mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-12 16:19:53 +00:00
SELinux: services.c whitespace, syntax, and static declaraction cleanups
This patch changes services.c to fix whitespace and syntax issues. Things that are fixed may include (does not not have to include) whitespace at end of lines spaces followed by tabs spaces used instead of tabs spacing around parenthesis locateion of { around struct and else clauses location of * in pointer declarations removal of initialization of static data to keep it in the right section useless {} in if statemetns useless checking for NULL before kfree fixing of the indentation depth of switch statements and any number of other things I forgot to mention Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
1a5e6f8729
commit
5d55a345c0
@ -2,7 +2,7 @@
|
||||
* Implementation of the security services.
|
||||
*
|
||||
* Authors : Stephen Smalley, <sds@epoch.ncsc.mil>
|
||||
* James Morris <jmorris@redhat.com>
|
||||
* James Morris <jmorris@redhat.com>
|
||||
*
|
||||
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
|
||||
*
|
||||
@ -11,7 +11,7 @@
|
||||
*
|
||||
* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
|
||||
*
|
||||
* Added conditional policy language extensions
|
||||
* Added conditional policy language extensions
|
||||
*
|
||||
* Updated: Hewlett-Packard <paul.moore@hp.com>
|
||||
*
|
||||
@ -27,7 +27,7 @@
|
||||
* Copyright (C) 2003 - 2004, 2006 Tresys Technology, LLC
|
||||
* Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, version 2.
|
||||
*/
|
||||
#include <linux/kernel.h>
|
||||
@ -82,7 +82,7 @@ static DEFINE_MUTEX(load_mutex);
|
||||
|
||||
static struct sidtab sidtab;
|
||||
struct policydb policydb;
|
||||
int ss_initialized = 0;
|
||||
int ss_initialized;
|
||||
|
||||
/*
|
||||
* The largest sequence number that has been used when
|
||||
@ -90,7 +90,7 @@ int ss_initialized = 0;
|
||||
* The sequence number only changes when a policy change
|
||||
* occurs.
|
||||
*/
|
||||
static u32 latest_granting = 0;
|
||||
static u32 latest_granting;
|
||||
|
||||
/* Forward declaration. */
|
||||
static int context_struct_to_string(struct context *context, char **scontext,
|
||||
@ -163,10 +163,10 @@ static int constraint_expr_eval(struct context *scontext,
|
||||
val1 - 1);
|
||||
continue;
|
||||
case CEXPR_INCOMP:
|
||||
s[++sp] = ( !ebitmap_get_bit(&r1->dominates,
|
||||
val2 - 1) &&
|
||||
!ebitmap_get_bit(&r2->dominates,
|
||||
val1 - 1) );
|
||||
s[++sp] = (!ebitmap_get_bit(&r1->dominates,
|
||||
val2 - 1) &&
|
||||
!ebitmap_get_bit(&r2->dominates,
|
||||
val1 - 1));
|
||||
continue;
|
||||
default:
|
||||
break;
|
||||
@ -409,7 +409,7 @@ static int context_struct_compute_av(struct context *scontext,
|
||||
}
|
||||
if (!ra)
|
||||
avd->allowed = (avd->allowed) & ~(PROCESS__TRANSITION |
|
||||
PROCESS__DYNTRANSITION);
|
||||
PROCESS__DYNTRANSITION);
|
||||
}
|
||||
|
||||
return 0;
|
||||
@ -445,9 +445,9 @@ int security_permissive_sid(u32 sid)
|
||||
}
|
||||
|
||||
static int security_validtrans_handle_fail(struct context *ocontext,
|
||||
struct context *ncontext,
