diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/avc.c | 2 | ||||
-rw-r--r-- | security/selinux/hooks.c | 17 | ||||
-rw-r--r-- | security/selinux/selinuxfs.c | 15 | ||||
-rw-r--r-- | security/selinux/ss/avtab.c | 27 | ||||
-rw-r--r-- | security/selinux/ss/conditional.c | 14 | ||||
-rw-r--r-- | security/selinux/ss/policydb.c | 17 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 63 |
7 files changed, 78 insertions, 77 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index a4fc6e6d038a..a628e116b7fe 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
@@ -426,7 +426,7 @@ static int avc_latest_notif_update(int seqno, int is_insert) | |||
426 | spin_lock_irqsave(¬if_lock, flag); | 426 | spin_lock_irqsave(¬if_lock, flag); |
427 | if (is_insert) { | 427 | if (is_insert) { |
428 | if (seqno < avc_cache.latest_notif) { | 428 | if (seqno < avc_cache.latest_notif) { |
429 | printk(KERN_WARNING "avc: seqno %d < latest_notif %d\n", | 429 | printk(KERN_WARNING "SELinux: avc: seqno %d < latest_notif %d\n", |
430 | seqno, avc_cache.latest_notif); | 430 | seqno, avc_cache.latest_notif); |
431 | ret = -EAGAIN; | 431 | ret = -EAGAIN; |
432 | } | 432 | } |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f9927f02bc3d..c507f67e2ba7 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -575,8 +575,8 @@ static int selinux_set_mnt_opts(struct super_block *sb, | |||
575 | goto out; | 575 | goto out; |
576 | } | 576 | } |
577 | rc = -EINVAL; | 577 | rc = -EINVAL; |
578 | printk(KERN_WARNING "Unable to set superblock options before " | 578 | printk(KERN_WARNING "SELinux: Unable to set superblock options " |
579 | "the security server is initialized\n"); | 579 | "before the security server is initialized\n"); |
580 | goto out; | 580 | goto out; |
581 | } | 581 | } |
582 | 582 | ||
@@ -1135,7 +1135,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent | |||
1135 | dentry = d_find_alias(inode); | 1135 | dentry = d_find_alias(inode); |
1136 | } | 1136 | } |
1137 | if (!dentry) { | 1137 | if (!dentry) { |
1138 | printk(KERN_WARNING "%s: no dentry for dev=%s " | 1138 | printk(KERN_WARNING "SELinux: %s: no dentry for dev=%s " |
1139 | "ino=%ld\n", __func__, inode->i_sb->s_id, | 1139 | "ino=%ld\n", __func__, inode->i_sb->s_id, |
1140 | inode->i_ino); | 1140 | inode->i_ino); |
1141 | goto out_unlock; | 1141 | goto out_unlock; |
@@ -1173,7 +1173,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent | |||
1173 | dput(dentry); | 1173 | dput(dentry); |
1174 | if (rc < 0) { | 1174 | if (rc < 0) { |
1175 | if (rc != -ENODATA) { | 1175 | if (rc != -ENODATA) { |
1176 | printk(KERN_WARNING "%s: getxattr returned " | 1176 | printk(KERN_WARNING "SELinux: %s: getxattr returned " |
1177 | "%d for dev=%s ino=%ld\n", __func__, | 1177 | "%d for dev=%s ino=%ld\n", __func__, |
1178 | -rc, inode->i_sb->s_id, inode->i_ino); | 1178 | -rc, inode->i_sb->s_id, inode->i_ino); |
1179 | kfree(context); | 1179 | kfree(context); |
@@ -1187,7 +1187,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent | |||
1187 | sbsec->def_sid, | 1187 | sbsec->def_sid, |
1188 | GFP_NOFS); | 1188 | GFP_NOFS); |
1189 | if (rc) { | 1189 | if (rc) { |
1190 | printk(KERN_WARNING "%s: context_to_sid(%s) " | 1190 | printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) " |
1191 | "returned %d for dev=%s ino=%ld\n", | 1191 | "returned %d for dev=%s ino=%ld\n", |
