aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/ss/conditional.c
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-04-18 17:38:29 -0400
committerJames Morris <jmorris@namei.org>2008-04-21 05:07:31 -0400
commit7c2b240ef2ae05a0081b4004176fd5838cecc4f6 (patch)
tree2013e70b664b108b396864e61c658f3a84347076 /security/selinux/ss/conditional.c
parenteb5df9a7ae794a7e352e0582011e9e2b586051b5 (diff)
SELinux: conditional.c whitespace, syntax, and static declaraction cleanups
This patch changes conditional.c to fix whitespace and syntax issues. Things that are fixed may include (does not not have to include) whitespace at end of lines spaces followed by tabs spaces used instead of tabs spacing around parenthesis locateion of { around struct and else clauses location of * in pointer declarations removal of initialization of static data to keep it in the right section useless {} in if statemetns useless checking for NULL before kfree fixing of the indentation depth of switch statements and any number of other things I forgot to mention Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux/ss/conditional.c')
-rw-r--r--security/selinux/ss/conditional.c59
1 files changed, 26 insertions, 33 deletions
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index a996cf1d378a..5691af498c40 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -1,9 +1,9 @@
1/* Authors: Karl MacMillan <kmacmillan@tresys.com> 1/* Authors: Karl MacMillan <kmacmillan@tresys.com>
2 * Frank Mayer <mayerf@tresys.com> 2 * Frank Mayer <mayerf@tresys.com>
3 * 3 *
4 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 4 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
5 * This program is free software; you can redistribute it and/or modify 5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by 6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, version 2. 7 * the Free Software Foundation, version 2.
8 */ 8 */
9 9
@@ -90,7 +90,7 @@ static int cond_evaluate_expr(struct policydb *p, struct cond_expr *expr)
90int evaluate_cond_node(struct policydb *p, struct cond_node *node) 90int evaluate_cond_node(struct policydb *p, struct cond_node *node)
91{ 91{
92 int new_state; 92 int new_state;
93 struct cond_av_list* cur; 93 struct cond_av_list *cur;
94 94
95 new_state = cond_evaluate_expr(p, node->expr); 95 new_state = cond_evaluate_expr(p, node->expr);
96 if (new_state != node->cur_state) { 96 if (new_state != node->cur_state) {
@@ -99,20 +99,18 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node)
99 printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n"); 99 printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n");
100 /* turn the rules on or off */ 100 /* turn the rules on or off */
101 for (cur = node->true_list; cur != NULL; cur = cur->next) { 101 for (cur = node->true_list; cur != NULL; cur = cur->next) {
102 if (new_state <= 0) { 102 if (new_state <= 0)
103 cur->node->key.specified &= ~AVTAB_ENABLED; 103 cur->node->key.specified &= ~AVTAB_ENABLED;
104 } else { 104 else
105 cur->node->key.specified |= AVTAB_ENABLED; 105 cur->node->key.specified |= AVTAB_ENABLED;
106 }
107 } 106 }
108 107
109 for (cur = node->false_list; cur != NULL; cur = cur->next) { 108 for (cur = node->false_list; cur != NULL; cur = cur->next) {
110 /* -1 or 1 */ 109 /* -1 or 1 */
111 if (new_state) { 110 if (new_state)
112 cur->node->key.specified &= ~AVTAB_ENABLED; 111 cur->node->key.specified &= ~AVTAB_ENABLED;
113 } else { 112 else
114 cur->node->key.specified |= AVTAB_ENABLED; 113 cur->node->key.specified |= AVTAB_ENABLED;
115 }
116 } 114 }
117 } 115 }
118 return 0; 116 return 0;
@@ -174,8 +172,8 @@ void cond_policydb_destroy(struct policydb *p)
174int cond_init_bool_indexes(struct policydb *p) 172int cond_init_bool_indexes(struct policydb *p)
175{ 173{
176 kfree(p->bool_val_to_struct); 174 kfree(p->bool_val_to_struct);
177 p->bool_val_to_struct = (struct cond_bool_datum**) 175 p->bool_val_to_struct = (struct cond_bool_datum **)
178 kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum*), GFP_KERNEL); 176 kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum *), GFP_KERNEL);
179 if (!p->bool_val_to_struct) 177 if (!p->bool_val_to_struct)
180 return -1; 178 return -1;
181 return 0; 179 return 0;
@@ -200,7 +198,7 @@ int cond_index_bool(void *key, void *datum, void *datap)
200 return -EINVAL; 198 return -EINVAL;
201 199