|
||||
struct context *tcontext,
|
||||
u16 tclass)
|
||||
struct context *ncontext,
|
||||
struct context *tcontext,
|
||||
u16 tclass)
|
||||
{
|
||||
char *o = NULL, *n = NULL, *t = NULL;
|
||||
u32 olen, nlen, tlen;
|
||||
@ -459,9 +459,9 @@ static int security_validtrans_handle_fail(struct context *ocontext,
|
||||
if (context_struct_to_string(tcontext, &t, &tlen) < 0)
|
||||
goto out;
|
||||
audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
|
||||
"security_validate_transition: denied for"
|
||||
" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
|
||||
o, n, t, policydb.p_class_val_to_name[tclass-1]);
|
||||
"security_validate_transition: denied for"
|
||||
" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
|
||||
o, n, t, policydb.p_class_val_to_name[tclass-1]);
|
||||
out:
|
||||
kfree(o);
|
||||
kfree(n);
|
||||
@ -473,7 +473,7 @@ out:
|
||||
}
|
||||
|
||||
int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
|
||||
u16 tclass)
|
||||
u16 tclass)
|
||||
{
|
||||
struct context *ocontext;
|
||||
struct context *ncontext;
|
||||
@ -533,9 +533,9 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
|
||||
constraint = tclass_datum->validatetrans;
|
||||
while (constraint) {
|
||||
if (!constraint_expr_eval(ocontext, ncontext, tcontext,
|
||||
constraint->expr)) {
|
||||
constraint->expr)) {
|
||||
rc = security_validtrans_handle_fail(ocontext, ncontext,
|
||||
tcontext, tclass);
|
||||
tcontext, tclass);
|
||||
goto out;
|
||||
}
|
||||
constraint = constraint->next;
|
||||
@ -623,9 +623,8 @@ static int context_struct_to_string(struct context *context, char **scontext, u3
|
||||
|
||||
/* Allocate space for the context; caller must free this space. */
|
||||
scontextp = kmalloc(*scontext_len, GFP_ATOMIC);
|
||||
if (!scontextp) {
|
||||
if (!scontextp)
|
||||
return -ENOMEM;
|
||||
}
|
||||
*scontext = scontextp;
|
||||
|
||||
/*
|
||||
@ -636,8 +635,8 @@ static int context_struct_to_string(struct context *context, char **scontext, u3
|
||||
policydb.p_role_val_to_name[context->role - 1],
|
||||
policydb.p_type_val_to_name[context->type - 1]);
|
||||
scontextp += strlen(policydb.p_user_val_to_name[context->user - 1]) +
|
||||
1 + strlen(policydb.p_role_val_to_name[context->role - 1]) +
|
||||
1 + strlen(policydb.p_type_val_to_name[context->type - 1]);
|
||||
1 + strlen(policydb.p_role_val_to_name[context->role - 1]) +
|
||||
1 + strlen(policydb.p_type_val_to_name[context->type - 1]);
|
||||
|
||||
mls_sid_to_context(context, &scontextp);
|
||||
|
||||
@ -678,7 +677,7 @@ int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len)
|
||||
char *scontextp;
|
||||
|
||||
*scontext_len = strlen(initial_sid_to_string[sid]) + 1;
|
||||
scontextp = kmalloc(*scontext_len,GFP_ATOMIC);
|
||||
scontextp = kmalloc(*scontext_len, GFP_ATOMIC);
|
||||
if (!scontextp) {
|
||||
rc = -ENOMEM;
|
||||
goto out;
|
||||
@ -974,7 +973,7 @@ static int security_compute_sid(u32 ssid,
|
||||
avdatum = avtab_search(&policydb.te_avtab, &avkey);
|
||||
|
||||
/* If no permanent rule, also check for enabled conditional rules */
|
||||
if(!avdatum) {
|
