aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/smack/smack_access.c4
-rw-r--r--security/smack/smack_lsm.c52
-rw-r--r--security/smack/smackfs.c15
3 files changed, 34 insertions, 37 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index 2e0b83e77ffe..cfa19ca125e3 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -162,8 +162,8 @@ int smk_access(char *subject_label, char *object_label, int request)
162 162
163/** 163/**
164 * smk_curacc - determine if current has a specific access to an object 164 * smk_curacc - determine if current has a specific access to an object
165 * @object_label: a pointer to the object's Smack label 165 * @obj_label: a pointer to the object's Smack label
166 * @request: the access requested, in "MAY" format 166 * @mode: the access requested, in "MAY" format
167 * 167 *
168 * This function checks the current subject label/object label pair 168 * This function checks the current subject label/object label pair
169 * in the access rule list and returns 0 if the access is permitted, 169 * in the access rule list and returns 0 if the access is permitted,
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 0278bc083044..4f48da5b08cb 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -91,6 +91,7 @@ struct inode_smack *new_inode_smack(char *smack)
91/** 91/**
92 * smack_ptrace_may_access - Smack approval on PTRACE_ATTACH 92 * smack_ptrace_may_access - Smack approval on PTRACE_ATTACH
93 * @ctp: child task pointer 93 * @ctp: child task pointer
94 * @mode: ptrace attachment mode
94 * 95 *
95 * Returns 0 if access is OK, an error code otherwise 96 * Returns 0 if access is OK, an error code otherwise
96 * 97 *
@@ -203,9 +204,8 @@ static void smack_sb_free_security(struct super_block *sb)
203 204
204/** 205/**
205 * smack_sb_copy_data - copy mount options data for processing 206 * smack_sb_copy_data - copy mount options data for processing
206 * @type: file system type
207 * @orig: where to start 207 * @orig: where to start
208 * @smackopts 208 * @smackopts: mount options string
209 * 209 *
210 * Returns 0 on success or -ENOMEM on error. 210 * Returns 0 on success or -ENOMEM on error.
211 * 211 *
@@ -331,7 +331,7 @@ static int smack_sb_statfs(struct dentry *dentry)
331/** 331/**
332 * smack_sb_mount - Smack check for mounting 332 * smack_sb_mount - Smack check for mounting
333 * @dev_name: unused 333 * @dev_name: unused
334 * @nd: mount point 334 * @path: mount point
335 * @type: unused 335 * @type: unused
336 * @flags: unused 336 * @flags: unused
337 * @data: unused 337 * @data: unused
@@ -370,7 +370,7 @@ static int smack_sb_umount(struct vfsmount *mnt, int flags)
370 370
371/** 371/**
372 * smack_inode_alloc_security - allocate an inode blob 372 * smack_inode_alloc_security - allocate an inode blob
373 * @inode - the inode in need of a blob 373 * @inode: the inode in need of a blob
374 * 374 *
375 * Returns 0 if it gets a blob, -ENOMEM otherwise 375 * Returns 0 if it gets a blob, -ENOMEM otherwise
376 */ 376 */
@@ -384,7 +384,7 @@ static int smack_inode_alloc_security(struct inode *inode)
384 384
385/** 385/**
386 * smack_inode_free_security - free an inode blob 386 * smack_inode_free_security - free an inode blob
387 * @inode - the inode with a blob 387 * @inode: the inode with a blob
388 * 388 *
389 * Clears the blob pointer in inode 389 * Clears the blob pointer in inode
390 */ 390 */
@@ -538,7 +538,6 @@ static int smack_inode_rename(struct inode *old_inode,
538 * smack_inode_permission - Smack version of permission() 538 * smack_inode_permission - Smack version of permission()
539 * @inode: the inode in question 539 * @inode: the inode in question
540 * @mask: the access requested 540 * @mask: the access requested
541 * @nd: unused
542 * 541 *
543 * This is the important Smack hook. 542 * This is the important Smack hook.
544 * 543 *
@@ -701,8 +700,7 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name)
701 * @inode: the object 700 * @inode: the object
702 * @name: attribute name 701 * @name: attribute name
703 * @buffer: where to put the result 702 * @buffer: where to put the result
704 * @size: size of the buffer 703 * @alloc: unused
705 * @err: unused
706 * 704 *
707 * Returns the size of the attribute or an error code 705 * Returns the size of the attribute or an error code
708 */ 706 */
@@ -864,7 +862,7 @@ static int smack_file_ioctl(struct file *file, unsigned int cmd,
864/** 862/**
865 * smack_file_lock - Smack check on file locking 863 * smack_file_lock - Smack check on file locking
866 * @file: the object 864 * @file: the object
867 * @cmd unused 865 * @cmd: unused
868 * 866 *
869 * Returns 0 if current has write access, error code otherwise 867 * Returns 0 if current has write access, error code otherwise
870 */ 868 */
@@ -1003,8 +1001,8 @@ static int smack_cred_prepare(struct cred *new, const struct cred *old,
1003 return 0; 1001 return 0;
1004} 1002}
1005 1003
1006/* 1004/**
1007 * commit new credentials 1005 * smack_cred_commit - commit new credentials
1008 * @new: the new credentials 1006 * @new: the new credentials
1009 * @old: the original credentials 1007 * @old: the original credentials
1010 */ 1008 */
@@ -1014,8 +1012,8 @@ static void smack_cred_commit(struct cred *new, const struct cred *old)
1014 1012
1015/** 1013/**
1016 * smack_kernel_act_as - Set the subjective context in a set of credentials 1014 * smack_kernel_act_as - Set the subjective context in a set of credentials
1017 * @new points to the set of credentials to be modified. 1015 * @new: points to the set of credentials to be modified.
1018 * @secid specifies the security ID to be set 1016 * @secid: specifies the security ID to be set
1019 * 1017 *
1020 * Set the security data for a kernel service. 1018 * Set the security data for a kernel service.
1021 */ 1019 */
@@ -1032,8 +1030,8 @@ static int smack_kernel_act_as(struct cred *new, u32 secid)
1032 1030
1033/** 1031/**
1034 * smack_kernel_create_files_as - Set the file creation label in a set of creds 1032 * smack_kernel_create_files_as - Set the file creation label in a set of creds
1035 * @new points to the set of credentials to be modified 1033 * @new: points to the set of credentials to be modified
1036 * @inode points to the inode to use as a reference 1034 * @inode: points to the inode to use as a reference
1037 * 1035 *
1038 * Set the file creation context in a set of credentials to the same 1036 * Set the file creation context in a set of credentials to the same
1039 * as the objective context of the specified inode 1037 * as the objective context of the specified inode
@@ -1242,7 +1240,7 @@ static int smack_task_wait(struct task_struct *p)
1242/** 1240/**
1243 * smack_task_to_inode - copy task smack into the inode blob 1241 * smack_task_to_inode - copy task smack into the inode blob
1244 * @p: task to copy from 1242 * @p: task to copy from
1245 * inode: inode to copy to 1243 * @inode: inode to copy to
1246 * 1244 *
1247 * Sets the smack pointer in the inode security blob 1245 * Sets the smack pointer in the inode security blob
1248 */ 1246 */
@@ -1260,7 +1258,7 @@ static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
1260 * smack_sk_alloc_security - Allocate a socket blob 1258 * smack_sk_alloc_security - Allocate a socket blob
1261 * @sk: the socket 1259 * @sk: the socket
1262 * @family: unused 1260 * @family: unused
1263 * @priority: memory allocation priority 1261 * @gfp_flags: memory allocation flags
1264 * 1262 *
1265 * Assign Smack pointers to current 1263 * Assign Smack pointers to current
1266 * 1264 *
@@ -2001,7 +1999,7 @@ static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
2001 1999
2002/** 2000/**
2003 * smack_ipc_getsecid - Extract smack security id 2001 * smack_ipc_getsecid - Extract smack security id
2004 * @ipcp: the object permissions 2002 * @ipp: the object permissions
2005 * @secid: where result will be saved 2003 * @secid: where result will be saved
2006 */ 2004 */
2007static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid) 2005static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
@@ -2278,7 +2276,7 @@ static int smack_unix_may_send(struct socket *sock, struct socket *other)
2278/** 2276/**
2279 * smack_socket_sendmsg - Smack check based on destination host 2277 * smack_socket_sendmsg - Smack check based on destination host
2280 * @sock: the socket 2278 * @sock: the socket
2281 * @msghdr: the message 2279 * @msg: the message
2282 * @size: the size of the message 2280 * @size: the size of the message
2283 * 2281 *
2284 * Return 0 if the current subject can write to the destination 2282 * Return 0 if the current subject can write to the destination
@@ -2319,8 +2317,7 @@ static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
2319 2317
2320 2318
2321/** 2319/**
2322 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat 2320 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
2323 * pair to smack
2324 * @sap: netlabel secattr 2321 * @sap: netlabel secattr
2325 * @sip: where to put the result 2322 * @sip: where to put the result
2326 * 2323 *
@@ -2441,7 +2438,7 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
2441 * @sock: the socket 2438 * @sock: the socket
2442 * @optval: user's destination 2439 * @optval: user's destination
2443 * @optlen: size thereof 2440 * @optlen: size thereof
2444 * @len: max thereoe 2441 * @len: max thereof
2445 * 2442 *
2446 * returns zero on success, an error code otherwise 2443 * returns zero on success, an error code otherwise
2447 */ 2444 */
@@ -2776,7 +2773,7 @@ static void smack_audit_rule_free(void *vrule)
2776 2773
2777#endif /* CONFIG_AUDIT */ 2774#endif /* CONFIG_AUDIT */
2778 2775
2779/* 2776/**
2780 * smack_secid_to_secctx - return the smack label for a secid 2777 * smack_secid_to_secctx - return the smack label for a secid
2781 * @secid: incoming integer 2778 * @secid: incoming integer
2782 * @secdata: destination 2779 * @secdata: destination
@@ -2793,7 +2790,7 @@ static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
2793 return 0; 2790 return 0;
2794} 2791}
2795 2792
2796/* 2793/**
2797 * smack_secctx_to_secid - return the secid for a smack label 2794 * smack_secctx_to_secid - return the secid for a smack label
2798 * @secdata: smack label 2795 * @secdata: smack label
2799 * @seclen: how long result is 2796 * @seclen: how long result is
@@ -2807,11 +2804,10 @@ static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
2807 return 0; 2804 return 0;
2808} 2805}
2809 2806
2810/* 2807/**
2811 * smack_release_secctx - don't do anything. 2808 * smack_release_secctx - don't do anything.
2812 * @key_ref: unused 2809 * @secdata: unused
2813 * @context: unused 2810 * @seclen: unused
2814 * @perm: unused
2815 * 2811 *
2816 * Exists to make sure nothing gets done, and properly 2812 * Exists to make sure nothing gets done, and properly
2817 */ 2813 */
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 8e42800878f4..fd8d1eb43700 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -245,7 +245,7 @@ out:
245 245
246/** 246/**
247 * smk_write_load - write() for /smack/load 247 * smk_write_load - write() for /smack/load
248 * @filp: file pointer, not actually used 248 * @file: file pointer, not actually used
249 * @buf: where to get the data from 249 * @buf: where to get the data from
250 * @count: bytes sent 250 * @count: bytes sent
251 * @ppos: where to start - must be 0 251 * @ppos: where to start - must be 0
@@ -402,6 +402,7 @@ static void smk_cipso_doi(void)
402 402
403/** 403/**
404 * smk_unlbl_ambient - initialize the unlabeled domain 404 * smk_unlbl_ambient - initialize the unlabeled domain
405 * @oldambient: previous domain string
405 */ 406 */
406static void smk_unlbl_ambient(char *oldambient) 407static void smk_unlbl_ambient(char *oldambient)
407{ 408{
@@ -513,7 +514,7 @@ static int smk_open_cipso(struct inode *inode, struct file *file)
513 514
514/** 515/**
515 * smk_write_cipso - write() for /smack/cipso 516 * smk_write_cipso - write() for /smack/cipso
516 * @filp: file pointer, not actually used 517 * @file: file pointer, not actually used
517 * @buf: where to get the data from 518 * @buf: where to get the data from
518 * @count: bytes sent 519 * @count: bytes sent
519 * @ppos: where to start 520 * @ppos: where to start
@@ -703,7 +704,7 @@ static int smk_open_netlbladdr(struct inode *inode, struct file *file)
703 704
704/** 705/**
705 * smk_write_netlbladdr - write() for /smack/netlabel 706 * smk_write_netlbladdr - write() for /smack/netlabel
706 * @filp: file pointer, not actually used 707 * @file: file pointer, not actually used
707 * @buf: where to get the data from 708 * @buf: where to get the data from
708 * @count: bytes sent 709 * @count: bytes sent
709 * @ppos: where to start 710 * @ppos: where to start
@@ -850,7 +851,7 @@ static ssize_t smk_read_doi(struct file *filp, char __user *buf,
850 851
851/** 852/**
852 * smk_write_doi - write() for /smack/doi 853 * smk_write_doi - write() for /smack/doi
853 * @filp: file pointer, not actually used 854 * @file: file pointer, not actually used
854 * @buf: where to get the data from 855 * @buf: where to get the data from
855 * @count: bytes sent 856 * @count: bytes sent
856 * @ppos: where to start 857 * @ppos: where to start
@@ -915,7 +916,7 @@ static ssize_t smk_read_direct(struct file *filp, char __user *buf,
915 916
916/** 917/**
917 * smk_write_direct - write() for /smack/direct 918 * smk_write_direct - write() for /smack/direct
918 * @filp: file pointer, not actually used 919 * @file: file pointer, not actually used
919 * @buf: where to get the data from 920 * @buf: where to get the data from
920 * @count: bytes sent 921 * @count: bytes sent
921 * @ppos: where to start 922 * @ppos: where to start
@@ -990,7 +991,7 @@ static ssize_t smk_read_ambient(struct file *filp, char __user *buf,
990 991
991/** 992/**
992 * smk_write_ambient - write() for /smack/ambient 993 * smk_write_ambient - write() for /smack/ambient
993 * @filp: file pointer, not actually used 994 * @file: file pointer, not actually used
994 * @buf: where to get the data from 995 * @buf: where to get the data from
995 * @count: bytes sent 996 * @count: bytes sent
996 * @ppos: where to start 997 * @ppos: where to start
@@ -1065,7 +1066,7 @@ static ssize_t smk_read_onlycap(struct file *filp, char __user *buf,
1065 1066
1066/** 1067/**
1067 * smk_write_onlycap - write() for /smack/onlycap 1068 * smk_write_onlycap - write() for /smack/onlycap
1068 * @filp: file pointer, not actually used 1069 * @file: file pointer, not actually used
1069 * @buf: where to get the data from 1070 * @buf: where to get the data from
1070 * @count: bytes sent 1071 * @count: bytes sent
1071 * @ppos: where to start 1072 * @ppos: where to start