1 files changed, 33 insertions, 35 deletions

diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index 81ff676f209a..f12476855b27 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -1,8 +1,7 @@
-// SPDX-License-Identifier: GPL-2.0-only
+/* SPDX-License-Identifier: GPL-2.0-only */
 /* Authors: Karl MacMillan <[email protected]>
  *	    Frank Mayer <[email protected]>
- *
- * Copyright (C) 2003 - 2004 Tresys Technology, LLC
+ *          Copyright (C) 2003 - 2004 Tresys Technology, LLC
  */
 
 #include <linux/kernel.h>
@@ -166,9 +165,8 @@ void cond_policydb_destroy(struct policydb *p)
 int cond_init_bool_indexes(struct policydb *p)
 {
 	kfree(p->bool_val_to_struct);
-	p->bool_val_to_struct = kmalloc_array(p->p_bools.nprim,
-					      sizeof(*p->bool_val_to_struct),
-					      GFP_KERNEL);
+	p->bool_val_to_struct = kmalloc_array(
+		p->p_bools.nprim, sizeof(*p->bool_val_to_struct), GFP_KERNEL);
 	if (!p->bool_val_to_struct)
 		return -ENOMEM;
 	return 0;
@@ -287,7 +285,8 @@ static int cond_insertf(struct avtab *a, const struct avtab_key *k,
 		if (other) {
 			node_ptr = avtab_search_node(&p->te_cond_avtab, k);
 			if (node_ptr) {
-				if (avtab_search_node_next(node_ptr, k->specified)) {
+				if (avtab_search_node_next(node_ptr,
+							   k->specified)) {
 					pr_err("SELinux: too many conflicting type rules.\n");
 					return -EINVAL;
 				}
@@ -478,8 +477,8 @@ int cond_write_bool(void *vkey, void *datum, void *ptr)
  * the conditional. This means that the avtab with the conditional
  * rules will not be saved but will be rebuilt on policy load.
  */
-static int cond_write_av_list(struct policydb *p,
-			      struct cond_av_list *list, struct policy_file *fp)
+static int cond_write_av_list(struct policydb *p, struct cond_av_list *list,
+			      struct policy_file *fp)
 {
 	__le32 buf[1];
 	u32 i;
@@ -500,7 +499,7 @@ static int cond_write_av_list(struct policydb *p,
 }
 
 static int cond_write_node(struct policydb *p, struct cond_node *node,
-		    struct policy_file *fp)
+			   struct policy_file *fp)
 {
 	__le32 buf[2];
 	int rc;
@@ -555,7 +554,7 @@ int cond_write_list(struct policydb *p, void *fp)
 }
 
 void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key,
-		struct extended_perms_decision *xpermd)
+			 struct extended_perms_decision *xpermd)
 {
 	struct avtab_node *node;
 
@@ -563,7 +562,7 @@ void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key,
 		return;
 
 	for (node = avtab_search_node(ctab, key); node;
-			node = avtab_search_node_next(node, key->specified)) {
+	     node = avtab_search_node_next(node, key->specified)) {
 		if (node->key.specified & AVTAB_ENABLED)
 			services_compute_xperms_decision(xpermd, node);
 	}
@@ -572,7 +571,7 @@ void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key,
  * av table, and if so, add them to the result
  */
 void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
-		struct av_decision *avd, struct extended_perms *xperms)
+		     struct av_decision *avd, struct extended_perms *xperms)
 {
 	struct avtab_node *node;
 
@@ -580,30 +579,29 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
 		return;
 
 	for (node = avtab_search_node(ctab, key); node;
-				node = avtab_search_node_next(node, key->specified)) {
-		if ((u16)(AVTAB_ALLOWED|AVTAB_ENABLED) ==
-		    (node->key.specified & (AVTAB_ALLOWED|AVTAB_ENABLED)))
+	     node = avtab_search_node_next(node, key->specified)) {
+		if ((u16)(AVTAB_ALLOWED | AVTAB_ENABLED) ==
+		    (node->key.specified & (AVTAB_ALLOWED | AVTAB_ENABLED)))
 			avd->allowed |= node->datum.u.data;
-		if ((u16)(AVTAB_AUDITDENY|AVTAB_ENABLED) ==
-		    (node->key.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED)))
+		if ((u16)(AVTAB_AUDITDENY | AVTAB_ENABLED) ==
+		    (node->key.specified & (AVTAB_AUDITDENY | AVTAB_ENABLED)))
 			/* Since a '0' in an auditdeny mask represents a
 			 * permission we do NOT want to audit (dontaudit), we use
 			 * the '&' operand to ensure that all '0's in the mask
 			 * are retained (much unlike the allow and auditallow cases).
 			 */
 			avd->auditdeny &= node->datum.u.data;
-		if ((u16)(AVTAB_AUDITALLOW|AVTAB_ENABLED) ==
-		    (node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED)))
+		if ((u16)(AVTAB_AUDITALLOW | AVTAB_ENABLED) ==
+		    (node->key.specified & (AVTAB_AUDITALLOW | AVTAB_ENABLED)))
 			avd->auditallow |= node->datum.u.data;
 		if (xperms && (node->key.specified & AVTAB_ENABLED) &&
-				(node->key.specified & AVTAB_XPERMS))
+		    (node->key.specified & AVTAB_XPERMS))
 			services_compute_xperms_drivers(xperms, node);
 	}
 }
 
