Commit f5269710 authored by Eric Paris's avatar Eric Paris Committed by James Morris

SELinux: keep the code clean formating and syntax

Formatting and syntax changes

whitespace, tabs to spaces, trailing space
put open { on same line as struct def
remove unneeded {} after if statements
change printk("Lu") to printk("llu")
convert asm/uaccess.h to linux/uaacess.h includes
remove unnecessary asm/bug.h includes
convert all users of simple_strtol to strict_strtol
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 9a59daa0
...@@ -53,7 +53,7 @@ ...@@ -53,7 +53,7 @@
#include <net/tcp.h> /* struct or_callable used in sock_rcv_skb */ #include <net/tcp.h> /* struct or_callable used in sock_rcv_skb */
#include <net/net_namespace.h> #include <net/net_namespace.h>
#include <net/netlabel.h> #include <net/netlabel.h>
#include <asm/uaccess.h> #include <linux/uaccess.h>
#include <asm/ioctls.h> #include <asm/ioctls.h>
#include <asm/atomic.h> #include <asm/atomic.h>
#include <linux/bitops.h> #include <linux/bitops.h>
...@@ -104,7 +104,9 @@ int selinux_enforcing; ...@@ -104,7 +104,9 @@ int selinux_enforcing;
static int __init enforcing_setup(char *str) static int __init enforcing_setup(char *str)
{ {
selinux_enforcing = simple_strtol(str, NULL, 0); unsigned long enforcing;
if (!strict_strtoul(str, 0, &enforcing))
selinux_enforcing = enforcing ? 1 : 0;
return 1; return 1;
} }
__setup("enforcing=", enforcing_setup); __setup("enforcing=", enforcing_setup);
...@@ -115,7 +117,9 @@ int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE; ...@@ -115,7 +117,9 @@ int selinux_enabled = CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE;
static int __init selinux_enabled_setup(char *str) static int __init selinux_enabled_setup(char *str)
{ {
selinux_enabled = simple_strtol(str, NULL, 0); unsigned long enabled;
if (!strict_strtoul(str, 0, &enabled))
selinux_enabled = enabled ? 1 : 0;
return 1; return 1;
} }
__setup("selinux=", selinux_enabled_setup); __setup("selinux=", selinux_enabled_setup);
...@@ -594,7 +598,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, ...@@ -594,7 +598,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
*/ */
if (sbsec->initialized && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA) if (sbsec->initialized && (sb->s_type->fs_flags & FS_BINARY_MOUNTDATA)
&& (num_opts == 0)) && (num_opts == 0))
goto out; goto out;
/* /*
* parse the mount options, check if they are valid sids. * parse the mount options, check if they are valid sids.
...@@ -2695,7 +2699,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name, ...@@ -2695,7 +2699,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
} }
static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
const void *value, size_t size, const void *value, size_t size,
int flags) int flags)
{ {
struct inode *inode = dentry->d_inode; struct inode *inode = dentry->d_inode;
...@@ -5390,7 +5394,7 @@ static struct security_operations selinux_ops = { ...@@ -5390,7 +5394,7 @@ static struct security_operations selinux_ops = {
.inode_listsecurity = selinux_inode_listsecurity, .inode_listsecurity = selinux_inode_listsecurity,
.inode_need_killpriv = selinux_inode_need_killpriv, .inode_need_killpriv = selinux_inode_need_killpriv,
.inode_killpriv = selinux_inode_killpriv, .inode_killpriv = selinux_inode_killpriv,
.inode_getsecid = selinux_inode_getsecid, .inode_getsecid = selinux_inode_getsecid,
.file_permission = selinux_file_permission, .file_permission = selinux_file_permission,
.file_alloc_security = selinux_file_alloc_security, .file_alloc_security = selinux_file_alloc_security,
...@@ -5431,7 +5435,7 @@ static struct security_operations selinux_ops = { ...@@ -5431,7 +5435,7 @@ static struct security_operations selinux_ops = {
.task_to_inode = selinux_task_to_inode, .task_to_inode = selinux_task_to_inode,
.ipc_permission = selinux_ipc_permission, .ipc_permission = selinux_ipc_permission,
.ipc_getsecid = selinux_ipc_getsecid, .ipc_getsecid = selinux_ipc_getsecid,
.msg_msg_alloc_security = selinux_msg_msg_alloc_security, .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
.msg_msg_free_security = selinux_msg_msg_free_security, .msg_msg_free_security = selinux_msg_msg_free_security,
......
