[PATCH 1/4] seclvl update

From: Chris Wright (chrisw@private)
Date: Fri Feb 13 2004 - 15:02:12 PST

  • Next message: Chris Wright: "[PATCH 2/4] seclvl update" 

    * Update Kconfig to better kernel Style.  Also, select SHA1 when this
  module is compiled, this way it won't be hidden if SHA1 isn't already
  selected.
* Run through Lindent, again conform to Style.

--- lsm-2.6/security/Kconfig~seclvl.fix01	2004-02-09 15:23:16.000000000 -0800
+++ lsm-2.6/security/Kconfig	2004-02-09 15:54:19.000000000 -0800
@@ -46,7 +46,8 @@
 
 config SECURITY_SECLVL
        tristate "BSD SecureLevel"
-       depends on CRYPTO_SHA1!=n && SECURITY!=n
+       depends on SECURITY
+       select CRYPTO_SHA1
        help
          Implements BSD Secure Levels as an LSM.
          Contact Michael A. Halcrow <mike@private> for support
--- lsm-2.6/security/seclvl.c~seclvl.fix00	2004-02-09 15:23:16.000000000 -0800
+++ lsm-2.6/security/seclvl.c	2004-02-09 16:09:04.000000000 -0800
@@ -237,8 +237,7 @@
  * Verifies that the requested secure level is valid, given the current
  * secure level.
  */
-int
-seclvl_sanity(int reqlvl)
+int seclvl_sanity(int reqlvl)
 {
 	if ((reqlvl < -1) || (reqlvl > 2)) {
 		seclvl_printk(1, KERN_WARNING, "Attempt to set seclvl out of "
@@ -261,8 +260,7 @@
  * Called whenever the user reads the sysfs handle to this kernel
  * object
  */
-static ssize_t
-seclvl_read_file(struct seclvl_obj *obj, char *buff)
+static ssize_t seclvl_read_file(struct seclvl_obj *obj, char *buff)
 {
 	ssize_t len = 0;
 	len = snprintf(buff, PAGE_SIZE, "%d\n", seclvl);
@@ -285,7 +283,7 @@
 	val = buff[0] - 48;
 	if (seclvl_sanity(val)) {
 		seclvl_printk(1, KERN_WARNING, "Illegal secure level "
-			      "requested: [%d]\n", (int) val);
+			      "requested: [%d]\n", (int)val);
 		return -EPERM;
 	}
 	if (do_seclvl_advance(val)) {
@@ -306,8 +304,7 @@
 /**
  * Called whenever the user reads the sysfs passwd handle.
  */
-static ssize_t
-seclvl_read_passwd(struct seclvl_obj *obj, char *buff)
+static ssize_t seclvl_read_passwd(struct seclvl_obj *obj, char *buff)
 {
 	/* So just how good *is* your password? :-) */
 	char tmp[3];
@@ -332,8 +329,7 @@
  * It would be nice if crypto had a wrapper to do this for us linear
  * people...
  */
-int
-plaintextToSha1(unsigned char *hash, const char *plaintext, int len)
+int plaintextToSha1(unsigned char *hash, const char *plaintext, int len)
 {
 	struct crypto_tfm *tfm;
 	struct scatterlist sg[1];
@@ -415,8 +411,7 @@
 /**
  * Explicitely disallow ptrace'ing the init process.
  */
-static int
-seclvl_ptrace(struct task_struct *parent, struct task_struct *child)
+static int seclvl_ptrace(struct task_struct *parent, struct task_struct *child)
 {
 	if (seclvl >= 0) {
 		if (child->pid == 1) {
@@ -433,8 +428,7 @@
  * Capability checks for seclvl.  The majority of the policy
  * enforcement for seclvl takes place here.
  */
-static int
-seclvl_capable(struct task_struct *tsk, int cap)
+static int seclvl_capable(struct task_struct *tsk, int cap)
 {
 	/* init can do anything it wants */
 	if (tsk->pid == 1) {
@@ -491,8 +485,7 @@
 /**
  * Disallow reversing the clock in seclvl > 1
  */
-static int
-seclvl_settime(struct timespec *tv, struct timezone *tz)
+static int seclvl_settime(struct timespec *tv, struct timezone *tz)
 {
 	struct timespec now;
 	if (seclvl > 1) {
@@ -511,14 +504,12 @@
 	return 0;
 }
 
