diff options
-rw-r--r-- | security/selinux/ss/avtab.c | 40 | ||||
-rw-r--r-- | security/selinux/ss/conditional.c | 16 | ||||
-rw-r--r-- | security/selinux/ss/ebitmap.c | 14 | ||||
-rw-r--r-- | security/selinux/ss/policydb.c | 54 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 28 |
5 files changed, 76 insertions, 76 deletions
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index cd10e27fc9e6..916e73a18bc5 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c | |||
@@ -280,8 +280,8 @@ int avtab_alloc(struct avtab *h, u32 nrules) | |||
280 | h->nel = 0; | 280 | h->nel = 0; |
281 | h->nslot = nslot; | 281 | h->nslot = nslot; |
282 | h->mask = mask; | 282 | h->mask = mask; |
283 | printk(KERN_DEBUG "SELinux:%d avtab hash slots allocated. " | 283 | printk(KERN_DEBUG "SELinux: %d avtab hash slots, %d rules.\n", |
284 | "Num of rules:%d\n", h->nslot, nrules); | 284 | h->nslot, nrules); |
285 | return 0; | 285 | return 0; |
286 | } | 286 | } |
287 | 287 | ||
@@ -345,18 +345,18 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, | |||
345 | if (vers < POLICYDB_VERSION_AVTAB) { | 345 | if (vers < POLICYDB_VERSION_AVTAB) { |
346 | rc = next_entry(buf32, fp, sizeof(u32)); | 346 | rc = next_entry(buf32, fp, sizeof(u32)); |
347 | if (rc < 0) { | 347 | if (rc < 0) { |
348 | printk(KERN_ERR "security: avtab: truncated entry\n"); | 348 | printk(KERN_ERR "SELinux: avtab: truncated entry\n"); |
349 | return -1; | 349 | return -1; |
350 | } | 350 | } |
351 | items2 = le32_to_cpu(buf32[0]); | 351 | items2 = le32_to_cpu(buf32[0]); |
352 | if (items2 > ARRAY_SIZE(buf32)) { | 352 | if (items2 > ARRAY_SIZE(buf32)) { |
353 | printk(KERN_ERR "security: avtab: entry overflow\n"); | 353 | printk(KERN_ERR "SELinux: avtab: entry overflow\n"); |
354 | return -1; | 354 | return -1; |
355 | 355 | ||
356 | } | 356 | } |
357 | rc = next_entry(buf32, fp, sizeof(u32)*items2); | 357 | rc = next_entry(buf32, fp, sizeof(u32)*items2); |
358 | if (rc < 0) { | 358 | if (rc < 0) { |
359 | printk(KERN_ERR "security: avtab: truncated entry\n"); | 359 | printk(KERN_ERR "SELinux: avtab: truncated entry\n"); |
360 | return -1; | 360 | return -1; |
361 | } | 361 | } |
362 | items = 0; | 362 | items = 0; |
@@ -364,19 +364,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, | |||
364 | val = le32_to_cpu(buf32[items++]); | 364 | val = le32_to_cpu(buf32[items++]); |
365 | key.source_type = (u16)val; | 365 | key.source_type = (u16)val; |
366 | if (key.source_type != val) { | 366 | if (key.source_type != val) { |
367 | printk("security: avtab: truncated source type\n"); | 367 | printk("SELinux: avtab: truncated source type\n"); |
368 | return -1; | 368 | return -1; |
369 | } | 369 | } |
370 | val = le32_to_cpu(buf32[items++]); | 370 | val = le32_to_cpu(buf32[items++]); |
371 | key.target_type = (u16)val; | 371 | key.target_type = (u16)val; |
372 | if (key.target_type != val) { | 372 | if (key.target_type != val) { |
373 | printk("security: avtab: truncated target type\n"); | 373 | printk("SELinux: avtab: truncated target type\n"); |
374 | return -1; | 374 | return -1; |
375 | } | 375 | } |
376 | val = le32_to_cpu(buf32[items++]); | 376 | val = le32_to_cpu(buf32[items++]); |
377 | key.target_class = (u16)val; | 377 | key.target_class = (u16)val; |
378 | if (key.target_class != val) { | 378 | if (key.target_class != val) { |
379 | printk("security: avtab: truncated target class\n"); | 379 | printk("SELinux: avtab: truncated target class\n"); |
380 | return -1; | 380 | return -1; |
381 | } | 381 | } |
382 | 382 | ||
@@ -384,12 +384,12 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, | |||
384 | enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0; | 384 | enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0; |
385 | 385 | ||
386 | if (!(val & (AVTAB_AV | AVTAB_TYPE))) { | 386 | if (!(val & (AVTAB_AV | AVTAB_TYPE))) { |
387 | printk("security: avtab: null entry\n"); | 387 | printk("SELinux: avtab: null entry\n"); |
388 | return -1; | 388 | return -1; |
389 | } | 389 | } |
390 | if ((val & AVTAB_AV) && | 390 | if ((val & AVTAB_AV) && |
391 | (val & AVTAB_TYPE)) { | 391 | (val & AVTAB_TYPE)) { |
392 | printk("security: avtab: entry has both access vectors and types\n"); | 392 | printk("SELinux: avtab: entry has both access vectors and types\n"); |
393 | return -1; | 393 | return -1; |
394 | } | 394 | } |
395 | 395 | ||
@@ -403,7 +403,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, | |||
403 | } | 403 | } |
404 | 404 | ||
405 | if (items != items2) { | 405 | if (items != items2) { |
406 | printk("security: avtab: entry only had %d items, expected %d\n", items2, items); | 406 | printk("SELinux: avtab: entry only had %d items, expected %d\n", items2, items); |
407 | return -1; | 407 | return -1; |
408 | } | 408 | } |
