL); if (!key) { rc = -ENOMEM; goto bad; @@ -1382,7 +1380,7 @@ static int sens_read(struct policydb *p, struct hashtab *h, void *fp) len = le32_to_cpu(buf[0]); levdatum->isalias = le32_to_cpu(buf[1]); - key = kmalloc(len + 1,GFP_ATOMIC); + key = kmalloc(len + 1, GFP_ATOMIC); if (!key) { rc = -ENOMEM; goto bad; @@ -1434,7 +1432,7 @@ static int cat_read(struct policydb *p, struct hashtab *h, void *fp) catdatum->value = le32_to_cpu(buf[1]); catdatum->isalias = le32_to_cpu(buf[2]); - key = kmalloc(len + 1,GFP_ATOMIC); + key = kmalloc(len + 1, GFP_ATOMIC); if (!key) { rc = -ENOMEM; goto bad; @@ -1493,7 +1491,7 @@ int policydb_read(struct policydb *p, void *fp) goto out; /* Read the magic number and string length. */ - rc = next_entry(buf, fp, sizeof(u32)* 2); + rc = next_entry(buf, fp, sizeof(u32) * 2); if (rc < 0) goto bad; @@ -1511,7 +1509,7 @@ int policydb_read(struct policydb *p, void *fp) len, strlen(POLICYDB_STRING)); goto bad; } - policydb_str = kmalloc(len + 1,GFP_KERNEL); + policydb_str = kmalloc(len + 1, GFP_KERNEL); if (!policydb_str) { printk(KERN_ERR "SELinux: unable to allocate memory for policydb " "string of length %d\n", len); @@ -1544,29 +1542,30 @@ int policydb_read(struct policydb *p, void *fp) if (p->policyvers < POLICYDB_VERSION_MIN || p->policyvers > POLICYDB_VERSION_MAX) { printk(KERN_ERR "SELinux: policydb version %d does not match " - "my version range %d-%d\n", - le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); - goto bad; + "my version range %d-%d\n", + le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); + goto bad; } if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { if (ss_initialized && !selinux_mls_enabled) { - printk(KERN_ERR "Cannot switch between non-MLS and MLS " - "policies\n"); + printk(KERN_ERR "SELinux: Cannot switch between non-MLS" + " and MLS policies\n"); goto bad; } selinux_mls_enabled = 1; config |= POLICYDB_CONFIG_MLS; if (p->policyvers < POLICYDB_VERSION_MLS) { - printk(KERN_ERR "security policydb version %d (MLS) " - "not backwards compatible\n", p->policyvers); + printk(KERN_ERR "SELinux: security policydb version %d " + "(MLS) not backwards compatible\n", + p->policyvers); goto bad; } } else { if (ss_initialized && selinux_mls_enabled) { - printk(KERN_ERR "Cannot switch between MLS and non-MLS " - "policies\n"); + printk(KERN_ERR "SELinux: Cannot switch between MLS and" + " non-MLS policies\n"); goto bad; } } @@ -1633,11 +1632,10 @@ int policydb_read(struct policydb *p, void *fp) rc = -ENOMEM; goto bad; } - if (ltr) { + if (ltr) ltr->next = tr; - } else { + else p->role_tr = tr; - } rc = next_entry(buf, fp, sizeof(u32)*3); if (rc < 0) goto bad; @@ -1664,11 +1662,10 @@ int policydb_read(struct policydb *p, void *fp) rc = -ENOMEM; goto bad; } - if (lra) { + if (lra) lra->next = ra; - } else { + else p->role_allow = ra; - } rc = next_entry(buf, fp, sizeof(u32)*2); if (rc < 0) goto bad; @@ -1702,11 +1699,10 @@ int policydb_read(struct policydb *p, void *fp) rc = -ENOMEM; goto bad; } - if (l) { + if (l) l->next = c; - } else { + else p->ocontexts[i] = c; - } l = c; rc = -EINVAL; switch (i) { @@ -1725,7 +1721,7 @@ int policydb_read(struct policydb *p, void *fp) if (rc < 0) goto bad; len = le32_to_cpu(buf[0]); - c->u.name = kmalloc(len + 1,GFP_KERNEL); + c->u.name = kmalloc(len + 1, GFP_KERNEL); if (!c->u.name) { rc = -ENOMEM; goto bad; @@ -1753,7 +1749,7 @@ int policydb_read(struct policydb *p, void *fp) goto bad; break; case OCON_NODE: - rc = next_entry(buf, fp, sizeof(u32)* 2); + rc = next_entry(buf, fp, sizeof(u32) * 2); if (rc < 0) goto bad; c->u.node.addr = le32_to_cpu(buf[0]); @@ -1770,7 +1766,7 @@ int policydb_read(struct policydb *p, void *fp) if (c->v.behavior > SECURITY_FS_USE_NONE) goto bad; len = le32_to_cpu(buf[1]); - c->u.name = kmalloc(len + 1,GFP_KERNEL); + c->u.name = kmalloc(len + 1, GFP_KERNEL); if (!c->u.name) { rc = -ENOMEM; goto bad; < |