---

yaml --- r: 91710 b: refs/heads/master c: 7c2b240 h: refs/heads/master v: v3
git-mirror · Apr 21, 2008 · abd4f0c · abd4f0c
1 parent dbe78c0
commit abd4f0c
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 34 deletions.
diff --git a/[refs] b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: eb5df9a7ae794a7e352e0582011e9e2b586051b5
+refs/heads/master: 7c2b240ef2ae05a0081b4004176fd5838cecc4f6
diff --git a/trunk/security/selinux/ss/conditional.c b/trunk/security/selinux/ss/conditional.c
@@ -1,9 +1,9 @@
 /* Authors: Karl MacMillan <kmacmillan@tresys.com>
- *          Frank Mayer <mayerf@tresys.com>
+ *	    Frank Mayer <mayerf@tresys.com>
  *
  * Copyright (C) 2003 - 2004 Tresys Technology, LLC
  *	This program is free software; you can redistribute it and/or modify
- *  	it under the terms of the GNU General Public License as published by
+ *	it under the terms of the GNU General Public License as published by
  *	the Free Software Foundation, version 2.
  */
 
@@ -90,7 +90,7 @@ static int cond_evaluate_expr(struct policydb *p, struct cond_expr *expr)
 int evaluate_cond_node(struct policydb *p, struct cond_node *node)
 {
 	int new_state;
-	struct cond_av_list* cur;
+	struct cond_av_list *cur;
 
 	new_state = cond_evaluate_expr(p, node->expr);
 	if (new_state != node->cur_state) {
@@ -99,20 +99,18 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node)
 			printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n");
 		/* turn the rules on or off */
 		for (cur = node->true_list; cur != NULL; cur = cur->next) {
-			if (new_state <= 0) {
+			if (new_state <= 0)
 				cur->node->key.specified &= ~AVTAB_ENABLED;
-			} else {
+			else
 				cur->node->key.specified |= AVTAB_ENABLED;
-			}
 		}
 
 		for (cur = node->false_list; cur != NULL; cur = cur->next) {
 			/* -1 or 1 */
-			if (new_state) {
+			if (new_state)
 				cur->node->key.specified &= ~AVTAB_ENABLED;
-			} else {
+			else
 				cur->node->key.specified |= AVTAB_ENABLED;
-			}
 		}
 	}
 	return 0;
@@ -174,8 +172,8 @@ void cond_policydb_destroy(struct policydb *p)
 int cond_init_bool_indexes(struct policydb *p)
 {
 	kfree(p->bool_val_to_struct);
-	p->bool_val_to_struct = (struct cond_bool_datum**)
-		kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum*), GFP_KERNEL);
+	p->bool_val_to_struct = (struct cond_bool_datum **)
+		kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum *), GFP_KERNEL);
 	if (!p->bool_val_to_struct)
 		return -1;
 	return 0;
@@ -200,7 +198,7 @@ int cond_index_bool(void *key, void *datum, void *datap)
 		return -EINVAL;
 
 	p->p_bool_val_to_name[booldatum->value - 1] = key;
-	p->bool_val_to_struct[booldatum->value -1] = booldatum;
+	p->bool_val_to_struct[booldatum->value - 1] = booldatum;
 
 	return 0;
 }
@@ -252,8 +250,7 @@ int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp)
 	return -1;
 }
 
-struct cond_insertf_data
-{
+struct cond_insertf_data {
 	struct policydb *p;
 	struct cond_av_list *other;
 	struct cond_av_list *head;
@@ -353,9 +350,8 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list *
 		return -1;
 
 	len = le32_to_cpu(buf[0]);
-	if (len == 0) {
+	if (len == 0)
 		return 0;
-	}
 
 	data.p = p;
 	data.other = other;
@@ -408,15 +404,14 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
 	/* expr */
 	len = le32_to_cpu(buf[0]);
 
-	for (i = 0; i < len; i++ ) {
+	for (i = 0; i < len; i++) {
 		rc = next_entry(buf, fp, sizeof(u32) * 2);
 		if (rc < 0)
 			goto err;
 
 		expr = kzalloc(sizeof(struct cond_expr), GFP_KERNEL);
-		if (!expr) {
+		if (!expr)
 			goto err;
-		}
 
 		expr->expr_type = le32_to_cpu(buf[0]);
 		expr->bool = le32_to_cpu(buf[1]);
@@ -426,11 +421,10 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
 			goto err;
 		}
 
-		if (i == 0) {
+		if (i == 0)
 			node->expr = expr;
-		} else {
+		else
 			last->next = expr;
-		}
 		last = expr;
 	}
 
@@ -469,11 +463,10 @@ int cond_read_list(struct policydb *p, void *fp)
 		if (cond_read_node(p, node, fp) != 0)
 			goto err;
 
-		if (i == 0) {
+		if (i == 0)
 			p->cond_list = node;
-		} else {
+		else
 			last->next = node;
-		}
 		last = node;
 	}
 	return 0;
@@ -490,24 +483,24 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decisi
 {
 	struct avtab_node *node;
 
-	if(!ctab || !key || !avd)
+	if (!ctab || !key || !avd)
 		return;
 
-	for(node = avtab_search_node(ctab, key); node != NULL;
+	for (node = avtab_search_node(ctab, key); node != NULL;
 				node = avtab_search_node_next(node, key->specified)) {
-		if ( (u16) (AVTAB_ALLOWED|AVTAB_ENABLED) ==
-		     (node->key.specified & (AVTAB_ALLOWED|AVTAB_ENABLED)))
+		if ((u16)(AVTAB_ALLOWED|AVTAB_ENABLED) ==
+		    (node->key.specified & (AVTAB_ALLOWED|AVTAB_ENABLED)))
 			avd->allowed |= node->datum.data;
-		if ( (u16) (AVTAB_AUDITDENY|AVTAB_ENABLED) ==
-		     (node->key.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED)))
+		if ((u16)(AVTAB_AUDITDENY|AVTAB_ENABLED) ==
+		    (node->key.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED)))
 			/* Since a '0' in an auditdeny mask represents a
 			 * permission we do NOT want to audit (dontaudit), we use
 			 * the '&' operand to ensure that all '0's in the mask
 			 * are retained (much unlike the allow and auditallow cases).
 			 */
 			avd->auditdeny &= node->datum.data;
-		if ( (u16) (AVTAB_AUDITALLOW|AVTAB_ENABLED) ==
-		     (node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED)))
+		if ((u16)(AVTAB_AUDITALLOW|AVTAB_ENABLED) ==
+		    (node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED)))
 			avd->auditallow |= node->datum.data;
 	}
 	return;