[PATCH 1/4] seclvl update

From: Chris Wright (chrisw@private)
Date: Fri Feb 13 2004 - 15:02:12 PST

  • Next message: Chris Wright: "[PATCH 2/4] seclvl update"

    * Update Kconfig to better kernel Style.  Also, select SHA1 when this
      module is compiled, this way it won't be hidden if SHA1 isn't already
      selected.
    * Run through Lindent, again conform to Style.
    
    --- lsm-2.6/security/Kconfig~seclvl.fix01	2004-02-09 15:23:16.000000000 -0800
    +++ lsm-2.6/security/Kconfig	2004-02-09 15:54:19.000000000 -0800
    @@ -46,7 +46,8 @@
     
     config SECURITY_SECLVL
            tristate "BSD SecureLevel"
    -       depends on CRYPTO_SHA1!=n && SECURITY!=n
    +       depends on SECURITY
    +       select CRYPTO_SHA1
            help
              Implements BSD Secure Levels as an LSM.
              Contact Michael A. Halcrow <mike@private> for support
    --- lsm-2.6/security/seclvl.c~seclvl.fix00	2004-02-09 15:23:16.000000000 -0800
    +++ lsm-2.6/security/seclvl.c	2004-02-09 16:09:04.000000000 -0800
    @@ -237,8 +237,7 @@
      * Verifies that the requested secure level is valid, given the current
      * secure level.
      */
    -int
    -seclvl_sanity(int reqlvl)
    +int seclvl_sanity(int reqlvl)
     {
     	if ((reqlvl < -1) || (reqlvl > 2)) {
     		seclvl_printk(1, KERN_WARNING, "Attempt to set seclvl out of "
    @@ -261,8 +260,7 @@
      * Called whenever the user reads the sysfs handle to this kernel
      * object
      */
    -static ssize_t
    -seclvl_read_file(struct seclvl_obj *obj, char *buff)
    +static ssize_t seclvl_read_file(struct seclvl_obj *obj, char *buff)
     {
     	ssize_t len = 0;
     	len = snprintf(buff, PAGE_SIZE, "%d\n", seclvl);
    @@ -285,7 +283,7 @@
     	val = buff[0] - 48;
     	if (seclvl_sanity(val)) {
     		seclvl_printk(1, KERN_WARNING, "Illegal secure level "
    -			      "requested: [%d]\n", (int) val);
    +			      "requested: [%d]\n", (int)val);
     		return -EPERM;
     	}
     	if (do_seclvl_advance(val)) {
    @@ -306,8 +304,7 @@
     /**
      * Called whenever the user reads the sysfs passwd handle.
      */
    -static ssize_t
    -seclvl_read_passwd(struct seclvl_obj *obj, char *buff)
    +static ssize_t seclvl_read_passwd(struct seclvl_obj *obj, char *buff)
     {
     	/* So just how good *is* your password? :-) */
     	char tmp[3];
    @@ -332,8 +329,7 @@
      * It would be nice if crypto had a wrapper to do this for us linear
      * people...
      */
    -int
    -plaintextToSha1(unsigned char *hash, const char *plaintext, int len)
    +int plaintextToSha1(unsigned char *hash, const char *plaintext, int len)
     {
     	struct crypto_tfm *tfm;
     	struct scatterlist sg[1];
    @@ -415,8 +411,7 @@
     /**
      * Explicitely disallow ptrace'ing the init process.
      */
    -static int
    -seclvl_ptrace(struct task_struct *parent, struct task_struct *child)
    +static int seclvl_ptrace(struct task_struct *parent, struct task_struct *child)
     {
     	if (seclvl >= 0) {
     		if (child->pid == 1) {
    @@ -433,8 +428,7 @@
      * Capability checks for seclvl.  The majority of the policy
      * enforcement for seclvl takes place here.
      */
    -static int
    -seclvl_capable(struct task_struct *tsk, int cap)
    +static int seclvl_capable(struct task_struct *tsk, int cap)
     {
     	/* init can do anything it wants */
     	if (tsk->pid == 1) {
    @@ -491,8 +485,7 @@
     /**
      * Disallow reversing the clock in seclvl > 1
      */
    -static int
    -seclvl_settime(struct timespec *tv, struct timezone *tz)
    +static int seclvl_settime(struct timespec *tv, struct timezone *tz)
     {
     	struct timespec now;
     	if (seclvl > 1) {
    @@ -511,14 +504,12 @@
     	return 0;
     }
     
    -static int
    -seclvl_bprm_set_security(struct linux_binprm *bprm)
    +static int seclvl_bprm_set_security(struct linux_binprm *bprm)
     {
     	return 0;
     }
     
    -int
    -is_mounted(struct inode *inode)
    +int is_mounted(struct inode *inode)
     {
     	struct super_block *sb;
     	if (S_ISBLK(inode->i_mode)) {
    @@ -567,8 +558,7 @@
     /**
      * The SUID and SGID bits cannot be set in seclvl >= 1
      */
    -static int
    -seclvl_inode_setattr(struct dentry *dentry, struct iattr *iattr)
    +static int seclvl_inode_setattr(struct dentry *dentry, struct iattr *iattr)
     {
     	if (seclvl > 0) {
     		if (iattr->ia_valid & ATTR_MODE)
    @@ -587,8 +577,7 @@
     /**
      * Cannot unmount in secure level 2
      */
    -static int
    -seclvl_umount(struct vfsmount *mnt, int flags)
    +static int seclvl_umount(struct vfsmount *mnt, int flags)
     {
     	if (current->pid == 1) {
     		return 0;
    @@ -601,21 +590,18 @@
     	return 0;
     }
     
    -static void
    -seclvl_task_reparent_to_init(struct task_struct *p)
    +static void seclvl_task_reparent_to_init(struct task_struct *p)
     {
     	p->euid = p->fsuid = 0;
     	return;
     }
     
    -static int
    -seclvl_register(const char *name, struct security_operations *ops)
    +static int seclvl_register(const char *name, struct security_operations *ops)
     {
     	return -EINVAL;
     }
     
    -static int
    -seclvl_unregister(const char *name, struct security_operations *ops)
    +static int seclvl_unregister(const char *name, struct security_operations *ops)
     {
     	return -EINVAL;
     }
    @@ -645,8 +631,7 @@
      *   From -1, stuck.  [ in case compiled into kernel ]
      *   From 0 or above, can only increment.
      */
    -int
    -do_seclvl_advance(int newlvl)
    +int do_seclvl_advance(int newlvl)
     {
     	if (newlvl <= seclvl) {
     		seclvl_printk(1, KERN_WARNING, "Cannot advance to seclvl "
    @@ -670,8 +655,7 @@
     /**
      * Process the password-related module parameters
      */
    -int
    -processPassword(void)
    +int processPassword(void)
     {
     	int rc = 0;
     	hashedPassword[0] = '\0';
    @@ -719,8 +703,7 @@
     /**
      * Sysfs registrations
      */
    -int
    -doSysfsRegistrations(void)
    +int doSysfsRegistrations(void)
     {
     	int rc = 0;
     	if ((rc = subsystem_register(&seclvl_subsys))) {
    @@ -740,8 +723,7 @@
     /**
      * Initialize the seclvl module.
      */
    -static int __init
    -seclvl_init(void)
    +static int __init seclvl_init(void)
     {
     	int rc = 0;
     	if (verbosity < 0 || verbosity > 1) {
    @@ -793,8 +775,7 @@
     /**
      * Remove the seclvl module.
      */
    -static void __exit
    -seclvl_exit(void)
    +static void __exit seclvl_exit(void)
     {
     	sysfs_remove_file(&seclvl_subsys.kset.kobj, &seclvlfs_seclvl_attr.attr);
     	if (plaintextPassword || sha1Password) {
    



    This archive was generated by hypermail 2b30 : Fri Feb 13 2004 - 15:03:19 PST