debuggers.hg
changeset 22254:e20ee3a57645
xsm/flask: Code indentation.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
| author | Keir Fraser <keir.fraser@citrix.com> |
|---|---|
| date | Wed Sep 22 18:28:16 2010 +0100 (2010-09-22) |
| parents | 20f139010445 |
| children | 50c1cc209f8f |
| files | xen/xsm/flask/avc.c xen/xsm/flask/flask_op.c xen/xsm/flask/hooks.c |
line diff
1.1 --- a/xen/xsm/flask/avc.c Wed Sep 22 18:26:01 2010 +0100 1.2 +++ b/xen/xsm/flask/avc.c Wed Sep 22 18:28:16 2010 +0100 1.3 @@ -54,18 +54,18 @@ static const char *class_to_string[] = { 1.4 1.5 static const struct av_inherit av_inherit[] = { 1.6 #define S_(c, i, b) { .tclass = c, .common_pts = common_##i##_perm_to_string, \ 1.7 - .common_base = b }, 1.8 + .common_base = b }, 1.9 #include "av_inherit.h" 1.10 #undef S_ 1.11 }; 1.12 1.13 const struct selinux_class_perm selinux_class_perm = { 1.14 - .av_perm_to_string = av_perm_to_string, 1.15 - .av_pts_len = ARRAY_SIZE(av_perm_to_string), 1.16 - .class_to_string = class_to_string, 1.17 - .cts_len = ARRAY_SIZE(class_to_string), 1.18 - .av_inherit = av_inherit, 1.19 - .av_inherit_len = ARRAY_SIZE(av_inherit) 1.20 + .av_perm_to_string = av_perm_to_string, 1.21 + .av_pts_len = ARRAY_SIZE(av_perm_to_string), 1.22 + .class_to_string = class_to_string, 1.23 + .cts_len = ARRAY_SIZE(class_to_string), 1.24 + .av_inherit = av_inherit, 1.25 + .av_inherit_len = ARRAY_SIZE(av_inherit) 1.26 }; 1.27 1.28 #define AVC_CACHE_SLOTS 512 1.29 @@ -179,7 +179,7 @@ static void avc_dump_av(u16 tclass, u32 1.30 for ( i2 = 0; i2 < ARRAY_SIZE(av_perm_to_string); i2++ ) 1.31 { 1.32 if ( (av_perm_to_string[i2].tclass == tclass) && 1.33 - (av_perm_to_string[i2].value == perm) ) 1.34 + (av_perm_to_string[i2].value == perm) ) 1.35 break; 1.36 } 1.37 if ( i2 < ARRAY_SIZE(av_perm_to_string) ) 1.38 @@ -266,7 +266,7 @@ int avc_get_hash_stats(char *buf, uint32 1.39 head = &avc_cache.slots[i]; 1.40 if ( !hlist_empty(head) ) 1.41 { 1.42 - struct hlist_node *next; 1.43 + struct hlist_node *next; 1.44 1.45 slots_used++; 1.46 chain_len = 0; 1.47 @@ -280,9 +280,9 @@ int avc_get_hash_stats(char *buf, uint32 1.48 rcu_read_unlock(&avc_rcu_lock); 1.49 1.50 return snprintf(buf, size, "entries: %d\nbuckets used: %d/%d\n" 1.51 - "longest chain: %d\n", 1.52 - atomic_read(&avc_cache.active_nodes), 1.53 - slots_used, AVC_CACHE_SLOTS, max_chain_len); 1.54 + "longest chain: %d\n", 1.55 + atomic_read(&avc_cache.active_nodes), 1.56 + slots_used, AVC_CACHE_SLOTS, max_chain_len); 1.57 } 1.58 1.59 static void avc_node_free(struct rcu_head *rhead) 1.60 @@ -333,20 +333,20 @@ static inline int avc_reclaim_node(void) 1.61 rcu_read_lock(&avc_rcu_lock); 1.62 hlist_for_each_entry(node, next, head, list) 1.63 { 1.64 - avc_node_delete(node); 1.65 - avc_cache_stats_incr(reclaims); 1.66 - ecx++; 1.67 - if ( ecx >= AVC_CACHE_RECLAIM ) 1.68 - { 1.69 - rcu_read_unlock(&avc_rcu_lock); 1.70 - spin_unlock_irqrestore(lock, flags); 1.71 - goto out; 1.72 - } 1.73 + avc_node_delete(node); 1.74 + avc_cache_stats_incr(reclaims); 1.75 + ecx++; 1.76 + if ( ecx >= AVC_CACHE_RECLAIM ) 1.77 + { 1.78 + rcu_read_unlock(&avc_rcu_lock); 1.79 + spin_unlock_irqrestore(lock, flags); 1.80 + goto out; 1.81 + } 1.82 } 1.83 rcu_read_unlock(&avc_rcu_lock); 1.84 spin_unlock_irqrestore(lock, flags); 1.85 } 1.86 -out: 1.87 + out: 1.88 return ecx; 1.89 } 1.90 1.91 @@ -367,7 +367,7 @@ static struct avc_node *avc_alloc_node(v 1.92 if ( atomic_read(&avc_cache.active_nodes) > avc_cache_threshold ) 1.93 avc_reclaim_node(); 1.94 1.95 -out: 1.96 + out: 1.97 return node; 1.98 } 1.99 1.100 @@ -392,8 +392,8 @@ static inline struct avc_node *avc_searc 1.101 hlist_for_each_entry_rcu(node, next, head, list) 1.102 { 1.103 if ( ssid == node->ae.ssid && 1.104 - tclass == node->ae.tclass && 1.105 - tsid == node->ae.tsid ) 1.106 + tclass == node->ae.tclass && 1.107 + tsid == node->ae.tsid ) 1.108 { 1.109 ret = node; 1.110 break; 1.111 @@ -510,10 +510,10 @@ static struct avc_node *avc_insert(u32 s 1.112 } 1.113 } 1.114 hlist_add_head_rcu(&node->list, head); 1.115 -found: 1.116 + found: 1.117 spin_unlock_irqrestore(lock, flag); 1.118 } 1.119 -out: 1.120 + out: 1.121 return node; 1.122 } 1.123 1.124 @@ -591,8 +591,8 @@ void avc_audit(u32 ssid, u32 tsid, u16 t 1.125 * -%ENOMEM if insufficient memory exists to add the callback. 