This patch changes services.c to fix whitespace and syntax issues. Things that
are fixed may include (does not not have to include)
whitespace at end of lines
spaces followed by tabs
spaces used instead of tabs
spacing around parenthesis
locateion of { around struct and else clauses
location of * in pointer declarations
removal of initialization of static data to keep it in the right section
useless {} in if statemetns
useless checking for NULL before kfree
fixing of the indentation depth of switch statements
and any number of other things I forgot to mention
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
* Implementation of the security services.
*
* Authors : Stephen Smalley, <sds@epoch.ncsc.mil>
* Implementation of the security services.
*
* Authors : Stephen Smalley, <sds@epoch.ncsc.mil>
- * James Morris <jmorris@redhat.com>
+ * James Morris <jmorris@redhat.com>
*
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
*
*
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
*
*
* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
*
*
* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
*
- * Added conditional policy language extensions
+ * Added conditional policy language extensions
*
* Updated: Hewlett-Packard <paul.moore@hp.com>
*
*
* Updated: Hewlett-Packard <paul.moore@hp.com>
*
* Copyright (C) 2003 - 2004, 2006 Tresys Technology, LLC
* Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
* This program is free software; you can redistribute it and/or modify
* Copyright (C) 2003 - 2004, 2006 Tresys Technology, LLC
* Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
* This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
+ * it under the terms of the GNU General Public License as published by
* the Free Software Foundation, version 2.
*/
#include <linux/kernel.h>
* the Free Software Foundation, version 2.
*/
#include <linux/kernel.h>
static struct sidtab sidtab;
struct policydb policydb;
static struct sidtab sidtab;
struct policydb policydb;
/*
* The largest sequence number that has been used when
/*
* The largest sequence number that has been used when
* The sequence number only changes when a policy change
* occurs.
*/
* The sequence number only changes when a policy change
* occurs.
*/
-static u32 latest_granting = 0;
+static u32 latest_granting;
/* Forward declaration. */
static int context_struct_to_string(struct context *context, char **scontext,
/* Forward declaration. */
static int context_struct_to_string(struct context *context, char **scontext,
val1 - 1);
continue;
case CEXPR_INCOMP:
val1 - 1);
continue;
case CEXPR_INCOMP:
- s[++sp] = ( !ebitmap_get_bit(&r1->dominates,
- val2 - 1) &&
- !ebitmap_get_bit(&r2->dominates,
- val1 - 1) );
+ s[++sp] = (!ebitmap_get_bit(&r1->dominates,
+ val2 - 1) &&
+ !ebitmap_get_bit(&r2->dominates,
+ val1 - 1));
continue;
default:
break;
continue;
default:
break;
}
if (!ra)
avd->allowed = (avd->allowed) & ~(PROCESS__TRANSITION |
}
if (!ra)
avd->allowed = (avd->allowed) & ~(PROCESS__TRANSITION |
- PROCESS__DYNTRANSITION);
+ PROCESS__DYNTRANSITION);
}
static int security_validtrans_handle_fail(struct context *ocontext,
}
static int security_validtrans_handle_fail(struct context *ocontext,
- struct context *ncontext,
- struct context *tcontext,
- u16 tclass)
+ struct context *ncontext,
+ struct context *tcontext,
+ u16 tclass)
{
char *o = NULL, *n = NULL, *t = NULL;
u32 olen, nlen, tlen;
{
char *o = NULL, *n = NULL, *t = NULL;
u32 olen, nlen, tlen;
if (context_struct_to_string(tcontext, &t, &tlen) < 0)
goto out;
audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
if (context_struct_to_string(tcontext, &t, &tlen) < 0)
goto out;
audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
- "security_validate_transition: denied for"
- " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
- o, n, t, policydb.p_class_val_to_name[tclass-1]);
+ "security_validate_transition: denied for"
+ " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
