Commit ade6a96f authored by Paul Moore's avatar Paul Moore

selinux: fix style issues in security/selinux/ss/conditional.c

As part of on ongoing effort to perform more automated testing and
provide more tools for individual developers to validate their
patches before submitting, we are trying to make our code
"clang-format clean".  My hope is that once we have fixed all of our
style "quirks", developers will be able to run clang-format on their
patches to help avoid silly formatting problems and ensure their
changes fit in well with the rest of the SELinux kernel code.
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent 1602a6c2
// SPDX-License-Identifier: GPL-2.0-only /* SPDX-License-Identifier: GPL-2.0-only */
/* Authors: Karl MacMillan <kmacmillan@tresys.com> /* Authors: Karl MacMillan <kmacmillan@tresys.com>
* Frank Mayer <mayerf@tresys.com> * Frank Mayer <mayerf@tresys.com>
* * Copyright (C) 2003 - 2004 Tresys Technology, LLC
* Copyright (C) 2003 - 2004 Tresys Technology, LLC
*/ */
#include <linux/kernel.h> #include <linux/kernel.h>
...@@ -166,9 +165,8 @@ void cond_policydb_destroy(struct policydb *p) ...@@ -166,9 +165,8 @@ void cond_policydb_destroy(struct policydb *p)
int cond_init_bool_indexes(struct policydb *p) int cond_init_bool_indexes(struct policydb *p)
{ {
kfree(p->bool_val_to_struct); kfree(p->bool_val_to_struct);
p->bool_val_to_struct = kmalloc_array(p->p_bools.nprim, p->bool_val_to_struct = kmalloc_array(
sizeof(*p->bool_val_to_struct), p->p_bools.nprim, sizeof(*p->bool_val_to_struct), GFP_KERNEL);
GFP_KERNEL);
if (!p->bool_val_to_struct) if (!p->bool_val_to_struct)
return -ENOMEM; return -ENOMEM;
return 0; return 0;
...@@ -287,7 +285,8 @@ static int cond_insertf(struct avtab *a, const struct avtab_key *k, ...@@ -287,7 +285,8 @@ static int cond_insertf(struct avtab *a, const struct avtab_key *k,
if (other) { if (other) {
node_ptr = avtab_search_node(&p->te_cond_avtab, k); node_ptr = avtab_search_node(&p->te_cond_avtab, k);
if (node_ptr) { if (node_ptr) {
if (avtab_search_node_next(node_ptr, k->specified)) { if (avtab_search_node_next(node_ptr,
k->specified)) {
pr_err("SELinux: too many conflicting type rules.\n"); pr_err("SELinux: too many conflicting type rules.\n");
return -EINVAL; return -EINVAL;
} }
...@@ -478,8 +477,8 @@ int cond_write_bool(void *vkey, void *datum, void *ptr) ...@@ -478,8 +477,8 @@ int cond_write_bool(void *vkey, void *datum, void *ptr)
* the conditional. This means that the avtab with the conditional * the conditional. This means that the avtab with the conditional
* rules will not be saved but will be rebuilt on policy load. * rules will not be saved but will be rebuilt on policy load.
*/ */
static int cond_write_av_list(struct policydb *p, static int cond_write_av_list(struct policydb *p, struct cond_av_list *list,
struct cond_av_list *list, struct policy_file *fp) struct policy_file *fp)
{ {
__le32 buf[1]; __le32 buf[1];
u32 i; u32 i;
...@@ -500,7 +499,7 @@ static int cond_write_av_list(struct policydb *p, ...@@ -500,7 +499,7 @@ static int cond_write_av_list(struct policydb *p,
} }
static int cond_write_node(struct policydb *p, struct cond_node *node, static int cond_write_node(struct policydb *p, struct cond_node *node,
struct policy_file *fp) struct policy_file *fp)
{ {
__le32 buf[2]; __le32 buf[2];
int rc; int rc;
...@@ -555,7 +554,7 @@ int cond_write_list(struct policydb *p, void *fp) ...@@ -555,7 +554,7 @@ int cond_write_list(struct policydb *p, void *fp)
} }
void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key, void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key,
struct extended_perms_decision *xpermd) struct extended_perms_decision *xpermd)
{ {
struct avtab_node *node; struct avtab_node *node;
...@@ -563,7 +562,7 @@ void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key, ...@@ -563,7 +562,7 @@ void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key,
return; return;
for (node = avtab_search_node(ctab, key); node; for (node = avtab_search_node(ctab, key); node;
node = avtab_search_node_next(node, key->specified)) { node = avtab_search_node_next(node, key->specified)) {
if (node->key.specified & AVTAB_ENABLED) if (node->key.specified & AVTAB_ENABLED)
services_compute_xperms_decision(xpermd, node); services_compute_xperms_decision(xpermd, node);
} }
...@@ -572,7 +571,7 @@ void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key, ...@@ -572,7 +571,7 @@ void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key,
* av table, and if so, add them to the result * av table, and if so, add them to the result
*/ */
void cond_compute_av(struct avtab *ctab, struct avtab_key *key, void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
struct av_decision *avd, struct extended_perms *xperms) struct av_decision *avd, struct extended_perms *xperms)
{ {
struct avtab_node *node; struct avtab_node *node;
...@@ -580,30 +579,29 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key, ...@@ -580,30 +579,29 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
return; return;
for (node = avtab_search_node(ctab, key); node; for (node = avtab_search_node(ctab, key); node;
node = avtab_search_node_next(node, key->specified)) { node = avtab_search_node_next(node, key->specified)) {
if ((u16)(AVTAB_ALLOWED|AVTAB_ENABLED) == if ((u16)(AVTAB_ALLOWED | AVTAB_ENABLED) ==
(node->key.specified & (AVTAB_ALLOWED|AVTAB_ENABLED))) (node->key.specified & (AVTAB_ALLOWED | AVTAB_ENABLED)))
avd->allowed |= node->datum.u.data; avd->allowed |= node->datum.u.data;
if ((u16)(AVTAB_AUDITDENY|AVTAB_ENABLED) == if ((u16)(AVTAB_AUDITDENY | AVTAB_ENABLED) ==
(node->key.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED))) (node->key.specified & (AVTAB_AUDITDENY | AVTAB_ENABLED)))
/* Since a '0' in an auditdeny mask represents a /* Since a '0' in an auditdeny mask represents a
* permission we do NOT want to audit (dontaudit), we use * permission we do NOT want to audit (dontaudit), we use
* the '&' operand to ensure that all '0's in the mask * the '&' operand to ensure that all '0's in the mask
* are retained (much unlike the allow and auditallow cases). * are retained (much unlike the allow and auditallow cases).
*/ */
avd->auditdeny &= node->datum.u.data; avd->auditdeny &= node->datum.u.data;
if ((u16)(AVTAB_AUDITALLOW|AVTAB_ENABLED) == if ((u16)(AVTAB_AUDITALLOW | AVTAB_ENABLED) ==
(node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED))) (node->key.specified & (AVTAB_AUDITALLOW | AVTAB_ENABLED)))
avd->auditallow |= node->datum.u.data; avd->auditallow |= node->datum.u.data;
if (xperms && (node->key.specified & AVTAB_ENABLED) && if (xperms && (node->key.specified & AVTAB_ENABLED) &&
(node->key.specified & AVTAB_XPERMS)) (node->key.specified & AVTAB_XPERMS))
