forked from Minki/linux
SELinux: clean up printks
Make sure all printk start with KERN_* Make sure all printk end with \n Make sure all printk have the word 'selinux' in them Change "function name" to "%s", __func__ (found 2 wrong) Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
1167088938
commit
744ba35e45
|
@ -426,7 +426,7 @@ static int avc_latest_notif_update(int seqno, int is_insert)
|
||||||
spin_lock_irqsave(¬if_lock, flag);
|
spin_lock_irqsave(¬if_lock, flag);
|
||||||
if (is_insert) {
|
if (is_insert) {
|
||||||
if (seqno < avc_cache.latest_notif) {
|
if (seqno < avc_cache.latest_notif) {
|
||||||
printk(KERN_WARNING "avc: seqno %d < latest_notif %d\n",
|
printk(KERN_WARNING "SELinux: avc: seqno %d < latest_notif %d\n",
|
||||||
seqno, avc_cache.latest_notif);
|
seqno, avc_cache.latest_notif);
|
||||||
ret = -EAGAIN;
|
ret = -EAGAIN;
|
||||||
}
|
}
|
||||||
|
|
|
@ -575,8 +575,8 @@ static int selinux_set_mnt_opts(struct super_block *sb,
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
rc = -EINVAL;
|
rc = -EINVAL;
|
||||||
printk(KERN_WARNING "Unable to set superblock options before "
|
printk(KERN_WARNING "SELinux: Unable to set superblock options "
|
||||||
"the security server is initialized\n");
|
"before the security server is initialized\n");
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1135,7 +1135,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
|
||||||
dentry = d_find_alias(inode);
|
dentry = d_find_alias(inode);
|
||||||
}
|
}
|
||||||
if (!dentry) {
|
if (!dentry) {
|
||||||
printk(KERN_WARNING "%s: no dentry for dev=%s "
|
printk(KERN_WARNING "SELinux: %s: no dentry for dev=%s "
|
||||||
"ino=%ld\n", __func__, inode->i_sb->s_id,
|
"ino=%ld\n", __func__, inode->i_sb->s_id,
|
||||||
inode->i_ino);
|
inode->i_ino);
|
||||||
goto out_unlock;
|
goto out_unlock;
|
||||||
|
@ -1173,7 +1173,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
|
||||||
dput(dentry);
|
dput(dentry);
|
||||||
if (rc < 0) {
|
if (rc < 0) {
|
||||||
if (rc != -ENODATA) {
|
if (rc != -ENODATA) {
|
||||||
printk(KERN_WARNING "%s: getxattr returned "
|
printk(KERN_WARNING "SELinux: %s: getxattr returned "
|
||||||
"%d for dev=%s ino=%ld\n", __func__,
|
"%d for dev=%s ino=%ld\n", __func__,
|
||||||
-rc, inode->i_sb->s_id, inode->i_ino);
|
-rc, inode->i_sb->s_id, inode->i_ino);
|
||||||
kfree(context);
|
kfree(context);
|
||||||
|
@ -1187,7 +1187,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
|
||||||
sbsec->def_sid,
|
sbsec->def_sid,
|
||||||
GFP_NOFS);
|
GFP_NOFS);
|
||||||
if (rc) {
|
if (rc) {
|
||||||
printk(KERN_WARNING "%s: context_to_sid(%s) "
|
printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
|
||||||
"returned %d for dev=%s ino=%ld\n",
|
"returned %d for dev=%s ino=%ld\n",
|
||||||
__func__, context, -rc,
|
__func__, context, -rc,
|
||||||
inode->i_sb->s_id, inode->i_ino);
|
inode->i_sb->s_id, inode->i_ino);
|
||||||
|
@ -1510,7 +1510,8 @@ static int may_link(struct inode *dir,
|
||||||
av = DIR__RMDIR;
|
av = DIR__RMDIR;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
printk(KERN_WARNING "may_link: unrecognized kind %d\n", kind);
|
printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
|
||||||
|
__func__, kind);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1640,8 +1641,8 @@ static inline u32 open_file_mask_to_av(int mode, int mask)
|
||||||
else if (S_ISDIR(mode))
|
else if (S_ISDIR(mode))
|
||||||
av |= DIR__OPEN;
|
av |= DIR__OPEN;
|
||||||
else
|
else
|
||||||
printk(KERN_ERR "SELinux: WARNING: inside open_file_to_av "
|
printk(KERN_ERR "SELinux: WARNING: inside %s with "
|
||||||
"with unknown mode:%x\n", mode);
|
"unknown mode:%x\n", __func__, mode);
|
||||||
}
|
}
|
||||||
return av;
|
return av;
|
||||||
}
|
}
|
||||||
|
|
|
@ -391,8 +391,8 @@ static ssize_t sel_write_context(struct file * file, char *buf, size_t size)
|
||||||
return length;
|
return length;
|
||||||
|
|
