X-Git-Url: http://pilppa.org/gitweb/?a=blobdiff_plain;f=security%2Fselinux%2Fss%2Fconditional.c;h=fb4efe4f4bc8a5377192052d65242b683a87b438;hb=d497fc87c0e201194c3af75b787178cf4559f84b;hp=a996cf1d378ac2323921c04bdc7613150527389f;hpb=253ba4e79edc695b2925bd2ef34de06ff4d4070c;p=linux-2.6-omap-h63xx.git

diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index a996cf1d378..fb4efe4f4bc 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -1,9 +1,9 @@
 /* Authors: Karl MacMillan <kmacmillan@tresys.com>
- *          Frank Mayer <mayerf@tresys.com>
+ *	    Frank Mayer <mayerf@tresys.com>
  *
  * Copyright (C) 2003 - 2004 Tresys Technology, LLC
  *	This program is free software; you can redistribute it and/or modify
- *  	it under the terms of the GNU General Public License as published by
+ *	it under the terms of the GNU General Public License as published by
  *	the Free Software Foundation, version 2.
  */
 
@@ -11,7 +11,6 @@
 #include <linux/errno.h>
 #include <linux/string.h>
 #include <linux/spinlock.h>
-#include <asm/semaphore.h>
 #include <linux/slab.h>
 
 #include "security.h"
@@ -90,7 +89,7 @@ static int cond_evaluate_expr(struct policydb *p, struct cond_expr *expr)
 int evaluate_cond_node(struct policydb *p, struct cond_node *node)
 {
 	int new_state;
-	struct cond_av_list* cur;
+	struct cond_av_list *cur;
 
 	new_state = cond_evaluate_expr(p, node->expr);
 	if (new_state != node->cur_state) {
@@ -99,20 +98,18 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node)
 			printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n");
 		/* turn the rules on or off */
 		for (cur = node->true_list; cur != NULL; cur = cur->next) {
-			if (new_state <= 0) {
+			if (new_state <= 0)
 				cur->node->key.specified &= ~AVTAB_ENABLED;
-			} else {
+			else
 				cur->node->key.specified |= AVTAB_ENABLED;
-			}
 		}
 
 		for (cur = node->false_list; cur != NULL; cur = cur->next) {
 			/* -1 or 1 */
-			if (new_state) {
+			if (new_state)
 				cur->node->key.specified &= ~AVTAB_ENABLED;
-			} else {
+			else
 				cur->node->key.specified |= AVTAB_ENABLED;
-			}
 		}
 	}
 	return 0;
@@ -174,8 +171,8 @@ void cond_policydb_destroy(struct policydb *p)
 int cond_init_bool_indexes(struct policydb *p)
 {
 	kfree(p->bool_val_to_struct);
-	p->bool_val_to_struct = (struct cond_bool_datum**)
-		kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum*), GFP_KERNEL);
+	p->bool_val_to_struct = (struct cond_bool_datum **)
+		kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum *), GFP_KERNEL);
 	if (!p->bool_val_to_struct)
 		return -1;
 	return 0;
@@ -200,7 +197,7 @@ int cond_index_bool(void *key, void *datum, void *datap)
 		return -EINVAL;
 
 	p->p_bool_val_to_name[booldatum->value - 1] = key;
-	p->bool_val_to_struct[booldatum->value -1] = booldatum;
+	p->bool_val_to_struct[booldatum->value - 1] = booldatum;
 
 	return 0;
 }
@@ -252,8 +249,7 @@ err:
 	return -1;
 }
 
-struct cond_insertf_data
-{
+struct cond_insertf_data {
 	struct policydb *p;
 	struct cond_av_list *other;
 	struct cond_av_list *head;
@@ -276,7 +272,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
 	 */
 	if (k->specified & AVTAB_TYPE) {
 		if (avtab_search(&p->te_avtab, k)) {
-			printk("SELinux: type rule already exists outside of a conditional.");
+			printk(KERN_ERR "SELinux: type rule already exists outside of a conditional.\n");
 			goto err;
 		}
 		/*
@@ -291,7 +287,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
 			node_ptr = avtab_search_node(&p->te_cond_avtab, k);
 			if (node_ptr) {
 				if (avtab_search_node_next(node_ptr, k->specified)) {
-					printk("SELinux: too many conflicting type rules.");
+					printk(KERN_ERR "SELinux: too many conflicting type rules.\n");
 					goto err;
 				}
 				found = 0;
@@ -302,13 +298,13 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
 					}
 				}
 				if (!found) {
-					printk("SELinux: conflicting type rules.\n");
+					printk(KERN_ERR "SELinux: conflicting type rules.\n");
 					goto err;
 				}
 			}
 		} else {
 			if (avtab_search(&p->te_cond_avtab, k)) {
-				printk("SELinux: conflicting type rules when adding type rule for true.\n");
+				printk(KERN_ERR "SELinux: conflicting type rules when adding type rule for true.\n");
 				goto err;
 			}
 		}
@@ -316,7 +312,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
 