||||
if (!avdatum) {
|
||||
node = avtab_search_node(&policydb.te_cond_avtab, &avkey);
|
||||
for (; node != NULL; node = avtab_search_node_next(node, specified)) {
|
||||
if (node->key.specified & AVTAB_ENABLED) {
|
||||
@ -1288,26 +1287,23 @@ static int convert_context(u32 key,
|
||||
|
||||
/* Convert the user. */
|
||||
usrdatum = hashtab_search(args->newp->p_users.table,
|
||||
args->oldp->p_user_val_to_name[c->user - 1]);
|
||||
if (!usrdatum) {
|
||||
args->oldp->p_user_val_to_name[c->user - 1]);
|
||||
if (!usrdatum)
|
||||
goto bad;
|
||||
}
|
||||
c->user = usrdatum->value;
|
||||
|
||||
/* Convert the role. */
|
||||
role = hashtab_search(args->newp->p_roles.table,
|
||||
args->oldp->p_role_val_to_name[c->role - 1]);
|
||||
if (!role) {
|
||||
args->oldp->p_role_val_to_name[c->role - 1]);
|
||||
if (!role)
|
||||
goto bad;
|
||||
}
|
||||
c->role = role->value;
|
||||
|
||||
/* Convert the type. */
|
||||
typdatum = hashtab_search(args->newp->p_types.table,
|
||||
args->oldp->p_type_val_to_name[c->type - 1]);
|
||||
if (!typdatum) {
|
||||
args->oldp->p_type_val_to_name[c->type - 1]);
|
||||
if (!typdatum)
|
||||
goto bad;
|
||||
}
|
||||
c->type = typdatum->value;
|
||||
|
||||
rc = mls_convert_context(args->oldp, args->newp, c);
|
||||
@ -1556,8 +1552,8 @@ static int match_ipv6_addrmask(u32 *input, u32 *addr, u32 *mask)
|
||||
{
|
||||
int i, fail = 0;
|
||||
|
||||
for(i = 0; i < 4; i++)
|
||||
if(addr[i] != (input[i] & mask[i])) {
|
||||
for (i = 0; i < 4; i++)
|
||||
if (addr[i] != (input[i] & mask[i])) {
|
||||
fail = 1;
|
||||
break;
|
||||
}
|
||||
@ -1656,7 +1652,7 @@ out:
|
||||
*/
|
||||
|
||||
int security_get_user_sids(u32 fromsid,
|
||||
char *username,
|
||||
char *username,
|
||||
u32 **sids,
|
||||
u32 *nel)
|
||||
{
|
||||
@ -1766,7 +1762,7 @@ out:
|
||||
* transition SIDs or task SIDs.
|
||||
*/
|
||||
int security_genfs_sid(const char *fstype,
|
||||
char *path,
|
||||
char *path,
|
||||
u16 sclass,
|
||||
u32 *sid)
|
||||
{
|
||||
@ -1881,7 +1877,7 @@ int security_get_bools(int *len, char ***names, int **values)
|
||||
goto out;
|
||||
}
|
||||
|
||||
*names = kcalloc(*len, sizeof(char*), GFP_ATOMIC);
|
||||
*names = kcalloc(*len, sizeof(char *), GFP_ATOMIC);
|
||||
if (!*names)
|
||||
goto err;
|
||||
|
||||
@ -1893,7 +1889,7 @@ int security_get_bools(int *len, char ***names, int **values)
|
||||
size_t name_len;
|
||||
(*values)[i] = policydb.bool_val_to_struct[i]->state;
|
||||
name_len = strlen(policydb.p_bool_val_to_name[i]) + 1;
|
||||
(*names)[i] = kmalloc(sizeof(char) * name_len, GFP_ATOMIC);
|
||||
(*names)[i] = kmalloc(sizeof(char) * name_len, GFP_ATOMIC);
|
||||
if (!(*names)[i])
|
||||
goto err;
|
||||
strncpy((*names)[i], policydb.p_bool_val_to_name[i], name_len);
|
||||
@ -1938,11 +1934,10 @@ int security_set_bools(int len, int *values)
|
||||
audit_get_loginuid(current),
|
||||
audit_get_sessionid(current));
|
||||
}
|
||||
if (values[i]) {
|
||||
if (values[i])
|
||||
policydb.bool_val_to_struct[i]->state = 1;
|
||||
} else {
|
||||
else
|
||||
policydb.bool_val_to_struct[i]->state = 0;
|
||||
}
|
||||