||||||
if (len > SIMPLE_TRANSACTION_LIMIT) {
|
if (len > SIMPLE_TRANSACTION_LIMIT) {
|
||||||
printk(KERN_ERR "%s: context size (%u) exceeds payload "
|
printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
|
||||||
"max\n", __func__, len);
|
"payload max\n", __func__, len);
|
||||||
length = -ERANGE;
|
length = -ERANGE;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
@ -644,8 +644,8 @@ static ssize_t sel_write_create(struct file * file, char *buf, size_t size)
|
||||||
goto out2;
|
goto out2;
|
||||||
|
|
||||||
if (len > SIMPLE_TRANSACTION_LIMIT) {
|
if (len > SIMPLE_TRANSACTION_LIMIT) {
|
||||||
printk(KERN_ERR "%s: context size (%u) exceeds payload "
|
printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
|
||||||
"max\n", __func__, len);
|
"payload max\n", __func__, len);
|
||||||
length = -ERANGE;
|
length = -ERANGE;
|
||||||
goto out3;
|
goto out3;
|
||||||
}
|
}
|
||||||
|
@ -821,8 +821,8 @@ static ssize_t sel_write_member(struct file * file, char *buf, size_t size)
|
||||||
goto out2;
|
goto out2;
|
||||||
|
|
||||||
if (len > SIMPLE_TRANSACTION_LIMIT) {
|
if (len > SIMPLE_TRANSACTION_LIMIT) {
|
||||||
printk(KERN_ERR "%s: context size (%u) exceeds payload "
|
printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
|
||||||
"max\n", __func__, len);
|
"payload max\n", __func__, len);
|
||||||
length = -ERANGE;
|
length = -ERANGE;
|
||||||
goto out3;
|
goto out3;
|
||||||
}
|
}
|
||||||
|
@ -1761,7 +1761,8 @@ static int sel_fill_super(struct super_block * sb, void * data, int silent)
|
||||||
out:
|
out:
|
||||||
return ret;
|
return ret;
|
||||||
err:
|
err:
|
||||||
printk(KERN_ERR "%s: failed while creating inodes\n", __func__);
|
printk(KERN_ERR "SELinux: %s: failed while creating inodes\n",
|
||||||
|
__func__);
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -310,8 +310,8 @@ void avtab_hash_eval(struct avtab *h, char *tag)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, longest "
|
printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, "
|
||||||
"chain length %d sum of chain length^2 %Lu\n",
|
"longest chain length %d sum of chain length^2 %Lu\n",
|
||||||
tag, h->nel, slots_used, h->nslot, max_chain_len,
|
tag, h->nel, slots_used, h->nslot, max_chain_len,
|
||||||
chain2_len_sum);
|
chain2_len_sum);
|
||||||
}
|
}
|
||||||
|
@ -364,19 +364,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
|
||||||
val = le32_to_cpu(buf32[items++]);
|
val = le32_to_cpu(buf32[items++]);
|
||||||
key.source_type = (u16)val;
|
key.source_type = (u16)val;
|
||||||
if (key.source_type != val) {
|
if (key.source_type != val) {
|
||||||
printk("SELinux: avtab: truncated source type\n");
|
printk(KERN_ERR "SELinux: avtab: truncated source type\n");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
val = le32_to_cpu(buf32[items++]);
|
val = le32_to_cpu(buf32[items++]);
|
||||||
key.target_type = (u16)val;
|
key.target_type = (u16)val;
|
||||||
if (key.target_type != val) {
|
if (key.target_type != val) {
|
||||||
printk("SELinux: avtab: truncated target type\n");
|
printk(KERN_ERR "SELinux: avtab: truncated target type\n");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
val = le32_to_cpu(buf32[items++]);
|
val = le32_to_cpu(buf32[items++]);
|
||||||
key.target_class = (u16)val;
|
key.target_class = (u16)val;
|
||||||
if (key.target_class != val) {
|
if (key.target_class != val) {
|
||||||
printk("SELinux: avtab: truncated target class\n");
|
printk(KERN_ERR "SELinux: avtab: truncated target class\n");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -384,12 +384,12 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
|
||||||
enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0;
|
enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0;
|
||||||
|
|
||||||
if (!(val & (AVTAB_AV | AVTAB_TYPE))) {
|
if (!(val & (AVTAB_AV | AVTAB_TYPE))) {
|
||||||
printk("SELinux: avtab: null entry\n");
|
