Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
  SELinux: one little, two little, three little whitespaces, the avc.c saga.
  SELinux: cleanup on isle selinuxfs.c
  changing whitespace for fun and profit: policydb.c
  SELinux: whitespace and formating fixes for hooks.c
  SELinux: clean up printks
  SELinux: sidtab.c whitespace, syntax, and static declaraction cleanups
  SELinux: services.c whitespace, syntax, and static declaraction cleanups
  SELinux: mls.c whitespace, syntax, and static declaraction cleanups
  SELinux: hashtab.c whitespace, syntax, and static declaraction cleanups
  SELinux: ebitmap.c whitespace, syntax, and static declaraction cleanups
  SELinux: conditional.c whitespace, syntax, and static declaraction cleanups
  SELinux: avtab.c whitespace, syntax, and static declaraction cleanups
  SELinux: xfrm.c whitespace, syntax, and static declaraction cleanups
  SELinux: nlmsgtab.c whitespace, syntax, and static declaraction cleanups
  SELinux: netnode.c whitespace, syntax, and static declaraction cleanups
  SELinux: netlink.c whitespace, syntax, and static declaraction cleanups
  SELinux: netlabel.c whitespace, syntax, and static declaraction cleanups
  SELinux: netif.c whitespace, syntax, and static declaraction cleanups

security/selinux/avc.c

@@ -2,16 +2,16 @@
  * Implementation of the kernel access vector cache (AVC).
  *
  * Authors:  Stephen Smalley, <sds@epoch.ncsc.mil>
- *           James Morris <jmorris@redhat.com>
+ *	     James Morris <jmorris@redhat.com>
  *
  * Update:   KaiGai, Kohei <kaigai@ak.jp.nec.com>
- *     Replaced the avc_lock spinlock by RCU.
+ *	Replaced the avc_lock spinlock by RCU.
  *
  * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
  *
  *	This program is free software; you can redistribute it and/or modify
  *	it under the terms of the GNU General Public License version 2,
- *      as published by the Free Software Foundation.
+ *	as published by the Free Software Foundation.
  */
 #include <linux/types.h>
 #include <linux/stddef.h>
@@ -44,7 +44,7 @@ static const char *class_to_string[] = {
 #undef S_
 };
 
-#define TB_(s) static const char * s [] = {
+#define TB_(s) static const char *s[] = {
 #define TE_(s) };
 #define S_(s) s,
 #include "common_perm_to_string.h"
@@ -72,7 +72,7 @@ const struct selinux_class_perm selinux_class_perm = {
 #define AVC_CACHE_RECLAIM		16
 
 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
-#define avc_cache_stats_incr(field) 				\
+#define avc_cache_stats_incr(field)				\
 do {								\
 	per_cpu(avc_cache_stats, get_cpu()).field++;		\
 	put_cpu();						\
@@ -92,7 +92,7 @@ struct avc_entry {
 struct avc_node {
 	struct avc_entry	ae;
 	struct list_head	list;
-	struct rcu_head         rhead;
+	struct rcu_head		rhead;
 };
 
 struct avc_cache {
@@ -105,8 +105,8 @@ struct avc_cache {
 
 struct avc_callback_node {
 	int (*callback) (u32 event, u32 ssid, u32 tsid,
-	                 u16 tclass, u32 perms,
-	                 u32 *out_retained);
+			 u16 tclass, u32 perms,
+			 u32 *out_retained);
 	u32 events;
 	u32 ssid;
 	u32 tsid;
@@ -202,7 +202,7 @@ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tcla
 	char *scontext;
 	u32 scontext_len;
 
- 	rc = security_sid_to_context(ssid, &scontext, &scontext_len);
+	rc = security_sid_to_context(ssid, &scontext, &scontext_len);
 	if (rc)
 		audit_log_format(ab, "ssid=%d", ssid);
 	else {
@@ -306,7 +306,7 @@ static inline int avc_reclaim_node(void)
 	int hvalue, try, ecx;
 	unsigned long flags;
 
-	for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++ ) {
+	for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++) {
 		hvalue = atomic_inc_return(&avc_cache.lru_hint) & (AVC_CACHE_SLOTS - 1);
 
 		if (!spin_trylock_irqsave(&avc_cache.slots_lock[hvalue], flags))
@@ -426,7 +426,7 @@ static int avc_latest_notif_update(int seqno, int is_insert)
 	spin_lock_irqsave(&notif_lock, flag);
 	if (is_insert) {
 		if (seqno < avc_cache.latest_notif) {
-			printk(KERN_WARNING "avc:  seqno %d < latest_notif %d\n",
+			printk(KERN_WARNING "SELinux: avc:  seqno %d < latest_notif %d\n",
 			       seqno, avc_cache.latest_notif);
 			ret = -EAGAIN;
 		}
@@ -475,7 +475,7 @@ static struct avc_node *avc_insert(u32 ssid, u32 tsid, u16 tclass, struct avc_en
 			if (pos->ae.ssid == ssid &&
 			    pos->ae.tsid == tsid &&
 			    pos->ae.tclass == tclass) {
-			    	avc_node_replace(node, pos);
+				avc_node_replace(node, pos);
 				goto found;
 			}
 		}
@@ -526,8 +526,8 @@ static inline void avc_print_ipv4_addr(struct audit_buffer *ab, __be32 addr,
  * before calling the auditing code.
  */
 void avc_audit(u32 ssid, u32 tsid,
-               u16 tclass, u32 requested,
-               struct av_decision *avd, int result, struct avc_audit_data *a)
+	       u16 tclass, u32 requested,
+	       struct av_decision *avd, int result, struct avc_audit_data *a)
 {
 	struct task_struct *tsk = current;
 	struct inode *inode = NULL;
@@ -541,7 +541,7 @@ void avc_audit(u32 ssid, u32 tsid,
 			return;
 	} else if (result) {
 		audited = denied = requested;
-        } else {
+	} else {
 		audited = requested;
 		if (!(audited & avd->auditallow))
 			return;
@@ -551,7 +551,7 @@ void avc_audit(u32 ssid, u32 tsid,
 	if (!ab)
 		return;		/* audit_panic has been called */
 	audit_log_format(ab, "avc:  %s ", denied ? "denied" : "granted");
-	avc_dump_av(ab, tclass,audited);
+	avc_dump_av(ab, tclass, audited);
 	audit_log_format(ab, " for ");
 	if (a && a->tsk)
 		tsk = a->tsk;
@@ -647,7 +647,7 @@ void avc_audit(u32 ssid, u32 tsid,
 					break;
 				}
 			}
-			
+
 			switch (a->u.net.family) {
 			case AF_INET:
 				avc_print_ipv4_addr(ab, a->u.net.v4info.saddr,
@@ -702,10 +702,10 @@ void avc_audit(u32 ssid, u32 tsid,
  * -%ENOMEM if insufficient memory exists to add the callback.
  */
 int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
-                                     u16 tclass, u32 perms,
-                                     u32 *out_retained),
-                     u32 events, u32 ssid, u32 tsid,
-                     u16 tclass, u32 perms)
+				     u16 tclass, u32 perms,
+				     u32 *out_retained),
+		     u32 events, u32 ssid, u32 tsid,
+		     u16 tclass, u32 perms)
 {
 	struct avc_callback_node *c;
 	int rc = 0;
@@ -759,10 +759,10 @@ static int avc_update_node(u32 event, u32 perms, u32 ssid, u32 tsid, u16 tclass)
 	hvalue = avc_hash(ssid, tsid, tclass);
 	spin_lock_irqsave(&avc_cache.slots_lock[hvalue], flag);
 