-static int
-seclvl_bprm_set_security(struct linux_binprm *bprm)
+static int seclvl_bprm_set_security(struct linux_binprm *bprm)
 {
 	return 0;
 }
 
-int
-is_mounted(struct inode *inode)
+int is_mounted(struct inode *inode)
 {
 	struct super_block *sb;
 	if (S_ISBLK(inode->i_mode)) {
@@ -567,8 +558,7 @@
 /**
  * The SUID and SGID bits cannot be set in seclvl >= 1
  */
-static int
-seclvl_inode_setattr(struct dentry *dentry, struct iattr *iattr)
+static int seclvl_inode_setattr(struct dentry *dentry, struct iattr *iattr)
 {
 	if (seclvl > 0) {
 		if (iattr->ia_valid & ATTR_MODE)
@@ -587,8 +577,7 @@
 /**
  * Cannot unmount in secure level 2
  */
-static int
-seclvl_umount(struct vfsmount *mnt, int flags)
+static int seclvl_umount(struct vfsmount *mnt, int flags)
 {
 	if (current->pid == 1) {
 		return 0;
@@ -601,21 +590,18 @@
 	return 0;
 }
 
-static void
-seclvl_task_reparent_to_init(struct task_struct *p)
+static void seclvl_task_reparent_to_init(struct task_struct *p)
 {
 	p->euid = p->fsuid = 0;
 	return;
 }
 
-static int
-seclvl_register(const char *name, struct security_operations *ops)
+static int seclvl_register(const char *name, struct security_operations *ops)
 {
 	return -EINVAL;
 }
 
-static int
-seclvl_unregister(const char *name, struct security_operations *ops)
+static int seclvl_unregister(const char *name, struct security_operations *ops)
 {
 	return -EINVAL;
 }
@@ -645,8 +631,7 @@
  *   From -1, stuck.  [ in case compiled into kernel ]
  *   From 0 or above, can only increment.
  */
-int
-do_seclvl_advance(int newlvl)
+int do_seclvl_advance(int newlvl)
 {
 	if (newlvl <= seclvl) {
 		seclvl_printk(1, KERN_WARNING, "Cannot advance to seclvl "
@@ -670,8 +655,7 @@
 /**
  * Process the password-related module parameters
  */
-int
-processPassword(void)
+int processPassword(void)
 {
 	int rc = 0;
 	hashedPassword[0] = '\0';
@@ -719,8 +703,7 @@
 /**
  * Sysfs registrations
  */
-int
-doSysfsRegistrations(void)
+int doSysfsRegistrations(void)
 {
 	int rc = 0;
 	if ((rc = subsystem_register(&seclvl_subsys))) {
@@ -740,8 +723,7 @@
 /**
  * Initialize the seclvl module.
  */
-static int __init
-seclvl_init(void)
+static int __init seclvl_init(void)
 {
 	int rc = 0;
 	if (verbosity < 0 || verbosity > 1) {
@@ -793,8 +775,7 @@
 /**
  * Remove the seclvl module.
  */
-static void __exit
-seclvl_exit(void)
+static void __exit seclvl_exit(void)
 {
 	sysfs_remove_file(&seclvl_subsys.kset.kobj, &seclvlfs_seclvl_attr.attr);
 	if (plaintextPassword || sha1Password) {

    This archive was generated by hypermail 2b30 : Fri Feb 13 2004 - 15:03:19 PST