printk(KERN_ERR "SELinux: avtab: null entry\n");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if ((val & AVTAB_AV) &&
|
if ((val & AVTAB_AV) &&
|
||||||
(val & AVTAB_TYPE)) {
|
(val & AVTAB_TYPE)) {
|
||||||
printk("SELinux: avtab: entry has both access vectors and types\n");
|
printk(KERN_ERR "SELinux: avtab: entry has both access vectors and types\n");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -404,7 +404,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
|
||||||
}
|
}
|
||||||
|
|
||||||
if (items != items2) {
|
if (items != items2) {
|
||||||
printk("SELinux: avtab: entry only had %d items, expected %d\n", items2, items);
|
printk(KERN_ERR "SELinux: avtab: entry only had %d items, expected %d\n", items2, items);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -412,7 +412,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
|
||||||
|
|
||||||
rc = next_entry(buf16, fp, sizeof(u16)*4);
|
rc = next_entry(buf16, fp, sizeof(u16)*4);
|
||||||
if (rc < 0) {
|
if (rc < 0) {
|
||||||
printk("SELinux: avtab: truncated entry\n");
|
printk(KERN_ERR "SELinux: avtab: truncated entry\n");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -425,7 +425,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
|
||||||
if (!policydb_type_isvalid(pol, key.source_type) ||
|
if (!policydb_type_isvalid(pol, key.source_type) ||
|
||||||
!policydb_type_isvalid(pol, key.target_type) ||
|
!policydb_type_isvalid(pol, key.target_type) ||
|
||||||
!policydb_class_isvalid(pol, key.target_class)) {
|
!policydb_class_isvalid(pol, key.target_class)) {
|
||||||
printk(KERN_WARNING "SELinux: avtab: invalid type or class\n");
|
printk(KERN_ERR "SELinux: avtab: invalid type or class\n");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -435,20 +435,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
|
||||||
set++;
|
set++;
|
||||||
}
|
}
|
||||||
if (!set || set > 1) {
|
if (!set || set > 1) {
|
||||||
printk(KERN_WARNING
|
printk(KERN_ERR "SELinux: avtab: more than one specifier\n");
|
||||||
"SELinux: avtab: more than one specifier\n");
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
rc = next_entry(buf32, fp, sizeof(u32));
|
rc = next_entry(buf32, fp, sizeof(u32));
|
||||||
if (rc < 0) {
|
if (rc < 0) {
|
||||||
printk("SELinux: avtab: truncated entry\n");
|
printk(KERN_ERR "SELinux: avtab: truncated entry\n");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
datum.data = le32_to_cpu(*buf32);
|
datum.data = le32_to_cpu(*buf32);
|
||||||
if ((key.specified & AVTAB_TYPE) &&
|
if ((key.specified & AVTAB_TYPE) &&
|
||||||
!policydb_type_isvalid(pol, datum.data)) {
|
!policydb_type_isvalid(pol, datum.data)) {
|
||||||
printk(KERN_WARNING "SELinux: avtab: invalid type\n");
|
printk(KERN_ERR "SELinux: avtab: invalid type\n");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
return insertf(a, &key, &datum, p);
|
return insertf(a, &key, &datum, p);
|
||||||
|
|
|
@ -273,7 +273,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
|
||||||
*/
|
*/
|
||||||
if (k->specified & AVTAB_TYPE) {
|
if (k->specified & AVTAB_TYPE) {
|
||||||
if (avtab_search(&p->te_avtab, k)) {
|
if (avtab_search(&p->te_avtab, k)) {
|
||||||
printk("SELinux: type rule already exists outside of a conditional.");
|
printk(KERN_ERR "SELinux: type rule already exists outside of a conditional.\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
/*
|
/*
|
||||||
|
@ -288,7 +288,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
|
||||||
node_ptr = avtab_search_node(&p->te_cond_avtab, k);
|
node_ptr = avtab_search_node(&p->te_cond_avtab, k);
|
||||||
if (node_ptr) {
|
if (node_ptr) {
|
||||||
if (avtab_search_node_next(node_ptr, k->specified)) {
|
if (avtab_search_node_next(node_ptr, k->specified)) {
|
||||||
printk("SELinux: too many conflicting type rules.");
|
printk(KERN_ERR "SELinux: too many conflicting type rules.\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