-	list_for_each_entry(pos, &avc_cache.slots[hvalue], list){
-		if ( ssid==pos->ae.ssid &&
-		     tsid==pos->ae.tsid &&
-		     tclass==pos->ae.tclass ){
+	list_for_each_entry(pos, &avc_cache.slots[hvalue], list) {
+		if (ssid == pos->ae.ssid &&
+		    tsid == pos->ae.tsid &&
+		    tclass == pos->ae.tclass){
 			orig = pos;
 			break;
 		}
@@ -829,7 +829,7 @@ int avc_ss_reset(u32 seqno)
 	for (c = avc_callbacks; c; c = c->next) {
 		if (c->events & AVC_CALLBACK_RESET) {
 			tmprc = c->callback(AVC_CALLBACK_RESET,
-			                    0, 0, 0, 0, NULL);
+					    0, 0, 0, 0, NULL);
 			/* save the first error encountered for the return
 			   value and continue processing the callbacks */
 			if (!rc)
@@ -878,11 +878,11 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
 	node = avc_lookup(ssid, tsid, tclass, requested);
 	if (!node) {
 		rcu_read_unlock();
-		rc = security_compute_av(ssid,tsid,tclass,requested,&entry.avd);
+		rc = security_compute_av(ssid, tsid, tclass, requested, &entry.avd);
 		if (rc)
 			goto out;
 		rcu_read_lock();
-		node = avc_insert(ssid,tsid,tclass,&entry);
+		node = avc_insert(ssid, tsid, tclass, &entry);
 	}
 
 	p_ae = node ? &node->ae : &entry;
@@ -924,7 +924,7 @@ out:
  * another -errno upon other errors.
  */
 int avc_has_perm(u32 ssid, u32 tsid, u16 tclass,
-                 u32 requested, struct avc_audit_data *auditdata)
+		 u32 requested, struct avc_audit_data *auditdata)
 {
 	struct av_decision avd;
 	int rc;

security/selinux/hooks.c

@@ -4,22 +4,22 @@
  *  This file contains the SELinux hook function implementations.
  *
  *  Authors:  Stephen Smalley, <sds@epoch.ncsc.mil>
- *            Chris Vance, <cvance@nai.com>
- *            Wayne Salamon, <wsalamon@nai.com>
- *            James Morris <jmorris@redhat.com>
+ *	      Chris Vance, <cvance@nai.com>
+ *	      Wayne Salamon, <wsalamon@nai.com>
+ *	      James Morris <jmorris@redhat.com>
  *
  *  Copyright (C) 2001,2002 Networks Associates Technology, Inc.
  *  Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
  *  Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
- *                          <dgoeddel@trustedcs.com>
+ *			    <dgoeddel@trustedcs.com>
  *  Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P.
- *                Paul Moore <paul.moore@hp.com>
+ *		Paul Moore <paul.moore@hp.com>
  *  Copyright (C) 2007 Hitachi Software Engineering Co., Ltd.
- *                     Yuichi Nakamura <ynakam@hitachisoft.jp>
+ *		       Yuichi Nakamura <ynakam@hitachisoft.jp>
  *
  *	This program is free software; you can redistribute it and/or modify
  *	it under the terms of the GNU General Public License version 2,
- *      as published by the Free Software Foundation.
+ *	as published by the Free Software Foundation.
  */
 
 #include <linux/init.h>
@@ -99,11 +99,11 @@ extern struct security_operations *security_ops;
 atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
 
 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
-int selinux_enforcing = 0;
+int selinux_enforcing;
 
 static int __init enforcing_setup(char *str)
 {
-	selinux_enforcing = simple_strtol(str,NULL,0);
+	selinux_enforcing = simple_strtol(str, NULL, 0);
 	return 1;
 }
 __setup("enforcing=", enforcing_setup);
@@ -123,13 +123,13 @@ int selinux_enabled = 1;
 #endif
 
 /* Original (dummy) security module. */
-static struct security_operations *original_ops = NULL;
+static struct security_operations *original_ops;
 
 /* Minimal support for a secondary security module,
    just to allow the use of the dummy or capability modules.
    The owlsm module can alternatively be used as a secondary
    module as long as CONFIG_OWLSM_FD is not enabled. */
-static struct security_operations *secondary_ops = NULL;
+static struct security_operations *secondary_ops;
 
 /* Lists of inode and superblock security structures initialized
    before the policy was loaded. */
@@ -575,8 +575,8 @@ static int selinux_set_mnt_opts(struct super_block *sb,
 			goto out;
 		}
 		rc = -EINVAL;
-		printk(KERN_WARNING "Unable to set superblock options before "
-		       "the security server is initialized\n");
+		printk(KERN_WARNING "SELinux: Unable to set superblock options "
+			"before the security server is initialized\n");
 		goto out;
 	}
 
@@ -1054,7 +1054,7 @@ static int selinux_proc_get_sid(struct proc_dir_entry *de,
 	int buflen, rc;
 	char *buffer, *path, *end;
 
-	buffer = (char*)__get_free_page(GFP_KERNEL);
+	buffer = (char *)__get_free_page(GFP_KERNEL);
 	if (!buffer)
 		return -ENOMEM;
 