202 p->p_bool_val_to_name[booldatum->value - 1] = key; 200 p->p_bool_val_to_name[booldatum->value - 1] = key;
203 p->bool_val_to_struct[booldatum->value -1] = booldatum; 201 p->bool_val_to_struct[booldatum->value - 1] = booldatum;
204 202
205 return 0; 203 return 0;
206} 204}
@@ -252,8 +250,7 @@ err:
252 return -1; 250 return -1;
253} 251}
254 252
255struct cond_insertf_data 253struct cond_insertf_data {
256{
257 struct policydb *p; 254 struct policydb *p;
258 struct cond_av_list *other; 255 struct cond_av_list *other;
259 struct cond_av_list *head; 256 struct cond_av_list *head;
@@ -353,9 +350,8 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list *
353 return -1; 350 return -1;
354 351
355 len = le32_to_cpu(buf[0]); 352 len = le32_to_cpu(buf[0]);
356 if (len == 0) { 353 if (len == 0)
357 return 0; 354 return 0;
358 }
359 355
360 data.p = p; 356 data.p = p;
361 data.other = other; 357 data.other = other;
@@ -408,15 +404,14 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
408 /* expr */ 404 /* expr */
409 len = le32_to_cpu(buf[0]); 405 len = le32_to_cpu(buf[0]);
410 406
411 for (i = 0; i < len; i++ ) { 407 for (i = 0; i < len; i++) {
412 rc = next_entry(buf, fp, sizeof(u32) * 2); 408 rc = next_entry(buf, fp, sizeof(u32) * 2);
413 if (rc < 0) 409 if (rc < 0)
414 goto err; 410 goto err;
415 411
416 expr = kzalloc(sizeof(struct cond_expr), GFP_KERNEL); 412 expr = kzalloc(sizeof(struct cond_expr), GFP_KERNEL);
417 if (!expr) { 413 if (!expr)
418 goto err; 414 goto err;
419 }
420 415
421 expr->expr_type = le32_to_cpu(buf[0]); 416 expr->expr_type = le32_to_cpu(buf[0]);
422 expr->bool = le32_to_cpu(buf[1]); 417 expr->bool = le32_to_cpu(buf[1]);
@@ -426,11 +421,10 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
426 goto err; 421 goto err;
427 } 422 }
428 423
429 if (i == 0) { 424 if (i == 0)
430 node->expr = expr; 425 node->expr = expr;
431 } else { 426 else
432 last->next = expr; 427 last->next = expr;
433 }
434 last = expr; 428 last = expr;
435 } 429 }
436 430
@@ -469,11 +463,10 @@ int cond_read_list(struct policydb *p, void *fp)
469 if (cond_read_node(p, node, fp) != 0) 463 if (cond_read_node(p, node, fp) != 0)
470 goto err; 464 goto err;
471 465
472 if (i == 0) { 466 if (i == 0)
473 p->cond_list = node; 467 p->cond_list = node;
474 } else { 468 else
475 last->next = node; 469 last->next = node;
476 }
477 last = node; 470 last = node;
478 } 471 }
479 return 0; 472 return 0;
@@ -490,24 +483,24 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decisi
490{ 483{
491 struct avtab_node *node; 484 struct avtab_node *node;
492 485
493 if(!ctab || !key || !avd) 486 if (!ctab || !key || !avd)
494 return; 487 return;
495 488
496 for(node = avtab_search_node(ctab, key); node != NULL; 489 for (node = avtab_search_node(ctab, key); node != NULL;
497 node = avtab_search_node_next(node, key->specified)) { 490 node = avtab_search_node_next(node, key->specified)) {
498 if ( (u16) (AVTAB_ALLOWED|AVTAB_ENABLED) == 491 if ((u16)(AVTAB_ALLOWED|AVTAB_ENABLED) ==
499 (node->key.specified & (AVTAB_ALLOWED|AVTAB_ENABLED))) 492 (node->key.specified & (AVTAB_ALLOWED|AVTAB_ENABLED)))
500 avd->allowed |= node->datum.data; 493 avd->allowed |= node->datum.data;
501 if ( (u16) (AVTAB_AUDITDENY|AVTAB_ENABLED) == 494 if ((u16)(AVTAB_AUDITDENY|AVTAB_ENABLED) ==
502 (node->key.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED))) 495 (node->key.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED)))
503 /* Since a '0' in an auditdeny mask represents a 496 /* Since a '0' in an auditdeny mask represents a
504 * permission we do NOT want to audit (dontaudit), we use 497 * permission we do NOT want to audit (dontaudit), we use
505 * the '&' operand to ensure that all '0's in the mask 498 * the '&' operand to ensure that all '0's in the mask
506 * are retained (much unlike the allow and auditallow cases). 499 * are retained (much unlike the allow and auditallow cases).
507 */ 500 */
508 avd->auditdeny &= node->datum.data; 501 avd->auditdeny &= node->datum.data;
509 if ( (u16) (AVTAB_AUDITALLOW|AVTAB_ENABLED) == 502 if ((u16)(AVTAB_AUDITALLOW|AVTAB_ENABLED) ==
510 (node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED))) 503 (node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED)))
511 avd->auditallow |= node->datum.data; 504 avd->auditallow |= node->datum.data;
512 } 505 }
513 return; 506 return;