From owner-trustedbsd-cvs@FreeBSD.ORG  Thu Mar  9 15:56:40 2006
Return-Path: <owner-trustedbsd-cvs@FreeBSD.ORG>
X-Original-To: trustedbsd-cvs@freebsd.org
Delivered-To: trustedbsd-cvs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A1CF516A420
	for <trustedbsd-cvs@freebsd.org>; Thu,  9 Mar 2006 15:56:40 +0000 (GMT)
	(envelope-from owner-perforce@freebsd.org)
Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id F2EFF43D79
	for <trustedbsd-cvs@freebsd.org>; Thu,  9 Mar 2006 15:56:30 +0000 (GMT)
	(envelope-from owner-perforce@freebsd.org)
Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119])
	by cyrus.watson.org (Postfix) with ESMTP id B868246B4D
	for <trustedbsd-cvs@trustedbsd.org>;
	Thu,  9 Mar 2006 10:56:07 -0500 (EST)
Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18])
	by mx2.freebsd.org (Postfix) with ESMTP id BBBC357761;
	Thu,  9 Mar 2006 15:52:40 +0000 (GMT)
	(envelope-from owner-perforce@freebsd.org)
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id AAAE116A423; Thu,  9 Mar 2006 15:52:40 +0000 (GMT)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 694E616A422
	for <perforce@freebsd.org>; Thu,  9 Mar 2006 15:52:40 +0000 (GMT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9944343D58
	for <perforce@freebsd.org>; Thu,  9 Mar 2006 15:52:39 +0000 (GMT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k29FqdJK002589
	for <perforce@freebsd.org>; Thu, 9 Mar 2006 15:52:39 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k29Fqdq5002586
	for perforce@freebsd.org; Thu, 9 Mar 2006 15:52:39 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Thu, 9 Mar 2006 15:52:39 GMT
Message-Id: <200603091552.k29Fqdq5002586@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 93049 for review
X-BeenThere: trustedbsd-cvs@FreeBSD.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TrustedBSD CVS and Perforce commit message list
	<trustedbsd-cvs.FreeBSD.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-cvs>, 
	<mailto:trustedbsd-cvs-request@FreeBSD.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/trustedbsd-cvs>
List-Post: <mailto:trustedbsd-cvs@FreeBSD.org>
List-Help: <mailto:trustedbsd-cvs-request@FreeBSD.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-cvs>,
	<mailto:trustedbsd-cvs-request@FreeBSD.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Mar 2006 15:56:40 -0000

http://perforce.freebsd.org/chv.cgi?CH=93049

Change 93049 by rwatson@rwatson_peppercorn on 2006/03/09 15:52:36

	style(9).

Affected files ...

.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_syscall.c#8 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_syscalls.h#7 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_sysctl.c#10 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_syscall.c#8 (text+ko) ====

@@ -51,10 +51,9 @@
 #include <security/sebsd/avc/avc.h>
 #include <security/sebsd/ss/services.h>
 
-struct lp_args
-{
-	void  *data;
-	size_t len;
+struct lp_args {
+	void	*data;
+	size_t	 len;
 };
 
 static int
@@ -80,13 +79,17 @@
 static int
 sebsd_get_bools(struct thread *td, struct sebsd_get_bools *gb)
 {
-	char *out = NULL;
+	char *out;
+	int err;
+
 	if (gb->out)
 		out = malloc(gb->len, M_SEBSD, M_WAITOK);
-	int err = security_get_bool_string(&gb->len, out);
-	if (out && err == 0)
+	else
+		out = NULL;
+	err = security_get_bool_string(&gb->len, out);
+	if (out != NULL && err == 0)
 		err = copyout(out, gb->out, gb->len);
-	if (out)
+	if (out != NULL)
 		free(out, M_SEBSD);
 	return (err);
 }
@@ -94,13 +97,15 @@
 int
 sebsd_syscall(struct thread *td, int call, void *args)
 {
-	int err = EINVAL;
 	struct lp_args p;
 	struct sebsd_get_bools gb;
+	int active, err, pending;
+	char str[128], *strp;
 