@@ -1135,7 +1135,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
 			dentry = d_find_alias(inode);
 		}
 		if (!dentry) {
-			printk(KERN_WARNING "%s:  no dentry for dev=%s "
+			printk(KERN_WARNING "SELinux: %s:  no dentry for dev=%s "
 			       "ino=%ld\n", __func__, inode->i_sb->s_id,
 			       inode->i_ino);
 			goto out_unlock;
@@ -1173,7 +1173,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
 		dput(dentry);
 		if (rc < 0) {
 			if (rc != -ENODATA) {
-				printk(KERN_WARNING "%s:  getxattr returned "
+				printk(KERN_WARNING "SELinux: %s:  getxattr returned "
 				       "%d for dev=%s ino=%ld\n", __func__,
 				       -rc, inode->i_sb->s_id, inode->i_ino);
 				kfree(context);
@@ -1187,7 +1187,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
 							     sbsec->def_sid,
 							     GFP_NOFS);
 			if (rc) {
-				printk(KERN_WARNING "%s:  context_to_sid(%s) "
+				printk(KERN_WARNING "SELinux: %s:  context_to_sid(%s) "
 				       "returned %d for dev=%s ino=%ld\n",
 				       __func__, context, -rc,
 				       inode->i_sb->s_id, inode->i_ino);
@@ -1305,7 +1305,7 @@ static int task_has_capability(struct task_struct *tsk,
 
 	tsec = tsk->security;
 
-	AVC_AUDIT_DATA_INIT(&ad,CAP);
+	AVC_AUDIT_DATA_INIT(&ad, CAP);
 	ad.tsk = tsk;
 	ad.u.cap = cap;
 
@@ -1348,7 +1348,7 @@ static int inode_has_perm(struct task_struct *tsk,
 	struct inode_security_struct *isec;
 	struct avc_audit_data ad;
 
-	if (unlikely (IS_PRIVATE (inode)))
+	if (unlikely(IS_PRIVATE(inode)))
 		return 0;
 
 	tsec = tsk->security;
@@ -1373,7 +1373,7 @@ static inline int dentry_has_perm(struct task_struct *tsk,
 {
 	struct inode *inode = dentry->d_inode;
 	struct avc_audit_data ad;
-	AVC_AUDIT_DATA_INIT(&ad,FS);
+	AVC_AUDIT_DATA_INIT(&ad, FS);
 	ad.u.fs.path.mnt = mnt;
 	ad.u.fs.path.dentry = dentry;
 	return inode_has_perm(tsk, inode, av, &ad);
@@ -1470,9 +1470,9 @@ static int may_create_key(u32 ksid,
 	return avc_has_perm(tsec->sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
 }
 
-#define MAY_LINK   0
-#define MAY_UNLINK 1
-#define MAY_RMDIR  2
+#define MAY_LINK	0
+#define MAY_UNLINK	1
+#define MAY_RMDIR	2
 
 /* Check whether a task can link, unlink, or rmdir a file/directory. */
 static int may_link(struct inode *dir,
@@ -1510,7 +1510,8 @@ static int may_link(struct inode *dir,
 		av = DIR__RMDIR;
 		break;
 	default:
-		printk(KERN_WARNING "may_link:  unrecognized kind %d\n", kind);
+		printk(KERN_WARNING "SELinux: %s:  unrecognized kind %d\n",
+			__func__, kind);
 		return 0;
 	}
 
@@ -1640,8 +1641,8 @@ static inline u32 open_file_mask_to_av(int mode, int mask)
 		else if (S_ISDIR(mode))
 			av |= DIR__OPEN;
 		else
-			printk(KERN_ERR "SELinux: WARNING: inside open_file_to_av "
-				"with unknown mode:%x\n", mode);
+			printk(KERN_ERR "SELinux: WARNING: inside %s with "
+				"unknown mode:%x\n", __func__, mode);
 	}
 	return av;
 }
@@ -1675,7 +1676,7 @@ static int selinux_ptrace(struct task_struct *parent, struct task_struct *child)
 {
 	int rc;
 
-	rc = secondary_ops->ptrace(parent,child);
+	rc = secondary_ops->ptrace(parent, child);
 	if (rc)
 		return rc;
 
@@ -1683,7 +1684,7 @@ static int selinux_ptrace(struct task_struct *parent, struct task_struct *child)
 }
 
 static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
-                          kernel_cap_t *inheritable, kernel_cap_t *permitted)
+			  kernel_cap_t *inheritable, kernel_cap_t *permitted)
 {
 	int error;
 
@@ -1695,7 +1696,7 @@ static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
 }
 
 static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective,
-                                kernel_cap_t *inheritable, kernel_cap_t *permitted)
+				kernel_cap_t *inheritable, kernel_cap_t *permitted)
 {
 	int error;
 
@@ -1707,7 +1708,7 @@ static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effect
 }
 
 static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective,
-                               kernel_cap_t *inheritable, kernel_cap_t *permitted)
+			       kernel_cap_t *inheritable, kernel_cap_t *permitted)
 {
 	secondary_ops->capset_set(target, effective, inheritable, permitted);
 }
@@ -1720,7 +1721,7 @@ static int selinux_capable(struct task_struct *tsk, int cap)
 	if (rc)
 		return rc;
 
-	return task_has_capability(tsk,cap);
+	return task_has_capability(tsk, cap);
 }
 
 static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)
@@ -1729,7 +1730,7 @@ static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)
 	char *buffer, *path, *end;
 
 	rc = -ENOMEM;
-	buffer = (char*)__get_free_page(GFP_KERNEL);
+	buffer = (char *)__get_free_page(GFP_KERNEL);
 	if (!buffer)
 		goto out;
 
@@ -1787,7 +1788,7 @@ static int selinux_sysctl(ctl_table *table, int op)
 
 	/* The op values are "defined" in sysctl.c, thereby creating
 	 * a bad coupling between this module and sysctl.c */
-	if(op == 001) {
+	if (op == 001) {
 		error = avc_has_perm(tsec->sid, tsid,
 				     SECCLASS_DIR, DIR__SEARCH, NULL);
 	} else {
@@ -1799,7 +1800,7 @@ static int selinux_sysctl(ctl_table *table, int op)
 		if (av)
 			error = avc_has_perm(tsec->sid, tsid,
 					     SECCLASS_FILE, av, NULL);
-        }
+	}
 
 	return error;
 }
@@ -1812,25 +1813,23 @@ static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
 		return 0;
 
 	switch (cmds) {
-		case Q_SYNC:
-		case Q_QUOTAON:
-		case Q_QUOTAOFF:
-	        case Q_SETINFO:
-		case Q_SETQUOTA:
-			rc = superblock_has_perm(current,
-						 sb,
-						 FILESYSTEM__QUOTAMOD, NULL);
-			break;
-	        case Q_GETFMT:
-	        case Q_GETINFO:
-		case Q_GETQUOTA:
-			rc = superblock_has_perm(current,
-						 sb,
-						 FILESYSTEM__QUOTAGET, NULL);
-			break;
-		default:
-			rc = 0;  /* let the kernel handle invalid cmds */
-			break;
+	case Q_SYNC:
+	case Q_QUOTAON:
+	case Q_QUOTAOFF:
+	case Q_SETINFO:
+	case Q_SETQUOTA:
+		rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAMOD,
+					 NULL);
+		break;
+	case Q_GETFMT:
+	case Q_GETINFO:
+	case Q_GETQUOTA:
+		rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAGET,
+					 NULL);
+		break;
+	default:
+		rc = 0;  /* let the kernel handle invalid cmds */
+		break;
 	}
 	return rc;
 }
@@ -1849,23 +1848,23 @@ static int selinux_syslog(int type)
 		return rc;
 
 	switch (type) {
-		case 3:         /* Read last kernel messages */
-		case 10:        /* Return size of the log buffer */
-			rc = task_has_system(current, SYSTEM__SYSLOG_READ);
-			break;
-		case 6:         /* Disable logging to console */
-		case 7:         /* Enable logging to console */
-		case 8:		/* Set level of messages printed to console */
-			rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
-			break;
-		case 0:         /* Close log */
-		case 1:         /* Open log */
-		case 2:         /* Read from log */
-		case 4:         /* Read/clear last kernel messages */
-		case 5:         /* Clear ring buffer */
-		default:
-			rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
-			break;
+	case 3:		/* Read last kernel messages */
+	case 10:	/* Return size of the log buffer */
+		rc = task_has_system(current, SYSTEM__SYSLOG_READ);
+		break;
+	case 6:		/* Disable logging to console */
+	case 7:		/* Enable logging to console */
+	case 8:		/* Set level of messages printed to console */
+		rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
+		break;
+	case 0:		/* Close log */
+	case 1:		/* Open log */
+	case 2:		/* Read from log */
+	case 4:		/* Read/clear last kernel messages */
+	case 5:		/* Clear ring buffer */
+	default:
+		rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
+		break;
 	}
 	return rc;
 }
@@ -1971,7 +1970,7 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm)
 	} else {
 		/* Check for a default transition on this program. */
 		rc = security_transition_sid(tsec->sid, isec->sid,
-		                             SECCLASS_PROCESS, &newsid);
+					     SECCLASS_PROCESS, &newsid);
 		if (rc)
 			return rc;
 	}
@@ -1982,7 +1981,7 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm)
 	if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
 		newsid = tsec->sid;
 
-        if (tsec->sid == newsid) {
+	if (tsec->sid == newsid) {
 		rc = avc_has_perm(tsec->sid, isec->sid,
 				  SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
 		if (rc)
@@ -2010,13 +2009,13 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm)
 	return 0;
 }
 
-static int selinux_bprm_check_security (struct linux_binprm *bprm)
+static int selinux_bprm_check_security(struct linux_binprm *bprm)
 {
 	return secondary_ops->bprm_check_security(bprm);
 }
 
 
-static int selinux_bprm_secureexec (struct linux_binprm *bprm)
+static int selinux_bprm_secureexec(struct linux_binprm *bprm)
 {
 	struct task_security_struct *tsec = current->security;
 	int atsecure = 0;
@@ -2043,7 +2042,7 @@ extern struct vfsmount *selinuxfs_mount;
 extern struct dentry *selinux_null;
 
 /* Derived from fs/exec.c:flush_old_files. */
-static inline void flush_unauthorized_files(struct files_struct * files)
+static inline void flush_unauthorized_files(struct files_struct *files)
 {
 	struct avc_audit_data ad;
 	struct file *file, *devnull = NULL;
@@ -2078,7 +2077,7 @@ static inline void flush_unauthorized_files(struct files_struct * files)
 
 	/* Revalidate access to inherited open files. */
 
-	AVC_AUDIT_DATA_INIT(&ad,FS);
+	AVC_AUDIT_DATA_INIT(&ad, FS);
 
 	spin_lock(&files->file_lock);
 	for (;;) {
@@ -2094,7 +2093,7 @@ static inline void flush_unauthorized_files(struct files_struct * files)
 		if (!set)
 			continue;
 		spin_unlock(&files->file_lock);
-		for ( ; set ; i++,set >>= 1) {
+		for ( ; set ; i++, set >>= 1) {
 			if (set & 1) {
 				file = fget(i);
 				if (!file)
@@ -2251,7 +2250,7 @@ static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm)
 		for (i = 0; i < RLIM_NLIMITS; i++) {
 			rlim = current->signal->rlim + i;
 			initrlim = init_task.signal->rlim+i;
-			rlim->rlim_cur = min(rlim->rlim_max,initrlim->rlim_cur);
+			rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
 		}
 		if (current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) {
 			/*
@@ -2306,16 +2305,15 @@ static inline void take_option(char **to, char *from, int *first, int len)
 	*to += len;
 }
 
-static inline void take_selinux_option(char **to, char *from, int *first, 
-		                       int len)
+static inline void take_selinux_option(char **to, char *from, int *first,
+				       int len)
 {
 	int current_size = 0;
 
 	if (!*first) {
 		**to = '|';
 		*to += 1;
-	}
-	else
+	} else
 		*first = 0;
 
 	while (current_size < len) {
@@ -2379,7 +2377,7 @@ static int selinux_sb_kern_mount(struct super_block *sb, void *data)
 	if (rc)
 		return rc;
 
-	AVC_AUDIT_DATA_INIT(&ad,FS);
+	AVC_AUDIT_DATA_INIT(&ad, FS);
 	ad.u.fs.path.dentry = sb->s_root;
 	return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad);
 }
@@ -2388,16 +2386,16 @@ static int selinux_sb_statfs(struct dentry *dentry)
 {
 	struct avc_audit_data ad;
 
-	AVC_AUDIT_DATA_INIT(&ad,FS);
+	AVC_AUDIT_DATA_INIT(&ad, FS);
 	ad.u.fs.path.dentry = dentry->d_sb->s_root;
 	return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
 }
 
-static int selinux_mount(char * dev_name,
-                         struct nameidata *nd,
-                         char * type,
-                         unsigned long flags,
-                         void * data)
+static int selinux_mount(char *dev_name,
+			 struct nameidata *nd,
+			 char *type,
+			 unsigned long flags,
+			 void *data)
 {
 	int rc;
 