+ o, n, t, policydb.p_class_val_to_name[tclass-1]);
}
int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
}
int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
{
struct context *ocontext;
struct context *ncontext;
{
struct context *ocontext;
struct context *ncontext;
constraint = tclass_datum->validatetrans;
while (constraint) {
if (!constraint_expr_eval(ocontext, ncontext, tcontext,
constraint = tclass_datum->validatetrans;
while (constraint) {
if (!constraint_expr_eval(ocontext, ncontext, tcontext,
rc = security_validtrans_handle_fail(ocontext, ncontext,
rc = security_validtrans_handle_fail(ocontext, ncontext,
goto out;
}
constraint = constraint->next;
goto out;
}
constraint = constraint->next;
/* Allocate space for the context; caller must free this space. */
scontextp = kmalloc(*scontext_len, GFP_ATOMIC);
/* Allocate space for the context; caller must free this space. */
scontextp = kmalloc(*scontext_len, GFP_ATOMIC);
*scontext = scontextp;
/*
*scontext = scontextp;
/*
policydb.p_role_val_to_name[context->role - 1],
policydb.p_type_val_to_name[context->type - 1]);
scontextp += strlen(policydb.p_user_val_to_name[context->user - 1]) +
policydb.p_role_val_to_name[context->role - 1],
policydb.p_type_val_to_name[context->type - 1]);
scontextp += strlen(policydb.p_user_val_to_name[context->user - 1]) +
- 1 + strlen(policydb.p_role_val_to_name[context->role - 1]) +
- 1 + strlen(policydb.p_type_val_to_name[context->type - 1]);
+ 1 + strlen(policydb.p_role_val_to_name[context->role - 1]) +
+ 1 + strlen(policydb.p_type_val_to_name[context->type - 1]);
mls_sid_to_context(context, &scontextp);
mls_sid_to_context(context, &scontextp);
char *scontextp;
*scontext_len = strlen(initial_sid_to_string[sid]) + 1;
char *scontextp;
*scontext_len = strlen(initial_sid_to_string[sid]) + 1;
- scontextp = kmalloc(*scontext_len,GFP_ATOMIC);
+ scontextp = kmalloc(*scontext_len, GFP_ATOMIC);
if (!scontextp) {
rc = -ENOMEM;
goto out;
if (!scontextp) {
rc = -ENOMEM;
goto out;
avdatum = avtab_search(&policydb.te_avtab, &avkey);
/* If no permanent rule, also check for enabled conditional rules */
avdatum = avtab_search(&policydb.te_avtab, &avkey);
/* If no permanent rule, also check for enabled conditional rules */
node = avtab_search_node(&policydb.te_cond_avtab, &avkey);
for (; node != NULL; node = avtab_search_node_next(node, specified)) {
if (node->key.specified & AVTAB_ENABLED) {
node = avtab_search_node(&policydb.te_cond_avtab, &avkey);
for (; node != NULL; node = avtab_search_node_next(node, specified)) {
if (node->key.specified & AVTAB_ENABLED) {
/* Convert the user. */
usrdatum = hashtab_search(args->newp->p_users.table,
/* Convert the user. */
usrdatum = hashtab_search(args->newp->p_users.table,
- args->oldp->p_user_val_to_name[c->user - 1]);
- if (!usrdatum) {
+ args->oldp->p_user_val_to_name[c->user - 1]);
+ if (!usrdatum)
c->user = usrdatum->value;
/* Convert the role. */
role = hashtab_search(args->newp->p_roles.table,
c->user = usrdatum->value;
/* Convert the role. */
role = hashtab_search(args->newp->p_roles.table,
- args->oldp->p_role_val_to_name[c->role - 1]);
- if (!role) {
+ args->oldp->p_role_val_to_name[c->role - 1]);
+ if (!role)
c->role = role->value;
/* Convert the type. */
typdatum = hashtab_search(args->newp->p_types.table,
c->role = role->value;
/* Convert the type. */
typdatum = hashtab_search(args->newp->p_types.table,
- args->oldp->p_type_val_to_name[c->type - 1]);
- if (!typdatum) {
+ args->oldp->p_type_val_to_name[c->type - 1]);
+ if (!typdatum)
c->type = typdatum->value;
rc = mls_convert_context(args->oldp, args->newp, c);
c->type = typdatum->value;
rc = mls_convert_context(args->oldp, args->newp, c);
- for(i = 0; i < 4; i++)
- if(addr[i] != (input[i] & mask[i])) {
+ for (i = 0; i < 4; i++)
+ if (addr[i] != (input[i] & mask[i])) {
*/
int security_get_user_sids(u32 fromsid,
*/
int security_get_user_sids(u32 fromsid,
* transition SIDs or task SIDs.
*/
int security_genfs_sid(const char *fstype,
* transition SIDs or task SIDs.