found = 0;
|
found = 0;
|
||||||
|
@ -299,13 +299,13 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!found) {
|
if (!found) {
|
||||||
printk("SELinux: conflicting type rules.\n");
|
printk(KERN_ERR "SELinux: conflicting type rules.\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (avtab_search(&p->te_cond_avtab, k)) {
|
if (avtab_search(&p->te_cond_avtab, k)) {
|
||||||
printk("SELinux: conflicting type rules when adding type rule for true.\n");
|
printk(KERN_ERR "SELinux: conflicting type rules when adding type rule for true.\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -313,7 +313,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
|
||||||
|
|
||||||
node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);
|
node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);
|
||||||
if (!node_ptr) {
|
if (!node_ptr) {
|
||||||
printk("SELinux: could not insert rule.");
|
printk(KERN_ERR "SELinux: could not insert rule.\n");
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -372,12 +372,12 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list *
|
||||||
static int expr_isvalid(struct policydb *p, struct cond_expr *expr)
|
static int expr_isvalid(struct policydb *p, struct cond_expr *expr)
|
||||||
{
|
{
|
||||||
if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) {
|
if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) {
|
||||||
printk("SELinux: conditional expressions uses unknown operator.\n");
|
printk(KERN_ERR "SELinux: conditional expressions uses unknown operator.\n");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (expr->bool > p->p_bools.nprim) {
|
if (expr->bool > p->p_bools.nprim) {
|
||||||
printk("SELinux: conditional expressions uses unknown bool.\n");
|
printk(KERN_ERR "SELinux: conditional expressions uses unknown bool.\n");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
|
|
|
@ -390,7 +390,7 @@ static void symtab_hash_eval(struct symtab *s)
|
||||||
struct hashtab_info info;
|
struct hashtab_info info;
|
||||||
|
|
||||||
hashtab_stat(h, &info);
|
hashtab_stat(h, &info);
|
||||||
printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, "
|
printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, "
|
||||||
"longest chain length %d\n", symtab_name[i], h->nel,
|
"longest chain length %d\n", symtab_name[i], h->nel,
|
||||||
info.slots_used, h->size, info.max_chain_len);
|
info.slots_used, h->size, info.max_chain_len);
|
||||||
}
|
}
|
||||||
|
@ -1215,7 +1215,7 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp)
|
||||||
|
|
||||||
if (strcmp(key, OBJECT_R) == 0) {
|
if (strcmp(key, OBJECT_R) == 0) {
|
||||||
if (role->value != OBJECT_R_VAL) {
|
if (role->value != OBJECT_R_VAL) {
|
||||||
printk(KERN_ERR "Role %s has wrong value %d\n",
|
printk(KERN_ERR "SELinux: Role %s has wrong value %d\n",
|
||||||
OBJECT_R, role->value);
|
OBJECT_R, role->value);
|
||||||
rc = -EINVAL;
|
rc = -EINVAL;
|
||||||
goto bad;
|
goto bad;
|
||||||
|
@ -1551,22 +1551,23 @@ int policydb_read(struct policydb *p, void *fp)
|
||||||
|
|
||||||
if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
|
if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
|
||||||
if (ss_initialized && !selinux_mls_enabled) {
|
if (ss_initialized && !selinux_mls_enabled) {
|
||||||
printk(KERN_ERR "Cannot switch between non-MLS and MLS "
|
printk(KERN_ERR "SELinux: Cannot switch between non-MLS"
|
||||||
"policies\n");
|
" and MLS policies\n");
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
selinux_mls_enabled = 1;
|
selinux_mls_enabled = 1;
|
||||||
config |= POLICYDB_CONFIG_MLS;
|
config |= POLICYDB_CONFIG_MLS;
|
||||||
|
|
||||||
if (p->policyvers < POLICYDB_VERSION_MLS) {
|
if (p->policyvers < POLICYDB_VERSION_MLS) {
|
||||||
printk(KERN_ERR "security policydb version %d (MLS) "
|
printk(KERN_ERR "SELinux: security policydb version %d "
|
||||||
"not backwards compatible\n", p->policyvers);