-static int cond_dup_av_list(struct cond_av_list *new,
-			struct cond_av_list *orig,
-			struct avtab *avtab)
+static int cond_dup_av_list(struct cond_av_list *new, struct cond_av_list *orig,
+			    struct avtab *avtab)
 {
 	u32 i;
 
@@ -614,9 +612,8 @@ static int cond_dup_av_list(struct cond_av_list *new,
 		return -ENOMEM;
 
 	for (i = 0; i < orig->len; i++) {
-		new->nodes[i] = avtab_insert_nonunique(avtab,
-						       &orig->nodes[i]->key,
-						       &orig->nodes[i]->datum);
+		new->nodes[i] = avtab_insert_nonunique(
+			avtab, &orig->nodes[i]->key, &orig->nodes[i]->datum);
 		if (!new->nodes[i])
 			return -ENOMEM;
 		new->len++;
@@ -637,8 +634,7 @@ static int duplicate_policydb_cond_list(struct policydb *newp,
 
 	newp->cond_list_len = 0;
 	newp->cond_list = kcalloc(origp->cond_list_len,
-				sizeof(*newp->cond_list),
-				GFP_KERNEL);
+				  sizeof(*newp->cond_list), GFP_KERNEL);
 	if (!newp->cond_list)
 		goto error;
 
@@ -649,7 +645,8 @@ static int duplicate_policydb_cond_list(struct policydb *newp,
 		newp->cond_list_len++;
 
 		newn->cur_state = orign->cur_state;
-		newn->expr.nodes = kmemdup(orign->expr.nodes,
+		newn->expr.nodes =
+			kmemdup(orign->expr.nodes,
 				orign->expr.len * sizeof(*orign->expr.nodes),
 				GFP_KERNEL);
 		if (!newn->expr.nodes)
@@ -658,12 +655,12 @@ static int duplicate_policydb_cond_list(struct policydb *newp,
 		newn->expr.len = orign->expr.len;
 
 		rc = cond_dup_av_list(&newn->true_list, &orign->true_list,
-				&newp->te_cond_avtab);
+				      &newp->te_cond_avtab);
 		if (rc)
 			goto error;
 
 		rc = cond_dup_av_list(&newn->false_list, &orign->false_list,
-				&newp->te_cond_avtab);
+				      &newp->te_cond_avtab);
 		if (rc)
 			goto error;
 	}
@@ -683,7 +680,8 @@ static int cond_bools_destroy(void *key, void *datum, void *args)
 	return 0;
 }
 
-static int cond_bools_copy(struct hashtab_node *new, struct hashtab_node *orig, void *args)
+static int cond_bools_copy(struct hashtab_node *new, struct hashtab_node *orig,
+			   void *args)
 {
 	struct cond_bool_datum *datum;
 
@@ -709,7 +707,7 @@ static int cond_bools_index(void *key, void *datum, void *args)
 }
 
 static int duplicate_policydb_bools(struct policydb *newdb,
-				struct policydb *orig)
+				    struct policydb *orig)
 {
 	struct cond_bool_datum **cond_bool_array;
 	int rc;
@@ -721,7 +719,7 @@ static int duplicate_policydb_bools(struct policydb *newdb,
 		return -ENOMEM;
 
 	rc = hashtab_duplicate(&newdb->p_bools.table, &orig->p_bools.table,
-			cond_bools_copy, cond_bools_destroy, NULL);
+			       cond_bools_copy, cond_bools_destroy, NULL);
 	if (rc) {
 		kfree(cond_bool_array);
 		return -ENOMEM;