From eb5df9a7ae794a7e352e0582011e9e2b586051b5 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 18 Apr 2008 17:38:28 -0400 Subject: SELinux: avtab.c whitespace, syntax, and static declaraction cleanups This patch changes avtab.c to fix whitespace and syntax issues. Things that are fixed may include (does not not have to include) whitespace at end of lines spaces followed by tabs spaces used instead of tabs spacing around parenthesis locateion of { around struct and else clauses location of * in pointer declarations removal of initialization of static data to keep it in the right section useless {} in if statemetns useless checking for NULL before kfree fixing of the indentation depth of switch statements and any number of other things I forgot to mention Signed-off-by: Eric Paris Signed-off-by: James Morris --- security/selinux/ss/avtab.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) (limited to 'security/selinux/ss') diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index 916e73a..a617530 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c @@ -6,15 +6,15 @@ /* Updated: Frank Mayer and Karl MacMillan * - * Added conditional policy language extensions + * Added conditional policy language extensions * * Copyright (C) 2003 Tresys Technology, LLC * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by + * it under the terms of the GNU General Public License as published by * the Free Software Foundation, version 2. * * Updated: Yuichi Nakamura - * Tuned number of hash slots for avtab to reduce memory usage + * Tuned number of hash slots for avtab to reduce memory usage */ #include @@ -33,10 +33,10 @@ static inline int avtab_hash(struct avtab_key *keyp, u16 mask) static struct avtab_node* avtab_insert_node(struct avtab *h, int hvalue, - struct avtab_node * prev, struct avtab_node * cur, + struct avtab_node *prev, struct avtab_node *cur, struct avtab_key *key, struct avtab_datum *datum) { - struct avtab_node * newnode; + struct avtab_node *newnode; newnode = kmem_cache_zalloc(avtab_node_cachep, GFP_KERNEL); if (newnode == NULL) return NULL; @@ -84,7 +84,7 @@ static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_dat } newnode = avtab_insert_node(h, hvalue, prev, cur, key, datum); - if(!newnode) + if (!newnode) return -ENOMEM; return 0; @@ -95,7 +95,7 @@ static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_dat * It also returns a pointer to the node inserted. */ struct avtab_node * -avtab_insert_nonunique(struct avtab * h, struct avtab_key * key, struct avtab_datum * datum) +avtab_insert_nonunique(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum) { int hvalue; struct avtab_node *prev, *cur, *newnode; @@ -326,7 +326,7 @@ static uint16_t spec_order[] = { }; int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, - int (*insertf)(struct avtab *a, struct avtab_key *k, + int (*insertf)(struct avtab *a, struct avtab_key *k, struct avtab_datum *d, void *p), void *p) { @@ -398,7 +398,8 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, key.specified = spec_order[i] | enabled; datum.data = le32_to_cpu(buf32[items++]); rc = insertf(a, &key, &datum, p); - if (rc) return rc; + if (rc) + return rc; } } @@ -513,5 +514,5 @@ void avtab_cache_init(void) void avtab_cache_destroy(void) { - kmem_cache_destroy (avtab_node_cachep); + kmem_cache_destroy(avtab_node_cachep); } -- cgit v1.1 From 7c2b240ef2ae05a0081b4004176fd5838cecc4f6 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 18 Apr 2008 17:38:29 -0400 Subject: SELinux: conditional.c whitespace, syntax, and static declaraction cleanups This patch changes conditional.c to fix whitespace and syntax issues. Things that are fixed may include (does not not have to include) whitespace at end of lines spaces followed by tabs spaces used instead of tabs spacing around parenthesis locateion of { around struct and else clauses location of * in pointer declarations removal of initialization of static data to keep it in the right section useless {} in if statemetns useless checking for NULL before kfree fixing of the indentation depth of switch statements and any number of other things I forgot to mention Signed-off-by: Eric Paris Signed-off-by: James Morris --- security/selinux/ss/conditional.c | 59 +++++++++++++++++---------------------- 1 file changed, 26 insertions(+), 33 deletions(-) (limited to 'security/selinux/ss') diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index a996cf1..5691af4 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c @@ -1,9 +1,9 @@ /* Authors: Karl MacMillan - * Frank Mayer + * Frank Mayer * * Copyright (C) 2003 - 2004 Tresys Technology, LLC * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by + * it under the terms of the GNU General Public License as published by * the Free Software Foundation, version 2. */ @@ -90,7 +90,7 @@ static int cond_evaluate_expr(struct policydb *p, struct cond_expr *expr) int evaluate_cond_node(struct policydb *p, struct cond_node *node) { int new_state; - struct cond_av_list* cur; + struct cond_av_list *cur; new_state = cond_evaluate_expr(p, node->expr); if (new_state != node->cur_state) { @@ -99,20 +99,18 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node) printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n"); /* turn the rules on or off */ for (cur = node->true_list; cur != NULL; cur = cur->next) { - if (new_state <= 0) { + if (new_state <= 0) cur->node->key.specified &= ~AVTAB_ENABLED; - } else { + else cur->node->key.specified |= AVTAB_ENABLED; - } } for (cur = node->false_list; cur != NULL; cur = cur->next) { /* -1 or 1 */ - if (new_state) { + if (new_state) cur->node->key.specified &= ~AVTAB_ENABLED; - } else { + else cur->node->key.specified |= AVTAB_ENABLED; - } } } return 0; @@ -174,8 +172,8 @@ void cond_policydb_destroy(struct policydb *p) int cond_init_bool_indexes(struct policydb *p) { kfree(p->bool_val_to_struct); - p->bool_val_to_struct = (struct cond_bool_datum**) - kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum*), GFP_KERNEL); + p->bool_val_to_struct = (struct cond_bool_datum **) + kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum *), GFP_KERNEL); if (!p->bool_val_to_struct) return -1; return 0; @@ -200,7 +198,7 @@ int cond_index_bool(void *key, void *datum, void *datap) return -EINVAL; p->p_bool_val_to_name[booldatum->value - 1] = key; - p->bool_val_to_struct[booldatum->value -1] = booldatum; + p->bool_val_to_struct[booldatum->value - 1] = booldatum; return 0; } @@ -252,8 +250,7 @@ err: return -1; } -struct cond_insertf_data -{ +struct cond_insertf_data { struct policydb *p; struct cond_av_list *other; struct cond_av_list *head; @@ -353,9 +350,8 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list * return -1; len = le32_to_cpu(buf[0]); - if (len == 0) { + if (len == 0) return 0; - } data.p = p; data.other = other; @@ -408,15 +404,14 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp) /* expr */ len = le32_to_cpu(buf[0]); - for (i = 0; i < len; i++ ) { + for (i = 0; i < len; i++) { rc = next_entry(buf, fp, sizeof(u32) * 2); if (rc < 0) goto err; expr = kzalloc(sizeof(struct cond_expr), GFP_KERNEL); - if (!expr) { + if (!expr) goto err; - } expr->expr_type = le32_to_cpu(buf[0]); expr->bool = le32_to_cpu(buf[1]); @@ -426,11 +421,10 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp) goto err; } - if (i == 0) { + if (i == 0) node->expr = expr; - } else { + else last->next = expr; - } last = expr; } @@ -469,11 +463,10 @@ int cond_read_list(struct policydb *p, void *fp) if (cond_read_node(p, node, fp) != 0) goto err; - if (i == 0) { + if (i == 0) p->cond_list = node; - } else { + else last->next = node; - } last = node; } return 0; @@ -490,24 +483,24 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decisi { struct avtab_node *node; - if(!ctab || !key || !avd) + if (!ctab || !key || !avd) return; - for(node = avtab_search_node(ctab, key); node != NULL; + for (node = avtab_search_node(ctab, key); node != NULL; node = avtab_search_node_next(node, key->specified)) { - if ( (u16) (AVTAB_ALLOWED|AVTAB_ENABLED) == - (node->key.specified & (AVTAB_ALLOWED|AVTAB_ENABLED))) + if ((u16)(AVTAB_ALLOWED|AVTAB_ENABLED) == + (node->key.specified & (AVTAB_ALLOWED|AVTAB_ENABLED))) avd->allowed |= node->datum.data; - if ( (u16) (AVTAB_AUDITDENY|AVTAB_ENABLED) == - (node->key.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED))) + if ((u16)(AVTAB_AUDITDENY|AVTAB_ENABLED) == + (node->key.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED))) /* Since a '0' in an auditdeny mask represents a * permission we do NOT want to audit (dontaudit), we use * the '&' operand to ensure that all '0's in the mask * are retained (much unlike the allow and auditallow cases). */ avd->auditdeny &= node->datum.data; - if ( (u16) (AVTAB_AUDITALLOW|AVTAB_ENABLED) == - (node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED))) + if ((u16)(AVTAB_AUDITALLOW|AVTAB_ENABLED) == + (node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED))) avd->auditallow |= node->datum.data; } return; -- cgit v1.1 From 7696ee80ac037959fc708156255d1bfec1f9ad70 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 18 Apr 2008 17:38:30 -0400 Subject: SELinux: ebitmap.c whitespace, syntax, and static declaraction cleanups This patch changes ebitmap.c to fix whitespace and syntax issues. Things that are fixed may include (does not not have to include) whitespace at end of lines spaces followed by tabs spaces used instead of tabs spacing around parenthesis locateion of { around struct and else clauses location of * in pointer declarations removal of initialization of static data to keep it in the right section useless {} in if statemetns useless checking for NULL before kfree fixing of the indentation depth of switch statements and any number of other things I forgot to mention Signed-off-by: Eric Paris Signed-off-by: James Morris --- security/selinux/ss/ebitmap.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'security/selinux/ss') diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c index e499af4..ddc2754 100644 --- a/security/selinux/ss/ebitmap.c +++ b/security/selinux/ss/ebitmap.c @@ -411,11 +411,10 @@ int ebitmap_read(struct ebitmap *e, void *fp) } /* round down */ tmp->startbit = startbit - (startbit % EBITMAP_SIZE); - if (n) { + if (n) n->next = tmp; - } else { + else e->node = tmp; - } n = tmp; } else if (startbit <= n->startbit) { printk(KERN_ERR "SELinux: ebitmap: start bit %d" -- cgit v1.1 From 719a2f8e5f7b07a3be0d59fdc6edeb8120653918 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 18 Apr 2008 17:38:31 -0400 Subject: SELinux: hashtab.c whitespace, syntax, and static declaraction cleanups This patch changes hashtab.c to fix whitespace and syntax issues. Things that are fixed may include (does not not have to include) whitespace at end of lines spaces followed by tabs spaces used instead of tabs spacing around parenthesis locateion of { around struct and else clauses location of * in pointer declarations removal of initialization of static data to keep it in the right section useless {} in if statemetns useless checking for NULL before kfree fixing of the indentation depth of switch statements and any number of other things I forgot to mention Signed-off-by: Eric Paris Signed-off-by: James Morris --- security/selinux/ss/hashtab.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'security/selinux/ss') diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c index 77b530c..2e7788e 100644 --- a/security/selinux/ss/hashtab.c +++ b/security/selinux/ss/hashtab.c @@ -9,8 +9,8 @@ #include "hashtab.h" struct hashtab *hashtab_create(u32 (*hash_value)(struct hashtab *h, const void *key), - int (*keycmp)(struct hashtab *h, const void *key1, const void *key2), - u32 size) + int (*keycmp)(struct hashtab *h, const void *key1, const void *key2), + u32 size) { struct hashtab *p; u32 i; -- cgit v1.1 From 1a5e6f8729266154f34c84d25bb83942f99ba002 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 18 Apr 2008 17:38:32 -0400 Subject: SELinux: mls.c whitespace, syntax, and static declaraction cleanups This patch changes mls.c to fix whitespace and syntax issues. Things that are fixed may include (does not not have to include) whitespace at end of lines spaces followed by tabs spaces used instead of tabs spacing around parenthesis locateion of { around struct and else clauses location of * in pointer declarations removal of initialization of static data to keep it in the right section useless {} in if statemetns useless checking for NULL before kfree fixing of the indentation depth of switch statements and any number of other things I forgot to mention Signed-off-by: Eric Paris Signed-off-by: James Morris --- security/selinux/ss/mls.