1.126 */ 1.127 int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid, u16 tclass, 1.128 - u32 perms, u32 *out_retained), u32 events, u32 ssid, u32 tsid, 1.129 - u16 tclass, u32 perms) 1.130 + u32 perms, u32 *out_retained), u32 events, u32 ssid, u32 tsid, 1.131 + u16 tclass, u32 perms) 1.132 { 1.133 struct avc_callback_node *c; 1.134 int rc = 0; 1.135 @@ -611,7 +611,7 @@ int avc_add_callback(int (*callback)(u32 1.136 c->perms = perms; 1.137 c->next = avc_callbacks; 1.138 avc_callbacks = c; 1.139 -out: 1.140 + out: 1.141 return rc; 1.142 } 1.143 1.144 @@ -632,7 +632,7 @@ static inline int avc_sidcmp(u32 x, u32 1.145 * will release later by RCU. 1.146 */ 1.147 static int avc_update_node(u32 event, u32 perms, u32 ssid, u32 tsid, u16 tclass, 1.148 - u32 seqno) 1.149 + u32 seqno) 1.150 { 1.151 int hvalue, rc = 0; 1.152 unsigned long flag; 1.153 @@ -658,9 +658,9 @@ static int avc_update_node(u32 event, u3 1.154 hlist_for_each_entry(pos, next, head, list) 1.155 { 1.156 if ( ssid == pos->ae.ssid && 1.157 - tsid == pos->ae.tsid && 1.158 - tclass == pos->ae.tclass && 1.159 - seqno == pos->ae.avd.seqno ) 1.160 + tsid == pos->ae.tsid && 1.161 + tclass == pos->ae.tclass && 1.162 + seqno == pos->ae.avd.seqno ) 1.163 { 1.164 orig = pos; 1.165 break; 1.166 @@ -684,28 +684,28 @@ static int avc_update_node(u32 event, u3 1.167 { 1.168 case AVC_CALLBACK_GRANT: 1.169 node->ae.avd.allowed |= perms; 1.170 - break; 1.171 + break; 1.172 case AVC_CALLBACK_TRY_REVOKE: 1.173 case AVC_CALLBACK_REVOKE: 1.174 node->ae.avd.allowed &= ~perms; 1.175 - break; 1.176 + break; 1.177 case AVC_CALLBACK_AUDITALLOW_ENABLE: 1.178 node->ae.avd.auditallow |= perms; 1.179 - break; 1.180 + break; 1.181 case AVC_CALLBACK_AUDITALLOW_DISABLE: 1.182 node->ae.avd.auditallow &= ~perms; 1.183 - break; 1.184 + break; 1.185 case AVC_CALLBACK_AUDITDENY_ENABLE: 1.186 node->ae.avd.auditdeny |= perms; 1.187 - break; 1.188 + break; 1.189 case AVC_CALLBACK_AUDITDENY_DISABLE: 1.190 node->ae.avd.auditdeny &= ~perms; 1.191 - break; 1.192 + break; 1.193 } 1.194 avc_node_replace(node, orig); 1.195 -out_unlock: 1.196 + out_unlock: 1.197 spin_unlock_irqrestore(lock, flag); 1.198 -out: 1.199 + out: 1.200 return rc; 1.201 } 1.202 1.203 @@ -817,7 +817,7 @@ int avc_has_perm_noaudit(u32 ssid, u32 t 1.204 } 1.205 1.206 rcu_read_unlock(&avc_rcu_lock); 1.207 -out: 1.208 + out: 1.209 return rc; 1.210 } 1.211
2.1 --- a/xen/xsm/flask/flask_op.c Wed Sep 22 18:26:01 2010 +0100 2.2 +++ b/xen/xsm/flask/flask_op.c Wed Sep 22 18:28:16 2010 +0100 2.3 @@ -87,7 +87,7 @@ static int domain_has_security(struct do 2.4 return -EACCES; 2.5 2.6 return avc_has_perm(dsec->sid, SECINITSID_SECURITY, SECCLASS_SECURITY, 2.7 - perms, NULL); 2.8 + perms, NULL); 2.9 } 2.10 2.11 static int flask_security_user(char *buf, uint32_t size) 2.12 @@ -166,13 +166,13 @@ static int flask_security_user(char *buf 2.13 memset(buf, 0, size); 2.14 memcpy(buf, page, length); 2.15 2.16 -out3: 2.17 + out3: 2.18 xfree(sids); 2.19 -out2: 2.20 + out2: 2.21 if ( page ) 2.22 xfree(page); 2.23 xfree(user); 2.24 -out: 2.25 + out: 2.26 xfree(con); 2.27 return length; 2.28 } 2.29 @@ -232,11 +232,11 @@ static int flask_security_relabel(char * 2.30 memcpy(buf, newcon, len); 2.31 length = len; 2.32 2.33 -out3: 2.34 + out3: 2.35 xfree(newcon); 2.36 -out2: 2.37 + out2: 2.38 xfree(tcon); 2.39 -out: 2.40 + out: 2.41 xfree(scon); 2.42 return length; 2.43 } 2.44 @@ -297,11 +297,11 @@ static int flask_security_create(char *b 2.45 memcpy(buf, newcon, len); 2.46 length = len; 2.47 2.48 -out3: 2.49 + out3: 2.50 xfree(newcon); 2.51 -out2: 2.52 + out2: 2.53 xfree(tcon); 2.54 -out: 2.55 + out: 2.56 xfree(scon); 2.57 return length; 2.58 } 2.59 @@ -348,13 +348,13 @@ static int flask_security_access(char *b 2.60 2.61 memset(buf, 0, size); 2.62 length = snprintf(buf, size, "%x %x %x %x %u", 2.63 - avd.allowed, 0xffffffff, 2.64 - avd.auditallow, avd.auditdeny, 2.65 - avd.seqno); 2.66 + avd.allowed, 0xffffffff, 2.67 + avd.auditallow, avd.auditdeny, 2.68 + avd.seqno); 2.69 2.70 -out2: 2.71 + out2: 2.72 xfree(tcon); 2.73 -out: 2.74 + out: 2.75 xfree(scon); 2.76 return length; 2.77 } 2.78 @@ -406,7 +406,7 @@ static int flask_security_member(char *b 2.79 if ( len > size ) 2.80 { 2.81 printk("%s: context size (%u) exceeds payload " 2.82 - "max\n", __FUNCTION__, len); 2.83 + "max\n", __FUNCTION__, len); 2.84 length = -ERANGE; 2.85 goto out3; 2.86 } 2.87 @@ -415,11 +415,11 @@ static int flask_security_member(char *b 2.88 memcpy(buf, newcon, len); 2.89 length = len; 2.90 2.91 -out3: 2.92 + out3: 2.93 xfree(newcon); 2.94 -out2: 2.95 + out2: 2.96 xfree(tcon); 2.97 -out: 2.98 + out: 2.99 xfree(scon); 2.100 return length; 2.101 } 2.102 @@ -443,7 +443,7 @@ static int flask_security_setenforce(cha 2.103 } 2.104 length = count; 2.105 2.106 -out: 2.107 + out: 2.108 return length; 2.109 } 2.110 2.111 @@ -463,7 +463,7 @@ static int flask_security_context(char * 2.112 memset(buf, 0, count); 2.113 length = snprintf(buf, count, "%u", sid); 2.114 2.115 -out: 2.116 + out: 2.117 return length; 2.118 } 2.119 2.120 @@ -491,7 +491,7 @@ static int flask_security_sid(char *buf, 2.121 2.122 xfree(context); 2.123 2.124 -out: 2.125 + out: 2.126 return length; 2.127 } 2.128 2.129 @@ -539,7 +539,7 @@ static int flask_security_disable(char * 2.130 2.131 length = count; 2.132 2.133 -out: 2.134 + out: 2.135 return length; 2.136 } 2.137 2.138 @@ -563,7 +563,7 @@ static int flask_security_setavc_thresho 2.139 } 2.140 ret = count; 2.141 2.142 -out: 2.143 + out: 2.144 return ret; 2.145 } 2.146 2.147 @@ -590,7 +590,7 @@ static int flask_security_set_bool(char 2.148 bool_pending_values[i] = new_value; 2.149 length = count; 2.150 2.151 -out: 2.152 + out: 2.153 spin_unlock(&sel_sem); 2.154 return length; 2.155 } 2.156 @@ -615,7 +615,7 @@ static int flask_security_commit_bools(c 2.157 2.158 length = count; 2.159 2.160 -out: 2.161 + out: 2.162 spin_unlock(&sel_sem); 2.163 return length; 2.164 } 2.165 @@ -640,9 +640,9 @@ static int flask_security_get_bool(char 2.166 2.167 memset(buf, 0, count); 2.168 length = snprintf(buf, count, "%d %d", cur_enforcing, 2.169 - bool_pending_values[i]); 2.170 + bool_pending_values[i]); 2.171 2.172 -out: 2.173 + out: 2.174 spin_unlock(&sel_sem); 2.175 return length; 2.176 } 2.177 @@ -663,7 +663,7 @@ static int flask_security_make_bools(voi 2.178 bool_num = num; 2.179 bool_pending_values = values; 2.180 2.181 -out: 2.182 + out: 2.183 if ( names ) 2.184 { 2.185 for ( i = 0; i < num; i++ ) 2.186 @@ -689,7 +689,7 @@ static int flask_security_avc_cachestats 2.187 memset(page, 0, PAGE_SIZE); 2.188 2.189 len = snprintf(page, PAGE_SIZE, "lookups hits misses allocations reclaims " 2.190 - "frees\n"); 2.191 + "frees\n"); 2.192 if ( len > count ) { 2.193 length = -EINVAL; 2.194 goto out; 2.195 @@ -705,8 +705,8 @@ static int flask_security_avc_cachestats 2.196 st = &per_cpu(avc_cache_stats, cpu); 2.197 2.198 len = snprintf(page, PAGE_SIZE, "%u %u %u %u %u %u\n", st->lookups, 2.199 - st->hits, st->misses, st->allocations, 2.200 - st->reclaims, st->frees); 2.201 + st->hits, st->misses, st->allocations, 2.202 + st->reclaims, st->frees); 2.203 if ( len > count ) { 2.204 length = -EINVAL; 2.205 goto out; 2.206 @@ -717,7 +717,7 @@ static int flask_security_avc_cachestats 2.207 count -= len; 2.208 } 2.209 2.210 -out: 2.211 + out: 2.212 xfree(page); 2.213 return length; 2.214 } 2.215 @@ -745,7 +745,7 @@ static int flask_security_load(char *buf 2.216 else 2.217 length = count; 2.218 2.219 -out: 2.220 + out: 2.221 spin_unlock(&sel_sem); 2.222 return length; 2.223 } 2.224 @@ -780,7 +780,7 @@ static int flask_ocontext_del(char *buf, 2.225 } 2.226 2.227 len = security_ocontext_del(ocontext, low, high); 2.228 - out: 2.229 + out: 2.230 xfree(ocontext); 2.231 return len; 2.232 } 2.233 @@ -831,7 +831,7 @@ static int flask_ocontext_add(char *buf, 2.234 goto out; 2.235 } 2.236 len = security_ocontext_add(ocontext, low, high, sid); 2.237 -out: 2.238 + out: 2.239 xfree(ocontext); 2.240 xfree(scontext); 2.241 return len; 2.242 @@ -854,7 +854,7 @@ long do_flask_op(XEN_GUEST_HANDLE(xsm_op 2.243 return -EINVAL; 2.244 2.245 if ( (op->buf == NULL && op->size != 0) || 2.246 - (op->buf != NULL && op->size == 0) ) 2.247 + (op->buf != NULL && op->size == 0) ) 2.248 return -EINVAL; 2.249 2.250 arg = xmalloc_bytes(op->size + 1); 2.251 @@ -864,7 +864,7 @@ long do_flask_op(XEN_GUEST_HANDLE(xsm_op 2.252 memset(arg, 0, op->size + 1); 2.253 2.254 if ( (FLASK_COPY_IN&(1UL<<op->cmd)) && op->buf != NULL && 2.255 - copy_from_guest(arg, guest_handle_from_ptr(op->buf, char), op->size) ) 2.256 + copy_from_guest(arg, guest_handle_from_ptr(op->buf, char), op->size) ) 2.257 { 2.258 rc = -EFAULT; 2.259 goto out; 2.260 @@ -1020,7 +1020,7 @@ long do_flask_op(XEN_GUEST_HANDLE(xsm_op 2.261 } 2.262 2.263 if ( (FLASK_COPY_OUT&(1UL<<op->cmd)) && op->buf != NULL && 2.264 - copy_to_guest(guest_handle_from_ptr(op->buf, char), arg, op->size) ) 2.265 + copy_to_guest(guest_handle_from_ptr(op->buf, char), arg, op->size) ) 2.266 { 2.267 rc = -EFAULT; 2.268 goto out; 2.269 @@ -1030,7 +1030,7 @@ long do_flask_op(XEN_GUEST_HANDLE(xsm_op 2.270 if ( copy_to_guest(u_flask_op, op, 1) ) 2.271 rc = -EFAULT; 2.272 2.273 -out: 2.274 + out: 2.275 xfree(arg); 2.276 return rc; 2.277 }
3.1 --- a/xen/xsm/flask/hooks.c Wed Sep 22 18:26:01 2010 +0100 3.2 +++ b/xen/xsm/flask/hooks.c Wed Sep 22 18:28:16 2010 +0100 3.3 @@ -1,4 +1,4 @@ 3.4 - /* 3.5 +/* 3.6 * This file contains the Flask hook function implementations for Xen. 3.7 * 3.8 * Author: George Coker, <gscoker@alpha.ncsc.mil> 3.9 @@ -32,7 +32,7 @@ 3.10 struct xsm_operations *original_ops = NULL; 3.11 3.12 static int domain_has_perm(struct domain *dom1, struct domain *dom2, 3.13 - u16 class, u32 perms) 3.14 + u16 class, u32 perms) 3.15 { 3.16 struct domain_security_struct *dsec1, *dsec2; 3.17 3.18 @@ -102,7 +102,7 @@ static void flask_domain_free_security(s 3.19 } 3.20 3.21 static int flask_evtchn_unbound(struct domain *d1, struct evtchn *chn, 3.22 - domid_t id2) 3.23 + domid_t id2) 3.24 { 3.25 u32 newsid; 3.26 int rc; 3.27 @@ -126,7 +126,7 @@ static int flask_evtchn_unbound(struct d 3.28 3.29 dsec2 = d2->ssid; 3.30 rc = security_transition_sid(dsec1->sid, dsec2->sid, SECCLASS_EVENT, 3.31 - &newsid); 3.32 + &newsid); 3.33 if ( rc ) 3.34 goto out; 3.35 3.36 @@ -140,13 +140,13 @@ static int flask_evtchn_unbound(struct d 3.37 else 3.38 esec->sid = newsid; 3.39 3.40 -out: 3.41 + out: 3.42 put_domain(d2); 3.43 return rc; 3.44 } 3.45 3.46 static int flask_evtchn_interdomain(struct domain *d1, struct evtchn *chn1, 3.47 - struct domain *d2, struct evtchn *chn2) 3.48 + struct domain *d2, struct evtchn *chn2) 3.49 { 3.50 u32 newsid1; 3.51 u32 newsid2; 3.52 @@ -161,11 +161,11 @@ static int flask_evtchn_interdomain(stru 3.53 esec2 = chn2->ssid; 3.54 3.55 rc = security_transition_sid(dsec1->sid, dsec2->sid, 3.56 - SECCLASS_EVENT, &newsid1); 3.57 + SECCLASS_EVENT, &newsid1); 3.58 if ( rc ) 3.59 { 3.60 printk("%s: security_transition_sid failed, rc=%d (domain=%d)\n", 3.61 - __FUNCTION__, -rc, d2->domain_id); 3.62 + __FUNCTION__, -rc, d2->domain_id); 3.63 return rc; 3.64 } 3.65 3.66 @@ -174,11 +174,11 @@ static int flask_evtchn_interdomain(stru 3.67 return rc; 3.68 3.69 rc = security_transition_sid(dsec2->sid, dsec1->sid, 3.70 - SECCLASS_EVENT, &newsid2); 3.71 + SECCLASS_EVENT, &newsid2); 3.72 if ( rc ) 3.73 { 3.74 printk("%s: security_transition_sid failed, rc=%d (domain=%d)\n", 3.75 - __FUNCTION__, -rc, d1->domain_id); 3.76 + __FUNCTION__, -rc, d1->domain_id); 3.77 return rc; 3.78 } 3.79 3.80 @@ -216,11 +216,11 @@ static int flask_evtchn_send(struct doma 3.81 { 3.82 case ECS_INTERDOMAIN: 3.83 rc = domain_has_evtchn(d, chn, EVENT__SEND); 3.84 - break; 3.85 + break; 3.86 case ECS_IPI: 3.87 case ECS_UNBOUND: 3.88 rc = 0; 3.89 - break; 3.90 + break; 3.91 default: 3.92 rc = -EPERM; 3.93 } 3.94 @@ -274,7 +274,7 @@ static void flask_free_security_evtchn(s 3.95 } 3.96 3.97 static int flask_grant_mapref(struct domain *d1, struct domain *d2, 3.98 - uint32_t flags) 3.99 + uint32_t flags) 3.100 { 3.101 u32 perms = GRANT__MAP_READ; 3.102 3.103 @@ -327,20 +327,20 @@ static int get_page_sid(struct page_info 3.104 3.105 switch ( d->domain_id ) 3.106 { 3.107 - case DOMID_IO: 3.108 - /*A tracked IO page?