|
"(MLS) not backwards compatible\n",
|
||||||
|
p->policyvers);
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (ss_initialized && selinux_mls_enabled) {
|
if (ss_initialized && selinux_mls_enabled) {
|
||||||
printk(KERN_ERR "Cannot switch between MLS and non-MLS "
|
printk(KERN_ERR "SELinux: Cannot switch between MLS and"
|
||||||
"policies\n");
|
" non-MLS policies\n");
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -415,7 +415,8 @@ static int context_struct_compute_av(struct context *scontext,
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
inval_class:
|
inval_class:
|
||||||
printk(KERN_ERR "%s: unrecognized class %d\n", __func__, tclass);
|
printk(KERN_ERR "SELinux: %s: unrecognized class %d\n", __func__,
|
||||||
|
tclass);
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -499,8 +500,8 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
|
||||||
tclass = SECCLASS_NETLINK_SOCKET;
|
tclass = SECCLASS_NETLINK_SOCKET;
|
||||||
|
|
||||||
if (!tclass || tclass > policydb.p_classes.nprim) {
|
if (!tclass || tclass > policydb.p_classes.nprim) {
|
||||||
printk(KERN_ERR "security_validate_transition: "
|
printk(KERN_ERR "SELinux: %s: unrecognized class %d\n",
|
||||||
"unrecognized class %d\n", tclass);
|
__func__, tclass);
|
||||||
rc = -EINVAL;
|
rc = -EINVAL;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
@ -508,24 +509,24 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
|
||||||
|
|
||||||
ocontext = sidtab_search(&sidtab, oldsid);
|
ocontext = sidtab_search(&sidtab, oldsid);
|
||||||
if (!ocontext) {
|
if (!ocontext) {
|
||||||
printk(KERN_ERR "security_validate_transition: "
|
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
||||||
" unrecognized SID %d\n", oldsid);
|
__func__, oldsid);
|
||||||
rc = -EINVAL;
|
rc = -EINVAL;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
ncontext = sidtab_search(&sidtab, newsid);
|
ncontext = sidtab_search(&sidtab, newsid);
|
||||||
if (!ncontext) {
|
if (!ncontext) {
|
||||||
printk(KERN_ERR "security_validate_transition: "
|
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
||||||
" unrecognized SID %d\n", newsid);
|
__func__, newsid);
|
||||||
rc = -EINVAL;
|
rc = -EINVAL;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
tcontext = sidtab_search(&sidtab, tasksid);
|
tcontext = sidtab_search(&sidtab, tasksid);
|
||||||
if (!tcontext) {
|
if (!tcontext) {
|
||||||
printk(KERN_ERR "security_validate_transition: "
|
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
||||||
" unrecognized SID %d\n", tasksid);
|
__func__, tasksid);
|
||||||
rc = -EINVAL;
|
rc = -EINVAL;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
@ -581,15 +582,15 @@ int security_compute_av(u32 ssid,
|
||||||
|
|
||||||
scontext = sidtab_search(&sidtab, ssid);
|
scontext = sidtab_search(&sidtab, ssid);
|
||||||
if (!scontext) {
|
if (!scontext) {
|
||||||
printk(KERN_ERR "security_compute_av: unrecognized SID %d\n",
|
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
||||||
ssid);
|
__func__, ssid);
|
||||||
rc = -EINVAL;
|
rc = -EINVAL;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
tcontext = sidtab_search(&sidtab, tsid);
|
tcontext = sidtab_search(&sidtab, tsid);
|
||||||
if (!tcontext) {
|
if (!tcontext) {
|
||||||
printk(KERN_ERR "security_compute_av: unrecognized SID %d\n",
|
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
||||||
tsid);
|
__func__, tsid);
|
||||||
rc = -EINVAL;
|
rc = -EINVAL;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
@ -686,16 +687,16 @@ int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len)
|
||||||
*scontext = scontextp;
|
*scontext = scontextp;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
printk(KERN_ERR "security_sid_to_context: called before initial "
|
printk(KERN_ERR "SELinux: %s: called before initial "
|
||||||
"load_policy on unknown SID %d\n", sid);
|
"load_policy on unknown SID %d\n", __func__, sid);