/* /*
* SELinux support for the Audit LSM hooks * SELinux support for the Audit LSM hooks
* *
* Most of below header was moved from include/linux/selinux.h which * Most of below header was moved from include/linux/selinux.h which
* is released under below copyrights: * is released under below copyrights:
* *
* Author: James Morris <jmorris@redhat.com> * Author: James Morris <jmorris@redhat.com>
...@@ -52,7 +52,7 @@ void selinux_audit_rule_free(void *rule); ...@@ -52,7 +52,7 @@ void selinux_audit_rule_free(void *rule);
* -errno on failure. * -errno on failure.
*/ */
int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule, int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule,
struct audit_context *actx); struct audit_context *actx);
/** /**
* selinux_audit_rule_known - check to see if rule contains selinux fields. * selinux_audit_rule_known - check to see if rule contains selinux fields.
......
...@@ -75,13 +75,12 @@ struct avc_audit_data { ...@@ -75,13 +75,12 @@ struct avc_audit_data {
/* Initialize an AVC audit data structure. */ /* Initialize an AVC audit data structure. */
#define AVC_AUDIT_DATA_INIT(_d,_t) \ #define AVC_AUDIT_DATA_INIT(_d,_t) \
{ memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; } { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; }
/* /*
* AVC statistics * AVC statistics
*/ */
struct avc_cache_stats struct avc_cache_stats {
{
unsigned int lookups; unsigned int lookups;
unsigned int hits; unsigned int hits;
unsigned int misses; unsigned int misses;
...@@ -97,8 +96,8 @@ struct avc_cache_stats ...@@ -97,8 +96,8 @@ struct avc_cache_stats
void __init avc_init(void); void __init avc_init(void);
void avc_audit(u32 ssid, u32 tsid, void avc_audit(u32 ssid, u32 tsid,
u16 tclass, u32 requested, u16 tclass, u32 requested,
struct av_decision *avd, int result, struct avc_audit_data *auditdata); struct av_decision *avd, int result, struct avc_audit_data *auditdata);
#define AVC_STRICT 1 /* Ignore permissive mode. */ #define AVC_STRICT 1 /* Ignore permissive mode. */
int avc_has_perm_noaudit(u32 ssid, u32 tsid, int avc_has_perm_noaudit(u32 ssid, u32 tsid,
...@@ -107,8 +106,8 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid, ...@@ -107,8 +106,8 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
struct av_decision *avd); struct av_decision *avd);
int avc_has_perm(u32 ssid, u32 tsid, int avc_has_perm(u32 ssid, u32 tsid,
u16 tclass, u32 requested, u16 tclass, u32 requested,
struct avc_audit_data *auditdata); struct avc_audit_data *auditdata);
u32 avc_policy_seqno(void); u32 avc_policy_seqno(void);
...@@ -122,7 +121,7 @@ u32 avc_policy_seqno(void); ...@@ -122,7 +121,7 @@ u32 avc_policy_seqno(void);
#define AVC_CALLBACK_AUDITDENY_DISABLE 128 #define AVC_CALLBACK_AUDITDENY_DISABLE 128
int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid, int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
u16 tclass, u32 perms, u16 tclass, u32 perms,
u32 *out_retained), u32 *out_retained),
u32 events, u32 ssid, u32 tsid, u32 events, u32 ssid, u32 tsid,
u16 tclass, u32 perms); u16 tclass, u32 perms);
......
...@@ -38,7 +38,6 @@ ...@@ -38,7 +38,6 @@
#include <linux/ipv6.h> #include <linux/ipv6.h>
#include <net/ip.h> #include <net/ip.h>
#include <net/ipv6.h> #include <net/ipv6.h>
#include <asm/bug.h>
#include "netnode.h" #include "netnode.h"
#include "objsec.h" #include "objsec.h"
......
...@@ -37,7 +37,6 @@ ...@@ -37,7 +37,6 @@
#include <linux/ipv6.h> #include <linux/ipv6.h>
#include <net/ip.h> #include <net/ip.h>
#include <net/ipv6.h> #include <net/ipv6.h>
#include <asm/bug.h>
#include "netport.h" #include "netport.h"
#include "objsec.h" #include "objsec.h"
...@@ -272,7 +271,7 @@ static __init int sel_netport_init(void) ...@@ -272,7 +271,7 @@ static __init int sel_netport_init(void)
} }
ret = avc_add_callback(sel_netport_avc_callback, AVC_CALLBACK_RESET, ret = avc_add_callback(sel_netport_avc_callback, AVC_CALLBACK_RESET,
SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0); SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
if (ret != 0) if (ret != 0)
panic("avc_add_callback() failed, error %d\n", ret); panic("avc_add_callback() failed, error %d\n", ret);
......