*/ 3.109 - *sid = SECINITSID_DOMIO; 3.110 + case DOMID_IO: 3.111 + /*A tracked IO page?*/ 3.112 + *sid = SECINITSID_DOMIO; 3.113 break; 3.114 3.115 - case DOMID_XEN: 3.116 - /*A page from Xen's private heap?*/ 3.117 - *sid = SECINITSID_DOMXEN; 3.118 + case DOMID_XEN: 3.119 + /*A page from Xen's private heap?*/ 3.120 + *sid = SECINITSID_DOMXEN; 3.121 break; 3.122 3.123 - default: 3.124 - /*Pages are implicitly labeled by domain ownership!*/ 3.125 - dsec = d->ssid; 3.126 - *sid = dsec ? dsec->sid : SECINITSID_UNLABELED; 3.127 + default: 3.128 + /*Pages are implicitly labeled by domain ownership!*/ 3.129 + dsec = d->ssid; 3.130 + *sid = dsec ? dsec->sid : SECINITSID_UNLABELED; 3.131 break; 3.132 } 3.133 3.134 @@ -397,14 +397,14 @@ static int flask_console_io(struct domai 3.135 3.136 switch ( cmd ) 3.137 { 3.138 - case CONSOLEIO_read: 3.139 - perm = XEN__READCONSOLE; 3.140 + case CONSOLEIO_read: 3.141 + perm = XEN__READCONSOLE; 3.142 break; 3.143 - case CONSOLEIO_write: 3.144 - perm = XEN__WRITECONSOLE; 3.145 + case CONSOLEIO_write: 3.146 + perm = XEN__WRITECONSOLE; 3.147 break; 3.148 - default: 3.149 - return -EPERM; 3.150 + default: 3.151 + return -EPERM; 3.152 } 3.153 3.154 return domain_has_xen(d, perm); 3.155 @@ -416,27 +416,27 @@ static int flask_profile(struct domain * 3.156 3.157 switch ( op ) 3.158 { 3.159 - case XENOPROF_init: 3.160 - case XENOPROF_enable_virq: 3.161 - case XENOPROF_disable_virq: 3.162 - case XENOPROF_get_buffer: 3.163 - perm = XEN__NONPRIVPROFILE; 3.164 + case XENOPROF_init: 3.165 + case XENOPROF_enable_virq: 3.166 + case XENOPROF_disable_virq: 3.167 + case XENOPROF_get_buffer: 3.168 + perm = XEN__NONPRIVPROFILE; 3.169 break; 3.170 - case XENOPROF_reset_active_list: 3.171 - case XENOPROF_reset_passive_list: 3.172 - case XENOPROF_set_active: 3.173 - case XENOPROF_set_passive: 3.174 - case XENOPROF_reserve_counters: 3.175 - case XENOPROF_counter: 3.176 - case XENOPROF_setup_events: 3.177 - case XENOPROF_start: 3.178 - case XENOPROF_stop: 3.179 - case XENOPROF_release_counters: 3.180 - case XENOPROF_shutdown: 3.181 - perm = XEN__PRIVPROFILE; 3.182 + case XENOPROF_reset_active_list: 3.183 + case XENOPROF_reset_passive_list: 3.184 + case XENOPROF_set_active: 3.185 + case XENOPROF_set_passive: 3.186 + case XENOPROF_reserve_counters: 3.187 + case XENOPROF_counter: 3.188 + case XENOPROF_setup_events: 3.189 + case XENOPROF_start: 3.190 + case XENOPROF_stop: 3.191 + case XENOPROF_release_counters: 3.192 + case XENOPROF_shutdown: 3.193 + perm = XEN__PRIVPROFILE; 3.194 break; 3.195 - default: 3.196 - return -EPERM; 3.197 + default: 3.198 + return -EPERM; 3.199 } 3.200 3.201 return domain_has_xen(d, perm); 3.202 @@ -453,7 +453,7 @@ static int flask_schedop_shutdown(struct 3.203 } 3.204 3.205 static void flask_security_domaininfo(struct domain *d, 3.206 - struct xen_domctl_getdomaininfo *info) 3.207 + struct xen_domctl_getdomaininfo *info) 3.208 { 3.209 struct domain_security_struct *dsec; 3.210 3.211 @@ -464,7 +464,7 @@ static void flask_security_domaininfo(st 3.212 static int flask_setvcpucontext(struct domain *d) 3.213 { 3.214 return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, 3.215 - DOMAIN__SETVCPUCONTEXT); 3.216 + DOMAIN__SETVCPUCONTEXT); 3.217 } 3.218 3.219 static int flask_pausedomain(struct domain *d) 3.220 @@ -491,21 +491,21 @@ static int flask_domain_create(struct do 3.221 dsec1 = current->domain->ssid; 3.222 3.223 if ( dsec1->create_sid == SECSID_NULL ) 3.224 - dsec1->create_sid = ssidref; 3.225 + dsec1->create_sid = ssidref; 3.226 3.227 - rc = avc_has_perm(dsec1->sid, dsec1->create_sid, SECCLASS_DOMAIN, 3.228 - DOMAIN__CREATE, NULL); 3.229 - if ( rc ) 3.230 + rc = avc_has_perm(dsec1->sid, dsec1->create_sid, SECCLASS_DOMAIN, 3.231 + DOMAIN__CREATE, NULL); 3.232 + if ( rc ) 3.233 { 3.234 - dsec1->create_sid = SECSID_NULL; 