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) (limited to 'security/selinux/ss') diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index feaf0a5..8b1706b 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c @@ -32,7 +32,7 @@ * Return the length in bytes for the MLS fields of the * security context string representation of `context'. */ -int mls_compute_context_len(struct context * context) +int mls_compute_context_len(struct context *context) { int i, l, len, head, prev; char *nm; @@ -86,7 +86,7 @@ int mls_compute_context_len(struct context * context) * Update `*scontext' to point to the end of the MLS fields. */ void mls_sid_to_context(struct context *context, - char **scontext) + char **scontext) { char *scontextp, *nm; int i, l, head, prev; @@ -146,7 +146,7 @@ void mls_sid_to_context(struct context *context, if (l == 0) { if (mls_level_eq(&context->range.level[0], - &context->range.level[1])) + &context->range.level[1])) break; else *scontextp++ = '-'; @@ -305,20 +305,21 @@ int mls_context_to_sid(char oldc, *p++ = 0; /* Separate into range if exists */ - if ((rngptr = strchr(scontextp, '.')) != NULL) { + rngptr = strchr(scontextp, '.'); + if (rngptr != NULL) { /* Remove '.' */ *rngptr++ = 0; } catdatum = hashtab_search(policydb.p_cats.table, - scontextp); + scontextp); if (!catdatum) { rc = -EINVAL; goto out; } rc = ebitmap_set_bit(&context->range.level[l].cat, - catdatum->value - 1, 1); + catdatum->value - 1, 1); if (rc) goto out; @@ -395,7 +396,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask) rc = -ENOMEM; } else { rc = mls_context_to_sid(':', &tmpstr, context, - NULL, SECSID_NULL); + NULL, SECSID_NULL); kfree(freestr); } @@ -406,7 +407,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask) * Copies the MLS range `range' into `context'. */ static inline int mls_range_set(struct context *context, - struct mls_range *range) + struct mls_range *range) { int l, rc = 0; @@ -423,7 +424,7 @@ static inline int mls_range_set(struct context *context, } int mls_setup_user_range(struct context *fromcon, struct user_datum *user, - struct context *usercon) + struct context *usercon) { if (selinux_mls_enabled) { struct mls_level *fromcon_sen = &(fromcon->range.level[0]); @@ -449,11 +450,11 @@ int mls_setup_user_range(struct context *fromcon, struct user_datum *user, that of the user's default clearance (but only if the "fromcon" clearance dominates the user's computed sensitivity level) */ - if (mls_level_dom(user_clr, fromcon_clr)) { + if (mls_level_dom(user_clr, fromcon_clr)) *usercon_clr = *fromcon_clr; - } else if (mls_level_dom(fromcon_clr, user_clr)) { + else if (mls_level_dom(fromcon_clr, user_clr)) *usercon_clr = *user_clr; - } else + else return -EINVAL; } @@ -525,7 +526,7 @@ int mls_compute_sid(struct context *scontext, rtr->target_class == tclass) { /* Set the range from the rule */ return mls_range_set(newcontext, - &rtr->target_range); + &rtr->target_range); } } /* Fallthrough */ -- cgit v1.1 From 5d55a345c09ef1708bd341395792931a66306ba6 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 18 Apr 2008 17:38:33 -0400 Subject: SELinux: services.c whitespace, syntax, and static declaraction cleanups This patch changes services.c to fix whitespace and syntax issues. Things that are fixed may include (does not not have to include) whitespace at end of lines spaces followed by tabs spaces used instead of tabs spacing around parenthesis locateion of { around struct and else clauses location of * in pointer declarations removal of initialization of static data to keep it in the right section useless {} in if statemetns useless checking for NULL before kfree fixing of the indentation depth of switch statements and any number of other things I forgot to mention Signed-off-by: Eric Paris Signed-off-by: James Morris --- security/selinux/ss/services.c | 115 ++++++++++++++++++++--------------------- 1 file changed, 55 insertions(+), 60 deletions(-) (limited to 'security/selinux/ss') diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index b341b8f..fc3dfca 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -2,7 +2,7 @@ * Implementation of the security services. * * Authors : Stephen Smalley, - * James Morris + * James Morris * * Updated: Trusted Computer Solutions, Inc. * @@ -11,7 +11,7 @@ * * Updated: Frank Mayer and Karl MacMillan * - * Added conditional policy language extensions + * Added conditional policy language extensions * * Updated: Hewlett-Packard * @@ -27,7 +27,7 @@ * Copyright (C) 2003 - 2004, 2006 Tresys Technology, LLC * Copyright (C) 2003 Red Hat, Inc., James Morris * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by + * it under the terms of the GNU General Public License as published by * the Free Software Foundation, version 2. */ #include @@ -82,7 +82,7 @@ static DEFINE_MUTEX(load_mutex); static struct sidtab sidtab; struct policydb policydb; -int ss_initialized = 0; +int ss_initialized; /* * The largest sequence number that has been used when @@ -90,7 +90,7 @@ int ss_initialized = 0; * The sequence number only changes when a policy change * occurs. */ -static u32 latest_granting = 0; +static u32 latest_granting; /* Forward declaration. */ static int context_struct_to_string(struct context *context, char **scontext, @@ -163,10 +163,10 @@ static int constraint_expr_eval(struct context *scontext, val1 - 1); continue; case CEXPR_INCOMP: - s[++sp] = ( !ebitmap_get_bit(&r1->dominates, - val2 - 1) && - !ebitmap_get_bit(&r2->dominates, - val1 - 1) ); + s[++sp] = (!ebitmap_get_bit(&r1->dominates, + val2 - 1) && + !ebitmap_get_bit(&r2->dominates, + val1 - 1)); continue; default: break; @@ -409,7 +409,7 @@ static int context_struct_compute_av(struct context *scontext, } if (!ra) avd->allowed = (avd->allowed) & ~(PROCESS__TRANSITION | - PROCESS__DYNTRANSITION); + PROCESS__DYNTRANSITION); } return 0; @@ -445,9 +445,9 @@ int security_permissive_sid(u32 sid) } static int security_validtrans_handle_fail(struct context *ocontext, - struct context *ncontext, - struct context *tcontext, - u16 tclass) + struct context *ncontext, + struct context *tcontext, + u16 tclass) { char *o = NULL, *n = NULL, *t = NULL; u32 olen, nlen, tlen; @@ -459,9 +459,9 @@ static int security_validtrans_handle_fail(struct context *ocontext, if (context_struct_to_string(tcontext, &t, &tlen) < 0) goto out; audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR, - "security_validate_transition: denied for" - " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s", - o, n, t, policydb.p_class_val_to_name[tclass-1]); + "security_validate_transition: denied for" + " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s", + o, n, t, policydb.p_class_val_to_name[tclass-1]); out: kfree(o); kfree(n); @@ -473,7 +473,7 @@ out: } int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, - u16 tclass) + u16 tclass) { struct context *ocontext; struct context *ncontext; @@ -533,9 +533,9 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, constraint = tclass_datum->validatetrans; while (constraint) { if (!constraint_expr_eval(ocontext, ncontext, tcontext, - constraint->expr)) { + constraint->expr)) { rc = security_validtrans_handle_fail(ocontext, ncontext, - tcontext, tclass); + tcontext, tclass); goto out; } constraint = constraint->next; @@ -623,9 +623,8 @@ static int context_struct_to_string(struct context *context, char **scontext, u3 /* Allocate space for the context; caller must free this space. */ scontextp = kmalloc(*scontext_len, GFP_ATOMIC); - if (!scontextp) { + if (!scontextp) return -ENOMEM; - } *scontext = scontextp; /* @@ -636,8 +635,8 @@ static int context_struct_to_string(struct context *context, char **scontext, u3 policydb.p_role_val_to_name[context->role - 1], policydb.p_type_val_to_name[context->type - 1]); scontextp += strlen(policydb.p_user_val_to_name[context->user - 1]) + - 1 + strlen(policydb.p_role_val_to_name[context->role - 1]) + - 1 + strlen(policydb.p_type_val_to_name[context->type - 1]); + 1 + strlen(policydb.p_role_val_to_name[context->role - 1]) + + 1 + strlen(policydb.p_type_val_to_name[context->type - 1]); mls_sid_to_context(context, &scontextp); @@ -678,7 +677,7 @@ int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len) char *scontextp; *scontext_len = strlen(initial_sid_to_string[sid]) + 1; - scontextp = kmalloc(*scontext_len,GFP_ATOMIC); + scontextp = kmalloc(*scontext_len, GFP_ATOMIC); if (!scontextp) { rc = -ENOMEM; goto out; @@ -974,7 +973,7 @@ static int security_compute_sid(u32 ssid, avdatum = avtab_search(&policydb.te_avtab, &avkey); /* If no permanent rule, also check for enabled conditional rules */ - if(!avdatum) { + if (!avdatum) { node = avtab_search_node(&policydb.te_cond_avtab, &avkey); for (; node != NULL; node = avtab_search_node_next(node, specified)) { if (node->key.specified & AVTAB_ENABLED) { @@ -1288,26 +1287,23 @@ static int convert_context(u32 key, /* Convert the user. */ usrdatum = hashtab_search(args->newp->p_users.table, - args->oldp->p_user_val_to_name[c->user - 1]); - if (!usrdatum) { + args->oldp->p_user_val_to_name[c->user - 1]); + if (!usrdatum) goto bad; - } c->user = usrdatum->value; /* Convert the role. */ role = hashtab_search(args->newp->p_roles.table, - args->oldp->p_role_val_to_name[c->role - 1]); - if (!role) { + args->oldp->p_role_val_to_name[c->role - 1]); + if (!role) goto bad; - } c->role = role->value; /* Convert the type. */ typdatum = hashtab_search(args->newp->p_types.table, - args->oldp->p_type_val_to_name[c->type - 1]); - if (!typdatum) { + args->oldp->p_type_val_to_name[c->type - 1]); + if (!typdatum) goto bad; - } c->type = typdatum->value; rc = mls_convert_context(args->oldp, args->newp, c); @@ -1556,8 +1552,8 @@ static int match_ipv6_addrmask(u32 *input, u32 *addr, u32 *mask) { int i, fail = 0; - for(i = 0; i < 4; i++) - if(addr[i] != (input[i] & mask[i])) { + for (i = 0; i < 4; i++) + if (addr[i] != (input[i] & mask[i])) { fail = 1; break; } @@ -1656,7 +1652,7 @@ out: */ int security_get_user_sids(u32 fromsid, - char *username, + char *username, u32 **sids, u32 *nel) { @@ -1766,7 +1762,7 @@ out: * transition SIDs or task SIDs. */ int security_genfs_sid(const char *fstype, - char *path, + char *path, u16 sclass, u32 *sid) { @@ -1881,7 +1877,7 @@ int security_get_bools(int *len, char ***names, int **values) goto out; } - *names = kcalloc(*len, sizeof(char*), GFP_ATOMIC); + *names = kcalloc(*len, sizeof(char *), GFP_ATOMIC); if (!*names) goto err; @@ -1893,7 +1889,7 @@ int security_get_bools(int *len, char ***names, int **values) size_t name_len; (*values)[i] = policydb.bool_val_to_struct[i]->state; name_len = strlen(policydb.p_bool_val_to_name[i]) + 1; - (*names)[i] = kmalloc(sizeof(char) * name_len, GFP_ATOMIC); + (*names)[i] = kmalloc(sizeof(char) * name_len, GFP_ATOMIC); if (!(*names)[i]) goto err; strncpy((*names)[i], policydb.p_bool_val_to_name[i], name_len); @@ -1938,11 +1934,10 @@ int security_set_bools(int len, int *values) audit_get_loginuid(current), audit_get_sessionid(current)); } - if (values[i]) { + if (values[i]) policydb.bool_val_to_struct[i]->state = 1; - } else { + else policydb.bool_val_to_struct[i]->state = 0; - } } for (cur = policydb.cond_list; cur != NULL; cur = cur->next) { @@ -2435,7 +2430,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, if (!rule) { audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR, - "selinux_audit_rule_match: missing rule\n"); + "selinux_audit_rule_match: missing rule\n"); return -ENOENT; } @@ -2443,7 +2438,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, if (rule->au_seqno < latest_granting) { audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR, - "selinux_audit_rule_match: stale rule\n"); + "selinux_audit_rule_match: stale rule\n"); match = -ESTALE; goto out; } @@ -2451,8 +2446,8 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, ctxt = sidtab_search(&sidtab, sid); if (!ctxt) { audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR, - "selinux_audit_rule_match: unrecognized SID %d\n", - sid); + "selinux_audit_rule_match: unrecognized SID %d\n", + sid); match = -ENOENT; goto out; } @@ -2498,36 +2493,36 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, case AUDIT_OBJ_LEV_LOW: case AUDIT_OBJ_LEV_HIGH: level = ((field == AUDIT_SUBJ_SEN || - field == AUDIT_OBJ_LEV_LOW) ? - &ctxt->range.level[0] : &ctxt->range.level[1]); + field == AUDIT_OBJ_LEV_LOW) ? + &ctxt->range.level[0] : &ctxt->range.level[1]); switch (op) { case AUDIT_EQUAL: match = mls_level_eq(&rule->au_ctxt.range.level[0], - level); + level); break; case AUDIT_NOT_EQUAL: match = !mls_level_eq(&rule->au_ctxt.range.level[0], - level); + level); break; case AUDIT_LESS_THAN: match = (mls_level_dom(&rule->au_ctxt.range.level[0], - level) && - !mls_level_eq(&rule->au_ctxt.range.level[0], - level)); + level) && + !mls_level_eq(&rule->au_ctxt.range.level[0], + level)); break; case