@@ -2407,10 +2405,10 @@ static int selinux_mount(char * dev_name,
 
 	if (flags & MS_REMOUNT)
 		return superblock_has_perm(current, nd->path.mnt->mnt_sb,
-		                           FILESYSTEM__REMOUNT, NULL);
+					   FILESYSTEM__REMOUNT, NULL);
 	else
 		return dentry_has_perm(current, nd->path.mnt, nd->path.dentry,
-		                       FILE__MOUNTON);
+				       FILE__MOUNTON);
 }
 
 static int selinux_umount(struct vfsmount *mnt, int flags)
@@ -2421,8 +2419,8 @@ static int selinux_umount(struct vfsmount *mnt, int flags)
 	if (rc)
 		return rc;
 
-	return superblock_has_perm(current,mnt->mnt_sb,
-	                           FILESYSTEM__UNMOUNT,NULL);
+	return superblock_has_perm(current, mnt->mnt_sb,
+				   FILESYSTEM__UNMOUNT, NULL);
 }
 
 /* inode security operations */
@@ -2508,7 +2506,7 @@ static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, stru
 {
 	int rc;
 
-	rc = secondary_ops->inode_link(old_dentry,dir,new_dentry);
+	rc = secondary_ops->inode_link(old_dentry, dir, new_dentry);
 	if (rc)
 		return rc;
 	return may_link(dir, old_dentry, MAY_LINK);
@@ -2551,7 +2549,7 @@ static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mod
 }
 
 static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
-                                struct inode *new_inode, struct dentry *new_dentry)
+				struct inode *new_inode, struct dentry *new_dentry)
 {
 	return may_rename(old_inode, old_dentry, new_inode, new_dentry);
 }
@@ -2565,7 +2563,7 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *na
 {
 	int rc;
 
-	rc = secondary_ops->inode_follow_link(dentry,nameidata);
+	rc = secondary_ops->inode_follow_link(dentry, nameidata);
 	if (rc)
 		return rc;
 	return dentry_has_perm(current, NULL, dentry, FILE__READ);
@@ -2651,7 +2649,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value
 	if (!is_owner_or_cap(inode))
 		return -EPERM;
 
-	AVC_AUDIT_DATA_INIT(&ad,FS);
+	AVC_AUDIT_DATA_INIT(&ad, FS);
 	ad.u.fs.path.dentry = dentry;
 
 	rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
@@ -2669,7 +2667,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value
 		return rc;
 
 	rc = security_validate_transition(isec->sid, newsid, tsec->sid,
-	                                  isec->sclass);
+					  isec->sclass);
 	if (rc)
 		return rc;
 
@@ -2681,7 +2679,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value
 }
 
 static void selinux_inode_post_setxattr(struct dentry *dentry, char *name,
-                                        void *value, size_t size, int flags)
+					void *value, size_t size, int flags)
 {
 	struct inode *inode = dentry->d_inode;
 	struct inode_security_struct *isec = inode->i_security;
@@ -2704,17 +2702,17 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, char *name,
 	return;
 }
 
-static int selinux_inode_getxattr (struct dentry *dentry, char *name)
+static int selinux_inode_getxattr(struct dentry *dentry, char *name)
 {
 	return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
 }
 
-static int selinux_inode_listxattr (struct dentry *dentry)
+static int selinux_inode_listxattr(struct dentry *dentry)
 {
 	return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
 }
 
-static int selinux_inode_removexattr (struct dentry *dentry, char *name)
+static int selinux_inode_removexattr(struct dentry *dentry, char *name)
 {
 	if (strcmp(name, XATTR_NAME_SELINUX))
 		return selinux_inode_setotherxattr(dentry, name);
@@ -2755,7 +2753,7 @@ out_nofree:
 }
 
 static int selinux_inode_setsecurity(struct inode *inode, const char *name,
-                                     const void *value, size_t size, int flags)
+				     const void *value, size_t size, int flags)
 {
 	struct inode_security_struct *isec = inode->i_security;
 	u32 newsid;
@@ -2767,7 +2765,7 @@ static int selinux_inode_setsecurity(struct inode *inode, const char *name,
 	if (!value || !size)
 		return -EACCES;
 
-	rc = security_context_to_sid((void*)value, size, &newsid);
+	rc = security_context_to_sid((void *)value, size, &newsid);
 	if (rc)
 		return rc;
 
@@ -2858,42 +2856,41 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd,
 	int error = 0;
 
 	switch (cmd) {
-		case FIONREAD:
-		/* fall through */
-		case FIBMAP:
-		/* fall through */
-		case FIGETBSZ:
-		/* fall through */
-		case EXT2_IOC_GETFLAGS:
-		/* fall through */
-		case EXT2_IOC_GETVERSION:
-			error = file_has_perm(current, file, FILE__GETATTR);
-			break;
-
-		case EXT2_IOC_SETFLAGS:
-		/* fall through */
-		case EXT2_IOC_SETVERSION:
-			error = file_has_perm(current, file, FILE__SETATTR);
-			break;
+	case FIONREAD:
+	/* fall through */
+	case FIBMAP:
+	/* fall through */
+	case FIGETBSZ:
+	/* fall through */
+	case EXT2_IOC_GETFLAGS:
+	/* fall through */
+	case EXT2_IOC_GETVERSION:
+		error = file_has_perm(current, file, FILE__GETATTR);
+		break;
 
-		/* sys_ioctl() checks */
-		case FIONBIO:
-		/* fall through */
-		case FIOASYNC:
-			error = file_has_perm(current, file, 0);
-			break;
+	case EXT2_IOC_SETFLAGS:
+	/* fall through */
+	case EXT2_IOC_SETVERSION:
+		error = file_has_perm(current, file, FILE__SETATTR);
+		break;
 
-	        case KDSKBENT:
-	        case KDSKBSENT:
-			error = task_has_capability(current,CAP_SYS_TTY_CONFIG);
-			break;
+	/* sys_ioctl() checks */
+	case FIONBIO:
+	/* fall through */
+	case FIOASYNC:
+		error = file_has_perm(current, file, 0);
+		break;
 
-		/* default case assumes that the command will go
-		 * to the file's ioctl() function.
-		 */
-		default:
-			error = file_has_perm(current, file, FILE__IOCTL);
+	case KDSKBENT:
+	case KDSKBSENT:
+		error = task_has_capability(current, CAP_SYS_TTY_CONFIG);
+		break;
 