409 | return 0; | 409 | return 0; |
@@ -411,7 +411,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, | |||
411 | 411 | ||
412 | rc = next_entry(buf16, fp, sizeof(u16)*4); | 412 | rc = next_entry(buf16, fp, sizeof(u16)*4); |
413 | if (rc < 0) { | 413 | if (rc < 0) { |
414 | printk("security: avtab: truncated entry\n"); | 414 | printk("SELinux: avtab: truncated entry\n"); |
415 | return -1; | 415 | return -1; |
416 | } | 416 | } |
417 | 417 | ||
@@ -424,7 +424,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, | |||
424 | if (!policydb_type_isvalid(pol, key.source_type) || | 424 | if (!policydb_type_isvalid(pol, key.source_type) || |
425 | !policydb_type_isvalid(pol, key.target_type) || | 425 | !policydb_type_isvalid(pol, key.target_type) || |
426 | !policydb_class_isvalid(pol, key.target_class)) { | 426 | !policydb_class_isvalid(pol, key.target_class)) { |
427 | printk(KERN_WARNING "security: avtab: invalid type or class\n"); | 427 | printk(KERN_WARNING "SELinux: avtab: invalid type or class\n"); |
428 | return -1; | 428 | return -1; |
429 | } | 429 | } |
430 | 430 | ||
@@ -435,19 +435,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, | |||
435 | } | 435 | } |
436 | if (!set || set > 1) { | 436 | if (!set || set > 1) { |
437 | printk(KERN_WARNING | 437 | printk(KERN_WARNING |
438 | "security: avtab: more than one specifier\n"); | 438 | "SELinux: avtab: more than one specifier\n"); |
439 | return -1; | 439 | return -1; |
440 | } | 440 | } |
441 | 441 | ||
442 | rc = next_entry(buf32, fp, sizeof(u32)); | 442 | rc = next_entry(buf32, fp, sizeof(u32)); |
443 | if (rc < 0) { | 443 | if (rc < 0) { |
444 | printk("security: avtab: truncated entry\n"); | 444 | printk("SELinux: avtab: truncated entry\n"); |
445 | return -1; | 445 | return -1; |
446 | } | 446 | } |
447 | datum.data = le32_to_cpu(*buf32); | 447 | datum.data = le32_to_cpu(*buf32); |
448 | if ((key.specified & AVTAB_TYPE) && | 448 | if ((key.specified & AVTAB_TYPE) && |
449 | !policydb_type_isvalid(pol, datum.data)) { | 449 | !policydb_type_isvalid(pol, datum.data)) { |
450 | printk(KERN_WARNING "security: avtab: invalid type\n"); | 450 | printk(KERN_WARNING "SELinux: avtab: invalid type\n"); |
451 | return -1; | 451 | return -1; |
452 | } | 452 | } |
453 | return insertf(a, &key, &datum, p); | 453 | return insertf(a, &key, &datum, p); |
@@ -468,12 +468,12 @@ int avtab_read(struct avtab *a, void *fp, struct policydb *pol) | |||
468 | 468 | ||
469 | rc = next_entry(buf, fp, sizeof(u32)); | 469 | rc = next_entry(buf, fp, sizeof(u32)); |
470 | if (rc < 0) { | 470 | if (rc < 0) { |
471 | printk(KERN_ERR "security: avtab: truncated table\n"); | 471 | printk(KERN_ERR "SELinux: avtab: truncated table\n"); |
472 | goto bad; | 472 | goto bad; |
473 | } | 473 | } |
474 | nel = le32_to_cpu(buf[0]); | 474 | nel = le32_to_cpu(buf[0]); |
475 | if (!nel) { | 475 | if (!nel) { |
476 | printk(KERN_ERR "security: avtab: table is empty\n"); | 476 | printk(KERN_ERR "SELinux: avtab: table is empty\n"); |
477 | rc = -EINVAL; | 477 | rc = -EINVAL; |
478 | goto bad; | 478 | goto bad; |
479 | } | 479 | } |
@@ -486,9 +486,9 @@ int avtab_read(struct avtab *a, void *fp, struct policydb *pol) | |||
486 | rc = avtab_read_item(a, fp, pol, avtab_insertf, NULL); | 486 | rc = avtab_read_item(a, fp, pol, avtab_insertf, NULL); |
487 | if (rc) { | 487 | if (rc) { |
488 | if (rc == -ENOMEM) | 488 | if (rc == -ENOMEM) |
489 | printk(KERN_ERR "security: avtab: out of memory\n"); | 489 | printk(KERN_ERR "SELinux: avtab: out of memory\n"); |
490 | else if (rc == -EEXIST) | 490 | else if (rc == -EEXIST) |
491 | printk(KERN_ERR "security: avtab: duplicate entry\n"); | 491 | printk(KERN_ERR "SELinux: avtab: duplicate entry\n"); |
492 | else | 492 | else |
493 | rc = -EINVAL; | 493 | rc = -EINVAL; |
494 | goto bad; | 494 | goto bad; |
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index 50ad85d4b77c..a996cf1d378a 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c | |||
@@ -96,7 +96,7 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node) | |||
96 | if (new_state != node->cur_state) { | 96 | if (new_state != node->cur_state) { |
97 | node->cur_state = new_state; | 97 | node->cur_state = new_state; |
98 | if (new_state == -1) | 98 | if (new_state == -1) |
99 | printk(KERN_ERR "security: expression result was undefined - disabling all rules.\n"); | 99 | printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n"); |
100 | /* turn the rules on or off */ | 100 | /* turn the rules on or off */ |
101 | for (cur = node->true_list; cur != NULL; cur = cur->next) { | 101 | for (cur = node->true_list; cur != NULL; cur = cur->next) { |
102 | if (new_state <= 0) { | 102 | if (new_state <= 0) { |
@@ -276,7 +276,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum | |||