AUDIT_LESS_THAN_OR_EQUAL: match = mls_level_dom(&rule->au_ctxt.range.level[0], - level); + level); break; case AUDIT_GREATER_THAN: match = (mls_level_dom(level, - &rule->au_ctxt.range.level[0]) && - !mls_level_eq(level, - &rule->au_ctxt.range.level[0])); + &rule->au_ctxt.range.level[0]) && + !mls_level_eq(level, + &rule->au_ctxt.range.level[0])); break; case AUDIT_GREATER_THAN_OR_EQUAL: match = mls_level_dom(level, - &rule->au_ctxt.range.level[0]); + &rule->au_ctxt.range.level[0]); break; } } @@ -2554,7 +2549,7 @@ static int __init aurule_init(void) int err; err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET, - SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0); + SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0); if (err) panic("avc_add_callback() failed, error %d\n", err); -- cgit v1.1 From 11670889380b144adfa5a91dc184c8f6300c4b28 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 18 Apr 2008 17:38:34 -0400 Subject: SELinux: sidtab.c whitespace, syntax, and static declaraction cleanups This patch changes sidtab.c to fix whitespace and syntax issues. Things that are fixed may include (does not not have to include) whitespace at end of lines spaces followed by tabs spaces used instead of tabs spacing around parenthesis locateion of { around struct and else clauses location of * in pointer declarations removal of initialization of static data to keep it in the right section useless {} in if statemetns useless checking for NULL before kfree fixing of the indentation depth of switch statements and any number of other things I forgot to mention Signed-off-by: Eric Paris Signed-off-by: James Morris --- security/selinux/ss/sidtab.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'security/selinux/ss') diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c index 53a54a7..4a516ff 100644 --- a/security/selinux/ss/sidtab.c +++ b/security/selinux/ss/sidtab.c @@ -156,12 +156,10 @@ void sidtab_map_remove_on_error(struct sidtab *s, while (cur != NULL) { ret = apply(cur->sid, &cur->context, args); if (ret) { - if (last) { + if (last) last->next = cur->next; - } else { + else s->htable[i] = cur->next; - } - temp = cur; cur = cur->next; context_destroy(&temp->context); -- cgit v1.1 From 744ba35e455b0d5cf4f85208a8ca0edcc9976b95 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Thu, 17 Apr 2008 11:52:44 -0400 Subject: SELinux: clean up printks Make sure all printk start with KERN_* Make sure all printk end with \n Make sure all printk have the word 'selinux' in them Change "function name" to "%s", __func__ (found 2 wrong) Signed-off-by: Eric Paris Signed-off-by: James Morris --- security/selinux/ss/avtab.c | 27 ++++++++--------- security/selinux/ss/conditional.c | 14 ++++----- security/selinux/ss/policydb.c | 17 ++++++----- security/selinux/ss/services.c | 63 +++++++++++++++++++-------------------- 4 files changed, 60 insertions(+), 61 deletions(-) (limited to 'security/selinux/ss') diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index a617530..9e66263 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c @@ -310,8 +310,8 @@ void avtab_hash_eval(struct avtab *h, char *tag) } } - printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, longest " - "chain length %d sum of chain length^2 %Lu\n", + printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, " + "longest chain length %d sum of chain length^2 %Lu\n", tag, h->nel, slots_used, h->nslot, max_chain_len, chain2_len_sum); } @@ -364,19 +364,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, val = le32_to_cpu(buf32[items++]); key.source_type = (u16)val; if (key.source_type != val) { - printk("SELinux: avtab: truncated source type\n"); + printk(KERN_ERR "SELinux: avtab: truncated source type\n"); return -1; } val = le32_to_cpu(buf32[items++]); key.target_type = (u16)val; if (key.target_type != val) { - printk("SELinux: avtab: truncated target type\n"); + printk(KERN_ERR "SELinux: avtab: truncated target type\n"); return -1; } val = le32_to_cpu(buf32[items++]); key.target_class = (u16)val; if (key.target_class != val) { - printk("SELinux: avtab: truncated target class\n"); + printk(KERN_ERR "SELinux: avtab: truncated target class\n"); return -1; } @@ -384,12 +384,12 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0; if (!(val & (AVTAB_AV | AVTAB_TYPE))) { - printk("SELinux: avtab: null entry\n"); + printk(KERN_ERR "SELinux: avtab: null entry\n"); return -1; } if ((val & AVTAB_AV) && (val & AVTAB_TYPE)) { - printk("SELinux: avtab: entry has both access vectors and types\n"); + printk(KERN_ERR "SELinux: avtab: entry has both access vectors and types\n"); return -1; } @@ -404,7 +404,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, } if (items != items2) { - printk("SELinux: avtab: entry only had %d items, expected %d\n", items2, items); + printk(KERN_ERR "SELinux: avtab: entry only had %d items, expected %d\n", items2, items); return -1; } return 0; @@ -412,7 +412,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, rc = next_entry(buf16, fp, sizeof(u16)*4); if (rc < 0) { - printk("SELinux: avtab: truncated entry\n"); + printk(KERN_ERR "SELinux: avtab: truncated entry\n"); return -1; } @@ -425,7 +425,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, if (!policydb_type_isvalid(pol, key.source_type) || !policydb_type_isvalid(pol, key.target_type) || !policydb_class_isvalid(pol, key.target_class)) { - printk(KERN_WARNING "SELinux: avtab: invalid type or class\n"); + printk(KERN_ERR "SELinux: avtab: invalid type or class\n"); return -1; } @@ -435,20 +435,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, set++; } if (!set || set > 1) { - printk(KERN_WARNING - "SELinux: avtab: more than one specifier\n"); + printk(KERN_ERR "SELinux: avtab: more than one specifier\n"); return -1; } rc = next_entry(buf32, fp, sizeof(u32)); if (rc < 0) { - printk("SELinux: avtab: truncated entry\n"); + printk(KERN_ERR "SELinux: avtab: truncated entry\n"); return -1; } datum.data = le32_to_cpu(*buf32); if ((key.specified & AVTAB_TYPE) && !policydb_type_isvalid(pol, datum.data)) { - printk(KERN_WARNING "SELinux: avtab: invalid type\n"); + printk(KERN_ERR "SELinux: avtab: invalid type\n"); return -1; } return insertf(a, &key, &datum, p); diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index 5691af4..3a464c7 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c @@ -273,7 +273,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum */ if (k->specified & AVTAB_TYPE) { if (avtab_search(&p->te_avtab, k)) { - printk("SELinux: type rule already exists outside of a conditional."); + printk(KERN_ERR "SELinux: type rule already exists outside of a conditional.