 	node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);
 	if (!node_ptr) {
-		printk("SELinux: could not insert rule.");
+		printk(KERN_ERR "SELinux: could not insert rule.\n");
 		goto err;
 	}
 
@@ -353,9 +349,8 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list *
 		return -1;
 
 	len = le32_to_cpu(buf[0]);
-	if (len == 0) {
+	if (len == 0)
 		return 0;
-	}
 
 	data.p = p;
 	data.other = other;
@@ -376,12 +371,12 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list *
 static int expr_isvalid(struct policydb *p, struct cond_expr *expr)
 {
 	if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) {
-		printk("SELinux: conditional expressions uses unknown operator.\n");
+		printk(KERN_ERR "SELinux: conditional expressions uses unknown operator.\n");
 		return 0;
 	}
 
 	if (expr->bool > p->p_bools.nprim) {
-		printk("SELinux: conditional expressions uses unknown bool.\n");
+		printk(KERN_ERR "SELinux: conditional expressions uses unknown bool.\n");
 		return 0;
 	}
 	return 1;
@@ -408,15 +403,14 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
 	/* expr */
 	len = le32_to_cpu(buf[0]);
 
-	for (i = 0; i < len; i++ ) {
+	for (i = 0; i < len; i++) {
 		rc = next_entry(buf, fp, sizeof(u32) * 2);
 		if (rc < 0)
 			goto err;
 
 		expr = kzalloc(sizeof(struct cond_expr), GFP_KERNEL);
-		if (!expr) {
+		if (!expr)
 			goto err;
-		}
 
 		expr->expr_type = le32_to_cpu(buf[0]);
 		expr->bool = le32_to_cpu(buf[1]);
@@ -426,11 +420,10 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
 			goto err;
 		}
 
-		if (i == 0) {
+		if (i == 0)
 			node->expr = expr;
-		} else {
+		else
 			last->next = expr;
-		}
 		last = expr;
 	}
 
@@ -469,11 +462,10 @@ int cond_read_list(struct policydb *p, void *fp)
 		if (cond_read_node(p, node, fp) != 0)
 			goto err;
 
-		if (i == 0) {
+		if (i == 0)
 			p->cond_list = node;
-		} else {
+		else
 			last->next = node;
-		}
 		last = node;
 	}
 	return 0;
@@ -490,24 +482,24 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decisi
 {
 	struct avtab_node *node;
 
-	if(!ctab || !key || !avd)
+	if (!ctab || !key || !avd)
 		return;
 
-	for(node = avtab_search_node(ctab, key); node != NULL;
+	for (node = avtab_search_node(ctab, key); node != NULL;
 				node = avtab_search_node_next(node, key->specified)) {
-		if ( (u16) (AVTAB_ALLOWED|AVTAB_ENABLED) ==
-		     (node->key.specified & (AVTAB_ALLOWED|AVTAB_ENABLED)))
+		if ((u16)(AVTAB_ALLOWED|AVTAB_ENABLED) ==
+		    (node->key.specified & (AVTAB_ALLOWED|AVTAB_ENABLED)))
 			avd->allowed |= node->datum.data;
-		if ( (u16) (AVTAB_AUDITDENY|AVTAB_ENABLED) ==
-		     (node->key.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED)))
+		if ((u16)(AVTAB_AUDITDENY|AVTAB_ENABLED) ==
+		    (node->key.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED)))
 			/* Since a '0' in an auditdeny mask represents a
 			 * permission we do NOT want to audit (dontaudit), we use
 			 * the '&' operand to ensure that all '0's in the mask
 			 * are retained (much unlike the allow and auditallow cases).
 			 */
 			avd->auditdeny &= node->datum.data;
-		if ( (u16) (AVTAB_AUDITALLOW|AVTAB_ENABLED) ==
-		     (node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED)))
+		if ((u16)(AVTAB_AUDITALLOW|AVTAB_ENABLED) ==
+		    (node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED)))
 			avd->auditallow |= node->datum.data;
 	}
 	return;