276 | */ | 276 | */ |
277 | if (k->specified & AVTAB_TYPE) { | 277 | if (k->specified & AVTAB_TYPE) { |
278 | if (avtab_search(&p->te_avtab, k)) { | 278 | if (avtab_search(&p->te_avtab, k)) { |
279 | printk("security: type rule already exists outside of a conditional."); | 279 | printk("SELinux: type rule already exists outside of a conditional."); |
280 | goto err; | 280 | goto err; |
281 | } | 281 | } |
282 | /* | 282 | /* |
@@ -291,7 +291,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum | |||
291 | node_ptr = avtab_search_node(&p->te_cond_avtab, k); | 291 | node_ptr = avtab_search_node(&p->te_cond_avtab, k); |
292 | if (node_ptr) { | 292 | if (node_ptr) { |
293 | if (avtab_search_node_next(node_ptr, k->specified)) { | 293 | if (avtab_search_node_next(node_ptr, k->specified)) { |
294 | printk("security: too many conflicting type rules."); | 294 | printk("SELinux: too many conflicting type rules."); |
295 | goto err; | 295 | goto err; |
296 | } | 296 | } |
297 | found = 0; | 297 | found = 0; |
@@ -302,13 +302,13 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum | |||
302 | } | 302 | } |
303 | } | 303 | } |
304 | if (!found) { | 304 | if (!found) { |
305 | printk("security: conflicting type rules.\n"); | 305 | printk("SELinux: conflicting type rules.\n"); |
306 | goto err; | 306 | goto err; |
307 | } | 307 | } |
308 | } | 308 | } |
309 | } else { | 309 | } else { |
310 | if (avtab_search(&p->te_cond_avtab, k)) { | 310 | if (avtab_search(&p->te_cond_avtab, k)) { |
311 | printk("security: conflicting type rules when adding type rule for true.\n"); | 311 | printk("SELinux: conflicting type rules when adding type rule for true.\n"); |
312 | goto err; | 312 | goto err; |
313 | } | 313 | } |
314 | } | 314 | } |
@@ -316,7 +316,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum | |||
316 | 316 | ||
317 | node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d); | 317 | node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d); |
318 | if (!node_ptr) { | 318 | if (!node_ptr) { |
319 | printk("security: could not insert rule."); | 319 | printk("SELinux: could not insert rule."); |
320 | goto err; | 320 | goto err; |
321 | } | 321 | } |
322 | 322 | ||
@@ -376,12 +376,12 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list * | |||
376 | static int expr_isvalid(struct policydb *p, struct cond_expr *expr) | 376 | static int expr_isvalid(struct policydb *p, struct cond_expr *expr) |
377 | { | 377 | { |
378 | if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) { | 378 | if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) { |
379 | printk("security: conditional expressions uses unknown operator.\n"); | 379 | printk("SELinux: conditional expressions uses unknown operator.\n"); |
380 | return 0; | 380 | return 0; |
381 | } | 381 | } |
382 | 382 | ||
383 | if (expr->bool > p->p_bools.nprim) { | 383 | if (expr->bool > p->p_bools.nprim) { |
384 | printk("security: conditional expressions uses unknown bool.\n"); | 384 | printk("SELinux: conditional expressions uses unknown bool.\n"); |
385 | return 0; | 385 | return 0; |
386 | } | 386 | } |
387 | return 1; | 387 | return 1; |
diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c index 920b5e36a1af..e499af474b35 100644 --- a/security/selinux/ss/ebitmap.c +++ b/security/selinux/ss/ebitmap.c | |||
@@ -364,7 +364,7 @@ int ebitmap_read(struct ebitmap *e, void *fp) | |||
364 | count = le32_to_cpu(buf[2]); | 364 | count = le32_to_cpu(buf[2]); |
365 | 365 | ||
366 | if (mapunit != sizeof(u64) * 8) { | 366 | if (mapunit != sizeof(u64) * 8) { |
367 | printk(KERN_ERR "security: ebitmap: map size %u does not " | 367 | printk(KERN_ERR "SELinux: ebitmap: map size %u does not " |
368 | "match my size %Zd (high bit was %d)\n", | 368 | "match my size %Zd (high bit was %d)\n", |
369 | mapunit, sizeof(u64) * 8, e->highbit); | 369 | mapunit, sizeof(u64) * 8, e->highbit); |
370 | goto bad; | 370 | goto bad; |
@@ -382,19 +382,19 @@ int ebitmap_read(struct ebitmap *e, void *fp) | |||
382 | for (i = 0; i < count; i++) { | 382 | for (i = 0; i < count; i++) { |
383 | rc = next_entry(&startbit, fp, sizeof(u32)); | 383 | rc = next_entry(&startbit, fp, sizeof(u32)); |
384 | if (rc < 0) { | 384 | if (rc < 0) { |
385 | printk(KERN_ERR "security: ebitmap: truncated map\n"); | 385 | printk(KERN_ERR "SELinux: ebitmap: truncated map\n"); |
386 | goto bad; | 386 | goto bad; |
387 | } | 387 | } |
388 | startbit = le32_to_cpu(startbit); | 388 | startbit = le32_to_cpu(startbit); |
389 | 389 | ||
390 | if (startbit & (mapunit - 1)) { | 390 | if (startbit & (mapunit - 1)) { |
391 | printk(KERN_ERR "security: ebitmap start bit (%d) is " | 391 | printk(KERN_ERR "SELinux: ebitmap start bit (%d) is " |
392 | "not a multiple of the map unit size (%u)\n", | 392 | "not a multiple of the map unit size (%u)\n", |
393 | startbit, mapunit); | 393 | startbit, mapunit); |
394 | goto bad; | 394 | goto bad; |
395 | } | 395 | } |
396 | if (startbit > e->highbit - mapunit) { | 396 | if (startbit > e->highbit - mapunit) { |
397 | printk(KERN_ERR "security: ebitmap start bit (%d) is " | 397 | printk(KERN_ERR "SELinux: ebitmap start bit (%d) is " |
398 | "beyond the end of the bitmap (%u)\n", | 398 | "beyond the end of the bitmap (%u)\n", |
399 | startbit, (e->highbit - mapunit)); | 399 | startbit, (e->highbit - mapunit)); |
400 | goto bad; | 400 | goto bad; |
@@ -405,7 +405,7 @@ int ebitmap_read(struct ebitmap *e, void *fp) | |||
405 | tmp = kzalloc(sizeof(*tmp), GFP_KERNEL); | 405 | tmp = kzalloc(sizeof(*tmp), GFP_KERNEL); |
406 | if (!tmp) { | 406 | if (!tmp) { |
407 | printk(KERN_ERR | 407 | printk(KERN_ERR |
408 | "security: ebitmap: out of memory\n"); | 408 | "SELinux: ebitmap: out of memory\n"); |
409 | rc = -ENOMEM; | 409 | rc = -ENOMEM; |
410 | goto bad; | 410 | goto bad; |
411 | } | 411 | } |
@@ -418,7 +418,7 @@ int ebitmap_read(struct ebitmap *e, void *fp) | |||
418 | } | 418 | } |
419 | n = tmp; | 419 | n = tmp; |
420 | } else if (startbit <= n->startbit) { | 420 | } else if (startbit <= n->startbit) { |
421 | printk(KERN_ERR "security: ebitmap: start bit %d" | 421 | printk(KERN_ERR "SELinux: ebitmap: start bit %d" |
422 | " comes after start bit %d\n", | 422 | " comes after start bit %d\n", |
423 | startbit, n->startbit); | 423 | startbit, n->startbit); |
424 | goto bad; | 424 | goto bad; |
@@ -426,7 +426,7 @@ int ebitmap_read(struct ebitmap *e, void *fp) | |||
426 | 426 | ||
427 | rc = next_entry(&map, fp, sizeof(u64)); | 427 | rc = next_entry(&map, fp, sizeof(u64)); |
428 | if (rc < 0) { | 428 | if (rc < 0) { |
429 | printk(KERN_ERR "security: ebitmap: truncated map\n"); | 429 | printk(KERN_ERR "SELinux: ebitmap: truncated map\n"); |
430 | goto bad; | 430 | goto bad; |
431 | } | 431 | } |
432 | map = le64_to_cpu(map); | 432 | map = le64_to_cpu(map); |
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index bd7d6a00342d..325551cd7fc7 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c | |||
@@ -401,14 +401,14 @@ static int policydb_index_others(struct policydb *p) | |||
401 | { | 401 | { |
402 | int i, rc = 0; | 402 | int i, rc = 0; |
403 | 403 | ||
404 | printk(KERN_DEBUG "security: %d users, %d roles, %d types, %d bools", | 404 | printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools", |
405 | p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); | 405 | p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); |
406 | if (selinux_mls_enabled) | 406 | if (selinux_mls_enabled) |
407 | printk(", %d sens, %d cats", p->p_levels.nprim, | 407 | printk(", %d sens, %d cats", p->p_levels.nprim, |
408 | p->p_cats.nprim); | 408 | p->p_cats.nprim); |
409 | printk("\n"); | 409 | printk("\n"); |
410 | 410 | ||
411 | printk(KERN_DEBUG "security: %d classes, %d rules\n", | 411 | printk(KERN_DEBUG "SELinux: %d classes, %d rules\n", |
412 | p->p_classes.nprim, p->te_avtab.nel); | 412 | p->p_classes.nprim, p->te_avtab.nel); |
413 | 413 | ||
414 | #ifdef DEBUG_HASHES | 414 | #ifdef DEBUG_HASHES |
@@ -702,20 +702,20 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s) | |||
702 | 702 | ||
703 | rc = sidtab_init(s); | 703 | rc = sidtab_init(s); |
704 | if (rc) { | 704 | if (rc) { |
705 | printk(KERN_ERR "security: out of memory on SID table init\n"); | 705 | printk(KERN_ERR "SELinux: out of memory on SID table init\n"); |
706 | goto out; | 706 | goto out; |
707 | } | 707 | } |
708 | 708 | ||
709 | head = p->ocontexts[OCON_ISID]; | 709 | head = p->ocontexts[OCON_ISID]; |
710 | for (c = head; c; c = c->next) { | 710 | for (c = head; c; c = c->next) { |
711 | if (!c->context[0].user) { | 711 | if (!c->context[0].user) { |
712 | printk(KERN_ERR "security: SID %s was never " | 712 | printk(KERN_ERR "SELinux: SID %s was never " |
713 | "defined.\n", c->u.name); | 713 | "defined.\n", c->u.name); |
714 | rc = -EINVAL; | 714 | rc = -EINVAL; |
715 | goto out; | 715 | goto out; |
716 | } | 716 | } |
717 | if (sidtab_insert(s, c->sid[0], &c->context[0])) { | 717 | if (sidtab_insert(s, c->sid[0], &c->context[0])) { |
718 | printk(KERN_ERR "security: unable to load initial " | 718 | printk(KERN_ERR "SELinux: unable to load initial " |
719 | "SID %s.\n", c->u.name); | 719 | "SID %s.\n", c->u.name); |
720 | rc = -EINVAL; | 720 | rc = -EINVAL; |
721 | goto out; | 721 | goto out; |
@@ -809,13 +809,13 @@ static int mls_read_range_helper(struct mls_range *r, void *fp) | |||
809 | 809 | ||
810 | items = le32_to_cpu(buf[0]); | 810 | items = le32_to_cpu(buf[0]); |
811 | if (items > ARRAY_SIZE(buf)) { | 811 | if (items > ARRAY_SIZE(buf)) { |
812 | printk(KERN_ERR "security: mls: range overflow\n"); | 812 | printk(KERN_ERR "SELinux: mls: range overflow\n"); |
813 | rc = -EINVAL; | 813 | rc = -EINVAL; |
814 | goto out; | 814 | goto out; |
815 | } | 815 | } |
816 | rc = next_entry(buf, fp, sizeof(u32) * items); | 816 | rc = next_entry(buf, fp, sizeof(u32) * items); |
817 | if (rc < 0) { | 817 | if (rc < 0) { |
818 | printk(KERN_ERR "security: mls: truncated range\n"); | 818 | printk(KERN_ERR "SELinux: mls: truncated range\n"); |
819 | goto out; | 819 | goto out; |
820 | } | 820 | } |
821 | r->level[0].sens = le32_to_cpu(buf[0]); | 821 | r->level[0].sens = le32_to_cpu(buf[0]); |
@@ -826,21 +826,21 @@ static int mls_read_range_helper(struct mls_range *r, void *fp) | |||
826 | 826 | ||
827 | rc = ebitmap_read(&r->level[0].cat, fp); | 827 | rc = ebitmap_read(&r->level[0].cat, fp); |
828 | if (rc) { | 828 | if (rc) { |
829 | printk(KERN_ERR "security: mls: error reading low " | 829 | printk(KERN_ERR "SELinux: mls: error reading low " |
830 | "categories\n"); | 830 | "categories\n"); |
831 | goto out; | 831 | goto out; |
832 | } | 832 | } |
833 | if (items > 1) { | 833 | if (items > 1) { |
834 | rc = ebitmap_read(&r->level[1].cat, fp); | 834 | rc = ebitmap_read(&r->level[1].cat, fp); |
835 | if (rc) { | 835 | if (rc) { |
836 | printk(KERN_ERR "security: mls: error reading high " | 836 | printk(KERN_ERR "SELinux: mls: error reading high " |
837 | "categories\n"); | 837 | "categories\n"); |
838 | goto bad_high; | 838 | goto bad_high; |
839 | } | 839 | } |
840 | } else { | 840 | } else { |
841 | rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); | 841 | rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat); |
842 | if (rc) { | 842 | if (rc) { |
843 | printk(KERN_ERR "security: mls: out of memory\n"); | 843 | printk(KERN_ERR "SELinux: mls: out of memory\n"); |
844 | goto bad_high; | 844 | goto bad_high; |
845 | } | 845 | } |
846 | } | 846 | } |
@@ -866,7 +866,7 @@ static int context_read_and_validate(struct context *c, | |||
866 | 866 | ||
867 | rc = next_entry(buf, fp, sizeof buf); | 867 | rc = next_entry(buf, fp, sizeof buf); |
868 | if (rc < 0) { | 868 | if (rc < 0) { |
869 | printk(KERN_ERR "security: context truncated\n"); | 869 | printk(KERN_ERR "SELinux: context truncated\n"); |
870 | goto out; | 870 | goto out; |
871 | } | 871 | } |
872 | c->user = le32_to_cpu(buf[0]); | 872 | c->user = le32_to_cpu(buf[0]); |
@@ -874,7 +874,7 @@ static int context_read_and_validate(struct context *c, | |||
874 | c->type = le32_to_cpu(buf[2]); | 874 | c->type = le32_to_cpu(buf[2]); |
875 | if (p->policyvers >= POLICYDB_VERSION_MLS) { | 875 | if (p->policyvers >= POLICYDB_VERSION_MLS) { |
876 | if (mls_read_range_helper(&c->range, fp)) { | 876 | if (mls_read_range_helper(&c->range, fp)) { |
877 | printk(KERN_ERR "security: error reading MLS range of " | 877 | printk(KERN_ERR "SELinux: error reading MLS range of " |
878 | "context\n"); | 878 | "context\n"); |
879 | rc = -EINVAL; | 879 | rc = -EINVAL; |
880 | goto out; | 880 | goto out; |
@@ -882,7 +882,7 @@ static int context_read_and_validate(struct context *c, | |||
882 | } | 882 | } |
883 | 883 | ||
884 | if (!policydb_context_isvalid(p, c)) { | 884 | if (!policydb_context_isvalid(p, c)) { |
885 | printk(KERN_ERR "security: invalid security context\n"); | 885 | printk(KERN_ERR "SELinux: invalid security context\n"); |
886 | context_destroy(c); | 886 | context_destroy(c); |
887 | rc = -EINVAL; | 887 | rc = -EINVAL; |
888 | } | 888 | } |
@@ -1128,7 +1128,7 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1128 | cladatum->comdatum = hashtab_search(p->p_commons.table, | 1128 | cladatum->comdatum = hashtab_search(p->p_commons.table, |
1129 | cladatum->comkey); | 1129 | cladatum->comkey); |
1130 | if (!cladatum->comdatum) { | 1130 | if (!cladatum->comdatum) { |
1131 | printk(KERN_ERR "security: unknown common %s\n", | 1131 | printk(KERN_ERR "SELinux: unknown common %s\n", |
1132 | cladatum->comkey); | 1132 | cladatum->comkey); |
1133 | rc = -EINVAL; | 1133 | rc = -EINVAL; |
1134 | goto bad; | 1134 | goto bad; |
@@ -1283,13 +1283,13 @@ static int mls_read_level(struct mls_level *lp, void *fp) | |||
1283 | 1283 | ||
1284 | rc = next_entry(buf, fp, sizeof buf); | 1284 | rc = next_entry(buf, fp, sizeof buf); |
1285 | if (rc < 0) { | 1285 | if (rc < 0) { |
1286 | printk(KERN_ERR "security: mls: truncated level\n"); | 1286 | printk(KERN_ERR "SELinux: mls: truncated level\n"); |
1287 | goto bad; | 1287 | goto bad; |
1288 | } | 1288 | } |
1289 | lp->sens = le32_to_cpu(buf[0]); | 1289 | lp->sens = le32_to_cpu(buf[0]); |
1290 | 1290 | ||
1291 | if (ebitmap_read(&lp->cat, fp)) { | 1291 | if (ebitmap_read(&lp->cat, fp)) { |
1292 | printk(KERN_ERR "security: mls: error reading level " | 1292 | printk(KERN_ERR "SELinux: mls: error reading level " |
1293 | "categories\n"); | 1293 | "categories\n"); |
1294 | goto bad; | 1294 | goto bad; |
1295 | } | 1295 | } |
@@ -1491,7 +1491,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
1491 | goto bad; | 1491 | goto bad; |
1492 | 1492 | ||
1493 | if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { | 1493 | if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) { |
1494 | printk(KERN_ERR "security: policydb magic number 0x%x does " | 1494 | printk(KERN_ERR "SELinux: policydb magic number 0x%x does " |
1495 | "not match expected magic number 0x%x\n", | 1495 | "not match expected magic number 0x%x\n", |
1496 | le32_to_cpu(buf[0]), POLICYDB_MAGIC); | 1496 | le32_to_cpu(buf[0]), POLICYDB_MAGIC); |
1497 | goto bad; | 1497 | goto bad; |
@@ -1499,27 +1499,27 @@ int policydb_read(struct policydb *p, void *fp) | |||
1499 | 1499 | ||
1500 | len = le32_to_cpu(buf[1]); | 1500 | len = le32_to_cpu(buf[1]); |
1501 | if (len != strlen(POLICYDB_STRING)) { | 1501 | if (len != strlen(POLICYDB_STRING)) { |
1502 | printk(KERN_ERR "security: policydb string length %d does not " | 1502 | printk(KERN_ERR "SELinux: policydb string length %d does not " |
1503 | "match expected length %Zu\n", | 1503 | "match expected length %Zu\n", |
1504 | len, strlen(POLICYDB_STRING)); | 1504 | len, strlen(POLICYDB_STRING)); |
1505 | goto bad; | 1505 | goto bad; |
1506 | } | 1506 | } |
1507 | policydb_str = kmalloc(len + 1,GFP_KERNEL); | 1507 | policydb_str = kmalloc(len + 1,GFP_KERNEL); |
1508 | if (!policydb_str) { | 1508 | if (!policydb_str) { |
1509 | printk(KERN_ERR "security: unable to allocate memory for policydb " | 1509 | printk(KERN_ERR "SELinux: unable to allocate memory for policydb " |
1510 | "string of length %d\n", len); | 1510 | "string of length %d\n", len); |
1511 | rc = -ENOMEM; | 1511 | rc = -ENOMEM; |
1512 | goto bad; | 1512 | goto bad; |
1513 | } | 1513 | } |
1514 | rc = next_entry(policydb_str, fp, len); | 1514 | rc = next_entry(policydb_str, fp, len); |
1515 | if (rc < 0) { | 1515 | if (rc < 0) { |
1516 | printk(KERN_ERR "security: truncated policydb string identifier\n"); | 1516 | printk(KERN_ERR "SELinux: truncated policydb string identifier\n"); |
1517 | kfree(policydb_str); | 1517 | kfree(policydb_str); |
1518 | goto bad; | 1518 | goto bad; |
1519 | } | 1519 | } |
1520 | policydb_str[len] = 0; | 1520 | policydb_str[len] = 0; |
1521 | if (strcmp(policydb_str, POLICYDB_STRING)) { | 1521 | if (strcmp(policydb_str, POLICYDB_STRING)) { |
1522 | printk(KERN_ERR "security: policydb string %s does not match " | 1522 | printk(KERN_ERR "SELinux: policydb string %s does not match " |
1523 | "my string %s\n", policydb_str, POLICYDB_STRING); | 1523 | "my string %s\n", policydb_str, POLICYDB_STRING); |
1524 | kfree(policydb_str); | 1524 | kfree(policydb_str); |
1525 | goto bad; | 1525 | goto bad; |
@@ -1536,7 +1536,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
1536 | p->policyvers = le32_to_cpu(buf[0]); | 1536 | p->policyvers = le32_to_cpu(buf[0]); |
1537 | if (p->policyvers < POLICYDB_VERSION_MIN || | 1537 | if (p->policyvers < POLICYDB_VERSION_MIN || |
1538 | p->policyvers > POLICYDB_VERSION_MAX) { | 1538 | p->policyvers > POLICYDB_VERSION_MAX) { |
1539 | printk(KERN_ERR "security: policydb version %d does not match " | 1539 | printk(KERN_ERR "SELinux: policydb version %d does not match " |
1540 | "my version range %d-%d\n", | 1540 | "my version range %d-%d\n", |
1541 | le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); | 1541 | le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX); |
1542 | goto bad; | 1542 | goto bad; |
@@ -1572,14 +1572,14 @@ int policydb_read(struct policydb *p, void *fp) | |||
1572 | 1572 | ||
1573 | info = policydb_lookup_compat(p->policyvers); | 1573 | info = policydb_lookup_compat(p->policyvers); |
1574 | if (!info) { | 1574 | if (!info) { |
1575 | printk(KERN_ERR "security: unable to find policy compat info " | 1575 | printk(KERN_ERR "SELinux: unable to find policy compat info " |
1576 | "for version %d\n", p->policyvers); | 1576 | "for version %d\n", p->policyvers); |
1577 | goto bad; | 1577 | goto bad; |
1578 | } | 1578 | } |
1579 | 1579 | ||
1580 | if (le32_to_cpu(buf[2]) != info->sym_num || | 1580 | if (le32_to_cpu(buf[2]) != info->sym_num || |
1581 | le32_to_cpu(buf[3]) != info->ocon_num) { | 1581 | le32_to_cpu(buf[3]) != info->ocon_num) { |
1582 | printk(KERN_ERR "security: policydb table sizes (%d,%d) do " | 1582 | printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do " |
1583 | "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), | 1583 | "not match mine (%d,%d)\n", le32_to_cpu(buf[2]), |
1584 | le32_to_cpu(buf[3]), | 1584 | le32_to_cpu(buf[3]), |
1585 | info->sym_num, info->ocon_num); | 1585 | info->sym_num, info->ocon_num); |
@@ -1823,7 +1823,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
1823 | for (genfs_p = NULL, genfs = p->genfs; genfs; | 1823 | for (genfs_p = NULL, genfs = p->genfs; genfs; |
1824 | genfs_p = genfs, genfs = genfs->next) { | 1824 | genfs_p = genfs, genfs = genfs->next) { |
1825 | if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { | 1825 | if (strcmp(newgenfs->fstype, genfs->fstype) == 0) { |
1826 | printk(KERN_ERR "security: dup genfs " | 1826 | printk(KERN_ERR "SELinux: dup genfs " |
1827 | "fstype %s\n", newgenfs->fstype); | 1827 | "fstype %s\n", newgenfs->fstype); |
1828 | kfree(newgenfs->fstype); | 1828 | kfree(newgenfs->fstype); |
1829 | kfree(newgenfs); | 1829 | kfree(newgenfs); |
@@ -1873,7 +1873,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
1873 | if (!strcmp(newc->u.name, c->u.name) && | 1873 | if (!strcmp(newc->u.name, c->u.name) && |
1874 | (!c->v.sclass || !newc->v.sclass || | 1874 | (!c->v.sclass || !newc->v.sclass || |
1875 | newc->v.sclass == c->v.sclass)) { | 1875 | newc->v.sclass == c->v.sclass)) { |
1876 | printk(KERN_ERR "security: dup genfs " | 1876 | printk(KERN_ERR "SELinux: dup genfs " |
1877 | "entry (%s,%s)\n", | 1877 | "entry (%s,%s)\n", |
1878 | newgenfs->fstype, c->u.name); | 1878 | newgenfs->fstype, c->u.name); |
1879 | goto bad_newc; | 1879 | goto bad_newc; |
@@ -1931,7 +1931,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
1931 | if (rc) | 1931 | if (rc) |
1932 | goto bad; | 1932 | goto bad; |
1933 | if (!mls_range_isvalid(p, &rt->target_range)) { | 1933 | if (!mls_range_isvalid(p, &rt->target_range)) { |
1934 | printk(KERN_WARNING "security: rangetrans: invalid range\n"); | 1934 | printk(KERN_WARNING "SELinux: rangetrans: invalid range\n"); |
1935 | goto bad; | 1935 | goto bad; |
1936 | } | 1936 | } |
1937 | lrt = rt; | 1937 | lrt = rt; |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 3f2bad28ee7b..26de2be0c8e2 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -1096,7 +1096,7 @@ static int validate_classes(struct policydb *p) | |||
1096 | continue; | 1096 | continue; |
1097 | if (i > p->p_classes.nprim) { | 1097 | if (i > p->p_classes.nprim) { |
1098 | printk(KERN_INFO | 1098 | printk(KERN_INFO |
1099 | "security: class %s not defined in policy\n", | 1099 | "SELinux: class %s not defined in policy\n", |
1100 | def_class); | 1100 | def_class); |
1101 | if (p->reject_unknown) | 1101 | if (p->reject_unknown) |
1102 | return -EINVAL; | 1102 | return -EINVAL; |
@@ -1107,7 +1107,7 @@ static int validate_classes(struct policydb *p) | |||
1107 | pol_class = p->p_class_val_to_name[i-1]; | 1107 | pol_class = p->p_class_val_to_name[i-1]; |
1108 | if (strcmp(pol_class, def_class)) { | 1108 | if (strcmp(pol_class, def_class)) { |
1109 | printk(KERN_ERR | 1109 | printk(KERN_ERR |
1110 | "security: class %d is incorrect, found %s but should be %s\n", | 1110 | "SELinux: class %d is incorrect, found %s but should be %s\n", |
1111 | i, pol_class, def_class); | 1111 | i, pol_class, def_class); |
1112 | return -EINVAL; | 1112 | return -EINVAL; |
1113 | } | 1113 | } |
@@ -1125,7 +1125,7 @@ static int validate_classes(struct policydb *p) | |||
1125 | nprim = 1 << (perms->nprim - 1); | 1125 | nprim = 1 << (perms->nprim - 1); |
1126 | if (perm_val > nprim) { | 1126 | if (perm_val > nprim) { |
1127 | printk(KERN_INFO | 1127 | printk(KERN_INFO |
1128 | "security: permission %s in class %s not defined in policy\n", | 1128 | "SELinux: permission %s in class %s not defined in policy\n", |
1129 | def_perm, pol_class); | 1129 | def_perm, pol_class); |
1130 | if (p->reject_unknown) | 1130 | if (p->reject_unknown) |
1131 | return -EINVAL; | 1131 | return -EINVAL; |
@@ -1136,14 +1136,14 @@ static int validate_classes(struct policydb *p) | |||
1136 | perdatum = hashtab_search(perms->table, def_perm); | 1136 | perdatum = hashtab_search(perms->table, def_perm); |
1137 | if (perdatum == NULL) { | 1137 | if (perdatum == NULL) { |
1138 | printk(KERN_ERR | 1138 | printk(KERN_ERR |
1139 | "security: permission %s in class %s not found in policy, bad policy\n", | 1139 | "SELinux: permission %s in class %s not found in policy, bad policy\n", |
1140 | def_perm, pol_class); | 1140 | def_perm, pol_class); |
1141 | return -EINVAL; | 1141 | return -EINVAL; |
1142 | } | 1142 | } |
1143 | pol_val = 1 << (perdatum->value - 1); | 1143 | pol_val = 1 << (perdatum->value - 1); |
1144 | if (pol_val != perm_val) { | 1144 | if (pol_val != perm_val) { |
1145 | printk(KERN_ERR | 1145 | printk(KERN_ERR |
1146 | "security: permission %s in class %s has incorrect value\n", | 1146 | "SELinux: permission %s in class %s has incorrect value\n", |
1147 | def_perm, pol_class); | 1147 | def_perm, pol_class); |
1148 | return -EINVAL; | 1148 | return -EINVAL; |
1149 | } | 1149 | } |
@@ -1157,7 +1157,7 @@ static int validate_classes(struct policydb *p) | |||
1157 | BUG_ON(!cladatum); | 1157 | BUG_ON(!cladatum); |
1158 | if (!cladatum->comdatum) { | 1158 | if (!cladatum->comdatum) { |
1159 | printk(KERN_ERR | 1159 | printk(KERN_ERR |
1160 | "security: class %s should have an inherits clause but does not\n", | 1160 | "SELinux: class %s should have an inherits clause but does not\n", |
1161 | pol_class); | 1161 | pol_class); |
1162 | return -EINVAL; | 1162 | return -EINVAL; |
1163 | } | 1163 | } |
@@ -1172,7 +1172,7 @@ static int validate_classes(struct policydb *p) | |||
1172 | def_perm = kdefs->av_inherit[i].common_pts[j]; | 1172 | def_perm = kdefs->av_inherit[i].common_pts[j]; |
1173 | if (j >= perms->nprim) { | 1173 | if (j >= perms->nprim) { |
1174 | printk(KERN_INFO | 1174 | printk(KERN_INFO |
1175 | "security: permission %s in class %s not defined in policy\n", | 1175 | "SELinux: permission %s in class %s not defined in policy\n", |
1176 | def_perm, pol_class); | 1176 | def_perm, pol_class); |
1177 | if (p->reject_unknown) | 1177 | if (p->reject_unknown) |
1178 | return -EINVAL; | 1178 | return -EINVAL; |
@@ -1183,13 +1183,13 @@ static int validate_classes(struct policydb *p) | |||
1183 | perdatum = hashtab_search(perms->table, def_perm); | 1183 | perdatum = hashtab_search(perms->table, def_perm); |
1184 | if (perdatum == NULL) { | 1184 | if (perdatum == NULL) { |
1185 | printk(KERN_ERR | 1185 | printk(KERN_ERR |
1186 | "security: permission %s in class %s not found in policy, bad policy\n", | 1186 | "SELinux: permission %s in class %s not found in policy, bad policy\n", |
1187 | def_perm, pol_class); | 1187 | def_perm, pol_class); |
1188 | return -EINVAL; | 1188 | return -EINVAL; |
1189 | } | 1189 | } |
1190 | if (perdatum->value != j + 1) { | 1190 | if (perdatum->value != j + 1) { |
1191 | printk(KERN_ERR | 1191 | printk(KERN_ERR |
1192 | "security: permission %s in class %s has incorrect value\n", | 1192 | "SELinux: permission %s in class %s has incorrect value\n", |
1193 | def_perm, pol_class); | 1193 | def_perm, pol_class); |
1194 | return -EINVAL; | 1194 | return -EINVAL; |
1195 | } | 1195 | } |
@@ -1219,7 +1219,7 @@ static inline int convert_context_handle_invalid_context(struct context *context | |||
1219 | u32 len; | 1219 | u32 len; |
1220 | 1220 | ||
1221 | context_struct_to_string(context, &s, &len); | 1221 | context_struct_to_string(context, &s, &len); |
1222 | printk(KERN_ERR "security: context %s is invalid\n", s); | 1222 | printk(KERN_ERR "SELinux: context %s is invalid\n", s); |
1223 | kfree(s); | 1223 | kfree(s); |
1224 | } | 1224 | } |
1225 | return rc; | 1225 | return rc; |
@@ -1299,7 +1299,7 @@ out: | |||
1299 | bad: | 1299 | bad: |
1300 | context_struct_to_string(&oldc, &s, &len); | 1300 | context_struct_to_string(&oldc, &s, &len); |
1301 | context_destroy(&oldc); | 1301 | context_destroy(&oldc); |
1302 | printk(KERN_ERR "security: invalidating context %s\n", s); | 1302 | printk(KERN_ERR "SELinux: invalidating context %s\n", s); |
1303 | kfree(s); | 1303 | kfree(s); |
1304 | goto out; | 1304 | goto out; |
1305 | } | 1305 | } |
@@ -1350,7 +1350,7 @@ int security_load_policy(void *data, size_t len) | |||
1350 | /* Verify that the kernel defined classes are correct. */ | 1350 | /* Verify that the kernel defined classes are correct. */ |
1351 | if (validate_classes(&policydb)) { | 1351 | if (validate_classes(&policydb)) { |
1352 | printk(KERN_ERR | 1352 | printk(KERN_ERR |
1353 | "security: the definition of a class is incorrect\n"); | 1353 | "SELinux: the definition of a class is incorrect\n"); |
1354 | LOAD_UNLOCK; | 1354 | LOAD_UNLOCK; |
1355 | sidtab_destroy(&sidtab); | 1355 | sidtab_destroy(&sidtab); |
1356 | policydb_destroy(&policydb); | 1356 | policydb_destroy(&policydb); |
@@ -1384,14 +1384,14 @@ int security_load_policy(void *data, size_t len) | |||
1384 | /* Verify that the kernel defined classes are correct. */ | 1384 | /* Verify that the kernel defined classes are correct. */ |
1385 | if (validate_classes(&newpolicydb)) { | 1385 | if (validate_classes(&newpolicydb)) { |
1386 | printk(KERN_ERR | 1386 | printk(KERN_ERR |
1387 | "security: the definition of a class is incorrect\n"); | 1387 | "SELinux: the definition of a class is incorrect\n"); |
1388 | rc = -EINVAL; | 1388 | rc = -EINVAL; |
1389 | goto err; | 1389 | goto err; |
1390 | } | 1390 | } |
1391 | 1391 | ||
1392 | rc = security_preserve_bools(&newpolicydb); | 1392 | rc = security_preserve_bools(&newpolicydb); |
1393 | if (rc) { | 1393 | if (rc) { |
1394 | printk(KERN_ERR "security: unable to preserve booleans\n"); | 1394 | printk(KERN_ERR "SELinux: unable to preserve booleans\n"); |
1395 | goto err; | 1395 | goto err; |
1396 | } | 1396 | } |
1397 | 1397 | ||