services_compute_xperms_drivers(xperms, node); services_compute_xperms_drivers(xperms, node);
} }
} }
static int cond_dup_av_list(struct cond_av_list *new, static int cond_dup_av_list(struct cond_av_list *new, struct cond_av_list *orig,
struct cond_av_list *orig, struct avtab *avtab)
struct avtab *avtab)
{ {
u32 i; u32 i;
...@@ -614,9 +612,8 @@ static int cond_dup_av_list(struct cond_av_list *new, ...@@ -614,9 +612,8 @@ static int cond_dup_av_list(struct cond_av_list *new,
return -ENOMEM; return -ENOMEM;
for (i = 0; i < orig->len; i++) { for (i = 0; i < orig->len; i++) {
new->nodes[i] = avtab_insert_nonunique(avtab, new->nodes[i] = avtab_insert_nonunique(
&orig->nodes[i]->key, avtab, &orig->nodes[i]->key, &orig->nodes[i]->datum);
&orig->nodes[i]->datum);
if (!new->nodes[i]) if (!new->nodes[i])
return -ENOMEM; return -ENOMEM;
new->len++; new->len++;
...@@ -637,8 +634,7 @@ static int duplicate_policydb_cond_list(struct policydb *newp, ...@@ -637,8 +634,7 @@ static int duplicate_policydb_cond_list(struct policydb *newp,
newp->cond_list_len = 0; newp->cond_list_len = 0;
newp->cond_list = kcalloc(origp->cond_list_len, newp->cond_list = kcalloc(origp->cond_list_len,
sizeof(*newp->cond_list), sizeof(*newp->cond_list), GFP_KERNEL);
GFP_KERNEL);
if (!newp->cond_list) if (!newp->cond_list)
goto error; goto error;
...@@ -649,7 +645,8 @@ static int duplicate_policydb_cond_list(struct policydb *newp, ...@@ -649,7 +645,8 @@ static int duplicate_policydb_cond_list(struct policydb *newp,
newp->cond_list_len++; newp->cond_list_len++;
newn->cur_state = orign->cur_state; newn->cur_state = orign->cur_state;
newn->expr.nodes = kmemdup(orign->expr.nodes, newn->expr.nodes =
kmemdup(orign->expr.nodes,
orign->expr.len * sizeof(*orign->expr.nodes), orign->expr.len * sizeof(*orign->expr.nodes),
GFP_KERNEL); GFP_KERNEL);
if (!newn->expr.nodes) if (!newn->expr.nodes)
...@@ -658,12 +655,12 @@ static int duplicate_policydb_cond_list(struct policydb *newp, ...@@ -658,12 +655,12 @@ static int duplicate_policydb_cond_list(struct policydb *newp,
newn->expr.len = orign->expr.len; newn->expr.len = orign->expr.len;
rc = cond_dup_av_list(&newn->true_list, &orign->true_list, rc = cond_dup_av_list(&newn->true_list, &orign->true_list,
&newp->te_cond_avtab); &newp->te_cond_avtab);
if (rc) if (rc)
goto error; goto error;
rc = cond_dup_av_list(&newn->false_list, &orign->false_list, rc = cond_dup_av_list(&newn->false_list, &orign->false_list,
&newp->te_cond_avtab); &newp->te_cond_avtab);
if (rc) if (rc)
goto error; goto error;
} }
...@@ -683,7 +680,8 @@ static int cond_bools_destroy(void *key, void *datum, void *args) ...@@ -683,7 +680,8 @@ static int cond_bools_destroy(void *key, void *datum, void *args)
return 0; return 0;
} }
static int cond_bools_copy(struct hashtab_node *new, struct hashtab_node *orig, void *args) static int cond_bools_copy(struct hashtab_node *new, struct hashtab_node *orig,
void *args)
{ {
struct cond_bool_datum *datum; struct cond_bool_datum *datum;
...@@ -709,7 +707,7 @@ static int cond_bools_index(void *key, void *datum, void *args) ...@@ -709,7 +707,7 @@ static int cond_bools_index(void *key, void *datum, void *args)
} }
static int duplicate_policydb_bools(struct policydb *newdb, static int duplicate_policydb_bools(struct policydb *newdb,
struct policydb *orig) struct policydb *orig)
{ {
struct cond_bool_datum **cond_bool_array; struct cond_bool_datum **cond_bool_array;
int rc; int rc;
...@@ -721,7 +719,7 @@ static int duplicate_policydb_bools(struct policydb *newdb, ...@@ -721,7 +719,7 @@ static int duplicate_policydb_bools(struct policydb *newdb,
return -ENOMEM; return -ENOMEM;
rc = hashtab_duplicate(&newdb->p_bools.table, &orig->p_bools.table, rc = hashtab_duplicate(&newdb->p_bools.table, &orig->p_bools.table,
cond_bools_copy, cond_bools_destroy, NULL); cond_bools_copy, cond_bools_destroy, NULL);
if (rc) { if (rc) {
kfree(cond_bool_array); kfree(cond_bool_array);
return -ENOMEM; return -ENOMEM;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment