2018-06-12 08:11:32

by peter enderborg

[permalink] [raw]
Subject: [PATCH 00/13 selinux-next] selinux: Cleanup printk logging

This patch replaces printk with pr_* for the selinux files.
I get a lot of checkpatch warnings when doing my other work,
lets get rid of the warnings.

For the policydb.c there also a removal of KERN_CONT with
two longer prints.

I have NOT cleaned up splitting lines with long prints. I think
the current conclusion is that it is better to have long lines
that it to have splitting print lines.

There is one patch per file for this files:
conditional.c
ebitmap.c
policydb.c
avtab.c
hooks.c
avtab.c
services.c
selinuxfs.c
netlink.c
sidtab.c
netport.c
netif.c
avc.c
netnode.c



2018-06-12 08:11:47

by peter enderborg

[permalink] [raw]
Subject: [PATCH 11/13] selinux: Cleanup printk logging in netif

Replace printk with pr_* to avoid checkpatch warnings.

Signed-off-by: Peter Enderborg <[email protected]>
---
security/selinux/netif.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/security/selinux/netif.c b/security/selinux/netif.c
index ac65f7417413..8c738c189942 100644
--- a/security/selinux/netif.c
+++ b/security/selinux/netif.c
@@ -145,9 +145,8 @@ static int sel_netif_sid_slow(struct net *ns, int ifindex, u32 *sid)

dev = dev_get_by_index(ns, ifindex);
if (unlikely(dev == NULL)) {
- printk(KERN_WARNING
- "SELinux: failure in sel_netif_sid_slow(),"
- " invalid network interface (%d)\n", ifindex);
+ pr_warn("SELinux: failure in %s(), invalid network interface (%d)\n",
+ __func__, ifindex);
return -ENOENT;
}

@@ -177,10 +176,8 @@ static int sel_netif_sid_slow(struct net *ns, int ifindex, u32 *sid)
spin_unlock_bh(&sel_netif_lock);
dev_put(dev);
if (unlikely(ret)) {
- printk(KERN_WARNING
- "SELinux: failure in sel_netif_sid_slow(),"
- " unable to determine network interface label (%d)\n",
- ifindex);
+ pr_warn("SELinux: failure in %s(), unable to determine network interface label (%d)\n",
+ __func__, ifindex);
kfree(new);
}
return ret;
--
2.15.1


2018-06-12 08:11:48

by peter enderborg

[permalink] [raw]
Subject: [PATCH 13/13] selinux: Cleanup printk logging in netnode

Replace printk with pr_* to avoid checkpatch warnings.

Signed-off-by: Peter Enderborg <[email protected]>
---
security/selinux/netnode.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
index 6dd89b89bc1f..afa0d432436b 100644
--- a/security/selinux/netnode.c
+++ b/security/selinux/netnode.c
@@ -238,9 +238,8 @@ static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid)
out:
spin_unlock_bh(&sel_netnode_lock);
if (unlikely(ret)) {
- printk(KERN_WARNING
- "SELinux: failure in sel_netnode_sid_slow(),"
- " unable to determine network node label\n");
+ pr_warn("SELinux: failure in %s(), unable to determine network node label\n",
+ __func__);
kfree(new);
}
return ret;
--
2.15.1


2018-06-12 08:12:42

by peter enderborg

[permalink] [raw]
Subject: [PATCH 10/13] selinux: Cleanup printk logging in netport

Replace printk with pr_* to avoid checkpatch warnings.

Signed-off-by: Peter Enderborg <[email protected]>
---
security/selinux/netport.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/security/selinux/netport.c b/security/selinux/netport.c
index 9ed4c5064a5e..7a141cadbffc 100644
--- a/security/selinux/netport.c
+++ b/security/selinux/netport.c
@@ -173,9 +173,8 @@ static int sel_netport_sid_slow(u8 protocol, u16 pnum, u32 *sid)
out:
spin_unlock_bh(&sel_netport_lock);
if (unlikely(ret)) {
- printk(KERN_WARNING
- "SELinux: failure in sel_netport_sid_slow(),"
- " unable to determine network port label\n");
+ pr_warn("SELinux: failure in %s(), unable to determine network port label\n",
+ __func__);
kfree(new);
}
return ret;
--
2.15.1


2018-06-12 08:13:02

by peter enderborg

[permalink] [raw]
Subject: [PATCH 05/13] selinux: Cleanup printk logging in avtab

Replace printk with pr_* to avoid checkpatch warnings.

Signed-off-by: Peter Enderborg <[email protected]>
---
security/selinux/ss/avtab.c | 51 +++++++++++++++++++++++----------------------
1 file changed, 26 insertions(+), 25 deletions(-)

diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
index a2c9148b0662..c0417cf17fee 100644
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@@ -338,7 +338,7 @@ int avtab_alloc(struct avtab *h, u32 nrules)
h->nel = 0;
h->nslot = nslot;
h->mask = mask;
- printk(KERN_DEBUG "SELinux: %d avtab hash slots, %d rules.\n",
+ pr_debug("SELinux: %d avtab hash slots, %d rules.\n",
h->nslot, nrules);
return 0;
}
@@ -368,7 +368,7 @@ void avtab_hash_eval(struct avtab *h, char *tag)
}
}

- printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, "
+ pr_debug("SELinux: %s: %d entries and %d/%d buckets used, "
"longest chain length %d sum of chain length^2 %llu\n",
tag, h->nel, slots_used, h->nslot, max_chain_len,
chain2_len_sum);
@@ -407,18 +407,18 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
if (vers < POLICYDB_VERSION_AVTAB) {
rc = next_entry(buf32, fp, sizeof(u32));
if (rc) {
- printk(KERN_ERR "SELinux: avtab: truncated entry\n");
+ pr_err("SELinux: avtab: truncated entry\n");
return rc;
}
items2 = le32_to_cpu(buf32[0]);
if (items2 > ARRAY_SIZE(buf32)) {
- printk(KERN_ERR "SELinux: avtab: entry overflow\n");
+ pr_err("SELinux: avtab: entry overflow\n");
return -EINVAL;

}
rc = next_entry(buf32, fp, sizeof(u32)*items2);
if (rc) {
- printk(KERN_ERR "SELinux: avtab: truncated entry\n");
+ pr_err("SELinux: avtab: truncated entry\n");
return rc;
}
items = 0;
@@ -426,19 +426,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
val = le32_to_cpu(buf32[items++]);
key.source_type = (u16)val;
if (key.source_type != val) {
- printk(KERN_ERR "SELinux: avtab: truncated source type\n");
+ pr_err("SELinux: avtab: truncated source type\n");
return -EINVAL;
}
val = le32_to_cpu(buf32[items++]);
key.target_type = (u16)val;
if (key.target_type != val) {
- printk(KERN_ERR "SELinux: avtab: truncated target type\n");
+ pr_err("SELinux: avtab: truncated target type\n");
return -EINVAL;
}
val = le32_to_cpu(buf32[items++]);
key.target_class = (u16)val;
if (key.target_class != val) {
- printk(KERN_ERR "SELinux: avtab: truncated target class\n");
+ pr_err("SELinux: avtab: truncated target class\n");
return -EINVAL;
}

@@ -446,16 +446,16 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0;

if (!(val & (AVTAB_AV | AVTAB_TYPE))) {
- printk(KERN_ERR "SELinux: avtab: null entry\n");
+ pr_err("SELinux: avtab: null entry\n");
return -EINVAL;
}
if ((val & AVTAB_AV) &&
(val & AVTAB_TYPE)) {
- printk(KERN_ERR "SELinux: avtab: entry has both access vectors and types\n");
+ pr_err("SELinux: avtab: entry has both access vectors and types\n");
return -EINVAL;
}
if (val & AVTAB_XPERMS) {
- printk(KERN_ERR "SELinux: avtab: entry has extended permissions\n");
+ pr_err("SELinux: avtab: entry has extended permissions\n");
return -EINVAL;
}

@@ -470,7 +470,8 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
}

if (items != items2) {
- printk(KERN_ERR "SELinux: avtab: entry only had %d items, expected %d\n", items2, items);
+ pr_err("SELinux: avtab: entry only had %d items, expected %d\n",
+ items2, items);
return -EINVAL;
}
return 0;
@@ -478,7 +479,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,

rc = next_entry(buf16, fp, sizeof(u16)*4);
if (rc) {
- printk(KERN_ERR "SELinux: avtab: truncated entry\n");
+ pr_err("SELinux: avtab: truncated entry\n");
return rc;
}

@@ -491,7 +492,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
if (!policydb_type_isvalid(pol, key.source_type) ||
!policydb_type_isvalid(pol, key.target_type) ||
!policydb_class_isvalid(pol, key.target_class)) {
- printk(KERN_ERR "SELinux: avtab: invalid type or class\n");
+ pr_err("SELinux: avtab: invalid type or class\n");
return -EINVAL;
}

@@ -501,13 +502,13 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
set++;
}
if (!set || set > 1) {
- printk(KERN_ERR "SELinux: avtab: more than one specifier\n");
+ pr_err("SELinux: avtab: more than one specifier\n");
return -EINVAL;
}

if ((vers < POLICYDB_VERSION_XPERMS_IOCTL) &&
(key.specified & AVTAB_XPERMS)) {
- printk(KERN_ERR "SELinux: avtab: policy version %u does not "
+ pr_err("SELinux: avtab: policy version %u does not "
"support extended permissions rules and one "
"was specified\n", vers);
return -EINVAL;
@@ -515,17 +516,17 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
memset(&xperms, 0, sizeof(struct avtab_extended_perms));
rc = next_entry(&xperms.specified, fp, sizeof(u8));
if (rc) {
- printk(KERN_ERR "SELinux: avtab: truncated entry\n");
+ pr_err("SELinux: avtab: truncated entry\n");
return rc;
}
rc = next_entry(&xperms.driver, fp, sizeof(u8));
if (rc) {
- printk(KERN_ERR "SELinux: avtab: truncated entry\n");
+ pr_err("SELinux: avtab: truncated entry\n");
return rc;
}
rc = next_entry(buf32, fp, sizeof(u32)*ARRAY_SIZE(xperms.perms.p));
if (rc) {
- printk(KERN_ERR "SELinux: avtab: truncated entry\n");
+ pr_err("SELinux: avtab: truncated entry\n");
return rc;
}
for (i = 0; i < ARRAY_SIZE(xperms.perms.p); i++)
@@ -534,14 +535,14 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
} else {
rc = next_entry(buf32, fp, sizeof(u32));
if (rc) {
- printk(KERN_ERR "SELinux: avtab: truncated entry\n");
+ pr_err("SELinux: avtab: truncated entry\n");
return rc;
}
datum.u.data = le32_to_cpu(*buf32);
}
if ((key.specified & AVTAB_TYPE) &&
!policydb_type_isvalid(pol, datum.u.data)) {
- printk(KERN_ERR "SELinux: avtab: invalid type\n");
+ pr_err("SELinux: avtab: invalid type\n");
return -EINVAL;
}
return insertf(a, &key, &datum, p);
@@ -562,12 +563,12 @@ int avtab_read(struct avtab *a, void *fp, struct policydb *pol)

rc = next_entry(buf, fp, sizeof(u32));
if (rc < 0) {
- printk(KERN_ERR "SELinux: avtab: truncated table\n");
+ pr_err("SELinux: avtab: truncated table\n");
goto bad;
}
nel = le32_to_cpu(buf[0]);
if (!nel) {
- printk(KERN_ERR "SELinux: avtab: table is empty\n");
+ pr_err("SELinux: avtab: table is empty\n");
rc = -EINVAL;
goto bad;
}
@@ -580,9 +581,9 @@ int avtab_read(struct avtab *a, void *fp, struct policydb *pol)
rc = avtab_read_item(a, fp, pol, avtab_insertf, NULL);
if (rc) {
if (rc == -ENOMEM)
- printk(KERN_ERR "SELinux: avtab: out of memory\n");
+ pr_err("SELinux: avtab: out of memory\n");
else if (rc == -EEXIST)
- printk(KERN_ERR "SELinux: avtab: duplicate entry\n");
+ pr_err("SELinux: avtab: duplicate entry\n");

goto bad;
}
--
2.15.1


2018-06-12 08:13:04

by peter enderborg

[permalink] [raw]
Subject: [PATCH 09/13] selinux: Cleanup printk logging in sidtab

Replace printk with pr_* to avoid checkpatch warnings.

Signed-off-by: Peter Enderborg <[email protected]>
---
security/selinux/ss/sidtab.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c
index 5be31b7af225..fd75a12fa8fc 100644
--- a/security/selinux/ss/sidtab.c
+++ b/security/selinux/ss/sidtab.c
@@ -214,8 +214,7 @@ int sidtab_context_to_sid(struct sidtab *s,
}
sid = s->next_sid++;
if (context->len)
- printk(KERN_INFO
- "SELinux: Context %s is not valid (left unmapped).\n",
+ pr_info("SELinux: Context %s is not valid (left unmapped).\n",
context->str);
ret = sidtab_insert(s, sid, context);
if (ret)
@@ -253,7 +252,7 @@ void sidtab_hash_eval(struct sidtab *h, char *tag)
}
}

- printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, longest "
+ pr_debug("%s: %d entries and %d/%d buckets used, longest "
"chain length %d\n", tag, h->nel, slots_used, SIDTAB_SIZE,
max_chain_len);
}
--
2.15.1


2018-06-12 08:14:06

by peter enderborg

[permalink] [raw]
Subject: [PATCH 12/13] selinux: Cleanup printk logging in avc

Replace printk with pr_* to avoid checkpatch warnings.

Signed-off-by: Peter Enderborg <[email protected]>
---
security/selinux/avc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index f3aedf077509..635e5c1e3e48 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -650,7 +650,7 @@ static int avc_latest_notif_update(struct selinux_avc *avc,
spin_lock_irqsave(&notif_lock, flag);
if (is_insert) {
if (seqno < avc->avc_cache.latest_notif) {
- printk(KERN_WARNING "SELinux: avc: seqno %d < latest_notif %d\n",
+ pr_warn("SELinux: avc: seqno %d < latest_notif %d\n",
seqno, avc->avc_cache.latest_notif);
ret = -EAGAIN;
}
--
2.15.1


2018-06-12 08:14:06

by peter enderborg

[permalink] [raw]
Subject: [PATCH 07/13] selinux: Cleanup printk logging in selinuxfs

Replace printk with pr_* to avoid checkpatch warnings.

Signed-off-by: Peter Enderborg <[email protected]>
---
security/selinux/selinuxfs.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index c0cadbc5f85c..2adfade99945 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -620,7 +620,7 @@ static ssize_t sel_write_context(struct file *file, char *buf, size_t size)

length = -ERANGE;
if (len > SIMPLE_TRANSACTION_LIMIT) {
- printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
+ pr_err("SELinux: %s: context size (%u) exceeds "
"payload max\n", __func__, len);
goto out;
}
@@ -956,7 +956,7 @@ static ssize_t sel_write_create(struct file *file, char *buf, size_t size)

length = -ERANGE;
if (len > SIMPLE_TRANSACTION_LIMIT) {
- printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
+ pr_err("SELinux: %s: context size (%u) exceeds "
"payload max\n", __func__, len);
goto out;
}
@@ -1147,7 +1147,7 @@ static ssize_t sel_write_member(struct file *file, char *buf, size_t size)

length = -ERANGE;
if (len > SIMPLE_TRANSACTION_LIMIT) {
- printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
+ pr_err("SELinux: %s: context size (%u) exceeds "
"payload max\n", __func__, len);
goto out;
}
@@ -1996,7 +1996,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent)
goto err;
return 0;
err:
- printk(KERN_ERR "SELinux: %s: failed while creating inodes\n",
+ pr_err("SELinux: %s: failed while creating inodes\n",
__func__);

selinux_fs_info_free(sb);
@@ -2046,7 +2046,7 @@ static int __init init_sel_fs(void)

selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type);
if (IS_ERR(selinuxfs_mount)) {
- printk(KERN_ERR "selinuxfs: could not mount!\n");
+ pr_err("selinuxfs: could not mount!\n");
err = PTR_ERR(selinuxfs_mount);
selinuxfs_mount = NULL;
}
--
2.15.1


2018-06-12 08:16:09

by peter enderborg

[permalink] [raw]
Subject: [PATCH 08/13] selinux: Cleanup printk logging in netlink

Replace printk with pr_* to avoid checkpatch warnings.

Signed-off-by: Peter Enderborg <[email protected]>
---
security/selinux/netlink.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/selinux/netlink.c b/security/selinux/netlink.c
index 828fb6a4e941..8a8a72507437 100644
--- a/security/selinux/netlink.c
+++ b/security/selinux/netlink.c
@@ -94,7 +94,7 @@ static void selnl_notify(int msgtype, void *data)
out_kfree_skb:
kfree_skb(skb);
oom:
- printk(KERN_ERR "SELinux: OOM in %s\n", __func__);
+ pr_err("SELinux: OOM in %s\n", __func__);
goto out;
}

--
2.15.1


2018-06-12 08:16:48

by peter enderborg

[permalink] [raw]
Subject: [PATCH 01/13] selinux: Cleanup printk logging in conditional

Replace printk with pr_* to avoid checkpatch warnings.