-	switch(call) {
+	err = EINVAL;
+	switch (call) {
 	case SEBSDCALL_LOAD_POLICY:
-		if (copyin (args, &p, sizeof (struct lp_args)))
+		if (copyin(args, &p, sizeof (struct lp_args)))
 			return (EFAULT);
 		err = sys_load_policy (td, p.data, p.len);
 		break;
@@ -114,47 +119,39 @@
 		break;
 
 	case SEBSDCALL_GET_BOOL:
-	{
-		char str[128];
-		int  active, pending;
-		err = copyinstr(args,str, 128, NULL);
+		err = copyinstr(args, str, 128, NULL);
 		if (err)
 			return (err);
 		security_get_bool(str, &active, &pending);
 		*td->td_retval = active | (pending << 1);
 		return (0);
-	}
 
 	case SEBSDCALL_SET_BOOL:
-	{
-		char *str;
-
 		err = thread_has_security(td, SECURITY__SETBOOL);
 		if (err)
 			return (err);
 
 		if (copyin(args, &p, sizeof (struct lp_args)))
 			return (EFAULT);
-		str = malloc(p.len, M_SEBSD, M_WAITOK);
+		strp = malloc(p.len, M_SEBSD, M_WAITOK);
 		if (!str)
 			return (ENOMEM);
-		if (copyin(p.data, str, p.len)) {
+		if (copyin(p.data, strp, p.len)) {
 			free(str, M_SEBSD);
 			return (EFAULT);
 		}
 
-		str[p.len-1] = 0;
-		err = security_set_bool(str+1, str[0]-'0');
-		free(str, M_SEBSD);
+		strp[p.len-1] = 0;
+		err = security_set_bool(str+1, strp[0]-'0');
+		free(strp, M_SEBSD);
 		break;
-	}
 
 	case SEBSDCALL_COMMIT_BOOLS:
 		err = thread_has_security(td, SECURITY__SETBOOL);
 		if (err)
 			return (err);
 
-		return security_commit_pending_bools();
+		return (security_commit_pending_bools());
 
 	default:
 		err = EINVAL;

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_syscalls.h#7 (text+ko) ====

@@ -1,41 +1,39 @@
 #ifndef _SEBSD_SYSCALLS_H_
-#define _SEBSD_SYSCALLS_H_
+#define	_SEBSD_SYSCALLS_H_
 
 #include <security/sebsd/linux-compat.h>
 
 /*
  * TBD: Should we really try to line up with SELinux?
  */
-#define SEBSDCALL_LOAD_POLICY		7
-#define SEBSDCALL_GET_BOOLS	        8
-#define SEBSDCALL_GET_BOOL		9
-#define SEBSDCALL_SET_BOOL		10
-#define SEBSDCALL_COMMIT_BOOLS		11
+#define	SEBSDCALL_LOAD_POLICY		7
+#define	SEBSDCALL_GET_BOOLS	        8
+#define	SEBSDCALL_GET_BOOL		9
+#define	SEBSDCALL_SET_BOOL		10
+#define	SEBSDCALL_COMMIT_BOOLS		11
 
-#define SEBSDCALL_NUM			7
+#define	SEBSDCALL_NUM			7
 
-/* Structure definitions for compute_av call */
+/* Structure definitions for compute_av call. */
 struct security_query {
-	char *scontext;
-	char *tcontext;
-        security_class_t tclass;
-        access_vector_t requested;
+	char			*scontext;
+	char			*tcontext;
+	security_class_t	 tclass;
+	access_vector_t		 requested;
 };
 
 struct security_response {
-        access_vector_t allowed;
-        access_vector_t decided;
-        access_vector_t auditallow;
-        access_vector_t auditdeny;
-        access_vector_t notify;
-        u32 seqno;
+	access_vector_t	allowed;
+	access_vector_t	decided;
+	access_vector_t	auditallow;
+	access_vector_t	auditdeny;
+	access_vector_t	notify;
+	u32		seqno;
 };
 
 struct sebsd_get_bools {
-	int   len;
-	char *out;
+	int	 len;
+	char	*out;
 };
 