*/
int security_genfs_sid(const char *fstype,
- *names = kcalloc(*len, sizeof(char*), GFP_ATOMIC);
+ *names = kcalloc(*len, sizeof(char *), GFP_ATOMIC);
size_t name_len;
(*values)[i] = policydb.bool_val_to_struct[i]->state;
name_len = strlen(policydb.p_bool_val_to_name[i]) + 1;
size_t name_len;
(*values)[i] = policydb.bool_val_to_struct[i]->state;
name_len = strlen(policydb.p_bool_val_to_name[i]) + 1;
- (*names)[i] = kmalloc(sizeof(char) * name_len, GFP_ATOMIC);
+ (*names)[i] = kmalloc(sizeof(char) * name_len, GFP_ATOMIC);
if (!(*names)[i])
goto err;
strncpy((*names)[i], policydb.p_bool_val_to_name[i], name_len);
if (!(*names)[i])
goto err;
strncpy((*names)[i], policydb.p_bool_val_to_name[i], name_len);
audit_get_loginuid(current),
audit_get_sessionid(current));
}
audit_get_loginuid(current),
audit_get_sessionid(current));
}
policydb.bool_val_to_struct[i]->state = 1;
policydb.bool_val_to_struct[i]->state = 1;
policydb.bool_val_to_struct[i]->state = 0;
policydb.bool_val_to_struct[i]->state = 0;
}
for (cur = policydb.cond_list; cur != NULL; cur = cur->next) {
}
for (cur = policydb.cond_list; cur != NULL; cur = cur->next) {
if (!rule) {
audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
if (!rule) {
audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
- "selinux_audit_rule_match: missing rule\n");
+ "selinux_audit_rule_match: missing rule\n");
if (rule->au_seqno < latest_granting) {
audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
if (rule->au_seqno < latest_granting) {
audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
- "selinux_audit_rule_match: stale rule\n");
+ "selinux_audit_rule_match: stale rule\n");
match = -ESTALE;
goto out;
}
match = -ESTALE;
goto out;
}
ctxt = sidtab_search(&sidtab, sid);
if (!ctxt) {
audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
ctxt = sidtab_search(&sidtab, sid);
if (!ctxt) {
audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
- "selinux_audit_rule_match: unrecognized SID %d\n",
- sid);
+ "selinux_audit_rule_match: unrecognized SID %d\n",
+ sid);
match = -ENOENT;
goto out;
}
match = -ENOENT;
goto out;
}
case AUDIT_OBJ_LEV_LOW:
case AUDIT_OBJ_LEV_HIGH:
level = ((field == AUDIT_SUBJ_SEN ||
case AUDIT_OBJ_LEV_LOW:
case AUDIT_OBJ_LEV_HIGH:
level = ((field == AUDIT_SUBJ_SEN ||
- field == AUDIT_OBJ_LEV_LOW) ?
- &ctxt->range.level[0] : &ctxt->range.level[1]);
+ field == AUDIT_OBJ_LEV_LOW) ?
+ &ctxt->range.level[0] : &ctxt->range.level[1]);
switch (op) {
case AUDIT_EQUAL:
match = mls_level_eq(&rule->au_ctxt.range.level[0],
switch (op) {
case AUDIT_EQUAL:
match = mls_level_eq(&rule->au_ctxt.range.level[0],
break;
case AUDIT_NOT_EQUAL:
match = !mls_level_eq(&rule->au_ctxt.range.level[0],
break;
case AUDIT_NOT_EQUAL:
match = !mls_level_eq(&rule->au_ctxt.range.level[0],
break;
case AUDIT_LESS_THAN:
match = (mls_level_dom(&rule->au_ctxt.range.level[0],
break;
case AUDIT_LESS_THAN:
match = (mls_level_dom(&rule->au_ctxt.range.level[0],
- level) &&
- !mls_level_eq(&rule->au_ctxt.range.level[0],
- level));
+ level) &&
+ !mls_level_eq(&rule->au_ctxt.range.level[0],
+ level));
break;
case AUDIT_LESS_THAN_OR_EQUAL:
match = mls_level_dom(&rule->au_ctxt.range.level[0],
break;
case AUDIT_LESS_THAN_OR_EQUAL:
match = mls_level_dom(&rule->au_ctxt.range.level[0],
break;
case AUDIT_GREATER_THAN:
match = (mls_level_dom(level,
break;
case AUDIT_GREATER_THAN:
match = (mls_level_dom(level,
- &rule->au_ctxt.range.level[0]) &&
- !mls_level_eq(level,
- &rule->au_ctxt.range.level[0]));
+ &rule->au_ctxt.range.level[0]) &&
+ !mls_level_eq(level,
+ &rule->au_ctxt.range.level[0]));
break;
case AUDIT_GREATER_THAN_OR_EQUAL:
match = mls_level_dom(level,
break;
case AUDIT_GREATER_THAN_OR_EQUAL:
match = mls_level_dom(level,
- &rule->au_ctxt.range.level[0]);
+ &rule->au_ctxt.range.level[0]);
int err;
err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET,
int err;
err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET,
- SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
+ SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
if (err)
panic("avc_add_callback() failed, error %d\n", err);
if (err)
panic("avc_add_callback() failed, error %d\n", err);