Signed-off-by: Peter Enderborg <[email protected]>
---
security/selinux/ss/conditional.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index c91543a617ac..f49e522e932d 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -96,7 +96,7 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node)
if (new_state != node->cur_state) {
node->cur_state = new_state;
if (new_state == -1)
- printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n");
+ pr_err("SELinux: expression result was undefined - disabling all rules.\n");
/* turn the rules on or off */
for (cur = node->true_list; cur; cur = cur->next) {
if (new_state <= 0)
@@ -287,7 +287,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
*/
if (k->specified & AVTAB_TYPE) {
if (avtab_search(&p->te_avtab, k)) {
- printk(KERN_ERR "SELinux: type rule already exists outside of a conditional.\n");
+ pr_err("SELinux: type rule already exists outside of a conditional.\n");
goto err;
}
/*
@@ -302,7 +302,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
node_ptr = avtab_search_node(&p->te_cond_avtab, k);
if (node_ptr) {
if (avtab_search_node_next(node_ptr, k->specified)) {
- printk(KERN_ERR "SELinux: too many conflicting type rules.\n");
+ pr_err("SELinux: too many conflicting type rules.\n");
goto err;
}
found = 0;
@@ -313,13 +313,13 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
}
}
if (!found) {
- printk(KERN_ERR "SELinux: conflicting type rules.\n");
+ pr_err("SELinux: conflicting type rules.\n");
goto err;
}
}
} else {
if (avtab_search(&p->te_cond_avtab, k)) {
- printk(KERN_ERR "SELinux: conflicting type rules when adding type rule for true.\n");
+ pr_err("SELinux: conflicting type rules when adding type rule for true.\n");
goto err;
}
}
@@ -327,7 +327,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum

node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);
if (!node_ptr) {
- printk(KERN_ERR "SELinux: could not insert rule.\n");
+ pr_err("SELinux: could not insert rule.\n");
rc = -ENOMEM;
goto err;
}
@@ -387,12 +387,12 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list *
static int expr_isvalid(struct policydb *p, struct cond_expr *expr)
{
if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) {
- printk(KERN_ERR "SELinux: conditional expressions uses unknown operator.\n");
+ pr_err("SELinux: conditional expressions uses unknown operator.\n");
return 0;
}

if (expr->bool > p->p_bools.nprim) {
- printk(KERN_ERR "SELinux: conditional expressions uses unknown bool.\n");
+ pr_err("SELinux: conditional expressions uses unknown bool.\n");
return 0;
}
return 1;
--
2.15.1


2018-06-12 08:16:55

by peter enderborg

[permalink] [raw]
Subject: [PATCH 06/13] selinux: Cleanup printk logging in services

Replace printk with pr_* to avoid checkpatch warnings.

Signed-off-by: Peter Enderborg <[email protected]>
---
security/selinux/ss/services.c | 71 +++++++++++++++++++++---------------------
1 file changed, 35 insertions(+), 36 deletions(-)

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 8057e19dc15f..9ad9b6c2f0a7 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -136,8 +136,7 @@ static int selinux_set_mapping(struct policydb *pol,

p_out->value = string_to_security_class(pol, p_in->name);
if (!p_out->value) {
- printk(KERN_INFO
- "SELinux: Class %s not defined in policy.\n",
+ pr_info("SELinux: Class %s not defined in policy.\n",
p_in->name);
if (pol->reject_unknown)
goto err;
@@ -156,8 +155,7 @@ static int selinux_set_mapping(struct policydb *pol,
p_out->perms[k] = string_to_av_perm(pol, p_out->value,
p_in->perms[k]);
if (!p_out->perms[k]) {
- printk(KERN_INFO
- "SELinux: Permission %s in class %s not defined in policy.\n",
+ pr_info("SELinux: Permission %s in class %s not defined in policy.\n",
p_in->perms[k], p_in->name);
if (pol->reject_unknown)
goto err;
@@ -170,7 +168,7 @@ static int selinux_set_mapping(struct policydb *pol,
}

if (print_unknown_handle)
- printk(KERN_INFO "SELinux: the above unknown classes and permissions will be %s\n",
+ pr_info("SELinux: the above unknown classes and permissions will be %s\n",
pol->allow_unknown ? "allowed" : "denied");

out_map->size = i;
@@ -644,7 +642,7 @@ static void context_struct_compute_av(struct policydb *policydb,

if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {
if (printk_ratelimit())
- printk(KERN_WARNING "SELinux: Invalid class %hu\n", tclass);
+ pr_warn("SELinux: Invalid class %hu\n", tclass);
return;
}

@@ -793,7 +791,7 @@ static int security_compute_validatetrans(struct selinux_state *state,

ocontext = sidtab_search(sidtab, oldsid);
if (!ocontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ pr_err("SELinux: %s: unrecognized SID %d\n",
__func__, oldsid);
rc = -EINVAL;
goto out;
@@ -801,7 +799,7 @@ static int security_compute_validatetrans(struct selinux_state *state,

ncontext = sidtab_search(sidtab, newsid);
if (!ncontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ pr_err("SELinux: %s: unrecognized SID %d\n",
__func__, newsid);
rc = -EINVAL;
goto out;
@@ -809,7 +807,7 @@ static int security_compute_validatetrans(struct selinux_state *state,

tcontext = sidtab_search(sidtab, tasksid);
if (!tcontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ pr_err("SELinux: %s: unrecognized SID %d\n",
__func__, tasksid);
rc = -EINVAL;
goto out;
@@ -883,7 +881,7 @@ int security_bounded_transition(struct selinux_state *state,
rc = -EINVAL;
old_context = sidtab_search(sidtab, old_sid);
if (!old_context) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %u\n",
+ pr_err("SELinux: %s: unrecognized SID %u\n",
__func__, old_sid);
goto out;
}
@@ -891,7 +889,7 @@ int security_bounded_transition(struct selinux_state *state,
rc = -EINVAL;
new_context = sidtab_search(sidtab, new_sid);
if (!new_context) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %u\n",
+ pr_err("SELinux: %s: unrecognized SID %u\n",
__func__, new_sid);
goto out;
}
@@ -1040,14 +1038,14 @@ void security_compute_xperms_decision(struct selinux_state *state,

scontext = sidtab_search(sidtab, ssid);
if (!scontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ pr_err("SELinux: %s: unrecognized SID %d\n",
__func__, ssid);
goto out;
}

tcontext = sidtab_search(sidtab, tsid);
if (!tcontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ pr_err("SELinux: %s: unrecognized SID %d\n",
__func__, tsid);
goto out;
}
@@ -1129,7 +1127,7 @@ void security_compute_av(struct selinux_state *state,

scontext = sidtab_search(sidtab, ssid);
if (!scontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ pr_err("SELinux: %s: unrecognized SID %d\n",
__func__, ssid);
goto out;
}
@@ -1140,7 +1138,7 @@ void security_compute_av(struct selinux_state *state,

tcontext = sidtab_search(sidtab, tsid);
if (!tcontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ pr_err("SELinux: %s: unrecognized SID %d\n",
__func__, tsid);
goto out;
}
@@ -1183,7 +1181,7 @@ void security_compute_av_user(struct selinux_state *state,

scontext = sidtab_search(sidtab, ssid);
if (!scontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ pr_err("SELinux: %s: unrecognized SID %d\n",
__func__, ssid);
goto out;
}
@@ -1194,7 +1192,7 @@ void security_compute_av_user(struct selinux_state *state,

tcontext = sidtab_search(sidtab, tsid);
if (!tcontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ pr_err("SELinux: %s: unrecognized SID %d\n",
__func__, tsid);
goto out;
}
@@ -1310,7 +1308,7 @@ static int security_sid_to_context_core(struct selinux_state *state,
*scontext = scontextp;
goto out;
}
- printk(KERN_ERR "SELinux: %s: called before initial "
+ pr_err("SELinux: %s: called before initial "
"load_policy on unknown SID %d\n", __func__, sid);
rc = -EINVAL;
goto out;
@@ -1323,7 +1321,7 @@ static int security_sid_to_context_core(struct selinux_state *state,
else
context = sidtab_search(sidtab, sid);
if (!context) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ pr_err("SELinux: %s: unrecognized SID %d\n",
__func__, sid);
rc = -EINVAL;
goto out_unlock;
@@ -1678,14 +1676,14 @@ static int security_compute_sid(struct selinux_state *state,

scontext = sidtab_search(sidtab, ssid);
if (!scontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ pr_err("SELinux: %s: unrecognized SID %d\n",
__func__, ssid);
rc = -EINVAL;
goto out_unlock;
}
tcontext = sidtab_search(sidtab, tsid);
if (!tcontext) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ pr_err("SELinux: %s: unrecognized SID %d\n",
__func__, tsid);
rc = -EINVAL;
goto out_unlock;
@@ -1911,7 +1909,8 @@ static inline int convert_context_handle_invalid_context(
return -EINVAL;

if (!context_struct_to_string(policydb, context, &s, &len)) {
- printk(KERN_WARNING "SELinux: Context %s would be invalid if enforcing\n", s);
+ pr_warn("SELinux: Context %s would be invalid if enforcing\n",
+ s);
kfree(s);
}
return 0;
@@ -1962,7 +1961,7 @@ static int convert_context(u32 key,
c->len, &ctx, SECSID_NULL);
kfree(s);
if (!rc) {
- printk(KERN_INFO "SELinux: Context %s became valid (mapped).\n",
+ pr_info("SELinux: Context %s became valid (mapped).\n",
c->str);
/* Replace string with mapped representation. */
kfree(c->str);
@@ -1974,7 +1973,7 @@ static int convert_context(u32 key,
goto out;
} else {
/* Other error condition, e.g. ENOMEM. */
- printk(KERN_ERR "SELinux: Unable to map context %s, rc = %d.\n",
+ pr_err("SELinux: Unable to map context %s, rc = %d.\n",
c->str, -rc);
goto out;
}
@@ -2033,7 +2032,7 @@ static int convert_context(u32 key,
oc = oc->next;
rc = -EINVAL;
if (!oc) {
- printk(KERN_ERR "SELinux: unable to look up"
+ pr_err("SELinux: unable to look up"
" the initial SIDs list\n");
goto bad;
}
@@ -2065,7 +2064,7 @@ static int convert_context(u32 key,
context_destroy(c);
c->str = s;
c->len = len;
- printk(KERN_INFO "SELinux: Context %s became invalid (unmapped).\n",
+ pr_info("SELinux: Context %s became invalid (unmapped).\n",
c->str);
rc = 0;
goto out;
@@ -2170,13 +2169,13 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len)
newpolicydb->len = len;
/* If switching between different policy types, log MLS status */
if (policydb->mls_enabled && !newpolicydb->mls_enabled)
- printk(KERN_INFO "SELinux: Disabling MLS support...\n");
+ pr_info("SELinux: Disabling MLS support...\n");
else if (!policydb->mls_enabled && newpolicydb->mls_enabled)
- printk(KERN_INFO "SELinux: Enabling MLS support...\n");
+ pr_info("SELinux: Enabling MLS support...\n");

rc = policydb_load_isids(newpolicydb, &newsidtab);
if (rc) {
- printk(KERN_ERR "SELinux: unable to load the initial SIDs\n");
+ pr_err("SELinux: unable to load the initial SIDs\n");
policydb_destroy(newpolicydb);
goto out;
}
@@ -2187,7 +2186,7 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len)

rc = security_preserve_bools(state, newpolicydb);
if (rc) {
- printk(KERN_ERR "SELinux: unable to preserve booleans\n");
+ pr_err("SELinux: unable to preserve booleans\n");
goto err;
}

@@ -2207,7 +2206,7 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len)
args.newp = newpolicydb;
rc = sidtab_map(&newsidtab, convert_context, &args);
if (rc) {
- printk(KERN_ERR "SELinux: unable to convert the internal"
+ pr_err("SELinux: unable to convert the internal"
" representation of contexts in the new SID"
" table\n");
goto err;
@@ -2999,7 +2998,7 @@ int security_sid_mls_copy(struct selinux_state *state,
rc = -EINVAL;
context1 = sidtab_search(sidtab, sid);
if (!context1) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ pr_err("SELinux: %s: unrecognized SID %d\n",
__func__, sid);
goto out_unlock;
}
@@ -3007,7 +3006,7 @@ int security_sid_mls_copy(struct selinux_state *state,
rc = -EINVAL;
context2 = sidtab_search(sidtab, mls_sid);
if (!context2) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ pr_err("SELinux: %s: unrecognized SID %d\n",
__func__, mls_sid);
goto out_unlock;
}
@@ -3104,14 +3103,14 @@ int security_net_peersid_resolve(struct selinux_state *state,
rc = -EINVAL;
nlbl_ctx = sidtab_search(sidtab, nlbl_sid);
if (!nlbl_ctx) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ pr_err("SELinux: %s: unrecognized SID %d\n",
__func__, nlbl_sid);
goto out;
}
rc = -EINVAL;
xfrm_ctx = sidtab_search(sidtab, xfrm_sid);
if (!xfrm_ctx) {
- printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
+ pr_err("SELinux: %s: unrecognized SID %d\n",
__func__, xfrm_sid);
goto out;
}
@@ -3202,7 +3201,7 @@ int security_get_permissions(struct selinux_state *state,
rc = -EINVAL;
match = hashtab_search(policydb->p_classes.table, class);
if (!match) {
- printk(KERN_ERR "SELinux: %s: unrecognized class %s\n",
+ pr_err("SELinux: %s: unrecognized class %s\n",
__func__, class);
goto out;
}
--
2.15.1


2018-06-12 08:17:37

by peter enderborg

[permalink] [raw]
Subject: [PATCH 03/13] selinux: Cleanup printk logging in policydb

Replace printk with pr_* to avoid checkpatch warnings and
replace KERN_CONT with 2 longer prints.

Signed-off-by: Peter Enderborg <[email protected]>
---
security/selinux/ss/policydb.c | 91 +++++++++++++++++++++---------------------
1 file changed, 46 insertions(+), 45 deletions(-)

diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 6e8c8056d7ad..4e82c5fcd1a1 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -504,7 +504,7 @@ static void hash_eval(struct hashtab *h, const char *hash_name)
struct hashtab_info info;

hashtab_stat(h, &info);
- printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, "
+ pr_debug("SELinux: %s: %d entries and %d/%d buckets used, "
"longest chain length %d\n", hash_name, h->nel,
info.slots_used, h->size, info.max_chain_len);
}
@@ -533,15 +533,17 @@ static int policydb_index(struct policydb *p)
{
int i, rc;

- printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools",
- p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
if (p->mls_enabled)
- printk(KERN_CONT ", %d sens, %d cats", p->p_levels.nprim,
- p->p_cats.nprim);
- printk(KERN_CONT "\n");
+ pr_debug("SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats",
+ p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
+ p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim);
+ else
+ pr_debug("SELinux: %d users, %d roles, %d types, %d bools",
+ p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
+ p->p_bools.nprim);

- printk(KERN_DEBUG "SELinux: %d classes, %d rules\n",
- p->p_classes.nprim, p->te_avtab.nel);
+ pr_debug("SELinux: %d classes, %d rules\n",
+ p->p_classes.nprim, p->te_avtab.nel);

#ifdef DEBUG_HASHES
avtab_hash_eval(&p->te_avtab, "rules");
@@ -897,7 +899,7 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s)

rc = sidtab_init(s);
if (rc) {
- printk(KERN_ERR "SELinux: out of memory on SID table init\n");
+ pr_err("SELinux: out of memory on SID table init\n");
goto out;
}

@@ -905,14 +907,14 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s)
for (c = head; c; c = c->next) {
rc = -EINVAL;
if (!c->context[0].user) {
- printk(KERN_ERR "SELinux: SID %s was never defined.\n",
+ pr_err("SELinux: SID %s was never defined.\n",
c->u.name);
goto out;
}

rc = sidtab_insert(s, c->sid[0], &c->context[0]);
if (rc) {
- printk(KERN_ERR "SELinux: unable to load initial SID %s.\n",
+ pr_err("SELinux: unable to load initial SID %s.\n",
c->u.name);
goto out;
}
@@ -1005,13 +1007,13 @@ static int mls_read_range_helper(struct mls_range *r, void *fp)
rc = -EINVAL;
items = le32_to_cpu(buf[0]);
if (items > ARRAY_SIZE(buf)) {
- printk(KERN_ERR "SELinux: mls: range overflow\n");
+ pr_err("SELinux: mls: range overflow\n");
goto out;
}

rc = next_entry(buf, fp, sizeof(u32) * items);
if (rc) {
- printk(KERN_ERR "SELinux: mls: truncated range\n");
+ pr_err("SELinux: mls: truncated range\n");
goto out;
}

@@ -1023,19 +1025,19 @@ static int mls_read_range_helper(struct mls_range *r, void *fp)

rc = ebitmap_read(&r->level[0].cat, fp);
if (rc) {
- printk(KERN_ERR "SELinux: mls: error reading low categories\n");
+ pr_err("SELinux: mls: error reading low categories\n");
goto out;
}
if (items > 1) {
rc = ebitmap_read(&r->level[1].cat, fp);
if (rc) {
- printk(KERN_ERR "SELinux: mls: error reading high categories\n");
+ pr_err("SELinux: mls: error reading high categories\n");
goto bad_high;
}
} else {
rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
if (rc) {
- printk(KERN_ERR "SELinux: mls: out of memory\n");
+ pr_err("SELinux: mls: out of memory\n");
goto bad_high;
}
}
@@ -1060,7 +1062,7 @@ static int context_read_and_validate(struct context *c,

rc = next_entry(buf, fp, sizeof buf);
if (rc) {
- printk(KERN_ERR "SELinux: context truncated\n");
+ pr_err("SELinux: context truncated\n");
goto out;
}
c->user = le32_to_cpu(buf[0]);
@@ -1069,14 +1071,14 @@ static int context_read_and_validate(struct context *c,
if (p->policyvers >= POLICYDB_VERSION_MLS) {
rc = mls_read_range_helper(&c->range, fp);
if (rc) {
- printk(KERN_ERR "SELinux: error reading MLS range of context\n");
+ pr_err("SELinux: error reading MLS range of context\n");
goto out;
}
}

rc = -EINVAL;
if (!policydb_context_isvalid(p, c)) {
- printk(KERN_ERR "SELinux: invalid security context\n");
+ pr_err("SELinux: invalid security context\n");
context_destroy(c);
goto out;
}
@@ -1352,7 +1354,8 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp)
rc = -EINVAL;
cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comkey);
if (!cladatum->comdatum) {
- printk(KERN_ERR "SELinux: unknown common %s\n", cladatum->comkey);
+ pr_err("SELinux: unknown common %s\n",
+ cladatum->comkey);
goto bad;
}
}
@@ -1444,7 +1447,7 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp)
if (strcmp(key, OBJECT_R) == 0) {
rc = -EINVAL;
if (role->value != OBJECT_R_VAL) {
- printk(KERN_ERR "SELinux: Role %s has wrong value %d\n",
+ pr_err("SELinux: Role %s has wrong value %d\n",
OBJECT_R, role->value);
goto bad;
}
@@ -1522,14 +1525,14 @@ static int mls_read_level(struct mls_level *lp, void *fp)

rc = next_entry(buf, fp, sizeof buf);
if (rc) {
- printk(KERN_ERR "SELinux: mls: truncated level\n");
+ pr_err("SELinux: mls: truncated level\n");
return rc;
}
lp->sens = le32_to_cpu(buf[0]);

rc = ebitmap_read(&lp->cat, fp);
if (rc) {
- printk(KERN_ERR "SELinux: mls: error reading level categories\n");
+ pr_err("SELinux: mls: error reading level categories\n");
return rc;
}
return 0;
@@ -1683,7 +1686,7 @@ static int user_bounds_sanity_check(void *key, void *datum, void *datap)
unsigned long bit;

if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
- printk(KERN_ERR "SELinux: user %s: "
+ pr_err("SELinux: user %s: "
"too deep or looped boundary",
(char *) key);
return -EINVAL;
@@ -1694,8 +1697,7 @@ static int user_bounds_sanity_check(void *key, void *datum, void *datap)
if (ebitmap_get_bit(&upper->roles, bit))
continue;

- printk(KERN_ERR
- "SELinux: boundary violated policy: "
+ pr_err("SELinux: boundary violated policy: "
"user=%s role=%s bounds=%s\n",
sym_name(p, SYM_USERS, user->value - 1),
sym_name(p, SYM_ROLES, bit),
@@ -1720,7 +1722,7 @@ static int role_bounds_sanity_check(void *key, void *datum, void *datap)
unsigned long bit;

if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
- printk(KERN_ERR "SELinux: role %s: "
+ pr_err("SELinux: role %s: "
"too deep or looped bounds\n",
(char *) key);
return -EINVAL;
@@ -1731,8 +1733,7 @@ static int role_bounds_sanity_check(void *key, void *datum, void *datap)
if (ebitmap_get_bit(&upper->types, bit))
continue;

- printk(KERN_ERR
- "SELinux: boundary violated policy: "
+ pr_err("SELinux: boundary violated policy: "
"role=%s type=%s bounds=%s\n",
sym_name(p, SYM_ROLES, role->value - 1),
sym_name(p, SYM_TYPES, bit),
@@ -1754,7 +1755,7 @@ static int type_bounds_sanity_check(void *key, void *datum, void *datap)
upper = datum;
while (upper->bounds) {
if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
- printk(KERN_ERR "SELinux: type %s: "
+ pr_err("SELinux: type %s: "
"too deep or looped boundary\n",
(char *) key);
return -EINVAL;
@@ -1765,7 +1766,7 @@ static int type_bounds_sanity_check(void *key, void *datum, void *datap)
BUG_ON(!upper);

if (upper->attribute) {
- printk(KERN_ERR "SELinux: type %s: "
+ pr_err("SELinux: type %s: "
"bounded by attribute %s",
(char *) key,
sym_name(p, SYM_TYPES, upper->value - 1));
@@ -1888,7 +1889,7 @@ static int range_read(struct policydb *p, void *fp)

rc = -EINVAL;
if (!mls_range_isvalid(p, r)) {
- printk(KERN_WARNING "SELinux: rangetrans: invalid range\n");
+ pr_warn("SELinux: rangetrans: invalid range\n");
goto out;
}

@@ -2023,7 +2024,7 @@ static int genfs_read(struct policydb *p, void *fp)
genfs_p = genfs, genfs = genfs->next) {
rc = -EINVAL;
if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
- printk(KERN_ERR "SELinux: dup genfs fstype %s\n",
+ pr_err("SELinux: dup genfs fstype %s\n",
newgenfs->fstype);
goto out;
}
@@ -2073,7 +2074,7 @@ static int genfs_read(struct policydb *p, void *fp)
if (!strcmp(newc->u.name, c->u.name) &&
(!c->v.sclass || !newc->v.sclass ||
newc->v.sclass == c->v.sclass)) {
- printk(KERN_ERR "SELinux: dup genfs entry (%s,%s)\n",
+ pr_err("SELinux: dup genfs entry (%s,%s)\n",
genfs->fstype, c->u.name);
goto out;
}
@@ -2295,7 +2296,7 @@ int policydb_read(struct policydb *p, void *fp)

rc = -EINVAL;
if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
- printk(KERN_ERR "SELinux: policydb magic number 0x%x does "
+ pr_err("SELinux: policydb magic number 0x%x does "
"not match expected magic number 0x%x\n",
le32_to_cpu(buf[0]), POLICYDB_MAGIC);
goto bad;
@@ -2304,7 +2305,7 @@ int policydb_read(struct policydb *p, void *fp)
rc = -EINVAL;
len = le32_to_cpu(buf[1]);
if (len != strlen(POLICYDB_STRING)) {
- printk(KERN_ERR "SELinux: policydb string length %d does not "
+ pr_err("SELinux: policydb string length %d does not "
"match expected length %zu\n",
len, strlen(POLICYDB_STRING));
goto bad;
@@ -2313,14 +2314,14 @@ int policydb_read(struct policydb *p, void *fp)
rc = -ENOMEM;
policydb_str = kmalloc(len + 1, GFP_KERNEL);
if (!policydb_str) {
- printk(KERN_ERR "SELinux: unable to allocate memory for policydb "
+ pr_err("SELinux: unable to allocate memory for policydb "
"string of length %d\n", len);
goto bad;
}

rc = next_entry(policydb_str, fp, len);
if (rc) {
- printk(KERN_ERR "SELinux: truncated policydb string identifier\n");
+ pr_err("SELinux: truncated policydb string identifier\n");
kfree(policydb_str);
goto bad;
}
@@ -2328,7 +2329,7 @@ int policydb_read(struct policydb *p, void *fp)
rc = -EINVAL;
policydb_str[len] = '\0';
if (strcmp(policydb_str, POLICYDB_STRING)) {
- printk(KERN_ERR "SELinux: policydb string %s does not match "
+ pr_err("SELinux: policydb string %s does not match "
"my string %s\n", policydb_str, POLICYDB_STRING);
kfree(policydb_str);
goto bad;
@@ -2346,7 +2347,7 @@ int policydb_read(struct policydb *p, void *fp)
p->policyvers = le32_to_cpu(buf[0]);
if (p->policyvers < POLICYDB_VERSION_MIN ||
p->policyvers > POLICYDB_VERSION_MAX) {
- printk(KERN_ERR "SELinux: policydb version %d does not match "
+ pr_err("SELinux: policydb version %d does not match "
"my version range %d-%d\n",
le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
goto bad;
@@ -2357,7 +2358,7 @@ int policydb_read(struct policydb *p, void *fp)

rc = -EINVAL;
if (p->policyvers < POLICYDB_VERSION_MLS) {
- printk(KERN_ERR "SELinux: security policydb version %d "
+ pr_err("SELinux: security policydb version %d "
"(MLS) not backwards compatible\n",
p->policyvers);
goto bad;
@@ -2381,7 +2382,7 @@ int policydb_read(struct policydb *p, void *fp)
rc = -EINVAL;
info = policydb_lookup_compat(p->policyvers);
if (!info) {
- printk(KERN_ERR "SELinux: unable to find policy compat info "
+ pr_err("SELinux: unable to find policy compat info "
"for version %d\n", p->policyvers);
goto bad;
}
@@ -2389,7 +2390,7 @@ int policydb_read(struct policydb *p, void *fp)
rc = -EINVAL;
if (le32_to_cpu(buf[2]) != info->sym_num ||
le32_to_cpu(buf[3]) != info->ocon_num) {
- printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do "
+ pr_err("SELinux: policydb table sizes (%d,%d) do "
"not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
le32_to_cpu(buf[3]),
info->sym_num, info->ocon_num);
@@ -3417,7 +3418,7 @@ int policydb_write(struct policydb *p, void *fp)
* careful if you ever try to remove this restriction
*/
if (p->policyvers < POLICYDB_VERSION_AVTAB) {
- printk(KERN_ERR "SELinux: refusing to write policy version %d."
+ pr_err("SELinux: refusing to write policy version %d."
" Because it is less than version %d\n", p->policyvers,
POLICYDB_VERSION_AVTAB);
return -EINVAL;
@@ -3446,7 +3447,7 @@ int policydb_write(struct policydb *p, void *fp)
/* Write the version, config, and table sizes. */
info = policydb_lookup_compat(p->policyvers);
if (!info) {
- printk(KERN_ERR "SELinux: compatibility lookup failed for policy "
+ pr_err("SELinux: compatibility lookup failed for policy "
"version %d", p->policyvers);
return -EINVAL;
}
--
2.15.1


2018-06-12 08:17:49

by peter enderborg

[permalink] [raw]
Subject: [PATCH 02/13] selinux: Cleanup printk logging in ebitmap

Replace printk with pr_* to avoid checkpatch warnings.

Signed-off-by: Peter Enderborg <[email protected]>
---
security/selinux/ss/ebitmap.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
index 5ae8c61b75bf..8f624f80055b 100644
--- a/security/selinux/ss/ebitmap.c
+++ b/security/selinux/ss/ebitmap.c
@@ -362,7 +362,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)
count = le32_to_cpu(buf[2]);

if (mapunit != BITS_PER_U64) {
- printk(KERN_ERR "SELinux: ebitmap: map size %u does not "
+ pr_err("SELinux: ebitmap: map size %u does not "
"match my size %zd (high bit was %d)\n",
mapunit, BITS_PER_U64, e->highbit);
goto bad;
@@ -383,19 +383,19 @@ int ebitmap_read(struct ebitmap *e, void *fp)
for (i = 0; i < count; i++) {
rc = next_entry(&startbit, fp, sizeof(u32));
if (rc < 0) {
- printk(KERN_ERR "SELinux: ebitmap: truncated map\n");
+ pr_err("SELinux: ebitmap: truncated map\n");
goto bad;
}
startbit = le32_to_cpu(startbit);

if (startbit & (mapunit - 1)) {
- printk(KERN_ERR "SELinux: ebitmap start bit (%d) is "
+ pr_err("SELinux: ebitmap start bit (%d) is "
"not a multiple of the map unit size (%u)\n",
startbit, mapunit);
goto bad;
}
if (startbit > e->highbit - mapunit) {
- printk(KERN_ERR "SELinux: ebitmap start bit (%d) is "
+ pr_err("SELinux: ebitmap start bit (%d) is "
"beyond the end of the bitmap (%u)\n",
startbit, (e->highbit - mapunit));
goto bad;
@@ -405,8 +405,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)
struct ebitmap_node *tmp;
tmp = kmem_cache_zalloc(ebitmap_node_cachep, GFP_KERNEL);
if (!tmp) {
- printk(KERN_ERR
- "SELinux: ebitmap: out of memory\n");
+ pr_err("SELinux: ebitmap: out of memory\n");
rc = -ENOMEM;
goto bad;
}
@@ -418,7 +417,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)
e->node = tmp;
n = tmp;
} else if (startbit <= n->startbit) {
- printk(KERN_ERR "SELinux: ebitmap: start bit %d"
+ pr_err("SELinux: ebitmap: start bit %d"
" comes after start bit %d\n",
startbit, n->startbit);
goto bad;
@@ -426,7 +425,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)

rc = next_entry(&map, fp, sizeof(u64));
if (rc < 0) {
- printk(KERN_ERR "SELinux: ebitmap: truncated map\n");
+ pr_err("SELinux: ebitmap: truncated map\n");
goto bad;
}
map = le64_to_cpu(map);
--
2.15.1


2018-06-12 08:18:34

by peter enderborg

[permalink] [raw]
Subject: [PATCH 04/13] selinux: Cleanup printk logging in hooks

Replace printk with pr_* to avoid checkpatch warnings.

Signed-off-by: Peter Enderborg <[email protected]>
---
security/selinux/hooks.c | 68 +++++++++++++++++++++++-------------------------
1 file changed, 33 insertions(+), 35 deletions(-)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 4cafe6a19167..3ab9687ac4c8 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -531,7 +531,7 @@ static int sb_finish_set_opts(struct super_block *sb)
the first boot of the SELinux kernel before we have
assigned xattr values to the filesystem. */
if (!(root_inode->i_opflags & IOP_XATTR)) {
- printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
+ pr_warn("SELinux: (dev %s, type %s) has no "
"xattr support\n", sb->s_id, sb->s_type->name);
rc = -EOPNOTSUPP;
goto out;
@@ -540,11 +540,11 @@ static int sb_finish_set_opts(struct super_block *sb)
rc = __vfs_getxattr(root, root_inode, XATTR_NAME_SELINUX, NULL, 0);
if (rc < 0 && rc != -ENODATA) {
if (rc == -EOPNOTSUPP)
- printk(KERN_WARNING "SELinux: (dev %s, type "
+ pr_warn("SELinux: (dev %s, type "
"%s) has no security xattr handler\n",
sb->s_id, sb->s_type->name);
else
- printk(KERN_WARNING "SELinux: (dev %s, type "
+ pr_warn("SELinux: (dev %s, type "
"%s) getxattr errno %d\n", sb->s_id,
sb->s_type->name, -rc);
goto out;
@@ -743,7 +743,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
goto out;
}
rc = -EINVAL;
- printk(KERN_WARNING "SELinux: Unable to set superblock options "
+ pr_warn("SELinux: Unable to set superblock options "
"before the security server is initialized\n");
goto out;
}
@@ -785,7 +785,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
mount_options[i], &sid,
GFP_KERNEL);
if (rc) {
- printk(KERN_WARNING "SELinux: security_context_str_to_sid"
+ pr_warn("SELinux: security_context_str_to_sid"
"(%s) failed for (dev %s, type %s) errno=%d\n",
mount_options[i], sb->s_id, name, rc);
goto out;
@@ -861,8 +861,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
*/
rc = security_fs_use(&selinux_state, sb);
if (rc) {
- printk(KERN_WARNING
- "%s: security_fs_use(%s) returned %d\n",
+ pr_warn("%s: security_fs_use(%s) returned %d\n",
__func__, sb->s_type->name, rc);
goto out;
}
@@ -948,7 +947,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
if (sbsec->behavior != SECURITY_FS_USE_XATTR &&
sbsec->behavior != SECURITY_FS_USE_NATIVE) {
rc = -EINVAL;
- printk(KERN_WARNING "SELinux: defcontext option is "
+ pr_warn("SELinux: defcontext option is "
"invalid for this filesystem type\n");
goto out;
}
@@ -970,7 +969,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
return rc;
out_double_mount:
rc = -EINVAL;
- printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
+ pr_warn("SELinux: mount invalid. Same superblock, different "
"security settings for (dev %s, type %s)\n", sb->s_id, name);
goto out;
}
@@ -999,7 +998,7 @@ static int selinux_cmp_sb_context(const struct super_block *oldsb,
}
return 0;
mismatch:
- printk(KERN_WARNING "SELinux: mount invalid. Same superblock, "
+ pr_warn("SELinux: mount invalid. Same superblock, "
"different security settings for (dev %s, "
"type %s)\n", newsb->s_id, newsb->s_type->name);
return -EBUSY;
@@ -1107,7 +1106,7 @@ static int selinux_parse_opts_str(char *options,
case Opt_context:
if (context || defcontext) {
rc = -EINVAL;
- printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
+ pr_warn(SEL_MOUNT_FAIL_MSG);
goto out_err;
}
context = match_strdup(&args[0]);
@@ -1120,7 +1119,7 @@ static int selinux_parse_opts_str(char *options,
case Opt_fscontext:
if (fscontext) {
rc = -EINVAL;
- printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
+ pr_warn(SEL_MOUNT_FAIL_MSG);
goto out_err;
}
fscontext = match_strdup(&args[0]);
@@ -1133,7 +1132,7 @@ static int selinux_parse_opts_str(char *options,
case Opt_rootcontext:
if (rootcontext) {
rc = -EINVAL;
- printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
+ pr_warn(SEL_MOUNT_FAIL_MSG);
goto out_err;
}
rootcontext = match_strdup(&args[0]);
@@ -1146,7 +1145,7 @@ static int selinux_parse_opts_str(char *options,
case Opt_defcontext:
if (context || defcontext) {
rc = -EINVAL;
- printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
+ pr_warn(SEL_MOUNT_FAIL_MSG);
goto out_err;
}
defcontext = match_strdup(&args[0]);
@@ -1159,7 +1158,7 @@ static int selinux_parse_opts_str(char *options,
break;
default:
rc = -EINVAL;
- printk(KERN_WARNING "SELinux: unknown mount option\n");
+ pr_warn("SELinux: unknown mount option\n");
goto out_err;

}
@@ -1615,7 +1614,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
dput(dentry);
if (rc < 0) {
if (rc != -ENODATA) {
- printk(KERN_WARNING "SELinux: %s: getxattr returned "
+ pr_warn("SELinux: %s: getxattr returned "
"%d for dev=%s ino=%ld\n", __func__,
-rc, inode->i_sb->s_id, inode->i_ino);
kfree(context);
@@ -1635,11 +1634,11 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent

if (rc == -EINVAL) {
if (printk_ratelimit())
- printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
+ pr_notice("SELinux: inode=%lu on dev=%s was found to have an invalid "
"context=%s. This indicates you may need to relabel the inode or the "
"filesystem in question.\n", ino, dev, context);
} else {
- printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
+ pr_warn("SELinux: %s: context_to_sid(%s) "
"returned %d for dev=%s ino=%ld\n",
__func__, context, -rc, dev, ino);
}
@@ -1772,8 +1771,7 @@ static int cred_has_capability(const struct cred *cred,
sclass = initns ? SECCLASS_CAPABILITY2 : SECCLASS_CAP2_USERNS;
break;
default:
- printk(KERN_ERR
- "SELinux: out of range capability %d\n", cap);
+ pr_err("SELinux: out of range capability %d\n", cap);
BUG();
return -EINVAL;
}
@@ -2016,7 +2014,7 @@ static int may_link(struct inode *dir,
av = DIR__RMDIR;
break;
default:
- printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
+ pr_warn("SELinux: %s: unrecognized kind %d\n",
__func__, kind);
return 0;
}
@@ -2862,7 +2860,7 @@ static int selinux_sb_remount(struct super_block *sb, void *data)
mount_options[i], &sid,
GFP_KERNEL);
if (rc) {
- printk(KERN_WARNING "SELinux: security_context_str_to_sid"
+ pr_warn("SELinux: security_context_str_to_sid"
"(%s) failed for (dev %s, type %s) errno=%d\n",
mount_options[i], sb->s_id, sb->s_type->name, rc);
goto out_free_opts;
@@ -2901,7 +2899,7 @@ static int selinux_sb_remount(struct super_block *sb, void *data)
free_secdata(secdata);
return rc;
out_bad_option:
- printk(KERN_WARNING "SELinux: unable to change security options "
+ pr_warn("SELinux: unable to change security options "
"during remount (dev %s, type=%s)\n", sb->s_id,
sb->s_type->name);
goto out_free_opts;
@@ -3343,7 +3341,7 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
rc = security_context_to_sid_force(&selinux_state, value, size,
&newsid);
if (rc) {
- printk(KERN_ERR "SELinux: unable to map context to SID"
+ pr_err("SELinux: unable to map context to SID"
"for (%s, %lu), rc=%d\n",
inode->i_sb->s_id, inode->i_ino, -rc);
return;
@@ -4406,7 +4404,7 @@ static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
}

parse_error:
- printk(KERN_WARNING
+ pr_warn(
"SELinux: failure in selinux_parse_skb(),"
" unable to parse packet\n");
return ret;
@@ -4449,7 +4447,7 @@ static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
err = security_net_peersid_resolve(&selinux_state, nlbl_sid,
nlbl_type, xfrm_sid, sid);
if (unlikely(err)) {
- printk(KERN_WARNING
+ pr_warn(
"SELinux: failure in selinux_skb_peerlbl_sid(),"
" unable to determine packet's peer label\n");
return -EACCES;
@@ -7091,11 +7089,11 @@ static __init int selinux_init(void)
}

if (!selinux_enabled) {
- printk(KERN_INFO "SELinux: Disabled at boot.\n");
+ pr_info("SELinux: Disabled at boot.\n");
return 0;
}

- printk(KERN_INFO "SELinux: Initializing.\n");
+ pr_info("SELinux: Initializing.\n");

memset(&selinux_state, 0, sizeof(selinux_state));
enforcing_set(&selinux_state, selinux_enforcing_boot);
@@ -7131,9 +7129,9 @@ static __init int selinux_init(void)
panic("SELinux: Unable to register AVC LSM notifier callback\n");

if (selinux_enforcing_boot)
- printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
+ pr_debug("SELinux: Starting in enforcing mode\n");
else
- printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
+ pr_debug("SELinux: Starting in permissive mode\n");

return 0;
}
@@ -7145,10 +7143,10 @@ static void delayed_superblock_init(struct super_block *sb, void *unused)

void selinux_complete_init(void)
{
- printk(KERN_DEBUG "SELinux: Completing initialization.\n");
+ pr_debug("SELinux: Completing initialization.\n");

/* Set up any superblocks initialized prior to the policy load. */
- printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
+ pr_debug("SELinux: Setting up existing superblocks.\n");
iterate_supers(delayed_superblock_init, NULL);
}

@@ -7223,7 +7221,7 @@ static int __init selinux_nf_ip_init(void)
if (!selinux_enabled)
return 0;

- printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
+ pr_debug("SELinux: Registering netfilter hooks\n");

err = register_pernet_subsys(&selinux_net_ops);
if (err)
@@ -7236,7 +7234,7 @@ __initcall(selinux_nf_ip_init);
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
static void selinux_nf_ip_exit(void)
{
- printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
+ pr_debug("SELinux: Unregistering netfilter hooks\n");

unregister_pernet_subsys(&selinux_net_ops);
}
@@ -7265,7 +7263,7 @@ int selinux_disable(struct selinux_state *state)

state->disabled = 1;

- printk(KERN_INFO "SELinux: Disabled at runtime.\n");
+ pr_info("SELinux: Disabled at runtime.\n");

selinux_enabled = 0;

--
2.15.1


2018-06-12 14:39:18

by Joe Perches

[permalink] [raw]
Subject: Re: [PATCH 01/13] selinux: Cleanup printk logging in conditional

On Tue, 2018-06-12 at 10:09 +0200, Peter Enderborg wrote:
> Replace printk with pr_* to avoid checkpatch warnings.

I believe it would be nicer to remove the
"SELinux: " prefix embbeded in each format
and use a specific

#define pr_fmt(fmt) "SELinux: " fmt

to automatically prefix these formats.

> diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
[]
> @@ -96,7 +96,7 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node)
> if (new_state != node->cur_state) {
> node->cur_state = new_state;
> if (new_state == -1)
> - printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n");
> + pr_err("SELinux: expression result was undefined - disabling all rules.\n");
> /* turn the rules on or off */
> for (cur = node->true_list; cur; cur = cur->next) {
> if (new_state <= 0)

So, for instance, this patch could become:
(etc and so forth for each patch in this series)

---
security/selinux/ss/conditional.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index c91543a617ac..e96820d92b61 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -7,6 +7,8 @@
* the Free Software Foundation, version 2.
*/

+#define pr_fmt(fmt) "SELinux: " fmt
+
#include <linux/kernel.h>
#include <linux/errno.h>
#include <linux/string.h>
@@ -96,7 +98,7 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node)
if (new_state != node->cur_state) {
node->cur_state = new_state;
if (new_state == -1)
- printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n");
+ pr_err("expression result was undefined - disabling all rules\n");
/* turn the rules on or off */
for (cur = node->true_list; cur; cur = cur->next) {
if (new_state <= 0)
@@ -287,7 +289,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
*/
if (k->specified & AVTAB_TYPE) {
if (avtab_search(&p->te_avtab, k)) {
- printk(KERN_ERR "SELinux: type rule already exists outside of a conditional.\n");
+ pr_err("type rule already exists outside of a conditional\n");
goto err;
}
/*
@@ -302,7 +304,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
node_ptr = avtab_search_node(&p->te_cond_avtab, k);
if (node_ptr) {
if (avtab_search_node_next(node_ptr, k->specified)) {
- printk(KERN_ERR "SELinux: too many conflicting type rules.\n");
+ pr_err("too many conflicting type rules\n");
goto err;
}
found = 0;
@@ -313,13 +315,13 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
}
}
if (!found) {
- printk(KERN_ERR "SELinux: conflicting type rules.\n");
+ pr_err("conflicting type rules\n");
goto err;
}
}
} else {
if (avtab_search(&p->te_cond_avtab, k)) {
- printk(KERN_ERR "SELinux: conflicting type rules when adding type rule for true.\n");
+ pr_err("conflicting type rules when adding type rule for true\n");
goto err;
}
}
@@ -327,7 +329,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum

node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);
if (!node_ptr) {
- printk(KERN_ERR "SELinux: could not insert rule.\n");
+ pr_err("could not insert rule\n");
rc = -ENOMEM;
goto err;
}
@@ -387,12 +389,12 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list *
static int expr_isvalid(struct policydb *p, struct cond_expr *expr)
{
if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) {
- printk(KERN_ERR "SELinux: conditional expressions uses unknown operator.\n");
+ pr_err("conditional expressions uses unknown operator\n");
return 0;
}

if (expr->bool > p->p_bools.nprim) {
- printk(KERN_ERR "SELinux: conditional expressions uses unknown bool.\n");
+ pr_err("conditional expressions uses unknown bool\n");
return 0;
}
return 1;


2018-06-13 06:23:47

by peter enderborg

[permalink] [raw]
Subject: Re: [PATCH 01/13] selinux: Cleanup printk logging in conditional

On 06/12/2018 04:38 PM, Joe Perches wrote:
> On Tue, 2018-06-12 at 10:09 +0200, Peter Enderborg wrote:
>> Replace printk with pr_* to avoid checkpatch warnings.
> I believe it would be nicer to remove the
> "SELinux: " prefix embbeded in each format
> and use a specific
>
> #define pr_fmt(fmt) "SELinux: " fmt
>
> to automatically prefix these formats.
I cant argument about that, however some of the warnings and debug prints in this set does not have this
so it will then change the actual output. (And I also think that they should have a the prefix, but I don't
know why they don't) So I am not sure if it appropriate for a cleanup patch, it supposed to have no functional change.
>> diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
> []
>> @@ -96,7 +96,7 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node)
>> if (new_state != node->cur_state) {
>> node->cur_state = new_state;
>> if (new_state == -1)
>> - printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n");
>> + pr_err("SELinux: expression result was undefined - disabling all rules.\n");
>> /* turn the rules on or off */
>> for (cur = node->true_list; cur; cur = cur->next) {
>> if (new_state <= 0)
> So, for instance, this patch could become:
> (etc and so forth for each patch in this series)
>
> ---
> security/selinux/ss/conditional.c | 18 ++++++++++--------
> 1 file changed, 10 insertions(+), 8 deletions(-)
>
> diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
> index c91543a617ac..e96820d92b61 100644
> --- a/security/selinux/ss/conditional.c
> +++ b/security/selinux/ss/conditional.c
> @@ -7,6 +7,8 @@
> * the Free Software Foundation, version 2.
> */
>
> +#define pr_fmt(fmt) "SELinux: " fmt
> +
> #include <linux/kernel.h>
> #include <linux/errno.h>
> #include <linux/string.h>
> @@ -96,7 +98,7 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node)
> if (new_state != node->cur_state) {
> node->cur_state = new_state;
> if (new_state == -1)
> - printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n");
> + pr_err("expression result was undefined - disabling all rules\n");
> /* turn the rules on or off */
> for (cur = node->true_list; cur; cur = cur->next) {
> if (new_state <= 0)
> @@ -287,7 +289,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
> */
> if (k->specified & AVTAB_TYPE) {
> if (avtab_search(&p->te_avtab, k)) {
> - printk(KERN_ERR "SELinux: type rule already exists outside of a conditional.\n");
> + pr_err("type rule already exists outside of a conditional\n");
> goto err;
> }
> /*
> @@ -302,7 +304,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
> node_ptr = avtab_search_node(&p->te_cond_avtab, k);
> if (node_ptr) {
> if (avtab_search_node_next(node_ptr, k->specified)) {
> - printk(KERN_ERR "SELinux: too many conflicting type rules.\n");
> + pr_err("too many conflicting type rules\n");
> goto err;
> }
> found = 0;
> @@ -313,13 +315,13 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
> }
> }
> if (!found) {
> - printk(KERN_ERR "SELinux: conflicting type rules.\n");
> + pr_err("conflicting type rules\n");
> goto err;
> }
> }
> } else {
> if (avtab_search(&p->te_cond_avtab, k)) {
> - printk(KERN_ERR "SELinux: conflicting type rules when adding type rule for true.\n");
> + pr_err("conflicting type rules when adding type rule for true\n");
> goto err;
> }
> }
> @@ -327,7 +329,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
>
> node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);
> if (!node_ptr) {
> - printk(KERN_ERR "SELinux: could not insert rule.\n");
> + pr_err("could not insert rule\n");
> rc = -ENOMEM;
> goto err;
> }
> @@ -387,12 +389,12 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list *
> static int expr_isvalid(struct policydb *p, struct cond_expr *expr)
> {
> if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) {
> - printk(KERN_ERR "SELinux: conditional expressions uses unknown operator.\n");
> + pr_err("conditional expressions uses unknown operator\n");
> return 0;
> }
>
> if (expr->bool > p->p_bools.nprim) {
> - printk(KERN_ERR "SELinux: conditional expressions uses unknown bool.\n");
> + pr_err("conditional expressions uses unknown bool\n");
> return 0;
> }
> return 1;
>
>


2018-06-13 17:39:20

by Jay Freyensee

[permalink] [raw]
Subject: Re: [PATCH 01/13] selinux: Cleanup printk logging in conditional



On 6/12/18 11:23 PM, peter enderborg wrote:
> On 06/12/2018 04:38 PM, Joe Perches wrote:
>> On Tue, 2018-06-12 at 10:09 +0200, Peter Enderborg wrote:
>>> Replace printk with pr_* to avoid checkpatch warnings.
>> I believe it would be nicer to remove the
>> "SELinux: " prefix embbeded in each format
>> and use a specific
>>
>> #define pr_fmt(fmt) "SELinux: " fmt
>>
>> to automatically prefix these formats.
> I cant argument about that, however some of the warnings and debug prints in this set does not have this
> so it will then change the actual output. (And I also think that they should have a the prefix, but I don't
> know why they don't) So I am not sure if it appropriate for a cleanup patch, it supposed to have no functional change.


I would suggest that could be a follow-up patch.

I do like the cleanup, and it's better than the status quo.

Acked-by: Jay Freyensee <[email protected]>


>>> diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
>> []
>>> @@ -96,7 +96,7 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node)
>>> if (new_state != node->cur_state) {
>>> node->cur_state = new_state;
>>> if (new_state == -1)
>>> - printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n");
>>> + pr_err("SELinux: expression result was undefined - disabling all rules.\n");
>>> /* turn the rules on or off */
>>> for (cur = node->true_list; cur; cur = cur->next) {
>>> if (new_state <= 0)
>> So, for instance, this patch could become:
>> (etc and so forth for each patch in this series)
>>
>> ---
>> security/selinux/ss/conditional.c | 18 ++++++++++--------
>> 1 file changed, 10 insertions(+), 8 deletions(-)
>>
>> diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
>> index c91543a617ac..e96820d92b61 100644
>> --- a/security/selinux/ss/conditional.c
>> +++ b/security/selinux/ss/conditional.c
>> @@ -7,6 +7,8 @@
>> * the Free Software Foundation, version 2.
>> */
>>
>> +#define pr_fmt(fmt) "SELinux: " fmt
>> +
>> #include <linux/kernel.h>
>> #include <linux/errno.h>
>> #include <linux/string.h>
>> @@ -96,7 +98,7 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node)
>> if (new_state != node->cur_state) {
>> node->cur_state = new_state;
>> if (new_state == -1)
>> - printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n");
>> + pr_err("expression result was undefined - disabling all rules\n");
>> /* turn the rules on or off */
>> for (cur = node->true_list; cur; cur = cur->next) {
>> if (new_state <= 0)
>> @@ -287,7 +289,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
>> */
>> if (k->specified & AVTAB_TYPE) {
>> if (avtab_search(&p->te_avtab, k)) {
>> - printk(KERN_ERR "SELinux: type rule already exists outside of a conditional.\n");
>> + pr_err("type rule already exists outside of a conditional\n");
>> goto err;
>> }
>> /*
>> @@ -302,7 +304,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
>> node_ptr = avtab_search_node(&p->te_cond_avtab, k);
>> if (node_ptr) {
>> if (avtab_search_node_next(node_ptr, k->specified)) {
>> - printk(KERN_ERR "SELinux: too many conflicting type rules.\n");
>> + pr_err("too many conflicting type rules\n");
>> goto err;
>> }
>> found = 0;
>> @@ -313,13 +315,13 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
>> }
>> }
>> if (!found) {
>> - printk(KERN_ERR "SELinux: conflicting type rules.\n");
>> + pr_err("conflicting type rules\n");
>> goto err;
>> }
>> }
>> } else {
>> if (avtab_search(&p->te_cond_avtab, k)) {
>> - printk(KERN_ERR "SELinux: conflicting type rules when adding type rule for true.\n");
>> + pr_err("conflicting type rules when adding type rule for true\n");
>> goto err;
>> }
>> }
>> @@ -327,7 +329,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
>>
>> node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);
>> if (!node_ptr) {
>> - printk(KERN_ERR "SELinux: could not insert rule.\n");
>> + pr_err("could not insert rule\n");
>> rc = -ENOMEM;
>> goto err;
>> }
>> @@ -387,12 +389,12 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list *
>> static int expr_isvalid(struct policydb *p, struct cond_expr *expr)
>> {
>> if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) {
>> - printk(KERN_ERR "SELinux: conditional expressions uses unknown operator.\n");
>> + pr_err("conditional expressions uses unknown operator\n");
>> return 0;
>> }
>>
>> if (expr->bool > p->p_bools.nprim) {
>> - printk(KERN_ERR "SELinux: conditional expressions uses unknown bool.\n");
>> + pr_err("conditional expressions uses unknown bool\n");
>> return 0;
>> }
>> return 1;
>>
>>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html


2018-06-19 15:49:38

by Paul Moore

[permalink] [raw]
Subject: Re: [PATCH 01/13] selinux: Cleanup printk logging in conditional

On Wed, Jun 13, 2018 at 2:23 AM peter enderborg
<[email protected]> wrote:
> On 06/12/2018 04:38 PM, Joe Perches wrote:
> > On Tue, 2018-06-12 at 10:09 +0200, Peter Enderborg wrote:
> >> Replace printk with pr_* to avoid checkpatch warnings.
> > I believe it would be nicer to remove the
> > "SELinux: " prefix embbeded in each format
> > and use a specific
> >
> > #define pr_fmt(fmt) "SELinux: " fmt
> >
> > to automatically prefix these formats.
>
> I cant argument about that, however some of the warnings and debug prints in this set does not have this
> so it will then change the actual output. (And I also think that they should have a the prefix, but I don't
> know why they don't) So I am not sure if it appropriate for a cleanup patch, it supposed to have no functional change.

As others have mentioned, I think this patch is still a step forward
so I'm going to go ahead and merge it; thanks Peter.

As far as the prefix, or lack of, is concerned, that's probably an
oversight that we should fix at some point, but we would need to look
at each instance to verify.

--
paul moore
http://www.paul-moore.com

2018-06-19 15:51:36

by Paul Moore

[permalink] [raw]
Subject: Re: [PATCH 02/13] selinux: Cleanup printk logging in ebitmap

On Tue, Jun 12, 2018 at 4:09 AM Peter Enderborg
<[email protected]> wrote:
>
> Replace printk with pr_* to avoid checkpatch warnings.
>
> Signed-off-by: Peter Enderborg <[email protected]>
> ---
> security/selinux/ss/ebitmap.c | 15 +++++++--------
> 1 file changed, 7 insertions(+), 8 deletions(-)

Merged, thanks.

> diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c
> index 5ae8c61b75bf..8f624f80055b 100644
> --- a/security/selinux/ss/ebitmap.c
> +++ b/security/selinux/ss/ebitmap.c
> @@ -362,7 +362,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)
> count = le32_to_cpu(buf[2]);
>
> if (mapunit != BITS_PER_U64) {
> - printk(KERN_ERR "SELinux: ebitmap: map size %u does not "
> + pr_err("SELinux: ebitmap: map size %u does not "
> "match my size %zd (high bit was %d)\n",
> mapunit, BITS_PER_U64, e->highbit);
> goto bad;
> @@ -383,19 +383,19 @@ int ebitmap_read(struct ebitmap *e, void *fp)
> for (i = 0; i < count; i++) {
> rc = next_entry(&startbit, fp, sizeof(u32));
> if (rc < 0) {
> - printk(KERN_ERR "SELinux: ebitmap: truncated map\n");
> + pr_err("SELinux: ebitmap: truncated map\n");
> goto bad;
> }
> startbit = le32_to_cpu(startbit);
>
> if (startbit & (mapunit - 1)) {
> - printk(KERN_ERR "SELinux: ebitmap start bit (%d) is "
> + pr_err("SELinux: ebitmap start bit (%d) is "
> "not a multiple of the map unit size (%u)\n",
> startbit, mapunit);
> goto bad;
> }
> if (startbit > e->highbit - mapunit) {
> - printk(KERN_ERR "SELinux: ebitmap start bit (%d) is "
> + pr_err("SELinux: ebitmap start bit (%d) is "
> "beyond the end of the bitmap (%u)\n",
> startbit, (e->highbit - mapunit));
> goto bad;
> @@ -405,8 +405,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)
> struct ebitmap_node *tmp;
> tmp = kmem_cache_zalloc(ebitmap_node_cachep, GFP_KERNEL);
> if (!tmp) {
> - printk(KERN_ERR
> - "SELinux: ebitmap: out of memory\n");
> + pr_err("SELinux: ebitmap: out of memory\n");
> rc = -ENOMEM;
> goto bad;
> }
> @@ -418,7 +417,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)
> e->node = tmp;
> n = tmp;
> } else if (startbit <= n->startbit) {
> - printk(KERN_ERR "SELinux: ebitmap: start bit %d"
> + pr_err("SELinux: ebitmap: start bit %d"
> " comes after start bit %d\n",
> startbit, n->startbit);
> goto bad;
> @@ -426,7 +425,7 @@ int ebitmap_read(struct ebitmap *e, void *fp)
>
> rc = next_entry(&map, fp, sizeof(u64));
> if (rc < 0) {
> - printk(KERN_ERR "SELinux: ebitmap: truncated map\n");
> + pr_err("SELinux: ebitmap: truncated map\n");
> goto bad;
> }
> map = le64_to_cpu(map);
> --
> 2.15.1
>


--
paul moore
http://www.paul-moore.com

2018-06-19 16:42:25

by Paul Moore

[permalink] [raw]
Subject: Re: [PATCH 03/13] selinux: Cleanup printk logging in policydb

On Tue, Jun 12, 2018 at 4:09 AM Peter Enderborg
<[email protected]> wrote:
>
> Replace printk with pr_* to avoid checkpatch warnings and
> replace KERN_CONT with 2 longer prints.
>
> Signed-off-by: Peter Enderborg <[email protected]>
> ---
> security/selinux/ss/policydb.c | 91 +++++++++++++++++++++---------------------
> 1 file changed, 46 insertions(+), 45 deletions(-)

Merged, thank you. While removing the separate KERN_CONT message
introduces some duplication, I think that's the right thing to do.

> diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
> index 6e8c8056d7ad..4e82c5fcd1a1 100644
> --- a/security/selinux/ss/policydb.c
> +++ b/security/selinux/ss/policydb.c
> @@ -504,7 +504,7 @@ static void hash_eval(struct hashtab *h, const char *hash_name)
> struct hashtab_info info;
>
> hashtab_stat(h, &info);
> - printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, "
> + pr_debug("SELinux: %s: %d entries and %d/%d buckets used, "
> "longest chain length %d\n", hash_name, h->nel,
> info.slots_used, h->size, info.max_chain_len);
> }
> @@ -533,15 +533,17 @@ static int policydb_index(struct policydb *p)
> {
> int i, rc;
>
> - printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools",
> - p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
> if (p->mls_enabled)
> - printk(KERN_CONT ", %d sens, %d cats", p->p_levels.nprim,
> - p->p_cats.nprim);
> - printk(KERN_CONT "\n");
> + pr_debug("SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats",
> + p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
> + p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim);
> + else
> + pr_debug("SELinux: %d users, %d roles, %d types, %d bools",
> + p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
> + p->p_bools.nprim);
>
> - printk(KERN_DEBUG "SELinux: %d classes, %d rules\n",
> - p->p_classes.nprim, p->te_avtab.nel);
> + pr_debug("SELinux: %d classes, %d rules\n",
> + p->p_classes.nprim, p->te_avtab.nel);
>
> #ifdef DEBUG_HASHES
> avtab_hash_eval(&p->te_avtab, "rules");
> @@ -897,7 +899,7 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s)
>
> rc = sidtab_init(s);
> if (rc) {
> - printk(KERN_ERR "SELinux: out of memory on SID table init\n");
> + pr_err("SELinux: out of memory on SID table init\n");
> goto out;
> }
>
> @@ -905,14 +907,14 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s)
> for (c = head; c; c = c->next) {
> rc = -EINVAL;
> if (!c->context[0].user) {
> - printk(KERN_ERR "SELinux: SID %s was never defined.\n",
> + pr_err("SELinux: SID %s was never defined.\n",
> c->u.name);
> goto out;
> }
>
> rc = sidtab_insert(s, c->sid[0], &c->context[0]);
> if (rc) {
> - printk(KERN_ERR "SELinux: unable to load initial SID %s.\n",
> + pr_err("SELinux: unable to load initial SID %s.\n",
> c->u.name);
> goto out;
> }
> @@ -1005,13 +1007,13 @@ static int mls_read_range_helper(struct mls_range *r, void *fp)
> rc = -EINVAL;
> items = le32_to_cpu(buf[0]);
> if (items > ARRAY_SIZE(buf)) {
> - printk(KERN_ERR "SELinux: mls: range overflow\n");
> + pr_err("SELinux: mls: range overflow\n");
> goto out;
> }
>
> rc = next_entry(buf, fp, sizeof(u32) * items);
> if (rc) {
> - printk(KERN_ERR "SELinux: mls: truncated range\n");
> + pr_err("SELinux: mls: truncated range\n");
> goto out;
> }
>
> @@ -1023,19 +1025,19 @@ static int mls_read_range_helper(struct mls_range *r, void *fp)
>
> rc = ebitmap_read(&r->level[0].cat, fp);
> if (rc) {
> - printk(KERN_ERR "SELinux: mls: error reading low categories\n");
> + pr_err("SELinux: mls: error reading low categories\n");
> goto out;
> }
> if (items > 1) {
> rc = ebitmap_read(&r->level[1].cat, fp);
> if (rc) {
> - printk(KERN_ERR "SELinux: mls: error reading high categories\n");
> + pr_err("SELinux: mls: error reading high categories\n");
> goto bad_high;
> }
> } else {
> rc = ebitmap_cpy(&r->level[1].cat, &r->level[0].cat);
> if (rc) {
> - printk(KERN_ERR "SELinux: mls: out of memory\n");
> + pr_err("SELinux: mls: out of memory\n");
> goto bad_high;
> }
> }
> @@ -1060,7 +1062,7 @@ static int context_read_and_validate(struct context *c,
>
> rc = next_entry(buf, fp, sizeof buf);
> if (rc) {
> - printk(KERN_ERR "SELinux: context truncated\n");
> + pr_err("SELinux: context truncated\n");
> goto out;
> }
> c->user = le32_to_cpu(buf[0]);
> @@ -1069,14 +1071,14 @@ static int context_read_and_validate(struct context *c,
> if (p->policyvers >= POLICYDB_VERSION_MLS) {
> rc = mls_read_range_helper(&c->range, fp);
> if (rc) {
> - printk(KERN_ERR "SELinux: error reading MLS range of context\n");
> + pr_err("SELinux: error reading MLS range of context\n");
> goto out;
> }
> }
>
> rc = -EINVAL;
> if (!policydb_context_isvalid(p, c)) {
> - printk(KERN_ERR "SELinux: invalid security context\n");
> + pr_err("SELinux: invalid security context\n");
> context_destroy(c);
> goto out;
> }
> @@ -1352,7 +1354,8 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp)
> rc = -EINVAL;
> cladatum->comdatum = hashtab_search(p->p_commons.table, cladatum->comkey);
> if (!cladatum->comdatum) {
> - printk(KERN_ERR "SELinux: unknown common %s\n", cladatum->comkey);
> + pr_err("SELinux: unknown common %s\n",
> + cladatum->comkey);
> goto bad;
> }
> }
> @@ -1444,7 +1447,7 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp)
> if (strcmp(key, OBJECT_R) == 0) {
> rc = -EINVAL;
> if (role->value != OBJECT_R_VAL) {
> - printk(KERN_ERR "SELinux: Role %s has wrong value %d\n",
> + pr_err("SELinux: Role %s has wrong value %d\n",
> OBJECT_R, role->value);
> goto bad;
> }
> @@ -1522,14 +1525,14 @@ static int mls_read_level(struct mls_level *lp, void *fp)
>
> rc = next_entry(buf, fp, sizeof buf);
> if (rc) {
> - printk(KERN_ERR "SELinux: mls: truncated level\n");
> + pr_err("SELinux: mls: truncated level\n");
> return rc;
> }
> lp->sens = le32_to_cpu(buf[0]);
>
> rc = ebitmap_read(&lp->cat, fp);
> if (rc) {
> - printk(KERN_ERR "SELinux: mls: error reading level categories\n");
> + pr_err("SELinux: mls: error reading level categories\n");
> return rc;
> }
> return 0;
> @@ -1683,7 +1686,7 @@ static int user_bounds_sanity_check(void *key, void *datum, void *datap)
> unsigned long bit;
>
> if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
> - printk(KERN_ERR "SELinux: user %s: "
> + pr_err("SELinux: user %s: "
> "too deep or looped boundary",
> (char *) key);
> return -EINVAL;
> @@ -1694,8 +1697,7 @@ static int user_bounds_sanity_check(void *key, void *datum, void *datap)
> if (ebitmap_get_bit(&upper->roles, bit))
> continue;
>
> - printk(KERN_ERR
> - "SELinux: boundary violated policy: "
> + pr_err("SELinux: boundary violated policy: "
> "user=%s role=%s bounds=%s\n",
> sym_name(p, SYM_USERS, user->value - 1),
> sym_name(p, SYM_ROLES, bit),
> @@ -1720,7 +1722,7 @@ static int role_bounds_sanity_check(void *key, void *datum, void *datap)
> unsigned long bit;
>
> if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
> - printk(KERN_ERR "SELinux: role %s: "
> + pr_err("SELinux: role %s: "
> "too deep or looped bounds\n",
> (char *) key);
> return -EINVAL;
> @@ -1731,8 +1733,7 @@ static int role_bounds_sanity_check(void *key, void *datum, void *datap)
> if (ebitmap_get_bit(&upper->types, bit))
> continue;
>
> - printk(KERN_ERR
> - "SELinux: boundary violated policy: "
> + pr_err("SELinux: boundary violated policy: "
> "role=%s type=%s bounds=%s\n",
> sym_name(p, SYM_ROLES, role->value - 1),
> sym_name(p, SYM_TYPES, bit),
> @@ -1754,7 +1755,7 @@ static int type_bounds_sanity_check(void *key, void *datum, void *datap)
> upper = datum;
> while (upper->bounds) {
> if (++depth == POLICYDB_BOUNDS_MAXDEPTH) {
> - printk(KERN_ERR "SELinux: type %s: "
> + pr_err("SELinux: type %s: "
> "too deep or looped boundary\n",
> (char *) key);
> return -EINVAL;
> @@ -1765,7 +1766,7 @@ static int type_bounds_sanity_check(void *key, void *datum, void *datap)
> BUG_ON(!upper);
>
> if (upper->attribute) {
> - printk(KERN_ERR "SELinux: type %s: "
> + pr_err("SELinux: type %s: "
> "bounded by attribute %s",
> (char *) key,
> sym_name(p, SYM_TYPES, upper->value - 1));
> @@ -1888,7 +1889,7 @@ static int range_read(struct policydb *p, void *fp)
>
> rc = -EINVAL;
> if (!mls_range_isvalid(p, r)) {
> - printk(KERN_WARNING "SELinux: rangetrans: invalid range\n");
> + pr_warn("SELinux: rangetrans: invalid range\n");
> goto out;
> }
>
> @@ -2023,7 +2024,7 @@ static int genfs_read(struct policydb *p, void *fp)
> genfs_p = genfs, genfs = genfs->next) {
> rc = -EINVAL;
> if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
> - printk(KERN_ERR "SELinux: dup genfs fstype %s\n",
> + pr_err("SELinux: dup genfs fstype %s\n",
> newgenfs->fstype);
> goto out;
> }
> @@ -2073,7 +2074,7 @@ static int genfs_read(struct policydb *p, void *fp)
> if (!strcmp(newc->u.name, c->u.name) &&
> (!c->v.sclass || !newc->v.sclass ||
> newc->v.sclass == c->v.sclass)) {
> - printk(KERN_ERR "SELinux: dup genfs entry (%s,%s)\n",
> + pr_err("SELinux: dup genfs entry (%s,%s)\n",
> genfs->fstype, c->u.name);
> goto out;
> }
> @@ -2295,7 +2296,7 @@ int policydb_read(struct policydb *p, void *fp)
>
> rc = -EINVAL;
> if (le32_to_cpu(buf[0]) != POLICYDB_MAGIC) {
> - printk(KERN_ERR "SELinux: policydb magic number 0x%x does "
> + pr_err("SELinux: policydb magic number 0x%x does "
> "not match expected magic number 0x%x\n",
> le32_to_cpu(buf[0]), POLICYDB_MAGIC);
> goto bad;
> @@ -2304,7 +2305,7 @@ int policydb_read(struct policydb *p, void *fp)
> rc = -EINVAL;
> len = le32_to_cpu(buf[1]);
> if (len != strlen(POLICYDB_STRING)) {
> - printk(KERN_ERR "SELinux: policydb string length %d does not "
> + pr_err("SELinux: policydb string length %d does not "
> "match expected length %zu\n",
> len, strlen(POLICYDB_STRING));
> goto bad;
> @@ -2313,14 +2314,14 @@ int policydb_read(struct policydb *p, void *fp)
> rc = -ENOMEM;
> policydb_str = kmalloc(len + 1, GFP_KERNEL);
> if (!policydb_str) {
> - printk(KERN_ERR "SELinux: unable to allocate memory for policydb "
> + pr_err("SELinux: unable to allocate memory for policydb "
> "string of length %d\n", len);
> goto bad;
> }
>
> rc = next_entry(policydb_str, fp, len);
> if (rc) {
> - printk(KERN_ERR "SELinux: truncated policydb string identifier\n");
> + pr_err("SELinux: truncated policydb string identifier\n");
> kfree(policydb_str);
> goto bad;
> }
> @@ -2328,7 +2329,7 @@ int policydb_read(struct policydb *p, void *fp)
> rc = -EINVAL;
> policydb_str[len] = '\0';
> if (strcmp(policydb_str, POLICYDB_STRING)) {
> - printk(KERN_ERR "SELinux: policydb string %s does not match "
> + pr_err("SELinux: policydb string %s does not match "
> "my string %s\n", policydb_str, POLICYDB_STRING);
> kfree(policydb_str);
> goto bad;
> @@ -2346,7 +2347,7 @@ int policydb_read(struct policydb *p, void *fp)
> p->policyvers = le32_to_cpu(buf[0]);
> if (p->policyvers < POLICYDB_VERSION_MIN ||
> p->policyvers > POLICYDB_VERSION_MAX) {
> - printk(KERN_ERR "SELinux: policydb version %d does not match "
> + pr_err("SELinux: policydb version %d does not match "
> "my version range %d-%d\n",
> le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
> goto bad;
> @@ -2357,7 +2358,7 @@ int policydb_read(struct policydb *p, void *fp)
>
> rc = -EINVAL;
> if (p->policyvers < POLICYDB_VERSION_MLS) {
> - printk(KERN_ERR "SELinux: security policydb version %d "
> + pr_err("SELinux: security policydb version %d "
> "(MLS) not backwards compatible\n",
> p->policyvers);
> goto bad;
> @@ -2381,7 +2382,7 @@ int policydb_read(struct policydb *p, void *fp)
> rc = -EINVAL;
> info = policydb_lookup_compat(p->policyvers);
> if (!info) {
> - printk(KERN_ERR "SELinux: unable to find policy compat info "
> + pr_err("SELinux: unable to find policy compat info "
> "for version %d\n", p->policyvers);
> goto bad;
> }
> @@ -2389,7 +2390,7 @@ int policydb_read(struct policydb *p, void *fp)
> rc = -EINVAL;
> if (le32_to_cpu(buf[2]) != info->sym_num ||
> le32_to_cpu(buf[3]) != info->ocon_num) {
> - printk(KERN_ERR "SELinux: policydb table sizes (%d,%d) do "
> + pr_err("SELinux: policydb table sizes (%d,%d) do "
> "not match mine (%d,%d)\n", le32_to_cpu(buf[2]),
> le32_to_cpu(buf[3]),
> info->sym_num, info->ocon_num);
> @@ -3417,7 +3418,7 @@ int policydb_write(struct policydb *p, void *fp)
> * careful if you ever try to remove this restriction
> */
> if (p->policyvers < POLICYDB_VERSION_AVTAB) {
> - printk(KERN_ERR "SELinux: refusing to write policy version %d."
> + pr_err("SELinux: refusing to write policy version %d."
> " Because it is less than version %d\n", p->policyvers,
> POLICYDB_VERSION_AVTAB);
> return -EINVAL;
> @@ -3446,7 +3447,7 @@ int policydb_write(struct policydb *p, void *fp)
> /* Write the version, config, and table sizes. */
> info = policydb_lookup_compat(p->policyvers);
> if (!info) {
> - printk(KERN_ERR "SELinux: compatibility lookup failed for policy "
> + pr_err("SELinux: compatibility lookup failed for policy "
> "version %d", p->policyvers);
> return -EINVAL;
> }
> --
> 2.15.1
>


--
paul moore
http://www.paul-moore.com

2018-06-19 16:45:23

by Paul Moore

[permalink] [raw]
Subject: Re: [PATCH 04/13] selinux: Cleanup printk logging in hooks

On Tue, Jun 12, 2018 at 4:09 AM Peter Enderborg
<[email protected]> wrote:
>
> Replace printk with pr_* to avoid checkpatch warnings.
>
> Signed-off-by: Peter Enderborg <[email protected]>
> ---
> security/selinux/hooks.c | 68 +++++++++++++++++++++++-------------------------
> 1 file changed, 33 insertions(+), 35 deletions(-)

Merged, thank you.

> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 4cafe6a19167..3ab9687ac4c8 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -531,7 +531,7 @@ static int sb_finish_set_opts(struct super_block *sb)
> the first boot of the SELinux kernel before we have
> assigned xattr values to the filesystem. */
> if (!(root_inode->i_opflags & IOP_XATTR)) {
> - printk(KERN_WARNING "SELinux: (dev %s, type %s) has no "
> + pr_warn("SELinux: (dev %s, type %s) has no "
> "xattr support\n", sb->s_id, sb->s_type->name);
> rc = -EOPNOTSUPP;
> goto out;
> @@ -540,11 +540,11 @@ static int sb_finish_set_opts(struct super_block *sb)
> rc = __vfs_getxattr(root, root_inode, XATTR_NAME_SELINUX, NULL, 0);
> if (rc < 0 && rc != -ENODATA) {
> if (rc == -EOPNOTSUPP)
> - printk(KERN_WARNING "SELinux: (dev %s, type "
> + pr_warn("SELinux: (dev %s, type "
> "%s) has no security xattr handler\n",
> sb->s_id, sb->s_type->name);
> else
> - printk(KERN_WARNING "SELinux: (dev %s, type "
> + pr_warn("SELinux: (dev %s, type "
> "%s) getxattr errno %d\n", sb->s_id,
> sb->s_type->name, -rc);
> goto out;
> @@ -743,7 +743,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
> goto out;
> }
> rc = -EINVAL;
> - printk(KERN_WARNING "SELinux: Unable to set superblock options "
> + pr_warn("SELinux: Unable to set superblock options "
> "before the security server is initialized\n");
> goto out;
> }
> @@ -785,7 +785,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
> mount_options[i], &sid,
> GFP_KERNEL);
> if (rc) {
> - printk(KERN_WARNING "SELinux: security_context_str_to_sid"
> + pr_warn("SELinux: security_context_str_to_sid"
> "(%s) failed for (dev %s, type %s) errno=%d\n",
> mount_options[i], sb->s_id, name, rc);
> goto out;
> @@ -861,8 +861,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
> */
> rc = security_fs_use(&selinux_state, sb);
> if (rc) {
> - printk(KERN_WARNING
> - "%s: security_fs_use(%s) returned %d\n",
> + pr_warn("%s: security_fs_use(%s) returned %d\n",
> __func__, sb->s_type->name, rc);
> goto out;
> }
> @@ -948,7 +947,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
> if (sbsec->behavior != SECURITY_FS_USE_XATTR &&
> sbsec->behavior != SECURITY_FS_USE_NATIVE) {
> rc = -EINVAL;
> - printk(KERN_WARNING "SELinux: defcontext option is "
> + pr_warn("SELinux: defcontext option is "
> "invalid for this filesystem type\n");
> goto out;
> }
> @@ -970,7 +969,7 @@ static int selinux_set_mnt_opts(struct super_block *sb,
> return rc;
> out_double_mount:
> rc = -EINVAL;
> - printk(KERN_WARNING "SELinux: mount invalid. Same superblock, different "
> + pr_warn("SELinux: mount invalid. Same superblock, different "
> "security settings for (dev %s, type %s)\n", sb->s_id, name);
> goto out;
> }
> @@ -999,7 +998,7 @@ static int selinux_cmp_sb_context(const struct super_block *oldsb,
> }
> return 0;
> mismatch:
> - printk(KERN_WARNING "SELinux: mount invalid. Same superblock, "
> + pr_warn("SELinux: mount invalid. Same superblock, "
> "different security settings for (dev %s, "
> "type %s)\n", newsb->s_id, newsb->s_type->name);
> return -EBUSY;
> @@ -1107,7 +1106,7 @@ static int selinux_parse_opts_str(char *options,
> case Opt_context:
> if (context || defcontext) {
> rc = -EINVAL;
> - printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
> + pr_warn(SEL_MOUNT_FAIL_MSG);
> goto out_err;
> }
> context = match_strdup(&args[0]);
> @@ -1120,7 +1119,7 @@ static int selinux_parse_opts_str(char *options,
> case Opt_fscontext:
> if (fscontext) {
> rc = -EINVAL;
> - printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
> + pr_warn(SEL_MOUNT_FAIL_MSG);
> goto out_err;
> }
> fscontext = match_strdup(&args[0]);
> @@ -1133,7 +1132,7 @@ static int selinux_parse_opts_str(char *options,
> case Opt_rootcontext:
> if (rootcontext) {
> rc = -EINVAL;
> - printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
> + pr_warn(SEL_MOUNT_FAIL_MSG);
> goto out_err;
> }
> rootcontext = match_strdup(&args[0]);
> @@ -1146,7 +1145,7 @@ static int selinux_parse_opts_str(char *options,
> case Opt_defcontext:
> if (context || defcontext) {
> rc = -EINVAL;
> - printk(KERN_WARNING SEL_MOUNT_FAIL_MSG);
> + pr_warn(SEL_MOUNT_FAIL_MSG);
> goto out_err;
> }
> defcontext = match_strdup(&args[0]);
> @@ -1159,7 +1158,7 @@ static int selinux_parse_opts_str(char *options,
> break;
> default:
> rc = -EINVAL;
> - printk(KERN_WARNING "SELinux: unknown mount option\n");
> + pr_warn("SELinux: unknown mount option\n");
> goto out_err;
>
> }
> @@ -1615,7 +1614,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
> dput(dentry);
> if (rc < 0) {
> if (rc != -ENODATA) {
> - printk(KERN_WARNING "SELinux: %s: getxattr returned "
> + pr_warn("SELinux: %s: getxattr returned "
> "%d for dev=%s ino=%ld\n", __func__,
> -rc, inode->i_sb->s_id, inode->i_ino);
> kfree(context);
> @@ -1635,11 +1634,11 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
>
> if (rc == -EINVAL) {
> if (printk_ratelimit())
> - printk(KERN_NOTICE "SELinux: inode=%lu on dev=%s was found to have an invalid "
> + pr_notice("SELinux: inode=%lu on dev=%s was found to have an invalid "
> "context=%s. This indicates you may need to relabel the inode or the "
> "filesystem in question.\n", ino, dev, context);
> } else {
> - printk(KERN_WARNING "SELinux: %s: context_to_sid(%s) "
> + pr_warn("SELinux: %s: context_to_sid(%s) "
> "returned %d for dev=%s ino=%ld\n",
> __func__, context, -rc, dev, ino);
> }
> @@ -1772,8 +1771,7 @@ static int cred_has_capability(const struct cred *cred,
> sclass = initns ? SECCLASS_CAPABILITY2 : SECCLASS_CAP2_USERNS;
> break;
> default:
> - printk(KERN_ERR
> - "SELinux: out of range capability %d\n", cap);
> + pr_err("SELinux: out of range capability %d\n", cap);
> BUG();
> return -EINVAL;
> }
> @@ -2016,7 +2014,7 @@ static int may_link(struct inode *dir,
> av = DIR__RMDIR;
> break;
> default:
> - printk(KERN_WARNING "SELinux: %s: unrecognized kind %d\n",
> + pr_warn("SELinux: %s: unrecognized kind %d\n",
> __func__, kind);
> return 0;
> }
> @@ -2862,7 +2860,7 @@ static int selinux_sb_remount(struct super_block *sb, void *data)
> mount_options[i], &sid,
> GFP_KERNEL);
> if (rc) {
> - printk(KERN_WARNING "SELinux: security_context_str_to_sid"
> + pr_warn("SELinux: security_context_str_to_sid"
> "(%s) failed for (dev %s, type %s) errno=%d\n",
> mount_options[i], sb->s_id, sb->s_type->name, rc);
> goto out_free_opts;
> @@ -2901,7 +2899,7 @@ static int selinux_sb_remount(struct super_block *sb, void *data)
> free_secdata(secdata);
> return rc;
> out_bad_option:
> - printk(KERN_WARNING "SELinux: unable to change security options "
> + pr_warn("SELinux: unable to change security options "
> "during remount (dev %s, type=%s)\n", sb->s_id,
> sb->s_type->name);
> goto out_free_opts;
> @@ -3343,7 +3341,7 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
> rc = security_context_to_sid_force(&selinux_state, value, size,
> &newsid);
> if (rc) {
> - printk(KERN_ERR "SELinux: unable to map context to SID"
> + pr_err("SELinux: unable to map context to SID"
> "for (%s, %lu), rc=%d\n",
> inode->i_sb->s_id, inode->i_ino, -rc);
> return;
> @@ -4406,7 +4404,7 @@ static int selinux_parse_skb(struct sk_buff *skb, struct common_audit_data *ad,
> }
>
> parse_error:
> - printk(KERN_WARNING
> + pr_warn(
> "SELinux: failure in selinux_parse_skb(),"
> " unable to parse packet\n");
> return ret;
> @@ -4449,7 +4447,7 @@ static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
> err = security_net_peersid_resolve(&selinux_state, nlbl_sid,
> nlbl_type, xfrm_sid, sid);
> if (unlikely(err)) {
> - printk(KERN_WARNING
> + pr_warn(
> "SELinux: failure in selinux_skb_peerlbl_sid(),"
> " unable to determine packet's peer label\n");
> return -EACCES;
> @@ -7091,11 +7089,11 @@ static __init int selinux_init(void)
> }
>
> if (!selinux_enabled) {
> - printk(KERN_INFO "SELinux: Disabled at boot.\n");
> + pr_info("SELinux: Disabled at boot.\n");
> return 0;
> }
>
> - printk(KERN_INFO "SELinux: Initializing.\n");
> + pr_info("SELinux: Initializing.\n");
>
> memset(&selinux_state, 0, sizeof(selinux_state));
> enforcing_set(&selinux_state, selinux_enforcing_boot);
> @@ -7131,9 +7129,9 @@ static __init int selinux_init(void)
> panic("SELinux: Unable to register AVC LSM notifier callback\n");
>
> if (selinux_enforcing_boot)
> - printk(KERN_DEBUG "SELinux: Starting in enforcing mode\n");
> + pr_debug("SELinux: Starting in enforcing mode\n");
> else
> - printk(KERN_DEBUG "SELinux: Starting in permissive mode\n");
> + pr_debug("SELinux: Starting in permissive mode\n");
>
> return 0;
> }
> @@ -7145,10 +7143,10 @@ static void delayed_superblock_init(struct super_block *sb, void *unused)
>
> void selinux_complete_init(void)
> {
> - printk(KERN_DEBUG "SELinux: Completing initialization.\n");
> + pr_debug("SELinux: Completing initialization.\n");
>
> /* Set up any superblocks initialized prior to the policy load. */
> - printk(KERN_DEBUG "SELinux: Setting up existing superblocks.\n");
> + pr_debug("SELinux: Setting up existing superblocks.\n");
> iterate_supers(delayed_superblock_init, NULL);
> }
>
> @@ -7223,7 +7221,7 @@ static int __init selinux_nf_ip_init(void)
> if (!selinux_enabled)
> return 0;
>
> - printk(KERN_DEBUG "SELinux: Registering netfilter hooks\n");
> + pr_debug("SELinux: Registering netfilter hooks\n");
>
> err = register_pernet_subsys(&selinux_net_ops);
> if (err)
> @@ -7236,7 +7234,7 @@ __initcall(selinux_nf_ip_init);
> #ifdef CONFIG_SECURITY_SELINUX_DISABLE
> static void selinux_nf_ip_exit(void)
> {
> - printk(KERN_DEBUG "SELinux: Unregistering netfilter hooks\n");
> + pr_debug("SELinux: Unregistering netfilter hooks\n");
>
> unregister_pernet_subsys(&selinux_net_ops);
> }
> @@ -7265,7 +7263,7 @@ int selinux_disable(struct selinux_state *state)
>
> state->disabled = 1;
>
> - printk(KERN_INFO "SELinux: Disabled at runtime.\n");
> + pr_info("SELinux: Disabled at runtime.\n");
>
> selinux_enabled = 0;
>
> --
> 2.15.1
>


--
paul moore
http://www.paul-moore.com

2018-06-19 16:47:01

by Joe Perches

[permalink] [raw]
Subject: Re: [PATCH 03/13] selinux: Cleanup printk logging in policydb

On Tue, 2018-06-19 at 12:41 -0400, Paul Moore wrote:
> On Tue, Jun 12, 2018 at 4:09 AM Peter Enderborg
> <[email protected]> wrote:
> >
> > Replace printk with pr_* to avoid checkpatch warnings and
> > replace KERN_CONT with 2 longer prints.
> >
> > Signed-off-by: Peter Enderborg <[email protected]>
> > ---
> > security/selinux/ss/policydb.c | 91 +++++++++++++++++++++---------------------
> > 1 file changed, 46 insertions(+), 45 deletions(-)
>
> Merged, thank you. While removing the separate KERN_CONT message
> introduces some duplication, I think that's the right thing to do.
>
> > diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
[]
> > @@ -504,7 +504,7 @@ static void hash_eval(struct hashtab *h, const char *hash_name)
> > struct hashtab_info info;
> >
> > hashtab_stat(h, &info);
> > - printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, "
> > + pr_debug("SELinux: %s: %d entries and %d/%d buckets used, "
> > "longest chain length %d\n", hash_name, h->nel,
> > info.slots_used, h->size, info.max_chain_len);
> > }
> > @@ -533,15 +533,17 @@ static int policydb_index(struct policydb *p)
> > {
> > int i, rc;
> >
> > - printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools",
> > - p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
> > if (p->mls_enabled)
> > - printk(KERN_CONT ", %d sens, %d cats", p->p_levels.nprim,
> > - p->p_cats.nprim);
> > - printk(KERN_CONT "\n");
> > + pr_debug("SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats",
> > + p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
> > + p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim);
> > + else
> > + pr_debug("SELinux: %d users, %d roles, %d types, %d bools",
> > + p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
> > + p->p_bools.nprim);