\n"); goto err; } /* @@ -288,7 +288,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum node_ptr = avtab_search_node(&p->te_cond_avtab, k); if (node_ptr) { if (avtab_search_node_next(node_ptr, k->specified)) { - printk("SELinux: too many conflicting type rules."); + printk(KERN_ERR "SELinux: too many conflicting type rules.\n"); goto err; } found = 0; @@ -299,13 +299,13 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum } } if (!found) { - printk("SELinux: conflicting type rules.\n"); + printk(KERN_ERR "SELinux: conflicting type rules.\n"); goto err; } } } else { if (avtab_search(&p->te_cond_avtab, k)) { - printk("SELinux: conflicting type rules when adding type rule for true.\n"); + printk(KERN_ERR "SELinux: conflicting type rules when adding type rule for true.\n"); goto err; } } @@ -313,7 +313,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d); if (!node_ptr) { - printk("SELinux: could not insert rule."); + printk(KERN_ERR "SELinux: could not insert rule.\n"); goto err; } @@ -372,12 +372,12 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list * static int expr_isvalid(struct policydb *p, struct cond_expr *expr) { if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) { - printk("SELinux: conditional expressions uses unknown operator.\n"); + printk(KERN_ERR "SELinux: conditional expressions uses unknown operator.\n"); return 0; } if (expr->bool > p->p_bools.nprim) { - printk("SELinux: conditional expressions uses unknown bool.\n"); + printk(KERN_ERR "SELinux: conditional expressions uses unknown bool.\n"); return 0; } return 1; diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 6bdb0ff..891c2d0 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -390,7 +390,7 @@ static void symtab_hash_eval(struct symtab *s) struct hashtab_info info; hashtab_stat(h, &info); - printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, " + printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, " "longest chain length %d\n", symtab_name[i], h->nel, info.slots_used, h->size, info.max_chain_len); } @@ -1215,7 +1215,7 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp) if (strcmp(key, OBJECT_R) == 0) { if (role->value != OBJECT_R_VAL) { - printk(KERN_ERR "Role %s has wrong value %d\n", + printk(KERN_ERR "SELinux: Role %s has wrong value %d\n", OBJECT_R, role->value); rc = -EINVAL; goto bad; @@ -1551,22 +1551,23 @@ int policydb_read(struct policydb *p, void *fp) if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { if (ss_initialized && !selinux_mls_enabled) { - printk(KERN_ERR "Cannot switch between non-MLS and MLS " - "policies\n"); + printk(KERN_ERR "SELinux: Cannot switch between non-MLS" + " and MLS policies\n"); goto bad; } selinux_mls_enabled = 1; config |= POLICYDB_CONFIG_MLS; if (p->policyvers < POLICYDB_VERSION_MLS) { - printk(KERN_ERR "security policydb version %d (MLS) " - "not backwards compatible\n", p->policyvers); + printk(KERN_ERR "SELinux: security policydb version %d " + "(MLS) not backwards compatible\n", + p->policyvers); goto bad; } } else { if (ss_initialized && selinux_mls_enabled) { - printk(KERN_ERR "Cannot switch between MLS and non-MLS " - "policies\n"); + printk(KERN_ERR "SELinux: Cannot switch between MLS and" + " non-MLS policies\n"); goto bad; } } diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index fc3dfca..2daaddb 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -415,7 +415,8 @@ static int context_struct_compute_av(struct context *scontext, return 0; inval_class: - printk(KERN_ERR "%s: unrecognized class %d\n", __func__, tclass); + printk(KERN_ERR "SELinux: %s: unrecognized class %d\n", __func__, + tclass); return -EINVAL; } @@ -499,8 +500,8 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, tclass = SECCLASS_NETLINK_SOCKET; if (!tclass || tclass > policydb.p_classes.nprim) { - printk(KERN_ERR "security_validate_transition: " - "unrecognized class %d\n", tclass); + printk(KERN_ERR "SELinux: %s: unrecognized class %d\n", + __func__, tclass); rc = -EINVAL; goto out; } @@ -508,24 +509,24 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, ocontext = sidtab_search(&sidtab, oldsid); if (!ocontext) { - printk(KERN_ERR "security_validate_transition: " - " unrecognized SID %d\n", oldsid); + printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", + __func__, oldsid); rc = -EINVAL; goto out; } ncontext = sidtab_search(&sidtab, newsid); if (!ncontext) { - printk(KERN_ERR "security_validate_transition: " - " unrecognized SID %d\n", newsid); + printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", + __func__, newsid); rc = -EINVAL; goto out; } tcontext = sidtab_search(&sidtab, tasksid); if (!tcontext) { - printk(KERN_ERR "security_validate_transition: " - " unrecognized SID %d\n", tasksid); + printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", + __func__, tasksid); rc = -EINVAL; goto out; } @@ -581,15 +582,15 @@ int security_compute_av(u32 ssid, scontext = sidtab_search(&sidtab, ssid); if (!scontext) { - printk(KERN_ERR "security_compute_av: unrecognized SID %d\n", - ssid); + printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", + __func__, ssid); rc = -EINVAL; goto out; } tcontext = sidtab_search(&sidtab, tsid); if (!tcontext) { - printk(KERN_ERR "security_compute_av: unrecognized SID %d\n", - tsid); + printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", + __func__, tsid); rc = -EINVAL; goto out; } @@ -686,16 +687,16 @@ int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len) *scontext = scontextp; goto out; } - printk(KERN_ERR "security_sid_to_context: called before initial " - "load_policy on unknown SID %d\n", sid); + printk(KERN_ERR "SELinux: %s: called before initial " + "load_policy on unknown SID %d\n", __func__, sid); rc = -EINVAL; goto out; } POLICY_RDLOCK; context = sidtab_search(&sidtab, sid); if (!context) { - printk(KERN_ERR "security_sid_to_context: unrecognized SID " - "%d\n", sid); + printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", + __func__, sid); rc = -EINVAL; goto out_unlock; } @@ -925,15 +926,15 @@ static int security_compute_sid(u32 ssid, scontext = sidtab_search(&sidtab, ssid); if (!scontext) { - printk(KERN_ERR "security_compute_sid: unrecognized SID %d\n", - ssid); + printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", + __func__, ssid); rc = -EINVAL; goto out_unlock; } tcontext = sidtab_search(&sidtab, tsid); if (!tcontext) { - printk(KERN_ERR "security_compute_sid: unrecognized SID %d\n", - tsid); + printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", + __func__, tsid); rc = -EINVAL; goto out_unlock; } @@ -2031,16 +2032,16 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid) POLICY_RDLOCK; context1 = sidtab_search(&sidtab, sid); if (!context1) { - printk(KERN_ERR "security_sid_mls_copy: unrecognized SID " - "%d\n", sid); + printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", + __func__, sid); rc = -EINVAL; goto out_unlock; } context2 = sidtab_search(&sidtab, mls_sid); if (!context2) { - printk(KERN_ERR "security_sid_mls_copy: unrecognized SID " - "%d\n", mls_sid); + printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", + __func__, mls_sid); rc = -EINVAL; goto out_unlock; } @@ -2131,17 +2132,15 @@ int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type, nlbl_ctx = sidtab_search(&sidtab, nlbl_sid); if (!nlbl_ctx) { - printk(KERN_ERR - "security_sid_mls_cmp: unrecognized SID %d\n", - nlbl_sid); + printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", + __func__, nlbl_sid); rc = -EINVAL; goto out_slowpath; } xfrm_ctx = sidtab_search(&sidtab, xfrm_sid); if (!xfrm_ctx) { - printk(KERN_ERR - "security_sid_mls_cmp: unrecognized SID %d\n", - xfrm_sid); + printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", + __func__, xfrm_sid); rc = -EINVAL; goto out_slowpath; } @@ -2221,7 +2220,7 @@ int security_get_permissions(char *class, char ***perms, int *nperms) match = hashtab_search(policydb.p_classes.table, class); if (!match) { - printk(KERN_ERR "%s: unrecognized class %s\n", + printk(KERN_ERR "SELinux: %s: unrecognized class %s\n", __func__, class); rc = -EINVAL; goto out; -- cgit v1.1 From 2ced3dfd3148fd8e2170ff06d6f72fd9f2f7b639 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Thu, 17 Apr 2008 13:37:12 -0400 Subject: changing whitespace for fun and profit: policydb.c More formatting changes. Aside from the 80 character line limit even the checkpatch scripts like this file now. Too bad I don't get paid by the lines of code I change. Signed-off-by: Eric Paris Signed-off-by: James Morris --- security/selinux/ss/policydb.c | 131 ++++++++++++++++++++--------------------- 1 file changed, 63 insertions(+), 68 deletions(-) (limited to 'security/selinux/ss') diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 891c2d0..84f8cc7 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -11,7 +11,7 @@ * * Updated: Frank Mayer and Karl MacMillan * - * Added conditional policy language extensions + * Added conditional policy language extensions * * Updated: Hewlett-Packard * @@ -21,7 +21,7 @@ * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. * Copyright (C) 2003 - 2004 Tresys Technology, LLC * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by + * it under the terms of the GNU General Public License as published by * the Free Software Foundation, version 2. */ @@ -51,7 +51,7 @@ static char *symtab_name[SYM_NUM] = { }; #endif -int selinux_mls_enabled = 0; +int selinux_mls_enabled; static unsigned int symtab_sizes[SYM_NUM] = { 2, @@ -73,39 +73,39 @@ struct policydb_compat_info { /* These need to be updated if SYM_NUM or OCON_NUM changes */ static struct policydb_compat_info policydb_compat[] = { { - .version = POLICYDB_VERSION_BASE, - .sym_num = SYM_NUM - 3, - .ocon_num = OCON_NUM - 1, + .version = POLICYDB_VERSION_BASE, + .sym_num = SYM_NUM - 3, + .ocon_num = OCON_NUM - 1, }, { - .version = POLICYDB_VERSION_BOOL, - .sym_num = SYM_NUM - 2, - .ocon_num = OCON_NUM - 1, + .version = POLICYDB_VERSION_BOOL, + .sym_num = SYM_NUM - 2, + .ocon_num = OCON_NUM - 1, }, { - .version = POLICYDB_VERSION_IPV6, - .sym_num = SYM_NUM - 2, - .ocon_num = OCON_NUM, + .version = POLICYDB_VERSION_IPV6, + .sym_num = SYM_NUM - 2, + .ocon_num = OCON_NUM, }, { - .version = POLICYDB_VERSION_NLCLASS, - .sym_num = SYM_NUM - 2, - .ocon_num = OCON_NUM, + .version = POLICYDB_VERSION_NLCLASS, + .sym_num = SYM_NUM - 2, + .ocon_num = OCON_NUM, }, { - .version = POLICYDB_VERSION_MLS, - .sym_num = SYM_NUM, - .ocon_num = OCON_NUM, + .version = POLICYDB_VERSION_MLS, + .sym_num = SYM_NUM, + .ocon_num = OCON_NUM, }, { - .version = POLICYDB_VERSION_AVTAB, - .sym_num = SYM_NUM, - .ocon_num = OCON_NUM, + .version = POLICYDB_VERSION_AVTAB, + .sym_num = SYM_NUM, + .ocon_num = OCON_NUM, }, { - .version = POLICYDB_VERSION_RANGETRANS, - .sym_num = SYM_NUM, - .ocon_num = OCON_NUM, + .version = POLICYDB_VERSION_RANGETRANS, + .sym_num = SYM_NUM, + .ocon_num = OCON_NUM, }, { .version = POLICYDB_VERSION_POLCAP, @@ -152,7 +152,7 @@ static int roles_init(struct policydb *p) rc = -EINVAL; goto out_free_role; } - key = kmalloc(strlen(OBJECT_R)+1,GFP_KERNEL); + key = kmalloc(strlen(OBJECT_R)+1, GFP_KERNEL); if (!key) { rc = -ENOMEM; goto out_free_role; @@ -424,7 +424,7 @@ static int policydb_index_others(struct policydb *p) p->role_val_to_struct = kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)), - GFP_KERNEL); + GFP_KERNEL); if (!p->role_val_to_struct) { rc = -ENOMEM; goto out; @@ -432,7 +432,7 @@ static int policydb_index_others(struct policydb *p) p->user_val_to_struct = kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)), - GFP_KERNEL); + GFP_KERNEL); if (!p->user_val_to_struct) { rc = -ENOMEM; goto out; @@ -634,7 +634,7 @@ void policydb_destroy(struct policydb *p) while (c) { ctmp = c; c = c->next; - ocontext_destroy(ctmp,i); + ocontext_destroy(ctmp, i); } p->ocontexts[i] = NULL; } @@ -647,7 +647,7 @@ void policydb_destroy(struct policydb *p) while (c) { ctmp = c; c = c->next; - ocontext_destroy(ctmp,OCON_FSUSE); + ocontext_destroy(ctmp, OCON_FSUSE); } gtmp = g; g = g->next; @@ -664,14 +664,14 @@ void policydb_destroy(struct policydb *p) } kfree(ltr); - for (ra = p->role_allow; ra; ra = ra -> next) { + for (ra = p->role_allow; ra; ra = ra->next) { cond_resched(); kfree(lra); lra = ra; } kfree(lra); - for (rt = p->range_tr; rt; rt = rt -> next) { + for (rt = p->range_tr; rt; rt = rt->next) { cond_resched(); if (lrt) { ebitmap_destroy(&lrt->target_range.level[0].cat); @@ -924,7 +924,7 @@ static int perm_read(struct policydb *p, struct hashtab *h, void *fp) len = le32_to_cpu(buf[0]); perdatum->value = le32_to_cpu(buf[1]); - key = kmalloc(len + 1,GFP_KERNEL); + key = kmalloc(len + 1, GFP_KERNEL); if (!key) { rc = -ENOMEM; goto bad; @@ -971,7 +971,7 @@ static int common_read(struct policydb *p, struct hashtab *h, void *fp) comdatum->permissions.nprim = le32_to_cpu(buf[2]); nel = le32_to_cpu(buf[3]); - key = kmalloc(len + 1,GFP_KERNEL); + key = kmalloc(len + 1, GFP_KERNEL); if (!key) { rc = -ENOMEM; goto bad; @@ -998,7 +998,7 @@ bad: } static int read_cons_helper(struct constraint_node **nodep, int ncons, - int allowxtarget, void *fp) + int allowxtarget, void *fp) { struct constraint_node *c, *lc; struct constraint_expr *e, *le; @@ -1012,11 +1012,10 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons, if (!c) return -ENOMEM; - if (lc) { + if (lc) lc->next = c; - } else { + else *nodep = c; - } rc = next_entry(buf, fp, (sizeof(u32) * 2)); if (rc < 0) @@ -1030,11 +1029,10 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons, if (!e) return -ENOMEM; - if (le) { + if (le) le->next = e; - } else { + else c->expr = e; - } rc = next_entry(buf, fp, (sizeof(u32) * 3)); if (rc < 0) @@ -1111,7 +1109,7 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp) ncons = le32_to_cpu(buf[5]); - key = kmalloc(len + 1,GFP_KERNEL); + key = kmalloc(len + 1, GFP_KERNEL); if (!key) { rc = -ENOMEM; goto bad; @@ -1122,7 +1120,7 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp) key[len] = 0; if (len2) { - cladatum->comkey = kmalloc(len2 + 1,GFP_KERNEL); + cladatum->comkey = kmalloc(len2 + 1, GFP_KERNEL); if (!cladatum->comkey) { rc = -ENOMEM; goto bad; @@ -1195,7 +1193,7 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp) len = le32_to_cpu(buf[0]); role->value = le32_to_cpu(buf[1]); - key = kmalloc(len + 1,GFP_KERNEL); + key = kmalloc(len + 1, GFP_KERNEL); if (!key) { rc = -ENOMEM; goto bad; @@ -1242,7 +1240,7 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp) __le32 buf[3]; u32 len; - typdatum = kzalloc(sizeof(*typdatum),GFP_KERNEL); + typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL); if (!typdatum) { rc = -ENOMEM; return rc; @@ -1256,7 +1254,7 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp) typdatum->value = le32_to_cpu(buf[1]); typdatum->primary = le32_to_cpu(buf[2]); - key = kmalloc(len + 1,GFP_KERNEL); + key = kmalloc(len + 1, GFP_KERNEL); if (!key) { rc = -ENOMEM; goto bad; @@ -1328,7 +1326,7 @@ static int user_read(struct policydb *p, struct hashtab *h, void *fp) len = le32_to_cpu(buf[0]); usrdatum->value = le32_to_cpu(buf[1]); - key = kmalloc(len + 1,GFP_KERNEL); + key = kmalloc(len + 1, GFP_KERNEL); if (!key) { rc = -ENOMEM; goto bad; @@ -1382,7 +1380,7 @@ static int sens_read(struct policydb *p, struct hashtab *h, void *fp) len = le32_to_cpu(buf[0]); levdatum->isalias = le32_to_cpu(buf[1]); - key = kmalloc(len + 1,GFP_ATOMIC); + key = kmalloc(len + 1, GFP_ATOMIC); if (!key) { rc = -ENOMEM; goto bad; @@ -1434,7 +1432,7 @@ static int cat_read(struct policydb *p, struct hashtab *h, void *fp) catdatum->value = le32_to_cpu(buf[1]); catdatum->isalias = le32_to_cpu(buf[2]); - key = kmalloc(len + 1,GFP_ATOMIC); + key = kmalloc(len + 1, GFP_ATOMIC); if (!key) { rc = -ENOMEM; goto bad; @@ -1493,7 +1491,7 @@ int policydb_read(struct policydb *p, void *fp) goto out; /* Read the magic number and string length. */ - rc = next_entry(buf, fp, sizeof(u32)* 2); + rc = next_entry(buf, fp, sizeof(u32) * 2); if (rc < 0) goto bad; @@ -1511,7 +1509,7 @@ int policydb_read(struct policydb *p, void *fp) len, strlen(POLICYDB_STRING)); goto bad; } - policydb_str = kmalloc(len + 1,GFP_KERNEL); + policydb_str = kmalloc(len + 1, GFP_KERNEL); if (!policydb_str) { printk(KERN_ERR "SELinux: unable to allocate memory for policydb " "string of length %d\n", len); @@ -1544,9 +1542,9 @@ int policydb_read(struct policydb *p, void *fp) if (p->policyvers < POLICYDB_VERSION_MIN || p->policyvers > POLICYDB_VERSION_MAX) { printk(KERN_ERR "SELinux: policydb version %d does not match " - "my version range %d-%d\n", - le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); - goto bad; + "my version range %d-%d\n", + le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); + goto bad; } if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { @@ -1634,11 +1632,10 @@ int policydb_read(struct policydb *p, void *fp) rc = -ENOMEM; goto bad; } - if (ltr) { + if (ltr) ltr->next = tr; - } else { + else p->role_tr = tr; - } rc = next_entry(buf, fp, sizeof(u32)*3); if (rc < 0) goto bad; @@ -1665,11 +1662,10 @@ int policydb_read(struct policydb *p, void *fp) rc = -ENOMEM; goto bad; } - if (lra) { + if (lra) lra->next = ra; - } else { + else p->role_allow = ra; - } rc = next_entry(buf, fp, sizeof(u32)*2); if (rc < 0) goto bad; @@ -1703,11 +1699,10 @@ int policydb_read(struct policydb *p, void *fp) rc = -ENOMEM; goto bad; } - if (l) { + if (l) l->next = c; - } else { + else p->ocontexts[i] = c; - } l = c; rc = -EINVAL; switch (i) { @@ -1726,7 +1721,7 @@ int policydb_read(struct policydb *p, void *fp) if (rc < 0) goto bad; len = le32_to_cpu(buf[0]); - c->u.name = kmalloc(len + 1,GFP_KERNEL); + c->u.name = kmalloc(len + 1, GFP_KERNEL); if (!c->u.name) { rc = -ENOMEM; goto bad; @@ -1754,7 +1749,7 @@ int policydb_read(struct policydb *p, void *fp) goto bad; break; case OCON_NODE: - rc = next_entry(buf, fp, sizeof(u32)* 2); + rc = next_entry(buf, fp, sizeof(u32) * 2); if (rc < 0) goto bad; c->u.node.addr = le32_to_cpu(buf[0]); @@ -1771,7 +1766,7 @@ int policydb_read(struct policydb *p, void *fp) if (c->v.behavior > SECURITY_FS_USE_NONE) goto bad; len = le32_to_cpu(buf[1]); - c->u.name = kmalloc(len + 1,GFP_KERNEL); + c->u.name = kmalloc(len + 1, GFP_KERNEL); if (!c->u.name) { rc = -ENOMEM; goto bad; @@ -1819,7 +1814,7 @@ int policydb_read(struct policydb *p, void *fp) goto bad; } - newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL); + newgenfs->fstype = kmalloc(len + 1, GFP_KERNEL); if (!newgenfs->fstype) { rc = -ENOMEM; kfree(newgenfs); @@ -1865,7 +1860,7 @@ int policydb_read(struct policydb *p, void *fp) goto bad; } - newc->u.name = kmalloc(len + 1,GFP_KERNEL); + newc->u.name = kmalloc(len + 1, GFP_KERNEL); if (!newc->u.name) { rc = -ENOMEM; goto bad_newc; @@ -1969,7 +1964,7 @@ int policydb_read(struct policydb *p, void *fp) out: return rc; bad_newc: - ocontext_destroy(newc,OCON_FSUSE); + ocontext_destroy(newc, OCON_FSUSE); bad: if (!rc) rc = -EINVAL; -- cgit v1.1