1192 | __func__, context, -rc, | 1192 | __func__, context, -rc, |
1193 | inode->i_sb->s_id, inode->i_ino); | 1193 | inode->i_sb->s_id, inode->i_ino); |
@@ -1510,7 +1510,8 @@ static int may_link(struct inode *dir, | |||
1510 | av = DIR__RMDIR; | 1510 | av = DIR__RMDIR; |
1511 | break; | 1511 | break; |
1512 | default: | 1512 | default: |
1513 | printk(KERN_WARNING "may_link: unrecognized kind %d\n", kind); | 1513 | printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n", |
1514 | __func__, kind); | ||
1514 | return 0; | 1515 | return 0; |
1515 | } | 1516 | } |
1516 | 1517 | ||
@@ -1640,8 +1641,8 @@ static inline u32 open_file_mask_to_av(int mode, int mask) | |||
1640 | else if (S_ISDIR(mode)) | 1641 | else if (S_ISDIR(mode)) |
1641 | av |= DIR__OPEN; | 1642 | av |= DIR__OPEN; |
1642 | else | 1643 | else |
1643 | printk(KERN_ERR "SELinux: WARNING: inside open_file_to_av " | 1644 | printk(KERN_ERR "SELinux: WARNING: inside %s with " |
1644 | "with unknown mode:%x\n", mode); | 1645 | "unknown mode:%x\n", __func__, mode); |
1645 | } | 1646 | } |
1646 | return av; | 1647 | return av; |
1647 | } | 1648 | } |
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 26fabad09769..6c05e30e8b49 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c | |||
@@ -391,8 +391,8 @@ static ssize_t sel_write_context(struct file * file, char *buf, size_t size) | |||
391 | return length; | 391 | return length; |
392 | 392 | ||
393 | if (len > SIMPLE_TRANSACTION_LIMIT) { | 393 | if (len > SIMPLE_TRANSACTION_LIMIT) { |
394 | printk(KERN_ERR "%s: context size (%u) exceeds payload " | 394 | printk(KERN_ERR "SELinux: %s: context size (%u) exceeds " |
395 | "max\n", __func__, len); | 395 | "payload max\n", __func__, len); |
396 | length = -ERANGE; | 396 | length = -ERANGE; |
397 | goto out; | 397 | goto out; |
398 | } | 398 | } |
@@ -644,8 +644,8 @@ static ssize_t sel_write_create(struct file * file, char *buf, size_t size) | |||
644 | goto out2; | 644 | goto out2; |
645 | 645 | ||
646 | if (len > SIMPLE_TRANSACTION_LIMIT) { | 646 | if (len > SIMPLE_TRANSACTION_LIMIT) { |
647 | printk(KERN_ERR "%s: context size (%u) exceeds payload " | 647 | printk(KERN_ERR "SELinux: %s: context size (%u) exceeds " |
648 | "max\n", __func__, len); | 648 | "payload max\n", __func__, len); |
649 | length = -ERANGE; | 649 | length = -ERANGE; |
650 | goto out3; | 650 | goto out3; |
651 | } | 651 | } |
@@ -821,8 +821,8 @@ static ssize_t sel_write_member(struct file * file, char *buf, size_t size) | |||
821 | goto out2; | 821 | goto out2; |
822 | 822 | ||
823 | if (len > SIMPLE_TRANSACTION_LIMIT) { | 823 | if (len > SIMPLE_TRANSACTION_LIMIT) { |
824 | printk(KERN_ERR "%s: context size (%u) exceeds payload " | 824 | printk(KERN_ERR "SELinux: %s: context size (%u) exceeds " |
825 | "max\n", __func__, len); | 825 | "payload max\n", __func__, len); |
826 | length = -ERANGE; | 826 | length = -ERANGE; |
827 | goto out3; | 827 | goto out3; |
828 | } | 828 | } |
@@ -1761,7 +1761,8 @@ static int sel_fill_super(struct super_block * sb, void * data, int silent) | |||
1761 | out: | 1761 | out: |
1762 | return ret; | 1762 | return ret; |
1763 | err: | 1763 | err: |
1764 | printk(KERN_ERR "%s: failed while creating inodes\n", __func__); | 1764 | printk(KERN_ERR "SELinux: %s: failed while creating inodes\n", |
1765 | __func__); | ||
1765 | goto out; | 1766 | goto out; |
1766 | } | 1767 | } |
1767 | 1768 | ||
diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index a6175306d5b6..9e6626362bfd 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c | |||
@@ -310,8 +310,8 @@ void avtab_hash_eval(struct avtab *h, char *tag) | |||
310 | } | 310 | } |
311 | } | 311 | } |
312 | 312 | ||
313 | printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, longest " | 313 | printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, " |
314 | "chain length %d sum of chain length^2 %Lu\n", | 314 | "longest chain length %d sum of chain length^2 %Lu\n", |
315 | tag, h->nel, slots_used, h->nslot, max_chain_len, | 315 | tag, h->nel, slots_used, h->nslot, max_chain_len, |
316 | chain2_len_sum); | 316 | chain2_len_sum); |
317 | } | 317 | } |
@@ -364,19 +364,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, | |||
364 | val = le32_to_cpu(buf32[items++]); | 364 | val = le32_to_cpu(buf32[items++]); |
365 | key.source_type = (u16)val; | 365 | key.source_type = (u16)val; |
366 | if (key.source_type != val) { | 366 | if (key.source_type != val) { |
367 | printk("SELinux: avtab: truncated source type\n"); | 367 | printk(KERN_ERR "SELinux: avtab: truncated source type\n"); |
368 | return -1; | 368 | return -1; |
369 | } | 369 | } |
370 | val = le32_to_cpu(buf32[items++]); | 370 | val = le32_to_cpu(buf32[items++]); |
371 | key.target_type = (u16)val; | 371 | key.target_type = (u16)val; |
372 | if (key.target_type != val) { | 372 | if (key.target_type != val) { |
373 | printk("SELinux: avtab: truncated target type\n"); | 373 | printk(KERN_ERR "SELinux: avtab: truncated target type\n"); |
374 | return -1; | 374 | return -1; |
375 | } | 375 | } |
376 | val = le32_to_cpu(buf32[items++]); | 376 | val = le32_to_cpu(buf32[items++]); |
377 | key.target_class = (u16)val; | 377 | key.target_class = (u16)val; |
378 | if (key.target_class != val) { | 378 | if (key.target_class != val) { |
379 | printk("SELinux: avtab: truncated target class\n"); | 379 | printk(KERN_ERR "SELinux: avtab: truncated target class\n"); |
380 | return -1; | 380 | return -1; |
381 | } | 381 | } |
382 | 382 | ||
@@ -384,12 +384,12 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, | |||
384 | enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0; | 384 | enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0; |
385 | 385 | ||
386 | if (!(val & (AVTAB_AV | AVTAB_TYPE))) { | 386 | if (!(val & (AVTAB_AV | AVTAB_TYPE))) { |
387 | printk("SELinux: avtab: null entry\n"); | 387 | printk(KERN_ERR "SELinux: avtab: null entry\n"); |
388 | return -1; | 388 | return -1; |
389 | } | 389 | } |
390 | if ((val & AVTAB_AV) && | 390 | if ((val & AVTAB_AV) && |
391 | (val & AVTAB_TYPE)) { | 391 | (val & AVTAB_TYPE)) { |
392 | printk("SELinux: avtab: entry has both access vectors and types\n"); | 392 | printk(KERN_ERR "SELinux: avtab: entry has both access vectors and types\n"); |
393 | return -1; | 393 | return -1; |
394 | } | 394 | } |
395 | 395 | ||
@@ -404,7 +404,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, | |||
404 | } | 404 | } |
405 | 405 | ||
406 | if (items != items2) { | 406 | if (items != items2) { |
407 | printk("SELinux: avtab: entry only had %d items, expected %d\n", items2, items); | 407 | printk(KERN_ERR "SELinux: avtab: entry only had %d items, expected %d\n", items2, items); |
408 | return -1; | 408 | return -1; |
409 | } | 409 | } |
410 | return 0; | 410 | return 0; |
@@ -412,7 +412,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, | |||
412 | 412 | ||
413 | rc = next_entry(buf16, fp, sizeof(u16)*4); | 413 | rc = next_entry(buf16, fp, sizeof(u16)*4); |
414 | if (rc < 0) { | 414 | if (rc < 0) { |
415 | printk("SELinux: avtab: truncated entry\n"); | 415 | printk(KERN_ERR "SELinux: avtab: truncated entry\n"); |
416 | return -1; | 416 | return -1; |
417 | } | 417 | } |
418 | 418 | ||
@@ -425,7 +425,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, | |||
425 | if (!policydb_type_isvalid(pol, key.source_type) || | 425 | if (!policydb_type_isvalid(pol, key.source_type) || |
426 | !policydb_type_isvalid(pol, key.target_type) || | 426 | !policydb_type_isvalid(pol, key.target_type) || |
427 | !policydb_class_isvalid(pol, key.target_class)) { | 427 | !policydb_class_isvalid(pol, key.target_class)) { |
428 | printk(KERN_WARNING "SELinux: avtab: invalid type or class\n"); | 428 | printk(KERN_ERR "SELinux: avtab: invalid type or class\n"); |
429 | return -1; | 429 | return -1; |
430 | } | 430 | } |
431 | 431 | ||
@@ -435,20 +435,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, | |||
435 | set++; | 435 | set++; |
436 | } | 436 | } |
437 | if (!set || set > 1) { | 437 | if (!set || set > 1) { |
438 | printk(KERN_WARNING | 438 | printk(KERN_ERR "SELinux: avtab: more than one specifier\n"); |
439 | "SELinux: avtab: more than one specifier\n"); | ||
440 | return -1; | 439 | return -1; |
441 | } | 440 | } |
442 | 441 | ||
443 | rc = next_entry(buf32, fp, sizeof(u32)); | 442 | rc = next_entry(buf32, fp, sizeof(u32)); |
444 | if (rc < 0) { | 443 | if (rc < 0) { |
445 | printk("SELinux: avtab: truncated entry\n"); | 444 | printk(KERN_ERR "SELinux: avtab: truncated entry\n"); |
446 | return -1; | 445 | return -1; |
447 | } | 446 | } |
448 | datum.data = le32_to_cpu(*buf32); | 447 | datum.data = le32_to_cpu(*buf32); |
449 | if ((key.specified & AVTAB_TYPE) && | 448 | if ((key.specified & AVTAB_TYPE) && |
450 | !policydb_type_isvalid(pol, datum.data)) { | 449 | !policydb_type_isvalid(pol, datum.data)) { |
451 | printk(KERN_WARNING "SELinux: avtab: invalid type\n"); | 450 | printk(KERN_ERR "SELinux: avtab: invalid type\n"); |
452 | return -1; | 451 | return -1; |
453 | } | 452 | } |
454 | return insertf(a, &key, &datum, p); | 453 | return insertf(a, &key, &datum, p); |
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index 5691af498c40..3a464c75d047 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c | |||
@@ -273,7 +273,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum | |||
273 | */ | 273 | */ |
274 | if (k->specified & AVTAB_TYPE) { | 274 | if (k->specified & AVTAB_TYPE) { |
275 | if (avtab_search(&p->te_avtab, k)) { | 275 | if (avtab_search(&p->te_avtab, k)) { |
276 | printk("SELinux: type rule already exists outside of a conditional."); | 276 | printk(KERN_ERR "SELinux: type rule already exists outside of a conditional.\n"); |
277 | goto err; | 277 | goto err; |
278 | } | 278 | } |
279 | /* | 279 | /* |
@@ -288,7 +288,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum | |||
288 | node_ptr = avtab_search_node(&p->te_cond_avtab, k); | 288 | node_ptr = avtab_search_node(&p->te_cond_avtab, k); |
289 | if (node_ptr) { | 289 | if (node_ptr) { |
290 | if (avtab_search_node_next(node_ptr, k->specified)) { | 290 | if (avtab_search_node_next(node_ptr, k->specified)) { |
291 | printk("SELinux: too many conflicting type rules."); | 291 | printk(KERN_ERR "SELinux: too many conflicting type rules.\n"); |
292 | goto err; | 292 | goto err; |
293 | } | 293 | } |
294 | found = 0; | 294 | found = 0; |
@@ -299,13 +299,13 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum | |||
299 | } | 299 | } |
300 | } | 300 | } |
301 | if (!found) { | 301 | if (!found) { |
302 | printk("SELinux: conflicting type rules.\n"); | 302 | printk(KERN_ERR "SELinux: conflicting type rules.\n"); |
303 | goto err; | 303 | goto err; |
304 | } | 304 | } |
305 | } | 305 | } |
306 | } else { | 306 | } else { |
307 | if (avtab_search(&p->te_cond_avtab, k)) { | 307 | if (avtab_search(&p->te_cond_avtab, k)) { |
308 | printk("SELinux: conflicting type rules when adding type rule for true.\n"); | 308 | printk(KERN_ERR "SELinux: conflicting type rules when adding type rule for true.\n"); |
309 | goto err; | 309 | goto err; |
310 | } | 310 | } |
311 | } | 311 | } |
@@ -313,7 +313,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum | |||
313 | 313 | ||
314 | node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d); | 314 | node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d); |
315 | if (!node_ptr) { | 315 | if (!node_ptr) { |
316 | printk("SELinux: could not insert rule."); | 316 | printk(KERN_ERR "SELinux: could not insert rule.\n"); |
317 | goto err; | 317 | goto err; |
318 | } | 318 | } |
319 | 319 | ||
@@ -372,12 +372,12 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list * | |||
372 | static int expr_isvalid(struct policydb *p, struct cond_expr *expr) | 372 | static int expr_isvalid(struct policydb *p, struct cond_expr *expr) |
373 | { | 373 | { |
374 | if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) { | 374 | if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) { |
375 | printk("SELinux: conditional expressions uses unknown operator.\n"); | 375 | printk(KERN_ERR "SELinux: conditional expressions uses unknown operator.\n"); |
376 | return 0; | 376 | return 0; |
377 | } | 377 | } |
378 | 378 | ||
379 | if (expr->bool > p->p_bools.nprim) { | 379 | if (expr->bool > p->p_bools.nprim) { |
380 | printk("SELinux: conditional expressions uses unknown bool.\n"); | 380 | printk(KERN_ERR "SELinux: conditional expressions uses unknown bool.\n"); |
381 | return 0; | 381 | return 0; |
382 | } | 382 | } |
383 | return 1; | 383 | return 1; |
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 6bdb0ff6a927..891c2d07e8b6 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c | |||
@@ -390,7 +390,7 @@ static void symtab_hash_eval(struct symtab *s) | |||
390 | struct hashtab_info info; | 390 | struct hashtab_info info; |
391 | 391 | ||
392 | hashtab_stat(h, &info); | 392 | hashtab_stat(h, &info); |
393 | printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, " | 393 | printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, " |
394 | "longest chain length %d\n", symtab_name[i], h->nel, | 394 | "longest chain length %d\n", symtab_name[i], h->nel, |
395 | info.slots_used, h->size, info.max_chain_len); | 395 | info.slots_used, h->size, info.max_chain_len); |
396 | } | 396 | } |
@@ -1215,7 +1215,7 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp) | |||
1215 | 1215 | ||
1216 | if (strcmp(key, OBJECT_R) == 0) { | 1216 | if (strcmp(key, OBJECT_R) == 0) { |
1217 | if (role->value != OBJECT_R_VAL) { | 1217 | if (role->value != OBJECT_R_VAL) { |
1218 | printk(KERN_ERR "Role %s has wrong value %d\n", | 1218 | printk(KERN_ERR "SELinux: Role %s has wrong value %d\n", |
1219 | OBJECT_R, role->value); | 1219 | OBJECT_R, role->value); |
1220 | rc = -EINVAL; | 1220 | rc = -EINVAL; |
1221 | goto bad; | 1221 | goto bad; |
@@ -1551,22 +1551,23 @@ int policydb_read(struct policydb *p, void *fp) | |||
1551 | 1551 | ||
1552 | if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { | 1552 | if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { |
1553 | if (ss_initialized && !selinux_mls_enabled) { | 1553 | if (ss_initialized && !selinux_mls_enabled) { |
1554 | printk(KERN_ERR "Cannot switch between non-MLS and MLS " | 1554 | printk(KERN_ERR "SELinux: Cannot switch between non-MLS" |
1555 | "policies\n"); | 1555 | " and MLS policies\n"); |
1556 | goto bad; | 1556 | goto bad; |
1557 | } | 1557 | } |
1558 | selinux_mls_enabled = 1; | 1558 | selinux_mls_enabled = 1; |
1559 | config |= POLICYDB_CONFIG_MLS; | 1559 | config |= POLICYDB_CONFIG_MLS; |
1560 | 1560 | ||
1561 | if (p->policyvers < POLICYDB_VERSION_MLS) { | 1561 | if (p->policyvers < POLICYDB_VERSION_MLS) { |
1562 | printk(KERN_ERR "security policydb version %d (MLS) " | 1562 | printk(KERN_ERR "SELinux: security policydb version %d " |
1563 | "not backwards compatible\n", p->policyvers); | 1563 | "(MLS) not backwards compatible\n", |
1564 | p->policyvers); | ||
1564 | goto bad; | 1565 | goto bad; |
1565 | } | 1566 | } |
1566 | } else { | 1567 | } else { |
1567 | if (ss_initialized && selinux_mls_enabled) { | 1568 | if (ss_initialized && selinux_mls_enabled) { |
1568 | printk(KERN_ERR "Cannot switch between MLS and non-MLS " | 1569 | printk(KERN_ERR "SELinux: Cannot switch between MLS and" |
1569 | "policies\n"); | 1570 | " non-MLS policies\n"); |
1570 | goto bad; | 1571 | goto bad; |
1571 | } | 1572 | } |
1572 | } | 1573 | } |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index fc3dfca475d6..2daaddbb301d 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -415,7 +415,8 @@ static int context_struct_compute_av(struct context *scontext, | |||
415 | return 0; | 415 | return 0; |
416 | 416 | ||
417 | inval_class: | 417 | inval_class: |
418 | printk(KERN_ERR "%s: unrecognized class %d\n", __func__, tclass); | 418 | printk(KERN_ERR "SELinux: %s: unrecognized class %d\n", __func__, |
419 | tclass); | ||
419 | return -EINVAL; | 420 | return -EINVAL; |
420 | } | 421 | } |
421 | 422 | ||
@@ -499,8 +500,8 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, | |||
499 | tclass = SECCLASS_NETLINK_SOCKET; | 500 | tclass = SECCLASS_NETLINK_SOCKET; |
500 | 501 | ||
501 | if (!tclass || tclass > policydb.p_classes.nprim) { | 502 | if (!tclass || tclass > policydb.p_classes.nprim) { |
502 | printk(KERN_ERR "security_validate_transition: " | 503 | printk(KERN_ERR "SELinux: %s: unrecognized class %d\n", |
503 | "unrecognized class %d\n", tclass); | 504 | __func__, tclass); |
504 | rc = -EINVAL; | 505 | rc = -EINVAL; |
505 | goto out; | 506 | goto out; |
506 | } | 507 | } |
@@ -508,24 +509,24 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, | |||
508 | 509 | ||
509 | ocontext = sidtab_search(&sidtab, oldsid); | 510 | ocontext = sidtab_search(&sidtab, oldsid); |
510 | if (!ocontext) { | 511 | if (!ocontext) { |
511 | printk(KERN_ERR "security_validate_transition: " | 512 | printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", |
512 | " unrecognized SID %d\n", oldsid); | 513 | __func__, oldsid); |
513 | rc = -EINVAL; | 514 | rc = -EINVAL; |
514 | goto out; | 515 | goto out; |
515 | } | 516 | } |
516 | 517 | ||
517 | ncontext = sidtab_search(&sidtab, newsid); | 518 | ncontext = sidtab_search(&sidtab, newsid); |
518 | if (!ncontext) { | 519 | if (!ncontext) { |
519 | printk(KERN_ERR "security_validate_transition: " | 520 | printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", |
520 | " unrecognized SID %d\n", newsid); | 521 | __func__, newsid); |
521 | rc = -EINVAL; | 522 | rc = -EINVAL; |
522 | goto out; | 523 | goto out; |
523 | } | 524 | } |
524 | 525 | ||
525 | tcontext = sidtab_search(&sidtab, tasksid); | 526 | tcontext = sidtab_search(&sidtab, tasksid); |
526 | if (!tcontext) { | 527 | if (!tcontext) { |
527 | printk(KERN_ERR "security_validate_transition: " | 528 | printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", |
528 | " unrecognized SID %d\n", tasksid); | 529 | __func__, tasksid); |
529 | rc = -EINVAL; | 530 | rc = -EINVAL; |
530 | goto out; | 531 | goto out; |
531 | } | 532 | } |
@@ -581,15 +582,15 @@ int security_compute_av(u32 ssid, | |||
581 | 582 | ||
582 | scontext = sidtab_search(&sidtab, ssid); | 583 | scontext = sidtab_search(&sidtab, ssid); |
583 | if (!scontext) { | 584 | if (!scontext) { |
584 | printk(KERN_ERR "security_compute_av: unrecognized SID %d\n", | 585 | printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", |
585 | ssid); | 586 | __func__, ssid); |
586 | rc = -EINVAL; | 587 | rc = -EINVAL; |
587 | goto out; | 588 | goto out; |
588 | } | 589 | } |
589 | tcontext = sidtab_search(&sidtab, tsid); | 590 | tcontext = sidtab_search(&sidtab, tsid); |
590 | if (!tcontext) { | 591 | if (!tcontext) { |
591 | printk(KERN_ERR "security_compute_av: unrecognized SID %d\n", | 592 | printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", |
592 | tsid); | 593 | __func__, tsid); |
593 | rc = -EINVAL; | 594 | rc = -EINVAL; |
594 | goto out; | 595 | goto out; |
595 | } | 596 | } |
@@ -686,16 +687,16 @@ int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len) | |||
686 | *scontext = scontextp; | 687 | *scontext = scontextp; |
687 | goto out; | 688 | goto out; |
688 | } | 689 | } |
689 | printk(KERN_ERR "security_sid_to_context: called before initial " | 690 | printk(KERN_ERR "SELinux: %s: called before initial " |
690 | "load_policy on unknown SID %d\n", sid); | 691 | "load_policy on unknown SID %d\n", __func__, sid); |
691 | rc = -EINVAL; | 692 | rc = -EINVAL; |
692 | goto out; | 693 | goto out; |
693 | } | 694 | } |
694 | POLICY_RDLOCK; | 695 | POLICY_RDLOCK; |
695 | context = sidtab_search(&sidtab, sid); | 696 | context = sidtab_search(&sidtab, sid); |
696 | if (!context) { | 697 | if (!context) { |
697 | printk(KERN_ERR "security_sid_to_context: unrecognized SID " | 698 | printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", |
698 | "%d\n", sid); | 699 | __func__, sid); |
699 | rc = -EINVAL; | 700 | rc = -EINVAL; |
700 | goto out_unlock; | 701 | goto out_unlock; |
701 | } | 702 | } |
@@ -925,15 +926,15 @@ static int security_compute_sid(u32 ssid, | |||
925 | 926 | ||
926 | scontext = sidtab_search(&sidtab, ssid); | 927 | scontext = sidtab_search(&sidtab, ssid); |
927 | if (!scontext) { | 928 | if (!scontext) { |
928 | printk(KERN_ERR "security_compute_sid: unrecognized SID %d\n", | 929 | printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", |
929 | ssid); | 930 | __func__, ssid); |
930 | rc = -EINVAL; | 931 | rc = -EINVAL; |
931 | goto out_unlock; | 932 | goto out_unlock; |
932 | } | 933 | } |
933 | tcontext = sidtab_search(&sidtab, tsid); | 934 | tcontext = sidtab_search(&sidtab, tsid); |
934 | if (!tcontext) { | 935 | if (!tcontext) { |
935 | printk(KERN_ERR "security_compute_sid: unrecognized SID %d\n", | 936 | printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", |
936 | tsid); | 937 | __func__, tsid); |
937 | rc = -EINVAL; | 938 | rc = -EINVAL; |
938 | goto out_unlock; | 939 | goto out_unlock; |
939 | } | 940 | } |
@@ -2031,16 +2032,16 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid) | |||
2031 | POLICY_RDLOCK; | 2032 | POLICY_RDLOCK; |
2032 | context1 = sidtab_search(&sidtab, sid); | 2033 | context1 = sidtab_search(&sidtab, sid); |
2033 | if (!context1) { | 2034 | if (!context1) { |
2034 | printk(KERN_ERR "security_sid_mls_copy: unrecognized SID " | 2035 | printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", |
2035 | "%d\n", sid); | 2036 | __func__, sid); |
2036 | rc = -EINVAL; | 2037 | rc = -EINVAL; |
2037 | goto out_unlock; | 2038 | goto out_unlock; |
2038 | } | 2039 | } |
2039 | 2040 | ||
2040 | context2 = sidtab_search(&sidtab, mls_sid); | 2041 | context2 = sidtab_search(&sidtab, mls_sid); |
2041 | if (!context2) { | 2042 | if (!context2) { |
2042 | printk(KERN_ERR "security_sid_mls_copy: unrecognized SID " | 2043 | printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", |
2043 | "%d\n", mls_sid); | 2044 | __func__, mls_sid); |
2044 | rc = -EINVAL; | 2045 | rc = -EINVAL; |
2045 | goto out_unlock; | 2046 | goto out_unlock; |
2046 | } | 2047 | } |
@@ -2131,17 +2132,15 @@ int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type, | |||
2131 | 2132 | ||
2132 | nlbl_ctx = sidtab_search(&sidtab, nlbl_sid); | 2133 | nlbl_ctx = sidtab_search(&sidtab, nlbl_sid); |
2133 | if (!nlbl_ctx) { | 2134 | if (!nlbl_ctx) { |
2134 | printk(KERN_ERR | 2135 | printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", |
2135 | "security_sid_mls_cmp: unrecognized SID %d\n", | 2136 | __func__, nlbl_sid); |
2136 | nlbl_sid); | ||
2137 | rc = -EINVAL; | 2137 | rc = -EINVAL; |
2138 | goto out_slowpath; | 2138 | goto out_slowpath; |
2139 | } | 2139 | } |
2140 | xfrm_ctx = sidtab_search(&sidtab, xfrm_sid); | 2140 | xfrm_ctx = sidtab_search(&sidtab, xfrm_sid); |
2141 | if (!xfrm_ctx) { | 2141 | if (!xfrm_ctx) { |
2142 | printk(KERN_ERR | 2142 | printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n", |
2143 | "security_sid_mls_cmp: unrecognized SID %d\n", | 2143 | __func__, xfrm_sid); |
2144 | xfrm_sid); | ||
2145 | rc = -EINVAL; | 2144 | rc = -EINVAL; |
2146 | goto out_slowpath; | 2145 | goto out_slowpath; |
2147 | } | 2146 | } |
@@ -2221,7 +2220,7 @@ int security_get_permissions(char *class, char ***perms, int *nperms) | |||
2221 | 2220 | ||
2222 | match = hashtab_search(policydb.p_classes.table, class); | 2221 | match = hashtab_search(policydb.p_classes.table, class); |
2223 | if (!match) { | 2222 | if (!match) { |
2224 | printk(KERN_ERR "%s: unrecognized class %s\n", | 2223 | printk(KERN_ERR "SELinux: %s: unrecognized class %s\n", |
2225 | __func__, class); | 2224 | __func__, class); |
2226 | rc = -EINVAL; | 2225 | rc = -EINVAL; |
2227 | goto out; | 2226 | goto out; |