-
 #endif /* _SEBSD_SYSCALLS_H_ */
-

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_sysctl.c#10 (text+ko) ====

@@ -8,7 +8,7 @@
  * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
  * CHATS research program.
  *
- * This software was enhanced by SPARTA ISSO under SPAWAR contract 
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
  * N66001-04-C-6019 ("SEFOS").
  *
  * Redistribution and use in source and binary forms, with or without
@@ -82,10 +82,10 @@
 	for (i = 0; i < SIDTAB_SIZE; i++) {
 		cur = sidtab.htable[i];
 		while (cur != NULL && count > 0) {
-			error = security_sid_to_context(cur->sid, &scontext, 
-							&scontext_len);
+			error = security_sid_to_context(cur->sid, &scontext,
+			    &scontext_len);
 			len = snprintf(buffer, linesize, "%7d   %s\n",
-				       cur->sid, scontext);
+			    cur->sid, scontext);
 			security_free_context(scontext);
 			error = SYSCTL_OUT(req, buffer, len);
 			if (error)
@@ -124,9 +124,9 @@
 		 * Treat ability to set audit status as equivilent to
 		 * changing enforcement status.
 		 */
-		error = thread_has_system (curthread, SECURITY__SETENFORCE);
+		error = thread_has_system(curthread, SECURITY__SETENFORCE);
 		if (error)
-			return error;
+			return (error);
 
 		selinux_auditing = auditing;
 	}
@@ -135,8 +135,8 @@
 }
 
 /*
- * Sysctl handler for security.mac.sebsd.enforcing
- * Get and/or set whether the avc is in enforcement mode.
+ * Sysctl handler for security.mac.sebsd.enforcing.  Get and/or set whether
+ * the avc is in enforcement mode.
  */
 static int
 sysctl_sebsd_enforcing(SYSCTL_HANDLER_ARGS)
@@ -154,7 +154,7 @@
 		if (error)
 			return (error);
 
-		error = thread_has_system (curthread, SECURITY__SETENFORCE);
+		error = thread_has_system(curthread, SECURITY__SETENFORCE);
 		if (error)
 			return error;
 
@@ -165,9 +165,8 @@
 }
 
 /*
- * Sysctl handler for security.mac.sebsd.user_sids
- * Lists the SIDs currently available for transition to by a given
- * "context\0username\0"
+ * Sysctl handler for security.mac.sebsd.user_sids.  Lists the SIDs currently
+ * available for transition to by a given "context\0username\0".
  */
 static int
 sysctl_user_sids(SYSCTL_HANDLER_ARGS)
@@ -183,7 +182,7 @@
 	if (req->newlen > 512)	/* arbitrary */
 		return (ENAMETOOLONG);
 	context = sebsd_malloc(req->newlen, M_SEBSD, M_WAITOK);
-	error = SYSCTL_IN(req, context, req->newlen); 
+	error = SYSCTL_IN(req, context, req->newlen);
 	if (error)
 		goto out;
 	if (context[req->newlen - 1] != '\0') {
@@ -242,7 +241,7 @@
 	if (req->newlen > 512)	/* arbitrary */
 		return (ENAMETOOLONG);
 	scontext = sebsd_malloc(req->newlen, M_SEBSD, M_WAITOK);
-	error = SYSCTL_IN(req, scontext, req->newlen); 
+	error = SYSCTL_IN(req, scontext, req->newlen);
 	if (error)
 		goto out;
 	if (scontext[req->newlen - (1 + sizeof(tclass))] != '\0') {
@@ -278,8 +277,8 @@
 }
 
 /*
- * Sysctl handler for security.mac.sebsd.compute_av
- * Compute access vectors given input "scontext\0tcontext\0",tclass,av
+ * Sysctl handler for security.mac.sebsd.compute_av.  Compute access vectors
+ * given input "scontext\0tcontext\0", tclass, av.
  */
 static int
 sysctl_compute_av(SYSCTL_HANDLER_ARGS)
@@ -296,10 +295,11 @@
 	if (req->newlen > 512)	/* arbitrary */
 		return (ENAMETOOLONG);
 	scontext = sebsd_malloc(req->newlen, M_SEBSD, M_WAITOK);
-	error = SYSCTL_IN(req, scontext, req->newlen); 
+	error = SYSCTL_IN(req, scontext, req->newlen);
 	if (error)
 		goto out;
-	if (scontext[req->newlen - (1 + sizeof(tclass) + sizeof(av))] != '\0') {
+	if (scontext[req->newlen - (1 + sizeof(tclass) + sizeof(av))] !=
+	    '\0') {
 		error = EINVAL;
 		goto out;
 	}
@@ -333,26 +333,27 @@
 
 SYSCTL_DECL(_security_mac);
 SYSCTL_NODE(_security_mac, OID_AUTO, sebsd, CTLFLAG_RW, 0,
-	    "Security Enhanced BSD policy controls");
+    "Security Enhanced BSD policy controls");
 
 SYSCTL_INT(_security_mac_sebsd, OID_AUTO, verbose, CTLFLAG_RW,
-	   &sebsd_verbose, 0, " SEBSD Verbose Debug Stuff");
+    &sebsd_verbose, 0, " SEBSD Verbose Debug Stuff");
 TUNABLE_INT("security.mac.sebsd.verbose", &sebsd_verbose);
 
 SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, sids, CTLTYPE_STRING|CTLFLAG_RD,
-	   NULL, 0, sysctl_list_sids, "A", "SEBSD SIDs");
+    NULL, 0, sysctl_list_sids, "A", "SEBSD SIDs");
 SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, user_sids, CTLTYPE_STRING |
- 	   CTLFLAG_RW | CTLFLAG_ANYBODY, NULL, 0, sysctl_user_sids, "A",
-	   "SEBSD transitionable user SIDs");
+    CTLFLAG_RW | CTLFLAG_ANYBODY, NULL, 0, sysctl_user_sids, "A",
+    "SEBSD transitionable user SIDs");
 SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, change_sid, CTLTYPE_STRING |
- 	   CTLFLAG_RW | CTLFLAG_ANYBODY, NULL, 0, sysctl_change_sid, "A",
-	   "SEBSD (tty) SID relabel to perform along with transition");
+    CTLFLAG_RW | CTLFLAG_ANYBODY, NULL, 0, sysctl_change_sid, "A",
+    "SEBSD (tty) SID relabel to perform along with transition");
 SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, compute_av, CTLTYPE_STRING |
- 	   CTLFLAG_RW | CTLFLAG_ANYBODY, NULL, 0, sysctl_compute_av, "A",
-	   "SEBSD access vector decision query");
-SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, auditing, CTLTYPE_INT | CTLFLAG_RW,
-	   NULL, 0, sysctl_sebsd_auditing, "I", "SEBSD avc auditing");
+    CTLFLAG_RW | CTLFLAG_ANYBODY, NULL, 0, sysctl_compute_av, "A",
+    "SEBSD access vector decision query");
+SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, auditing, CTLTYPE_INT |
+    CTLFLAG_RW, NULL, 0, sysctl_sebsd_auditing, "I", "SEBSD avc auditing");
 TUNABLE_INT("security.mac.sebsd.auditing", &selinux_auditing);
-SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, enforcing, CTLTYPE_INT | CTLFLAG_RW,
-	   NULL, 0, sysctl_sebsd_enforcing, "I", "SEBSD avc enforcement");
+SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, enforcing, CTLTYPE_INT |
+    CTLFLAG_RW, NULL, 0, sysctl_sebsd_enforcing, "I",
+    "SEBSD avc enforcement");
 TUNABLE_INT("security.mac.sebsd.enforcing", &selinux_enforcing);