3.235 - return rc; 3.236 + dsec1->create_sid = SECSID_NULL; 3.237 + return rc; 3.238 } 3.239 3.240 dsec2 = d->ssid; 3.241 dsec2->sid = dsec1->create_sid; 3.242 3.243 - dsec1->create_sid = SECSID_NULL; 3.244 - dsec2->create_sid = SECSID_NULL; 3.245 + dsec1->create_sid = SECSID_NULL; 3.246 + dsec2->create_sid = SECSID_NULL; 3.247 3.248 return rc; 3.249 } 3.250 @@ -513,13 +513,13 @@ static int flask_domain_create(struct do 3.251 static int flask_max_vcpus(struct domain *d) 3.252 { 3.253 return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, 3.254 - DOMAIN__MAX_VCPUS); 3.255 + DOMAIN__MAX_VCPUS); 3.256 } 3.257 3.258 static int flask_destroydomain(struct domain *d) 3.259 { 3.260 return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, 3.261 - DOMAIN__DESTROY); 3.262 + DOMAIN__DESTROY); 3.263 } 3.264 3.265 static int flask_vcpuaffinity(int cmd, struct domain *d) 3.266 @@ -528,14 +528,14 @@ static int flask_vcpuaffinity(int cmd, s 3.267 3.268 switch ( cmd ) 3.269 { 3.270 - case XEN_DOMCTL_setvcpuaffinity: 3.271 - perm = DOMAIN__SETVCPUAFFINITY; 3.272 + case XEN_DOMCTL_setvcpuaffinity: 3.273 + perm = DOMAIN__SETVCPUAFFINITY; 3.274 break; 3.275 - case XEN_DOMCTL_getvcpuaffinity: 3.276 - perm = DOMAIN__GETVCPUAFFINITY; 3.277 + case XEN_DOMCTL_getvcpuaffinity: 3.278 + perm = DOMAIN__GETVCPUAFFINITY; 3.279 break; 3.280 - default: 3.281 - return -EPERM; 3.282 + default: 3.283 + return -EPERM; 3.284 } 3.285 3.286 return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, perm ); 3.287 @@ -550,25 +550,25 @@ static int flask_scheduler(struct domain 3.288 return rc; 3.289 3.290 return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, 3.291 - DOMAIN__SCHEDULER); 3.292 + DOMAIN__SCHEDULER); 3.293 } 3.294 3.295 static int flask_getdomaininfo(struct domain *d) 3.296 { 3.297 return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, 3.298 - DOMAIN__GETDOMAININFO); 3.299 + DOMAIN__GETDOMAININFO); 3.300 } 3.301 3.302 static int flask_getvcpucontext(struct domain *d) 3.303 { 3.304 return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, 3.305 - DOMAIN__GETVCPUCONTEXT); 3.306 + DOMAIN__GETVCPUCONTEXT); 3.307 } 3.308 3.309 static int flask_getvcpuinfo(struct domain *d) 3.310 { 3.311 return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, 3.312 - DOMAIN__GETVCPUINFO); 3.313 + DOMAIN__GETVCPUINFO); 3.314 } 3.315 3.316 static int flask_domain_settime(struct domain *d) 3.317 @@ -604,19 +604,19 @@ static int flask_sched_id(void) 3.318 static int flask_setdomainmaxmem(struct domain *d) 3.319 { 3.320 return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, 3.321 - DOMAIN__SETDOMAINMAXMEM); 3.322 + DOMAIN__SETDOMAINMAXMEM); 3.323 } 3.324 3.325 static int flask_setdomainhandle(struct domain *d) 3.326 { 3.327 return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, 3.328 - DOMAIN__SETDOMAINHANDLE); 3.329 + DOMAIN__SETDOMAINHANDLE); 3.330 } 3.331 3.332 static int flask_setdebugging(struct domain *d) 3.333 { 3.334 return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, 3.335 - DOMAIN__SETDEBUGGING); 3.336 + DOMAIN__SETDEBUGGING); 3.337 } 3.338 3.339 static int flask_debug_keys(void) 3.340 @@ -652,7 +652,7 @@ static int irq_has_perm(struct domain *d 3.341 struct avc_audit_data ad; 3.342 3.343 rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE, 3.344 - resource_to_perm(access)); 3.345 + resource_to_perm(access)); 3.346 3.347 if ( rc ) 3.348 return rc; 3.349 @@ -678,7 +678,7 @@ static int irq_has_perm(struct domain *d 3.350 3.351 if ( access ) 3.352 return avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE, 3.353 - RESOURCE__USE, &ad); 3.354 + RESOURCE__USE, &ad); 3.355 else 3.356 return rc; 3.357 } 3.358 @@ -693,7 +693,7 @@ static int iomem_has_perm(struct domain 3.359 struct avc_audit_data ad; 3.360 3.361 rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE, 3.362 - resource_to_perm(access)); 3.363 + resource_to_perm(access)); 3.364 if ( rc ) 3.365 return rc; 3.366 3.367 @@ -718,7 +718,7 @@ static int iomem_has_perm(struct domain 3.368 return rc; 3.369 3.370 return avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE, 3.371 - RESOURCE__USE, &ad); 3.372 + RESOURCE__USE, &ad); 3.373 } 3.374 3.375 static int flask_perfcontrol(void) 3.376 @@ -733,23 +733,23 @@ static int flask_shadow_control(struct d 3.377 3.378 switch ( op ) 3.379 { 3.380 - case XEN_DOMCTL_SHADOW_OP_OFF: 3.381 - perm = SHADOW__DISABLE; 3.382 + case XEN_DOMCTL_SHADOW_OP_OFF: 3.383 + perm = SHADOW__DISABLE; 3.384 break; 3.385 - case XEN_DOMCTL_SHADOW_OP_ENABLE: 3.386 - case XEN_DOMCTL_SHADOW_OP_ENABLE_TEST: 3.387 - case XEN_DOMCTL_SHADOW_OP_ENABLE_TRANSLATE: 3.388 - case XEN_DOMCTL_SHADOW_OP_GET_ALLOCATION: 3.389 - case XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION: 3.390 - perm = SHADOW__ENABLE; 3.391 + case XEN_DOMCTL_SHADOW_OP_ENABLE: 3.392 + case XEN_DOMCTL_SHADOW_OP_ENABLE_TEST: 3.393 + case XEN_DOMCTL_SHADOW_OP_ENABLE_TRANSLATE: 3.394 + case XEN_DOMCTL_SHADOW_OP_GET_ALLOCATION: 3.395 + case XEN_DOMCTL_SHADOW_OP_SET_ALLOCATION: 3.396 + perm = SHADOW__ENABLE; 3.397 break; 3.398 - case XEN_DOMCTL_SHADOW_OP_ENABLE_LOGDIRTY: 3.399 - case XEN_DOMCTL_SHADOW_OP_PEEK: 3.400 - case XEN_DOMCTL_SHADOW_OP_CLEAN: 3.401 - perm = SHADOW__LOGDIRTY; 3.402 + case XEN_DOMCTL_SHADOW_OP_ENABLE_LOGDIRTY: 3.403 + case XEN_DOMCTL_SHADOW_OP_PEEK: 3.404 + case XEN_DOMCTL_SHADOW_OP_CLEAN: 3.405 + perm = SHADOW__LOGDIRTY; 3.406 break; 3.407 - default: 3.408 - return -EPERM; 3.409 + default: 3.410 + return -EPERM; 3.411 } 3.412 3.413 return domain_has_perm(current->domain, d, SECCLASS_SHADOW, perm); 3.414 @@ -765,7 +765,7 @@ static int ioport_has_perm(struct domain 3.415 struct domain_security_struct *ssec, *tsec; 3.416 3.417 rc = domain_has_perm(current->domain, d, SECCLASS_RESOURCE, 3.418 - resource_to_perm(access)); 3.419 + resource_to_perm(access)); 3.420 3.421 if ( rc ) 3.422 return rc; 3.423 @@ -791,7 +791,7 @@ static int ioport_has_perm(struct domain 3.424 3.425 if ( access ) 3.426 return avc_has_perm(tsec->sid, rsid, SECCLASS_RESOURCE, 3.427 - RESOURCE__USE, &ad); 3.428 + RESOURCE__USE, &ad); 3.429 else 3.430 return rc; 3.431 } 3.432 @@ -819,7 +819,7 @@ static int flask_getmemlist(struct domai 3.433 static int flask_hypercall_init(struct domain *d) 3.434 { 3.435 return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, 3.436 - DOMAIN__HYPERCALL); 3.437 + DOMAIN__HYPERCALL); 3.438 } 3.439 3.440 static int flask_hvmcontext(struct domain *d, uint32_t cmd) 3.441 @@ -828,15 +828,15 @@ static int flask_hvmcontext(struct domai 3.442 3.443 switch ( cmd ) 3.444 { 3.445 - case XEN_DOMCTL_sethvmcontext: 3.446 - perm = HVM__SETHVMC; 3.447 + case XEN_DOMCTL_sethvmcontext: 3.448 + perm = HVM__SETHVMC; 3.449 break; 3.450 - case XEN_DOMCTL_gethvmcontext: 3.451 - case XEN_DOMCTL_gethvmcontext_partial: 3.452 - perm = HVM__GETHVMC; 3.453 + case XEN_DOMCTL_gethvmcontext: 3.454 + case XEN_DOMCTL_gethvmcontext_partial: 3.455 + perm = HVM__GETHVMC; 3.456 break; 3.457 - default: 3.458 - return -EPERM; 3.459 + default: 3.460 + return -EPERM; 3.461 } 3.462 3.463 return domain_has_perm(current->domain, d, SECCLASS_HVM, perm); 3.464 @@ -848,14 +848,14 @@ static int flask_address_size(struct dom 3.465 3.466 switch ( cmd ) 3.467 { 3.468 - case XEN_DOMCTL_set_address_size: 3.469 - perm = DOMAIN__SETADDRSIZE; 3.470 + case XEN_DOMCTL_set_address_size: 3.471 + perm = DOMAIN__SETADDRSIZE; 3.472 break; 3.473 - case XEN_DOMCTL_get_address_size: 3.474 - perm = DOMAIN__GETADDRSIZE; 3.475 + case XEN_DOMCTL_get_address_size: 3.476 + perm = DOMAIN__GETADDRSIZE; 3.477 break; 3.478 - default: 3.479 - return -EPERM; 3.480 + default: 3.481 + return -EPERM; 3.482 } 3.483 3.484 return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, perm); 3.485 @@ -867,14 +867,14 @@ static int flask_hvm_param(struct domain 3.486 3.487 switch ( op ) 3.488 { 3.489 - case HVMOP_set_param: 3.490 - perm = HVM__SETPARAM; 3.491 + case HVMOP_set_param: 3.492 + perm = HVM__SETPARAM; 3.493 break; 3.494 - case HVMOP_get_param: 3.495 - perm = HVM__GETPARAM; 3.496 + case HVMOP_get_param: 3.497 + perm = HVM__GETPARAM; 3.498 break; 3.499 - default: 3.500 - return -EPERM; 