}
|
||||
|
||||
for (cur = policydb.cond_list; cur != NULL; cur = cur->next) {
|
||||
@ -2435,7 +2430,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
|
||||
|
||||
if (!rule) {
|
||||
audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
|
||||
"selinux_audit_rule_match: missing rule\n");
|
||||
"selinux_audit_rule_match: missing rule\n");
|
||||
return -ENOENT;
|
||||
}
|
||||
|
||||
@ -2443,7 +2438,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
|
||||
|
||||
if (rule->au_seqno < latest_granting) {
|
||||
audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
|
||||
"selinux_audit_rule_match: stale rule\n");
|
||||
"selinux_audit_rule_match: stale rule\n");
|
||||
match = -ESTALE;
|
||||
goto out;
|
||||
}
|
||||
@ -2451,8 +2446,8 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
|
||||
ctxt = sidtab_search(&sidtab, sid);
|
||||
if (!ctxt) {
|
||||
audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
|
||||
"selinux_audit_rule_match: unrecognized SID %d\n",
|
||||
sid);
|
||||
"selinux_audit_rule_match: unrecognized SID %d\n",
|
||||
sid);
|
||||
match = -ENOENT;
|
||||
goto out;
|
||||
}
|
||||
@ -2498,36 +2493,36 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
|
||||
case AUDIT_OBJ_LEV_LOW:
|
||||
case AUDIT_OBJ_LEV_HIGH:
|
||||
level = ((field == AUDIT_SUBJ_SEN ||
|
||||
field == AUDIT_OBJ_LEV_LOW) ?
|
||||
&ctxt->range.level[0] : &ctxt->range.level[1]);
|
||||
field == AUDIT_OBJ_LEV_LOW) ?
|
||||
&ctxt->range.level[0] : &ctxt->range.level[1]);
|
||||
switch (op) {
|
||||
case AUDIT_EQUAL:
|
||||
match = mls_level_eq(&rule->au_ctxt.range.level[0],
|
||||
level);
|
||||
level);
|
||||
break;
|
||||
case AUDIT_NOT_EQUAL:
|
||||
match = !mls_level_eq(&rule->au_ctxt.range.level[0],
|
||||
level);
|
||||
level);
|
||||
break;
|
||||
case AUDIT_LESS_THAN:
|
||||
match = (mls_level_dom(&rule->au_ctxt.range.level[0],
|
||||
level) &&
|
||||
!mls_level_eq(&rule->au_ctxt.range.level[0],
|
||||
level));
|
||||
level) &&
|
||||
!mls_level_eq(&rule->au_ctxt.range.level[0],
|
||||
level));
|
||||
break;
|
||||
case AUDIT_LESS_THAN_OR_EQUAL:
|
||||
match = mls_level_dom(&rule->au_ctxt.range.level[0],
|
||||
level);
|
||||
level);
|
||||
break;
|
||||
case AUDIT_GREATER_THAN:
|
||||
match = (mls_level_dom(level,
|
||||
&rule->au_ctxt.range.level[0]) &&
|
||||
!mls_level_eq(level,
|
||||
&rule->au_ctxt.range.level[0]));
|
||||
&rule->au_ctxt.range.level[0]) &&
|
||||
!mls_level_eq(level,
|
||||
&rule->au_ctxt.range.level[0]));
|
||||
break;
|
||||
case AUDIT_GREATER_THAN_OR_EQUAL:
|
||||
match = mls_level_dom(level,
|
||||
&rule->au_ctxt.range.level[0]);
|
||||
&rule->au_ctxt.range.level[0]);
|
||||
break;
|
||||
}
|
||||
}
|
||||
@ -2554,7 +2549,7 @@ static int __init aurule_init(void)
|
||||
int err;
|
||||
|
||||
err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET,
|
||||
SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
|
||||
SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
|
||||
if (err)
|
||||
panic("avc_add_callback() failed, error %d\n", err);
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user