This lost the terminating newline on each pr_debug


2018-06-19 16:52:43

by Paul Moore

[permalink] [raw]
Subject: Re: [PATCH 03/13] selinux: Cleanup printk logging in policydb

On Tue, Jun 19, 2018 at 12:45 PM Joe Perches <[email protected]> wrote:
>
> On Tue, 2018-06-19 at 12:41 -0400, Paul Moore wrote:
> > On Tue, Jun 12, 2018 at 4:09 AM Peter Enderborg
> > <[email protected]> wrote:
> > >
> > > Replace printk with pr_* to avoid checkpatch warnings and
> > > replace KERN_CONT with 2 longer prints.
> > >
> > > Signed-off-by: Peter Enderborg <[email protected]>
> > > ---
> > > security/selinux/ss/policydb.c | 91 +++++++++++++++++++++---------------------
> > > 1 file changed, 46 insertions(+), 45 deletions(-)
> >
> > Merged, thank you. While removing the separate KERN_CONT message
> > introduces some duplication, I think that's the right thing to do.
> >
> > > diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
> []
> > > @@ -504,7 +504,7 @@ static void hash_eval(struct hashtab *h, const char *hash_name)
> > > struct hashtab_info info;
> > >
> > > hashtab_stat(h, &info);
> > > - printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, "
> > > + pr_debug("SELinux: %s: %d entries and %d/%d buckets used, "
> > > "longest chain length %d\n", hash_name, h->nel,
> > > info.slots_used, h->size, info.max_chain_len);
> > > }
> > > @@ -533,15 +533,17 @@ static int policydb_index(struct policydb *p)
> > > {
> > > int i, rc;
> > >
> > > - printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools",
> > > - p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
> > > if (p->mls_enabled)
> > > - printk(KERN_CONT ", %d sens, %d cats", p->p_levels.nprim,
> > > - p->p_cats.nprim);
> > > - printk(KERN_CONT "\n");
> > > + pr_debug("SELinux: %d users, %d roles, %d types, %d bools, %d sens, %d cats",
> > > + p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
> > > + p->p_bools.nprim, p->p_levels.nprim, p->p_cats.nprim);
> > > + else
> > > + pr_debug("SELinux: %d users, %d roles, %d types, %d bools",
> > > + p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim,
> > > + p->p_bools.nprim);
>
> This lost the terminating newline on each pr_debug

Good catch. I haven't pushed to selinux/next yet, and this is pretty
minor, so I'll just fix that up in the merge.

--
paul moore
http://www.paul-moore.com

2018-06-19 17:04:58

by Paul Moore

[permalink] [raw]
Subject: Re: [PATCH 05/13] selinux: Cleanup printk logging in avtab

On Tue, Jun 12, 2018 at 4:09 AM Peter Enderborg
<[email protected]> wrote:
>
> Replace printk with pr_* to avoid checkpatch warnings.
>
> Signed-off-by: Peter Enderborg <[email protected]>
> ---
> security/selinux/ss/avtab.c | 51 +++++++++++++++++++++++----------------------
> 1 file changed, 26 insertions(+), 25 deletions(-)

Merged, thanks.

> diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
> index a2c9148b0662..c0417cf17fee 100644
> --- a/security/selinux/ss/avtab.c
> +++ b/security/selinux/ss/avtab.c
> @@ -338,7 +338,7 @@ int avtab_alloc(struct avtab *h, u32 nrules)
> h->nel = 0;
> h->nslot = nslot;
> h->mask = mask;
> - printk(KERN_DEBUG "SELinux: %d avtab hash slots, %d rules.\n",
> + pr_debug("SELinux: %d avtab hash slots, %d rules.\n",
> h->nslot, nrules);
> return 0;
> }
> @@ -368,7 +368,7 @@ void avtab_hash_eval(struct avtab *h, char *tag)
> }
> }
>
> - printk(KERN_DEBUG "SELinux: %s: %d entries and %d/%d buckets used, "
> + pr_debug("SELinux: %s: %d entries and %d/%d buckets used, "
> "longest chain length %d sum of chain length^2 %llu\n",
> tag, h->nel, slots_used, h->nslot, max_chain_len,
> chain2_len_sum);
> @@ -407,18 +407,18 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
> if (vers < POLICYDB_VERSION_AVTAB) {
> rc = next_entry(buf32, fp, sizeof(u32));
> if (rc) {
> - printk(KERN_ERR "SELinux: avtab: truncated entry\n");
> + pr_err("SELinux: avtab: truncated entry\n");
> return rc;
> }
> items2 = le32_to_cpu(buf32[0]);
> if (items2 > ARRAY_SIZE(buf32)) {
> - printk(KERN_ERR "SELinux: avtab: entry overflow\n");
> + pr_err("SELinux: avtab: entry overflow\n");
> return -EINVAL;
>
> }
> rc = next_entry(buf32, fp, sizeof(u32)*items2);
> if (rc) {
> - printk(KERN_ERR "SELinux: avtab: truncated entry\n");
> + pr_err("SELinux: avtab: truncated entry\n");
> return rc;
> }
> items = 0;
> @@ -426,19 +426,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
> val = le32_to_cpu(buf32[items++]);
> key.source_type = (u16)val;
> if (key.source_type != val) {
> - printk(KERN_ERR "SELinux: avtab: truncated source type\n");
> + pr_err("SELinux: avtab: truncated source type\n");
> return -EINVAL;
> }
> val = le32_to_cpu(buf32[items++]);
> key.target_type = (u16)val;
> if (key.target_type != val) {
> - printk(KERN_ERR "SELinux: avtab: truncated target type\n");
> + pr_err("SELinux: avtab: truncated target type\n");
> return -EINVAL;
> }
> val = le32_to_cpu(buf32[items++]);
> key.target_class = (u16)val;
> if (key.target_class != val) {
> - printk(KERN_ERR "SELinux: avtab: truncated target class\n");
> + pr_err("SELinux: avtab: truncated target class\n");
> return -EINVAL;
> }
>
> @@ -446,16 +446,16 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
> enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0;
>
> if (!(val & (AVTAB_AV | AVTAB_TYPE))) {
> - printk(KERN_ERR "SELinux: avtab: null entry\n");
> + pr_err("SELinux: avtab: null entry\n");
> return -EINVAL;
> }
> if ((val & AVTAB_AV) &&
> (val & AVTAB_TYPE)) {
> - printk(KERN_ERR "SELinux: avtab: entry has both access vectors and types\n");
> + pr_err("SELinux: avtab: entry has both access vectors and types\n");
> return -EINVAL;
> }
> if (val & AVTAB_XPERMS) {
> - printk(KERN_ERR "SELinux: avtab: entry has extended permissions\n");
> + pr_err("SELinux: avtab: entry has extended permissions\n");
> return -EINVAL;
> }
>
> @@ -470,7 +470,8 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
> }
>
> if (items != items2) {
> - printk(KERN_ERR "SELinux: avtab: entry only had %d items, expected %d\n", items2, items);
> + pr_err("SELinux: avtab: entry only had %d items, expected %d\n",
> + items2, items);
> return -EINVAL;
> }
> return 0;
> @@ -478,7 +479,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
>
> rc = next_entry(buf16, fp, sizeof(u16)*4);
> if (rc) {
> - printk(KERN_ERR "SELinux: avtab: truncated entry\n");
> + pr_err("SELinux: avtab: truncated entry\n");
> return rc;
> }
>
> @@ -491,7 +492,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
> if (!policydb_type_isvalid(pol, key.source_type) ||
> !policydb_type_isvalid(pol, key.target_type) ||
> !policydb_class_isvalid(pol, key.target_class)) {
> - printk(KERN_ERR "SELinux: avtab: invalid type or class\n");
> + pr_err("SELinux: avtab: invalid type or class\n");
> return -EINVAL;
> }
>
> @@ -501,13 +502,13 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
> set++;
> }
> if (!set || set > 1) {
> - printk(KERN_ERR "SELinux: avtab: more than one specifier\n");
> + pr_err("SELinux: avtab: more than one specifier\n");
> return -EINVAL;
> }
>
> if ((vers < POLICYDB_VERSION_XPERMS_IOCTL) &&
> (key.specified & AVTAB_XPERMS)) {
> - printk(KERN_ERR "SELinux: avtab: policy version %u does not "
> + pr_err("SELinux: avtab: policy version %u does not "
> "support extended permissions rules and one "
> "was specified\n", vers);
> return -EINVAL;
> @@ -515,17 +516,17 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
> memset(&xperms, 0, sizeof(struct avtab_extended_perms));
> rc = next_entry(&xperms.specified, fp, sizeof(u8));
> if (rc) {
> - printk(KERN_ERR "SELinux: avtab: truncated entry\n");
> + pr_err("SELinux: avtab: truncated entry\n");
> return rc;
> }
> rc = next_entry(&xperms.driver, fp, sizeof(u8));
> if (rc) {
> - printk(KERN_ERR "SELinux: avtab: truncated entry\n");
> + pr_err("SELinux: avtab: truncated entry\n");
> return rc;
> }
> rc = next_entry(buf32, fp, sizeof(u32)*ARRAY_SIZE(xperms.perms.p));
> if (rc) {
> - printk(KERN_ERR "SELinux: avtab: truncated entry\n");
> + pr_err("SELinux: avtab: truncated entry\n");
> return rc;
> }
> for (i = 0; i < ARRAY_SIZE(xperms.perms.p); i++)
> @@ -534,14 +535,14 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
> } else {
> rc = next_entry(buf32, fp, sizeof(u32));
> if (rc) {
> - printk(KERN_ERR "SELinux: avtab: truncated entry\n");
> + pr_err("SELinux: avtab: truncated entry\n");
> return rc;
> }
> datum.u.data = le32_to_cpu(*buf32);
> }
> if ((key.specified & AVTAB_TYPE) &&
> !policydb_type_isvalid(pol, datum.u.data)) {
> - printk(KERN_ERR "SELinux: avtab: invalid type\n");
> + pr_err("SELinux: avtab: invalid type\n");
> return -EINVAL;
> }
> return insertf(a, &key, &datum, p);
> @@ -562,12 +563,12 @@ int avtab_read(struct avtab *a, void *fp, struct policydb *pol)
>
> rc = next_entry(buf, fp, sizeof(u32));
> if (rc < 0) {
> - printk(KERN_ERR "SELinux: avtab: truncated table\n");
> + pr_err("SELinux: avtab: truncated table\n");
> goto bad;
> }
> nel = le32_to_cpu(buf[0]);
> if (!nel) {
> - printk(KERN_ERR "SELinux: avtab: table is empty\n");
> + pr_err("SELinux: avtab: table is empty\n");
> rc = -EINVAL;
> goto bad;
> }
> @@ -580,9 +581,9 @@ int avtab_read(struct avtab *a, void *fp, struct policydb *pol)
> rc = avtab_read_item(a, fp, pol, avtab_insertf, NULL);
> if (rc) {
> if (rc == -ENOMEM)
> - printk(KERN_ERR "SELinux: avtab: out of memory\n");
> + pr_err("SELinux: avtab: out of memory\n");
> else if (rc == -EEXIST)
> - printk(KERN_ERR "SELinux: avtab: duplicate entry\n");
> + pr_err("SELinux: avtab: duplicate entry\n");
>
> goto bad;
> }
> --
> 2.15.1
>


--
paul moore
http://www.paul-moore.com

2018-06-19 17:14:51

by Paul Moore

[permalink] [raw]
Subject: Re: [PATCH 06/13] selinux: Cleanup printk logging in services

On Tue, Jun 12, 2018 at 4:09 AM Peter Enderborg
<[email protected]> wrote:
>
> Replace printk with pr_* to avoid checkpatch warnings.
>
> Signed-off-by: Peter Enderborg <[email protected]>
> ---
> security/selinux/ss/services.c | 71 +++++++++++++++++++++---------------------
> 1 file changed, 35 insertions(+), 36 deletions(-)

Merged, thanks.

> diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
> index 8057e19dc15f..9ad9b6c2f0a7 100644
> --- a/security/selinux/ss/services.c
> +++ b/security/selinux/ss/services.c
> @@ -136,8 +136,7 @@ static int selinux_set_mapping(struct policydb *pol,
>
> p_out->value = string_to_security_class(pol, p_in->name);
> if (!p_out->value) {
> - printk(KERN_INFO
> - "SELinux: Class %s not defined in policy.\n",
> + pr_info("SELinux: Class %s not defined in policy.\n",
> p_in->name);
> if (pol->reject_unknown)
> goto err;
> @@ -156,8 +155,7 @@ static int selinux_set_mapping(struct policydb *pol,
> p_out->perms[k] = string_to_av_perm(pol, p_out->value,
> p_in->perms[k]);
> if (!p_out->perms[k]) {
> - printk(KERN_INFO
> - "SELinux: Permission %s in class %s not defined in policy.\n",
> + pr_info("SELinux: Permission %s in class %s not defined in policy.\n",
> p_in->perms[k], p_in->name);
> if (pol->reject_unknown)
> goto err;
> @@ -170,7 +168,7 @@ static int selinux_set_mapping(struct policydb *pol,
> }
>
> if (print_unknown_handle)
> - printk(KERN_INFO "SELinux: the above unknown classes and permissions will be %s\n",
> + pr_info("SELinux: the above unknown classes and permissions will be %s\n",
> pol->allow_unknown ? "allowed" : "denied");
>
> out_map->size = i;
> @@ -644,7 +642,7 @@ static void context_struct_compute_av(struct policydb *policydb,
>
> if (unlikely(!tclass || tclass > policydb->p_classes.nprim)) {
> if (printk_ratelimit())
> - printk(KERN_WARNING "SELinux: Invalid class %hu\n", tclass);
> + pr_warn("SELinux: Invalid class %hu\n", tclass);
> return;
> }
>
> @@ -793,7 +791,7 @@ static int security_compute_validatetrans(struct selinux_state *state,
>
> ocontext = sidtab_search(sidtab, oldsid);
> if (!ocontext) {
> - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
> + pr_err("SELinux: %s: unrecognized SID %d\n",
> __func__, oldsid);
> rc = -EINVAL;
> goto out;
> @@ -801,7 +799,7 @@ static int security_compute_validatetrans(struct selinux_state *state,
>
> ncontext = sidtab_search(sidtab, newsid);
> if (!ncontext) {
> - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
> + pr_err("SELinux: %s: unrecognized SID %d\n",
> __func__, newsid);
> rc = -EINVAL;
> goto out;
> @@ -809,7 +807,7 @@ static int security_compute_validatetrans(struct selinux_state *state,
>
> tcontext = sidtab_search(sidtab, tasksid);
> if (!tcontext) {
> - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
> + pr_err("SELinux: %s: unrecognized SID %d\n",
> __func__, tasksid);
> rc = -EINVAL;
> goto out;
> @@ -883,7 +881,7 @@ int security_bounded_transition(struct selinux_state *state,
> rc = -EINVAL;
> old_context = sidtab_search(sidtab, old_sid);
> if (!old_context) {
> - printk(KERN_ERR "SELinux: %s: unrecognized SID %u\n",
> + pr_err("SELinux: %s: unrecognized SID %u\n",
> __func__, old_sid);
> goto out;
> }
> @@ -891,7 +889,7 @@ int security_bounded_transition(struct selinux_state *state,
> rc = -EINVAL;
> new_context = sidtab_search(sidtab, new_sid);
> if (!new_context) {
> - printk(KERN_ERR "SELinux: %s: unrecognized SID %u\n",
> + pr_err("SELinux: %s: unrecognized SID %u\n",
> __func__, new_sid);
> goto out;
> }
> @@ -1040,14 +1038,14 @@ void security_compute_xperms_decision(struct selinux_state *state,
>
> scontext = sidtab_search(sidtab, ssid);
> if (!scontext) {
> - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
> + pr_err("SELinux: %s: unrecognized SID %d\n",
> __func__, ssid);
> goto out;
> }
>
> tcontext = sidtab_search(sidtab, tsid);
> if (!tcontext) {
> - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
> + pr_err("SELinux: %s: unrecognized SID %d\n",
> __func__, tsid);
> goto out;
> }
> @@ -1129,7 +1127,7 @@ void security_compute_av(struct selinux_state *state,
>
> scontext = sidtab_search(sidtab, ssid);
> if (!scontext) {
> - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
> + pr_err("SELinux: %s: unrecognized SID %d\n",
> __func__, ssid);
> goto out;
> }
> @@ -1140,7 +1138,7 @@ void security_compute_av(struct selinux_state *state,
>
> tcontext = sidtab_search(sidtab, tsid);
> if (!tcontext) {
> - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
> + pr_err("SELinux: %s: unrecognized SID %d\n",
> __func__, tsid);
> goto out;
> }
> @@ -1183,7 +1181,7 @@ void security_compute_av_user(struct selinux_state *state,
>
> scontext = sidtab_search(sidtab, ssid);
> if (!scontext) {
> - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
> + pr_err("SELinux: %s: unrecognized SID %d\n",
> __func__, ssid);
> goto out;
> }
> @@ -1194,7 +1192,7 @@ void security_compute_av_user(struct selinux_state *state,
>
> tcontext = sidtab_search(sidtab, tsid);
> if (!tcontext) {
> - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
> + pr_err("SELinux: %s: unrecognized SID %d\n",
> __func__, tsid);
> goto out;
> }
> @@ -1310,7 +1308,7 @@ static int security_sid_to_context_core(struct selinux_state *state,
> *scontext = scontextp;
> goto out;
> }
> - printk(KERN_ERR "SELinux: %s: called before initial "
> + pr_err("SELinux: %s: called before initial "
> "load_policy on unknown SID %d\n", __func__, sid);
> rc = -EINVAL;
> goto out;
> @@ -1323,7 +1321,7 @@ static int security_sid_to_context_core(struct selinux_state *state,
> else
> context = sidtab_search(sidtab, sid);
> if (!context) {
> - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
> + pr_err("SELinux: %s: unrecognized SID %d\n",
> __func__, sid);
> rc = -EINVAL;
> goto out_unlock;
> @@ -1678,14 +1676,14 @@ static int security_compute_sid(struct selinux_state *state,
>
> scontext = sidtab_search(sidtab, ssid);
> if (!scontext) {
> - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
> + pr_err("SELinux: %s: unrecognized SID %d\n",
> __func__, ssid);
> rc = -EINVAL;
> goto out_unlock;
> }
> tcontext = sidtab_search(sidtab, tsid);
> if (!tcontext) {
> - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
> + pr_err("SELinux: %s: unrecognized SID %d\n",
> __func__, tsid);
> rc = -EINVAL;
> goto out_unlock;
> @@ -1911,7 +1909,8 @@ static inline int convert_context_handle_invalid_context(
> return -EINVAL;
>
> if (!context_struct_to_string(policydb, context, &s, &len)) {
> - printk(KERN_WARNING "SELinux: Context %s would be invalid if enforcing\n", s);
> + pr_warn("SELinux: Context %s would be invalid if enforcing\n",
> + s);
> kfree(s);
> }
> return 0;
> @@ -1962,7 +1961,7 @@ static int convert_context(u32 key,
> c->len, &ctx, SECSID_NULL);
> kfree(s);
> if (!rc) {
> - printk(KERN_INFO "SELinux: Context %s became valid (mapped).\n",
> + pr_info("SELinux: Context %s became valid (mapped).\n",
> c->str);
> /* Replace string with mapped representation. */
> kfree(c->str);
> @@ -1974,7 +1973,7 @@ static int convert_context(u32 key,
> goto out;
> } else {
> /* Other error condition, e.g. ENOMEM. */
> - printk(KERN_ERR "SELinux: Unable to map context %s, rc = %d.\n",
> + pr_err("SELinux: Unable to map context %s, rc = %d.\n",
> c->str, -rc);
> goto out;
> }
> @@ -2033,7 +2032,7 @@ static int convert_context(u32 key,
> oc = oc->next;
> rc = -EINVAL;
> if (!oc) {
> - printk(KERN_ERR "SELinux: unable to look up"
> + pr_err("SELinux: unable to look up"
> " the initial SIDs list\n");
> goto bad;
> }
> @@ -2065,7 +2064,7 @@ static int convert_context(u32 key,
> context_destroy(c);
> c->str = s;
> c->len = len;
> - printk(KERN_INFO "SELinux: Context %s became invalid (unmapped).\n",
> + pr_info("SELinux: Context %s became invalid (unmapped).\n",
> c->str);
> rc = 0;
> goto out;
> @@ -2170,13 +2169,13 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len)
> newpolicydb->len = len;
> /* If switching between different policy types, log MLS status */
> if (policydb->mls_enabled && !newpolicydb->mls_enabled)
> - printk(KERN_INFO "SELinux: Disabling MLS support...\n");
> + pr_info("SELinux: Disabling MLS support...\n");
> else if (!policydb->mls_enabled && newpolicydb->mls_enabled)
> - printk(KERN_INFO "SELinux: Enabling MLS support...\n");
> + pr_info("SELinux: Enabling MLS support...\n");
>
> rc = policydb_load_isids(newpolicydb, &newsidtab);
> if (rc) {
> - printk(KERN_ERR "SELinux: unable to load the initial SIDs\n");
> + pr_err("SELinux: unable to load the initial SIDs\n");
> policydb_destroy(newpolicydb);
> goto out;
> }
> @@ -2187,7 +2186,7 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len)
>
> rc = security_preserve_bools(state, newpolicydb);
> if (rc) {
> - printk(KERN_ERR "SELinux: unable to preserve booleans\n");
> + pr_err("SELinux: unable to preserve booleans\n");
> goto err;
> }
>
> @@ -2207,7 +2206,7 @@ int security_load_policy(struct selinux_state *state, void *data, size_t len)
> args.newp = newpolicydb;
> rc = sidtab_map(&newsidtab, convert_context, &args);
> if (rc) {
> - printk(KERN_ERR "SELinux: unable to convert the internal"
> + pr_err("SELinux: unable to convert the internal"
> " representation of contexts in the new SID"
> " table\n");
> goto err;
> @@ -2999,7 +2998,7 @@ int security_sid_mls_copy(struct selinux_state *state,
> rc = -EINVAL;
> context1 = sidtab_search(sidtab, sid);
> if (!context1) {
> - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
> + pr_err("SELinux: %s: unrecognized SID %d\n",
> __func__, sid);
> goto out_unlock;
> }
> @@ -3007,7 +3006,7 @@ int security_sid_mls_copy(struct selinux_state *state,
> rc = -EINVAL;
> context2 = sidtab_search(sidtab, mls_sid);
> if (!context2) {
> - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
> + pr_err("SELinux: %s: unrecognized SID %d\n",
> __func__, mls_sid);
> goto out_unlock;
> }
> @@ -3104,14 +3103,14 @@ int security_net_peersid_resolve(struct selinux_state *state,
> rc = -EINVAL;
> nlbl_ctx = sidtab_search(sidtab, nlbl_sid);
> if (!nlbl_ctx) {
> - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
> + pr_err("SELinux: %s: unrecognized SID %d\n",
> __func__, nlbl_sid);
> goto out;
> }
> rc = -EINVAL;
> xfrm_ctx = sidtab_search(sidtab, xfrm_sid);
> if (!xfrm_ctx) {
> - printk(KERN_ERR "SELinux: %s: unrecognized SID %d\n",
> + pr_err("SELinux: %s: unrecognized SID %d\n",
> __func__, xfrm_sid);
> goto out;
> }
> @@ -3202,7 +3201,7 @@ int security_get_permissions(struct selinux_state *state,
> rc = -EINVAL;
> match = hashtab_search(policydb->p_classes.table, class);
> if (!match) {
> - printk(KERN_ERR "SELinux: %s: unrecognized class %s\n",
> + pr_err("SELinux: %s: unrecognized class %s\n",
> __func__, class);
> goto out;
> }
> --
> 2.15.1
>


--
paul moore
http://www.paul-moore.com

2018-06-19 17:17:59

by Paul Moore

[permalink] [raw]
Subject: Re: [PATCH 07/13] selinux: Cleanup printk logging in selinuxfs

On Tue, Jun 12, 2018 at 4:09 AM Peter Enderborg
<[email protected]> wrote:
>
> Replace printk with pr_* to avoid checkpatch warnings.
>
> Signed-off-by: Peter Enderborg <[email protected]>
> ---
> security/selinux/selinuxfs.c | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)

Merged, thanks.

> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
> index c0cadbc5f85c..2adfade99945 100644
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@ -620,7 +620,7 @@ static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
>
> length = -ERANGE;
> if (len > SIMPLE_TRANSACTION_LIMIT) {
> - printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
> + pr_err("SELinux: %s: context size (%u) exceeds "
> "payload max\n", __func__, len);
> goto out;
> }
> @@ -956,7 +956,7 @@ static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
>
> length = -ERANGE;
> if (len > SIMPLE_TRANSACTION_LIMIT) {
> - printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
> + pr_err("SELinux: %s: context size (%u) exceeds "
> "payload max\n", __func__, len);
> goto out;
> }
> @@ -1147,7 +1147,7 @@ static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
>
> length = -ERANGE;
> if (len > SIMPLE_TRANSACTION_LIMIT) {
> - printk(KERN_ERR "SELinux: %s: context size (%u) exceeds "
> + pr_err("SELinux: %s: context size (%u) exceeds "
> "payload max\n", __func__, len);
> goto out;
> }
> @@ -1996,7 +1996,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent)
> goto err;
> return 0;
> err:
> - printk(KERN_ERR "SELinux: %s: failed while creating inodes\n",
> + pr_err("SELinux: %s: failed while creating inodes\n",
> __func__);
>
> selinux_fs_info_free(sb);
> @@ -2046,7 +2046,7 @@ static int __init init_sel_fs(void)
>
> selinux_null.mnt = selinuxfs_mount = kern_mount(&sel_fs_type);
> if (IS_ERR(selinuxfs_mount)) {
> - printk(KERN_ERR "selinuxfs: could not mount!\n");
> + pr_err("selinuxfs: could not mount!\n");
> err = PTR_ERR(selinuxfs_mount);
> selinuxfs_mount = NULL;
> }
> --
> 2.15.1
>


--
paul moore
http://www.paul-moore.com

2018-06-19 17:35:59

by Paul Moore

[permalink] [raw]
Subject: Re: [PATCH 08/13] selinux: Cleanup printk logging in netlink

On Tue, Jun 12, 2018 at 4:09 AM Peter Enderborg
<[email protected]> wrote:
>
> Replace printk with pr_* to avoid checkpatch warnings.
>
> Signed-off-by: Peter Enderborg <[email protected]>
> ---
> security/selinux/netlink.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)

Merged, thanks.

> diff --git a/security/selinux/netlink.c b/security/selinux/netlink.c
> index 828fb6a4e941..8a8a72507437 100644
> --- a/security/selinux/netlink.c
> +++ b/security/selinux/netlink.c
> @@ -94,7 +94,7 @@ static void selnl_notify(int msgtype, void *data)
> out_kfree_skb:
> kfree_skb(skb);
> oom:
> - printk(KERN_ERR "SELinux: OOM in %s\n", __func__);
> + pr_err("SELinux: OOM in %s\n", __func__);
> goto out;
> }
>
> --
> 2.15.1
>


--
paul moore
http://www.paul-moore.com

2018-06-19 17:40:57

by Paul Moore

[permalink] [raw]
Subject: Re: [PATCH 09/13] selinux: Cleanup printk logging in sidtab

On Tue, Jun 12, 2018 at 4:09 AM Peter Enderborg
<[email protected]> wrote:
>
> Replace printk with pr_* to avoid checkpatch warnings.
>
> Signed-off-by: Peter Enderborg <[email protected]>
> ---
> security/selinux/ss/sidtab.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)

Merged, thanks.

> diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c
> index 5be31b7af225..fd75a12fa8fc 100644
> --- a/security/selinux/ss/sidtab.c
> +++ b/security/selinux/ss/sidtab.c
> @@ -214,8 +214,7 @@ int sidtab_context_to_sid(struct sidtab *s,
> }
> sid = s->next_sid++;
> if (context->len)
> - printk(KERN_INFO
> - "SELinux: Context %s is not valid (left unmapped).\n",
> + pr_info("SELinux: Context %s is not valid (left unmapped).\n",
> context->str);
> ret = sidtab_insert(s, sid, context);
> if (ret)
> @@ -253,7 +252,7 @@ void sidtab_hash_eval(struct sidtab *h, char *tag)
> }
> }
>
> - printk(KERN_DEBUG "%s: %d entries and %d/%d buckets used, longest "
> + pr_debug("%s: %d entries and %d/%d buckets used, longest "
> "chain length %d\n", tag, h->nel, slots_used, SIDTAB_SIZE,
> max_chain_len);
> }
> --
> 2.15.1
>


--
paul moore
http://www.paul-moore.com

2018-06-19 17:45:46

by Paul Moore

[permalink] [raw]
Subject: Re: [PATCH 10/13] selinux: Cleanup printk logging in netport

On Tue, Jun 12, 2018 at 4:09 AM Peter Enderborg
<[email protected]> wrote:
>
> Replace printk with pr_* to avoid checkpatch warnings.
>
> Signed-off-by: Peter Enderborg <[email protected]>
> ---
> security/selinux/netport.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)

Merged, thanks.

> diff --git a/security/selinux/netport.c b/security/selinux/netport.c
> index 9ed4c5064a5e..7a141cadbffc 100644
> --- a/security/selinux/netport.c
> +++ b/security/selinux/netport.c
> @@ -173,9 +173,8 @@ static int sel_netport_sid_slow(u8 protocol, u16 pnum, u32 *sid)
> out:
> spin_unlock_bh(&sel_netport_lock);
> if (unlikely(ret)) {
> - printk(KERN_WARNING
> - "SELinux: failure in sel_netport_sid_slow(),"
> - " unable to determine network port label\n");
> + pr_warn("SELinux: failure in %s(), unable to determine network port label\n",
> + __func__);
> kfree(new);
> }
> return ret;
> --
> 2.15.1

--
paul moore
http://www.paul-moore.com

2018-06-19 17:48:05

by Paul Moore

[permalink] [raw]
Subject: Re: [PATCH 11/13] selinux: Cleanup printk logging in netif

On Tue, Jun 12, 2018 at 4:09 AM Peter Enderborg
<[email protected]> wrote:
>
> Replace printk with pr_* to avoid checkpatch warnings.
>
> Signed-off-by: Peter Enderborg <[email protected]>
> ---
> security/selinux/netif.c | 11 ++++-------
> 1 file changed, 4 insertions(+), 7 deletions(-)

Merged, thanks.

> diff --git a/security/selinux/netif.c b/security/selinux/netif.c
> index ac65f7417413..8c738c189942 100644
> --- a/security/selinux/netif.c
> +++ b/security/selinux/netif.c
> @@ -145,9 +145,8 @@ static int sel_netif_sid_slow(struct net *ns, int ifindex, u32 *sid)
>
> dev = dev_get_by_index(ns, ifindex);
> if (unlikely(dev == NULL)) {
> - printk(KERN_WARNING
> - "SELinux: failure in sel_netif_sid_slow(),"
> - " invalid network interface (%d)\n", ifindex);
> + pr_warn("SELinux: failure in %s(), invalid network interface (%d)\n",
> + __func__, ifindex);
> return -ENOENT;
> }
>
> @@ -177,10 +176,8 @@ static int sel_netif_sid_slow(struct net *ns, int ifindex, u32 *sid)
> spin_unlock_bh(&sel_netif_lock);
> dev_put(dev);
> if (unlikely(ret)) {
> - printk(KERN_WARNING
> - "SELinux: failure in sel_netif_sid_slow(),"
> - " unable to determine network interface label (%d)\n",
> - ifindex);
> + pr_warn("SELinux: failure in %s(), unable to determine network interface label (%d)\n",
> + __func__, ifindex);
> kfree(new);
> }
> return ret;
> --
> 2.15.1
>


--
paul moore
http://www.paul-moore.com

2018-06-19 17:51:27

by Paul Moore

[permalink] [raw]
Subject: Re: [PATCH 12/13] selinux: Cleanup printk logging in avc

On Tue, Jun 12, 2018 at 4:09 AM Peter Enderborg
<[email protected]> wrote:
>
> Replace printk with pr_* to avoid checkpatch warnings.
>
> Signed-off-by: Peter Enderborg <[email protected]>
> ---
> security/selinux/avc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)

Merged, thanks.

> diff --git a/security/selinux/avc.c b/security/selinux/avc.c
> index f3aedf077509..635e5c1e3e48 100644
> --- a/security/selinux/avc.c
> +++ b/security/selinux/avc.c
> @@ -650,7 +650,7 @@ static int avc_latest_notif_update(struct selinux_avc *avc,
> spin_lock_irqsave(&notif_lock, flag);
> if (is_insert) {
> if (seqno < avc->avc_cache.latest_notif) {
> - printk(KERN_WARNING "SELinux: avc: seqno %d < latest_notif %d\n",
> + pr_warn("SELinux: avc: seqno %d < latest_notif %d\n",
> seqno, avc->avc_cache.latest_notif);
> ret = -EAGAIN;
> }
> --
> 2.15.1
>


--
paul moore
http://www.paul-moore.com

2018-06-19 17:52:40

by Paul Moore

[permalink] [raw]
Subject: Re: [PATCH 13/13] selinux: Cleanup printk logging in netnode

On Tue, Jun 12, 2018 at 4:09 AM Peter Enderborg
<[email protected]> wrote:
>
> Replace printk with pr_* to avoid checkpatch warnings.
>
> Signed-off-by: Peter Enderborg <[email protected]>
> ---
> security/selinux/netnode.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)

Merged, thanks.

> diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
> index 6dd89b89bc1f..afa0d432436b 100644
> --- a/security/selinux/netnode.c
> +++ b/security/selinux/netnode.c
> @@ -238,9 +238,8 @@ static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid)
> out:
> spin_unlock_bh(&sel_netnode_lock);
> if (unlikely(ret)) {
> - printk(KERN_WARNING
> - "SELinux: failure in sel_netnode_sid_slow(),"
> - " unable to determine network node label\n");
> + pr_warn("SELinux: failure in %s(), unable to determine network node label\n",
> + __func__);
> kfree(new);
> }
> return ret;
> --
> 2.15.1
>


--
paul moore
http://www.paul-moore.com