|
||||||
rc = -EINVAL;
|
rc = -EINVAL;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
POLICY_RDLOCK;
|
POLICY_RDLOCK;
|
||||||
context = sidtab_search(&sidtab, sid);
|
context = sidtab_search(&sidtab, sid);
|
||||||
if (!context) {
|
if (!context) {
|
||||||
printk(KERN_ERR "security_sid_to_context: unrecognized SID "
|
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
||||||
"%d\n", sid);
|
__func__, sid);
|
||||||
rc = -EINVAL;
|
rc = -EINVAL;
|
||||||
goto out_unlock;
|
goto out_unlock;
|
||||||
}
|
}
|
||||||
|
@ -925,15 +926,15 @@ static int security_compute_sid(u32 ssid,
|
||||||
|
|
||||||
scontext = sidtab_search(&sidtab, ssid);
|
scontext = sidtab_search(&sidtab, ssid);
|
||||||
if (!scontext) {
|
if (!scontext) {
|
||||||
printk(KERN_ERR "security_compute_sid: unrecognized SID %d\n",
|
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
||||||
ssid);
|
__func__, ssid);
|
||||||
rc = -EINVAL;
|
rc = -EINVAL;
|
||||||
goto out_unlock;
|
goto out_unlock;
|
||||||
}
|
}
|
||||||
tcontext = sidtab_search(&sidtab, tsid);
|
tcontext = sidtab_search(&sidtab, tsid);
|
||||||
if (!tcontext) {
|
if (!tcontext) {
|
||||||
printk(KERN_ERR "security_compute_sid: unrecognized SID %d\n",
|
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
||||||
tsid);
|
__func__, tsid);
|
||||||
rc = -EINVAL;
|
rc = -EINVAL;
|
||||||
goto out_unlock;
|
goto out_unlock;
|
||||||
}
|
}
|
||||||
|
@ -2031,16 +2032,16 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid)
|
||||||
POLICY_RDLOCK;
|
POLICY_RDLOCK;
|
||||||
context1 = sidtab_search(&sidtab, sid);
|
context1 = sidtab_search(&sidtab, sid);
|
||||||
if (!context1) {
|
if (!context1) {
|
||||||
printk(KERN_ERR "security_sid_mls_copy: unrecognized SID "
|
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
||||||
"%d\n", sid);
|
__func__, sid);
|
||||||
rc = -EINVAL;
|
rc = -EINVAL;
|
||||||
goto out_unlock;
|
goto out_unlock;
|
||||||
}
|
}
|
||||||
|
|
||||||
context2 = sidtab_search(&sidtab, mls_sid);
|
context2 = sidtab_search(&sidtab, mls_sid);
|
||||||
if (!context2) {
|
if (!context2) {
|
||||||
printk(KERN_ERR "security_sid_mls_copy: unrecognized SID "
|
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
||||||
"%d\n", mls_sid);
|
__func__, mls_sid);
|
||||||
rc = -EINVAL;
|
rc = -EINVAL;
|
||||||
goto out_unlock;
|
goto out_unlock;
|
||||||
}
|
}
|
||||||
|
@ -2131,17 +2132,15 @@ int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type,
|
||||||
|
|
||||||
nlbl_ctx = sidtab_search(&sidtab, nlbl_sid);
|
nlbl_ctx = sidtab_search(&sidtab, nlbl_sid);
|
||||||
if (!nlbl_ctx) {
|
if (!nlbl_ctx) {
|
||||||
printk(KERN_ERR
|
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
||||||
"security_sid_mls_cmp: unrecognized SID %d\n",
|
__func__, nlbl_sid);
|
||||||
nlbl_sid);
|
|
||||||
rc = -EINVAL;
|
rc = -EINVAL;
|
||||||
goto out_slowpath;
|
goto out_slowpath;
|
||||||
}
|
}
|
||||||
xfrm_ctx = sidtab_search(&sidtab, xfrm_sid);
|
xfrm_ctx = sidtab_search(&sidtab, xfrm_sid);
|
||||||
if (!xfrm_ctx) {
|
if (!xfrm_ctx) {
|
||||||
printk(KERN_ERR
|
printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
|
||||||
"security_sid_mls_cmp: unrecognized SID %d\n",
|
__func__, xfrm_sid);
|
||||||
xfrm_sid);
|
|
||||||
rc = -EINVAL;
|
rc = -EINVAL;
|
||||||
goto out_slowpath;
|
goto out_slowpath;
|
||||||
}
|
}
|
||||||
|
@ -2221,7 +2220,7 @@ int security_get_permissions(char *class, char ***perms, int *nperms)
|
||||||
|
|
||||||
match = hashtab_search(policydb.p_classes.table, class);
|
match = hashtab_search(policydb.p_classes.table, class);
|
||||||
if (!match) {
|
if (!match) {
|
||||||
printk(KERN_ERR "%s: unrecognized class %s\n",
|
printk(KERN_ERR "SELinux: %s: unrecognized class %s\n",
|
||||||
__func__, class);
|
__func__, class);
|
||||||
rc = -EINVAL;
|
rc = -EINVAL;
|
||||||
goto out;
|
goto out;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user