...@@ -27,7 +27,7 @@ ...@@ -27,7 +27,7 @@
#include <linux/seq_file.h> #include <linux/seq_file.h>
#include <linux/percpu.h> #include <linux/percpu.h>
#include <linux/audit.h> #include <linux/audit.h>
#include <asm/uaccess.h> #include <linux/uaccess.h>
/* selinuxfs pseudo filesystem for exporting the security policy API. /* selinuxfs pseudo filesystem for exporting the security policy API.
Based on the proc code and the fs/nfsd/nfsctl.c code. */ Based on the proc code and the fs/nfsd/nfsctl.c code. */
...@@ -57,14 +57,18 @@ int selinux_compat_net = SELINUX_COMPAT_NET_VALUE; ...@@ -57,14 +57,18 @@ int selinux_compat_net = SELINUX_COMPAT_NET_VALUE;
static int __init checkreqprot_setup(char *str) static int __init checkreqprot_setup(char *str)
{ {
selinux_checkreqprot = simple_strtoul(str, NULL, 0) ? 1 : 0; unsigned long checkreqprot;
if (!strict_strtoul(str, 0, &checkreqprot))
selinux_checkreqprot = checkreqprot ? 1 : 0;
return 1; return 1;
} }
__setup("checkreqprot=", checkreqprot_setup); __setup("checkreqprot=", checkreqprot_setup);
static int __init selinux_compat_net_setup(char *str) static int __init selinux_compat_net_setup(char *str)
{ {
selinux_compat_net = simple_strtoul(str, NULL, 0) ? 1 : 0; unsigned long compat_net;
if (!strict_strtoul(str, 0, &compat_net))
selinux_compat_net = compat_net ? 1 : 0;
return 1; return 1;
} }
__setup("selinux_compat_net=", selinux_compat_net_setup); __setup("selinux_compat_net=", selinux_compat_net_setup);
......
...@@ -311,7 +311,7 @@ void avtab_hash_eval(struct avtab *h, char *tag) ...@@ -311,7 +311,7 @@ void avtab_hash_eval(struct avtab *h, char *tag)
} }
printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, " printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, "
"longest chain length %d sum of chain length^2 %Lu\n", "longest chain length %d sum of chain length^2 %llu\n",
tag, h->nel, slots_used, h->nslot, max_chain_len, tag, h->nel, slots_used, h->nslot, max_chain_len,
chain2_len_sum); chain2_len_sum);
} }
......
...@@ -437,13 +437,13 @@ int mls_setup_user_range(struct context *fromcon, struct user_datum *user, ...@@ -437,13 +437,13 @@ int mls_setup_user_range(struct context *fromcon, struct user_datum *user,
struct mls_level *usercon_clr = &(usercon->range.level[1]); struct mls_level *usercon_clr = &(usercon->range.level[1]);
/* Honor the user's default level if we can */ /* Honor the user's default level if we can */
if (mls_level_between(user_def, fromcon_sen, fromcon_clr)) { if (mls_level_between(user_def, fromcon_sen, fromcon_clr))
*usercon_sen = *user_def; *usercon_sen = *user_def;
} else if (mls_level_between(fromcon_sen, user_def, user_clr)) { else if (mls_level_between(fromcon_sen, user_def, user_clr))
*usercon_sen = *fromcon_sen; *usercon_sen = *fromcon_sen;
} else if (mls_level_between(fromcon_clr, user_low, user_def)) { else if (mls_level_between(fromcon_clr, user_low, user_def))
*usercon_sen = *user_low; *usercon_sen = *user_low;
} else else
return -EINVAL; return -EINVAL;
/* Lower the clearance of available contexts /* Lower the clearance of available contexts
......
...@@ -2531,7 +2531,7 @@ int selinux_audit_rule_known(struct audit_krule *rule) ...@@ -2531,7 +2531,7 @@ int selinux_audit_rule_known(struct audit_krule *rule)
} }
int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
struct audit_context *actx) struct audit_context *actx)
{ {
struct context *ctxt; struct context *ctxt;
struct mls_level *level; struct mls_level *level;
...@@ -2645,7 +2645,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, ...@@ -2645,7 +2645,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
static int (*aurule_callback)(void) = audit_update_lsm_rules; static int (*aurule_callback)(void) = audit_update_lsm_rules;
static int aurule_avc_callback(u32 event, u32 ssid, u32 tsid, static int aurule_avc_callback(u32 event, u32 ssid, u32 tsid,
u16 class, u32 perms, u32 *retained) u16 class, u32 perms, u32 *retained)
{ {
int err = 0; int err = 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment