Date: Thu, 9 Mar 2006 15:52:39 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 93049 for review Message-ID: <200603091552.k29Fqdq5002586@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=93049 Change 93049 by rwatson@rwatson_peppercorn on 2006/03/09 15:52:36 style(9). Affected files ... .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_syscall.c#8 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_syscalls.h#7 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_sysctl.c#10 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_syscall.c#8 (text+ko) ==== @@ -51,10 +51,9 @@ #include <security/sebsd/avc/avc.h> #include <security/sebsd/ss/services.h> -struct lp_args -{ - void *data; - size_t len; +struct lp_args { + void *data; + size_t len; }; static int @@ -80,13 +79,17 @@ static int sebsd_get_bools(struct thread *td, struct sebsd_get_bools *gb) { - char *out = NULL; + char *out; + int err; + if (gb->out) out = malloc(gb->len, M_SEBSD, M_WAITOK); - int err = security_get_bool_string(&gb->len, out); - if (out && err == 0) + else + out = NULL; + err = security_get_bool_string(&gb->len, out); + if (out != NULL && err == 0) err = copyout(out, gb->out, gb->len); - if (out) + if (out != NULL) free(out, M_SEBSD); return (err); } @@ -94,13 +97,15 @@ int sebsd_syscall(struct thread *td, int call, void *args) { - int err = EINVAL; struct lp_args p; struct sebsd_get_bools gb; + int active, err, pending; + char str[128], *strp; - switch(call) { + err = EINVAL; + switch (call) { case SEBSDCALL_LOAD_POLICY: - if (copyin (args, &p, sizeof (struct lp_args))) + if (copyin(args, &p, sizeof (struct lp_args))) return (EFAULT); err = sys_load_policy (td, p.data, p.len); break; @@ -114,47 +119,39 @@ break; case SEBSDCALL_GET_BOOL: - { - char str[128]; - int active, pending; - err = copyinstr(args,str, 128, NULL); + err = copyinstr(args, str, 128, NULL); if (err) return (err); security_get_bool(str, &active, &pending); *td->td_retval = active | (pending << 1); return (0); - } case SEBSDCALL_SET_BOOL: - { - char *str; - err = thread_has_security(td, SECURITY__SETBOOL); if (err) return (err); if (copyin(args, &p, sizeof (struct lp_args))) return (EFAULT); - str = malloc(p.len, M_SEBSD, M_WAITOK); + strp = malloc(p.len, M_SEBSD, M_WAITOK); if (!str) return (ENOMEM); - if (copyin(p.data, str, p.len)) { + if (copyin(p.data, strp, p.len)) { free(str, M_SEBSD); return (EFAULT); } - str[p.len-1] = 0; - err = security_set_bool(str+1, str[0]-'0'); - free(str, M_SEBSD); + strp[p.len-1] = 0; + err = security_set_bool(str+1, strp[0]-'0'); + free(strp, M_SEBSD); break; - } case SEBSDCALL_COMMIT_BOOLS: err = thread_has_security(td, SECURITY__SETBOOL); if (err) return (err); - return security_commit_pending_bools(); + return (security_commit_pending_bools()); default: err = EINVAL; ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_syscalls.h#7 (text+ko) ==== @@ -1,41 +1,39 @@ #ifndef _SEBSD_SYSCALLS_H_ -#define _SEBSD_SYSCALLS_H_ +#define _SEBSD_SYSCALLS_H_ #include <security/sebsd/linux-compat.h> /* * TBD: Should we really try to line up with SELinux? */ -#define SEBSDCALL_LOAD_POLICY 7 -#define SEBSDCALL_GET_BOOLS 8 -#define SEBSDCALL_GET_BOOL 9 -#define SEBSDCALL_SET_BOOL 10 -#define SEBSDCALL_COMMIT_BOOLS 11 +#define SEBSDCALL_LOAD_POLICY 7 +#define SEBSDCALL_GET_BOOLS 8 +#define SEBSDCALL_GET_BOOL 9 +#define SEBSDCALL_SET_BOOL 10 +#define SEBSDCALL_COMMIT_BOOLS 11 -#define SEBSDCALL_NUM 7 +#define SEBSDCALL_NUM 7 -/* Structure definitions for compute_av call */ +/* Structure definitions for compute_av call. */ struct security_query { - char *scontext; - char *tcontext; - security_class_t tclass; - access_vector_t requested; + char *scontext; + char *tcontext; + security_class_t tclass; + access_vector_t requested; }; struct security_response { - access_vector_t allowed; - access_vector_t decided; - access_vector_t auditallow; - access_vector_t auditdeny; - access_vector_t notify; - u32 seqno; + access_vector_t allowed; + access_vector_t decided; + access_vector_t auditallow; + access_vector_t auditdeny; + access_vector_t notify; + u32 seqno; }; struct sebsd_get_bools { - int len; - char *out; + int len; + char *out; }; - #endif /* _SEBSD_SYSCALLS_H_ */ - ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/sebsd_sysctl.c#10 (text+ko) ==== @@ -8,7 +8,7 @@ * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA * CHATS research program. * - * This software was enhanced by SPARTA ISSO under SPAWAR contract + * This software was enhanced by SPARTA ISSO under SPAWAR contract * N66001-04-C-6019 ("SEFOS"). * * Redistribution and use in source and binary forms, with or without @@ -82,10 +82,10 @@ for (i = 0; i < SIDTAB_SIZE; i++) { cur = sidtab.htable[i]; while (cur != NULL && count > 0) { - error = security_sid_to_context(cur->sid, &scontext, - &scontext_len); + error = security_sid_to_context(cur->sid, &scontext, + &scontext_len); len = snprintf(buffer, linesize, "%7d %s\n", - cur->sid, scontext); + cur->sid, scontext); security_free_context(scontext); error = SYSCTL_OUT(req, buffer, len); if (error) @@ -124,9 +124,9 @@ * Treat ability to set audit status as equivilent to * changing enforcement status. */ - error = thread_has_system (curthread, SECURITY__SETENFORCE); + error = thread_has_system(curthread, SECURITY__SETENFORCE); if (error) - return error; + return (error); selinux_auditing = auditing; } @@ -135,8 +135,8 @@ } /* - * Sysctl handler for security.mac.sebsd.enforcing - * Get and/or set whether the avc is in enforcement mode. + * Sysctl handler for security.mac.sebsd.enforcing. Get and/or set whether + * the avc is in enforcement mode. */ static int sysctl_sebsd_enforcing(SYSCTL_HANDLER_ARGS) @@ -154,7 +154,7 @@ if (error) return (error); - error = thread_has_system (curthread, SECURITY__SETENFORCE); + error = thread_has_system(curthread, SECURITY__SETENFORCE); if (error) return error; @@ -165,9 +165,8 @@ } /* - * Sysctl handler for security.mac.sebsd.user_sids - * Lists the SIDs currently available for transition to by a given - * "context\0username\0" + * Sysctl handler for security.mac.sebsd.user_sids. Lists the SIDs currently + * available for transition to by a given "context\0username\0". */ static int sysctl_user_sids(SYSCTL_HANDLER_ARGS) @@ -183,7 +182,7 @@ if (req->newlen > 512) /* arbitrary */ return (ENAMETOOLONG); context = sebsd_malloc(req->newlen, M_SEBSD, M_WAITOK); - error = SYSCTL_IN(req, context, req->newlen); + error = SYSCTL_IN(req, context, req->newlen); if (error) goto out; if (context[req->newlen - 1] != '\0') { @@ -242,7 +241,7 @@ if (req->newlen > 512) /* arbitrary */ return (ENAMETOOLONG); scontext = sebsd_malloc(req->newlen, M_SEBSD, M_WAITOK); - error = SYSCTL_IN(req, scontext, req->newlen); + error = SYSCTL_IN(req, scontext, req->newlen); if (error) goto out; if (scontext[req->newlen - (1 + sizeof(tclass))] != '\0') { @@ -278,8 +277,8 @@ } /* - * Sysctl handler for security.mac.sebsd.compute_av - * Compute access vectors given input "scontext\0tcontext\0",tclass,av + * Sysctl handler for security.mac.sebsd.compute_av. Compute access vectors + * given input "scontext\0tcontext\0", tclass, av. */ static int sysctl_compute_av(SYSCTL_HANDLER_ARGS) @@ -296,10 +295,11 @@ if (req->newlen > 512) /* arbitrary */ return (ENAMETOOLONG); scontext = sebsd_malloc(req->newlen, M_SEBSD, M_WAITOK); - error = SYSCTL_IN(req, scontext, req->newlen); + error = SYSCTL_IN(req, scontext, req->newlen); if (error) goto out; - if (scontext[req->newlen - (1 + sizeof(tclass) + sizeof(av))] != '\0') { + if (scontext[req->newlen - (1 + sizeof(tclass) + sizeof(av))] != + '\0') { error = EINVAL; goto out; } @@ -333,26 +333,27 @@ SYSCTL_DECL(_security_mac); SYSCTL_NODE(_security_mac, OID_AUTO, sebsd, CTLFLAG_RW, 0, - "Security Enhanced BSD policy controls"); + "Security Enhanced BSD policy controls"); SYSCTL_INT(_security_mac_sebsd, OID_AUTO, verbose, CTLFLAG_RW, - &sebsd_verbose, 0, " SEBSD Verbose Debug Stuff"); + &sebsd_verbose, 0, " SEBSD Verbose Debug Stuff"); TUNABLE_INT("security.mac.sebsd.verbose", &sebsd_verbose); SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, sids, CTLTYPE_STRING|CTLFLAG_RD, - NULL, 0, sysctl_list_sids, "A", "SEBSD SIDs"); + NULL, 0, sysctl_list_sids, "A", "SEBSD SIDs"); SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, user_sids, CTLTYPE_STRING | - CTLFLAG_RW | CTLFLAG_ANYBODY, NULL, 0, sysctl_user_sids, "A", - "SEBSD transitionable user SIDs"); + CTLFLAG_RW | CTLFLAG_ANYBODY, NULL, 0, sysctl_user_sids, "A", + "SEBSD transitionable user SIDs"); SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, change_sid, CTLTYPE_STRING | - CTLFLAG_RW | CTLFLAG_ANYBODY, NULL, 0, sysctl_change_sid, "A", - "SEBSD (tty) SID relabel to perform along with transition"); + CTLFLAG_RW | CTLFLAG_ANYBODY, NULL, 0, sysctl_change_sid, "A", + "SEBSD (tty) SID relabel to perform along with transition"); SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, compute_av, CTLTYPE_STRING | - CTLFLAG_RW | CTLFLAG_ANYBODY, NULL, 0, sysctl_compute_av, "A", - "SEBSD access vector decision query"); -SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, auditing, CTLTYPE_INT | CTLFLAG_RW, - NULL, 0, sysctl_sebsd_auditing, "I", "SEBSD avc auditing"); + CTLFLAG_RW | CTLFLAG_ANYBODY, NULL, 0, sysctl_compute_av, "A", + "SEBSD access vector decision query"); +SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, auditing, CTLTYPE_INT | + CTLFLAG_RW, NULL, 0, sysctl_sebsd_auditing, "I", "SEBSD avc auditing"); TUNABLE_INT("security.mac.sebsd.auditing", &selinux_auditing); -SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, enforcing, CTLTYPE_INT | CTLFLAG_RW, - NULL, 0, sysctl_sebsd_enforcing, "I", "SEBSD avc enforcement"); +SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, enforcing, CTLTYPE_INT | + CTLFLAG_RW, NULL, 0, sysctl_sebsd_enforcing, "I", + "SEBSD avc enforcement"); TUNABLE_INT("security.mac.sebsd.enforcing", &selinux_enforcing);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200603091552.k29Fqdq5002586>