3.501 + default: 3.502 + return -EPERM; 3.503 } 3.504 3.505 return domain_has_perm(current->domain, d, SECCLASS_HVM, perm); 3.506 @@ -901,14 +901,14 @@ static int flask_apic(struct domain *d, 3.507 3.508 switch ( cmd ) 3.509 { 3.510 - case PHYSDEVOP_APIC_READ: 3.511 - perm = XEN__READAPIC; 3.512 + case PHYSDEVOP_APIC_READ: 3.513 + perm = XEN__READAPIC; 3.514 break; 3.515 - case PHYSDEVOP_APIC_WRITE: 3.516 - perm = XEN__WRITEAPIC; 3.517 + case PHYSDEVOP_APIC_WRITE: 3.518 + perm = XEN__WRITEAPIC; 3.519 break; 3.520 - default: 3.521 - return -EPERM; 3.522 + default: 3.523 + return -EPERM; 3.524 } 3.525 3.526 return domain_has_xen(d, perm); 3.527 @@ -937,17 +937,17 @@ static int flask_memtype(uint32_t access 3.528 3.529 switch ( access ) 3.530 { 3.531 - case XENPF_add_memtype: 3.532 - perm = XEN__MTRR_ADD; 3.533 + case XENPF_add_memtype: 3.534 + perm = XEN__MTRR_ADD; 3.535 break; 3.536 - case XENPF_del_memtype: 3.537 - perm = XEN__MTRR_DEL; 3.538 + case XENPF_del_memtype: 3.539 + perm = XEN__MTRR_DEL; 3.540 break; 3.541 - case XENPF_read_memtype: 3.542 - perm = XEN__MTRR_READ; 3.543 + case XENPF_read_memtype: 3.544 + perm = XEN__MTRR_READ; 3.545 break; 3.546 - default: 3.547 - return -EPERM; 3.548 + default: 3.549 + return -EPERM; 3.550 } 3.551 3.552 return domain_has_xen(current->domain, perm); 3.553 @@ -969,7 +969,7 @@ static int flask_platform_quirk(uint32_t 3.554 dsec = current->domain->ssid; 3.555 3.556 return avc_has_perm(dsec->sid, SECINITSID_XEN, SECCLASS_XEN, 3.557 - XEN__QUIRK, NULL); 3.558 + XEN__QUIRK, NULL); 3.559 } 3.560 3.561 static int flask_firmware_info(void) 3.562 @@ -998,7 +998,7 @@ static int flask_machine_memory_map(void 3.563 dsec = current->domain->ssid; 3.564 3.565 return avc_has_perm(dsec->sid, SECINITSID_XEN, SECCLASS_MMU, 3.566 - MMU__MEMORYMAP, NULL); 3.567 + MMU__MEMORYMAP, NULL); 3.568 } 3.569 3.570 static int flask_domain_memory_map(struct domain *d) 3.571 @@ -1007,7 +1007,7 @@ static int flask_domain_memory_map(struc 3.572 } 3.573 3.574 static int flask_mmu_normal_update(struct domain *d, struct domain *f, 3.575 - intpte_t fpte) 3.576 + intpte_t fpte) 3.577 { 3.578 int rc = 0; 3.579 u32 map_perms = MMU__MAP_READ; 3.580 @@ -1044,7 +1044,7 @@ static int flask_mmu_machphys_update(str 3.581 } 3.582 3.583 static int flask_update_va_mapping(struct domain *d, struct domain *f, 3.584 - l1_pgentry_t pte) 3.585 + l1_pgentry_t pte) 3.586 { 3.587 int rc = 0; 3.588 u32 psid; 3.589 @@ -1165,14 +1165,14 @@ static int flask_ext_vcpucontext (struct 3.590 3.591 switch ( cmd ) 3.592 { 3.593 - case XEN_DOMCTL_set_ext_vcpucontext: 3.594 - perm = DOMAIN__SETEXTVCPUCONTEXT; 3.595 + case XEN_DOMCTL_set_ext_vcpucontext: 3.596 + perm = DOMAIN__SETEXTVCPUCONTEXT; 3.597 break; 3.598 - case XEN_DOMCTL_get_ext_vcpucontext: 3.599 - perm = DOMAIN__GETEXTVCPUCONTEXT; 3.600 + case XEN_DOMCTL_get_ext_vcpucontext: 3.601 + perm = DOMAIN__GETEXTVCPUCONTEXT; 3.602 break; 3.603 - default: 3.604 - return -EPERM; 3.605 + default: 3.606 + return -EPERM; 3.607 } 3.608 3.609 return domain_has_perm(current->domain, d, SECCLASS_DOMAIN, perm); 3.610 @@ -1180,7 +1180,7 @@ static int flask_ext_vcpucontext (struct 3.611 #endif 3.612 3.613 static int io_has_perm(struct domain *d, char *name, unsigned long s, 3.614 - unsigned long e, u32 access) 3.615 + unsigned long e, u32 access) 3.616 { 3.617 int rc = -EPERM; 3.618 3.619 @@ -1218,13 +1218,13 @@ static int io_has_perm(struct domain *d, 3.620 } 3.621 3.622 static int flask_add_range(struct domain *d, char *name, unsigned long s, 3.623 - unsigned long e) 3.624 + unsigned long e) 3.625 { 3.626 return io_has_perm(d, name, s, e, 1); 3.627 } 3.628 3.629 static int flask_remove_range(struct domain *d, char *name, unsigned long s, 3.630 - unsigned long e) 3.631 + unsigned long e) 3.632 { 3.633 return io_has_perm(d, name, s, e, 0); 3.634 } 3.635 @@ -1335,7 +1335,8 @@ static __init int flask_init(void) 3.636 { 3.637 int ret = 0; 3.638 3.639 - if ( !flask_enabled ) { 3.640 + if ( !flask_enabled ) 3.641 + { 3.642 printk("Flask: Disabled at boot.\n"); 3.643 return 0; 3.644 }