+	/* default case assumes that the command will go
+	 * to the file's ioctl() function.
+	 */
+	default:
+		error = file_has_perm(current, file, FILE__IOCTL);
 	}
 	return error;
 }
@@ -2934,7 +2931,7 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot,
 			     unsigned long addr, unsigned long addr_only)
 {
 	int rc = 0;
-	u32 sid = ((struct task_security_struct*)(current->security))->sid;
+	u32 sid = ((struct task_security_struct *)(current->security))->sid;
 
 	if (addr < mmap_min_addr)
 		rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
@@ -3003,39 +3000,39 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd,
 	int err = 0;
 
 	switch (cmd) {
-	        case F_SETFL:
-			if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
-				err = -EINVAL;
-				break;
-			}
+	case F_SETFL:
+		if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
+			err = -EINVAL;
+			break;
+		}
 
-			if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
-				err = file_has_perm(current, file,FILE__WRITE);
-				break;
-			}
-			/* fall through */
-	        case F_SETOWN:
-	        case F_SETSIG:
-	        case F_GETFL:
-	        case F_GETOWN:
-	        case F_GETSIG:
-			/* Just check FD__USE permission */
-			err = file_has_perm(current, file, 0);
+		if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
+			err = file_has_perm(current, file, FILE__WRITE);
 			break;
-		case F_GETLK:
-		case F_SETLK:
-	        case F_SETLKW:
+		}
+		/* fall through */
+	case F_SETOWN:
+	case F_SETSIG:
+	case F_GETFL:
+	case F_GETOWN:
+	case F_GETSIG:
+		/* Just check FD__USE permission */
+		err = file_has_perm(current, file, 0);
+		break;
+	case F_GETLK:
+	case F_SETLK:
+	case F_SETLKW:
 #if BITS_PER_LONG == 32
-	        case F_GETLK64:
-		case F_SETLK64:
-	        case F_SETLKW64:
+	case F_GETLK64:
+	case F_SETLK64:
+	case F_SETLKW64:
 #endif
-			if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
-				err = -EINVAL;
-				break;
-			}
-			err = file_has_perm(current, file, FILE__LOCK);
+		if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
+			err = -EINVAL;
 			break;
+		}
+		err = file_has_perm(current, file, FILE__LOCK);
+		break;
 	}
 
 	return err;
@@ -3056,13 +3053,13 @@ static int selinux_file_set_fowner(struct file *file)
 static int selinux_file_send_sigiotask(struct task_struct *tsk,
 				       struct fown_struct *fown, int signum)
 {
-        struct file *file;
+	struct file *file;
 	u32 perm;
 	struct task_security_struct *tsec;
 	struct file_security_struct *fsec;
 
 	/* struct fown_struct is never outside the context of a struct file */
-        file = container_of(fown, struct file, f_owner);
+	file = container_of(fown, struct file, f_owner);
 
 	tsec = tsk->security;
 	fsec = file->f_security;
@@ -3164,7 +3161,7 @@ static int selinux_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
 
 static int selinux_task_post_setuid(uid_t id0, uid_t id1, uid_t id2, int flags)
 {
-	return secondary_ops->task_post_setuid(id0,id1,id2,flags);
+	return secondary_ops->task_post_setuid(id0, id1, id2, flags);
 }
 
 static int selinux_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags)
@@ -3208,7 +3205,7 @@ static int selinux_task_setnice(struct task_struct *p, int nice)
 	if (rc)
 		return rc;
 
-	return task_has_perm(current,p, PROCESS__SETSCHED);
+	return task_has_perm(current, p, PROCESS__SETSCHED);
 }
 
 static int selinux_task_setioprio(struct task_struct *p, int ioprio)
@@ -3312,7 +3309,7 @@ static int selinux_task_wait(struct task_struct *p)
 
 static void selinux_task_reparent_to_init(struct task_struct *p)
 {
-  	struct task_security_struct *tsec;
+	struct task_security_struct *tsec;
 
 	secondary_ops->task_reparent_to_init(p);
 
@@ -3357,11 +3354,11 @@ static int selinux_parse_skb_ipv4(struct sk_buff *skb,
 		*proto = ih->protocol;
 
 	switch (ih->protocol) {
-        case IPPROTO_TCP: {
-        	struct tcphdr _tcph, *th;
+	case IPPROTO_TCP: {
+		struct tcphdr _tcph, *th;
 
-        	if (ntohs(ih->frag_off) & IP_OFFSET)
-        		break;
+		if (ntohs(ih->frag_off) & IP_OFFSET)
+			break;
 
 		offset += ihlen;
 		th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
@@ -3371,23 +3368,23 @@ static int selinux_parse_skb_ipv4(struct sk_buff *skb,
 		ad->u.net.sport = th->source;
 		ad->u.net.dport = th->dest;
 		break;
-        }
-        
-        case IPPROTO_UDP: {
-        	struct udphdr _udph, *uh;
-        	
-        	if (ntohs(ih->frag_off) & IP_OFFSET)
-        		break;
-        		
+	}
+
+	case IPPROTO_UDP: {
+		struct udphdr _udph, *uh;
+
+		if (ntohs(ih->frag_off) & IP_OFFSET)
+			break;
+
 		offset += ihlen;
-        	uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
+		uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
 		if (uh == NULL)
-			break;	
+			break;
 
-        	ad->u.net.sport = uh->source;
-        	ad->u.net.dport = uh->dest;
-        	break;
-        }
+		ad->u.net.sport = uh->source;
+		ad->u.net.dport = uh->dest;
+		break;
+	}
 
 	case IPPROTO_DCCP: {
 		struct dccp_hdr _dccph, *dh;
@@ -3403,11 +3400,11 @@ static int selinux_parse_skb_ipv4(struct sk_buff *skb,
 		ad->u.net.sport = dh->dccph_sport;
 		ad->u.net.dport = dh->dccph_dport;
 		break;
-        }
+	}
 
-        default:
-        	break;
-        }
+	default:
+		break;
+	}
 out:
 	return ret;
 }
@@ -3442,7 +3439,7 @@ static int selinux_parse_skb_ipv6(struct sk_buff *skb,
 
 	switch (nexthdr) {
 	case IPPROTO_TCP: {
-        	struct tcphdr _tcph, *th;
+		struct tcphdr _tcph, *th;
 
 		th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
 		if (th == NULL)
@@ -3475,7 +3472,7 @@ static int selinux_parse_skb_ipv6(struct sk_buff *skb,
 		ad->u.net.sport = dh->dccph_sport;
 		ad->u.net.dport = dh->dccph_dport;
 		break;
-        }
+	}
 
 	/* includes fragments */
 	default:
@@ -3573,7 +3570,7 @@ static int socket_has_perm(struct task_struct *task, struct socket *sock,
 	if (isec->sid == SECINITSID_KERNEL)
 		goto out;
 
-	AVC_AUDIT_DATA_INIT(&ad,NET);
+	AVC_AUDIT_DATA_INIT(&ad, NET);
 	ad.u.net.sk = sock->sk;
 	err = avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad);
 
@@ -3683,7 +3680,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
 						      snum, &sid);
 				if (err)
 					goto out;
-				AVC_AUDIT_DATA_INIT(&ad,NET);
+				AVC_AUDIT_DATA_INIT(&ad, NET);
 				ad.u.net.sport = htons(snum);
 				ad.u.net.family = family;
 				err = avc_has_perm(isec->sid, sid,
@@ -3693,12 +3690,12 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
 					goto out;
 			}
 		}
-		
-		switch(isec->sclass) {
+
+		switch (isec->sclass) {
 		case SECCLASS_TCP_SOCKET:
 			node_perm = TCP_SOCKET__NODE_BIND;
 			break;
-			
+
 		case SECCLASS_UDP_SOCKET:
 			node_perm = UDP_SOCKET__NODE_BIND;
 			break;
@@ -3711,12 +3708,12 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
 			node_perm = RAWIP_SOCKET__NODE_BIND;
 			break;
 		}
-		
+
 		err = sel_netnode_sid(addrp, family, &sid);
 		if (err)
 			goto out;
-		
-		AVC_AUDIT_DATA_INIT(&ad,NET);
+
+		AVC_AUDIT_DATA_INIT(&ad, NET);
 		ad.u.net.sport = htons(snum);
 		ad.u.net.family = family;
 
@@ -3726,7 +3723,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
 			ipv6_addr_copy(&ad.u.net.v6info.saddr, &addr6->sin6_addr);
 
 		err = avc_has_perm(isec->sid, sid,
-		                   isec->sclass, node_perm, &ad);
+				   isec->sclass, node_perm, &ad);
 		if (err)
 			goto out;
 	}
@@ -3775,7 +3772,7 @@ static int selinux_socket_connect(struct socket *sock, struct sockaddr *address,
 		perm = (isec->sclass == SECCLASS_TCP_SOCKET) ?
 		       TCP_SOCKET__NAME_CONNECT : DCCP_SOCKET__NAME_CONNECT;
 
-		AVC_AUDIT_DATA_INIT(&ad,NET);
+		AVC_AUDIT_DATA_INIT(&ad, NET);
 		ad.u.net.dport = htons(snum);
 		ad.u.net.family = sk->sk_family;
 		err = avc_has_perm(isec->sid, sid, isec->sclass, perm, &ad);
@@ -3813,7 +3810,7 @@ static int selinux_socket_accept(struct socket *sock, struct socket *newsock)
 }
 
 static int selinux_socket_sendmsg(struct socket *sock, struct msghdr *msg,
- 				  int size)
+				  int size)
 {
 	int rc;
 
@@ -3840,7 +3837,7 @@ static int selinux_socket_getpeername(struct socket *sock)
 	return socket_has_perm(current, sock, SOCKET__GETATTR);
 }
 
-static int selinux_socket_setsockopt(struct socket *sock,int level,int optname)
+static int selinux_socket_setsockopt(struct socket *sock, int level, int optname)
 {
 	int err;
 
@@ -3879,7 +3876,7 @@ static int selinux_socket_unix_stream_connect(struct socket *sock,
 	isec = SOCK_INODE(sock)->i_security;
 	other_isec = SOCK_INODE(other)->i_security;
 
-	AVC_AUDIT_DATA_INIT(&ad,NET);
+	AVC_AUDIT_DATA_INIT(&ad, NET);
 	ad.u.net.sk = other->sk;
 
 	err = avc_has_perm(isec->sid, other_isec->sid,
@@ -3891,7 +3888,7 @@ static int selinux_socket_unix_stream_connect(struct socket *sock,
 	/* connecting socket */
 	ssec = sock->sk->sk_security;
 	ssec->peer_sid = other_isec->sid;
-	
+
 	/* server child socket */
 	ssec = newsk->sk_security;
 	ssec->peer_sid = isec->sid;
@@ -3911,7 +3908,7 @@ static int selinux_socket_unix_may_send(struct socket *sock,
 	isec = SOCK_INODE(sock)->i_security;
 	other_isec = SOCK_INODE(other)->i_security;
 
-	AVC_AUDIT_DATA_INIT(&ad,NET);
+	AVC_AUDIT_DATA_INIT(&ad, NET);
 	ad.u.net.sk = other->sk;
 
 	err = avc_has_perm(isec->sid, other_isec->sid,
@@ -3989,7 +3986,7 @@ static int selinux_sock_rcv_skb_iptables_compat(struct sock *sk,
 	err = avc_has_perm(sk_sid, if_sid, SECCLASS_NETIF, netif_perm, ad);
 	if (err)
 		return err;
-	
+
 	err = sel_netnode_sid(addrp, family, &node_sid);
 	if (err)
 		return err;
@@ -4140,7 +4137,7 @@ out_len:
 		err = -EFAULT;
 
 	kfree(scontext);
-out:	
+out:
 	return err;
 }
 
@@ -4201,7 +4198,7 @@ static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
 	}
 }
 
-static void selinux_sock_graft(struct sock* sk, struct socket *parent)
+static void selinux_sock_graft(struct sock *sk, struct socket *parent)
 {
 	struct inode_security_struct *isec = SOCK_INODE(parent)->i_security;
 	struct sk_security_struct *sksec = sk->sk_security;
@@ -4278,13 +4275,13 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
 	struct nlmsghdr *nlh;
 	struct socket *sock = sk->sk_socket;
 	struct inode_security_struct *isec = SOCK_INODE(sock)->i_security;
-	
+
 	if (skb->len < NLMSG_SPACE(0)) {
 		err = -EINVAL;
 		goto out;
 	}
 	nlh = nlmsg_hdr(skb);
-	
+
 	err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
 	if (err) {
 		if (err == -EINVAL) {
@@ -4410,7 +4407,7 @@ static int selinux_ip_postroute_iptables_compat(struct sock *sk,
 		return err;
 	err = avc_has_perm(sk_sid, if_sid, SECCLASS_NETIF, netif_perm, ad);
 		return err;
-		
+
 	err = sel_netnode_sid(addrp, family, &node_sid);
 	if (err)
 		return err;
@@ -4593,7 +4590,7 @@ static int selinux_netlink_recv(struct sk_buff *skb, int capability)
 	ad.u.cap = capability;
 
 	return avc_has_perm(NETLINK_CB(skb).sid, NETLINK_CB(skb).sid,
-	                    SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad);
+			    SECCLASS_CAPABILITY, CAP_TO_MASK(capability), &ad);
 }
 
 static int ipc_alloc_security(struct task_struct *task,
@@ -4685,7 +4682,7 @@ static int selinux_msg_queue_alloc_security(struct msg_queue *msq)
 	isec = msq->q_perm.security;
 
 	AVC_AUDIT_DATA_INIT(&ad, IPC);
- 	ad.u.ipc_id = msq->q_perm.key;
+	ad.u.ipc_id = msq->q_perm.key;
 
 	rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_MSGQ,
 			  MSGQ__CREATE, &ad);
@@ -4722,7 +4719,7 @@ static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
 	int err;
 	int perms;
 
-	switch(cmd) {
+	switch (cmd) {
 	case IPC_INFO:
 	case MSG_INFO:
 		/* No specific object, just general system-wide information. */
@@ -4806,7 +4803,7 @@ static int selinux_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
 	msec = msg->security;
 
 	AVC_AUDIT_DATA_INIT(&ad, IPC);
- 	ad.u.ipc_id = msq->q_perm.key;
+	ad.u.ipc_id = msq->q_perm.key;
 
 	rc = avc_has_perm(tsec->sid, isec->sid,
 			  SECCLASS_MSGQ, MSGQ__READ, &ad);
@@ -4832,7 +4829,7 @@ static int selinux_shm_alloc_security(struct shmid_kernel *shp)
 	isec = shp->shm_perm.security;
 
 	AVC_AUDIT_DATA_INIT(&ad, IPC);
- 	ad.u.ipc_id = shp->shm_perm.key;
+	ad.u.ipc_id = shp->shm_perm.key;
 
 	rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SHM,
 			  SHM__CREATE, &ad);
@@ -4870,7 +4867,7 @@ static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
 	int perms;
 	int err;
 
-	switch(cmd) {
+	switch (cmd) {
 	case IPC_INFO:
 	case SHM_INFO:
 		/* No specific object, just general system-wide information. */
@@ -4931,7 +4928,7 @@ static int selinux_sem_alloc_security(struct sem_array *sma)
 	isec = sma->sem_perm.security;
 
 	AVC_AUDIT_DATA_INIT(&ad, IPC);
- 	ad.u.ipc_id = sma->sem_perm.key;
+	ad.u.ipc_id = sma->sem_perm.key;
 
 	rc = avc_has_perm(tsec->sid, isec->sid, SECCLASS_SEM,
 			  SEM__CREATE, &ad);
@@ -4969,7 +4966,7 @@ static int selinux_sem_semctl(struct sem_array *sma, int cmd)
 	int err;
 	u32 perms;
 
-	switch(cmd) {
+	switch (cmd) {
 	case IPC_INFO:
 	case SEM_INFO:
 		/* No specific object, just general system-wide information. */
@@ -5041,13 +5038,13 @@ static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
 }
 
 /* module stacking operations */
-static int selinux_register_security (const char *name, struct security_operations *ops)
+static int selinux_register_security(const char *name, struct security_operations *ops)
 {
 	if (secondary_ops != original_ops) {
 		printk(KERN_ERR "%s:  There is already a secondary security "
 		       "module registered.\n", __func__);
 		return -EINVAL;
- 	}
+	}
 
 	secondary_ops = ops;
 
@@ -5058,7 +5055,7 @@ static int selinux_register_security (const char *name, struct security_operatio
 	return 0;
 }
 
-static void selinux_d_instantiate (struct dentry *dentry, struct inode *inode)
+static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
 {
 	if (inode)
 		inode_doinit_with_dentry(inode, dentry);
@@ -5186,11 +5183,11 @@ static int selinux_setprocattr(struct task_struct *p,
 				}
 			while_each_thread(g, t);
 			read_unlock(&tasklist_lock);
-                }
+		}
 
 		/* Check permissions for the transition. */
 		error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
-		                     PROCESS__DYNTRANSITION, NULL);
+				     PROCESS__DYNTRANSITION, NULL);
 		if (error)
 			return error;
 
@@ -5218,8 +5215,7 @@ static int selinux_setprocattr(struct task_struct *p,
 			tsec->sid = sid;
 			task_unlock(p);
 		}
-	}
-	else
+	} else
 		return -EINVAL;
 
 	return size;
@@ -5309,7 +5305,7 @@ static struct security_operations selinux_ops = {
 	.vm_enough_memory =		selinux_vm_enough_memory,
 
 	.netlink_send =			selinux_netlink_send,
-        .netlink_recv =			selinux_netlink_recv,
+	.netlink_recv =			selinux_netlink_recv,
 
 	.bprm_alloc_security =		selinux_bprm_alloc_security,
 	.bprm_free_security =		selinux_bprm_free_security,
@@ -5322,13 +5318,13 @@ static struct security_operations selinux_ops = {
 	.sb_alloc_security =		selinux_sb_alloc_security,
 	.sb_free_security =		selinux_sb_free_security,
 	.sb_copy_data =			selinux_sb_copy_data,
-	.sb_kern_mount =	        selinux_sb_kern_mount,
+	.sb_kern_mount =		selinux_sb_kern_mount,
 	.sb_statfs =			selinux_sb_statfs,
 	.sb_mount =			selinux_mount,
 	.sb_umount =			selinux_umount,
 	.sb_get_mnt_opts =		selinux_get_mnt_opts,
 	.sb_set_mnt_opts =		selinux_set_mnt_opts,
-	.sb_clone_mnt_opts = 		selinux_sb_clone_mnt_opts,
+	.sb_clone_mnt_opts =		selinux_sb_clone_mnt_opts,
 	.sb_parse_opts_str = 		selinux_parse_opts_str,
 
 
@@ -5353,9 +5349,9 @@ static struct security_operations selinux_ops = {
 	.inode_getxattr =		selinux_inode_getxattr,
 	.inode_listxattr =		selinux_inode_listxattr,
 	.inode_removexattr =		selinux_inode_removexattr,
-	.inode_getsecurity =            selinux_inode_getsecurity,
-	.inode_setsecurity =            selinux_inode_setsecurity,
-	.inode_listsecurity =           selinux_inode_listsecurity,
+	.inode_getsecurity =		selinux_inode_getsecurity,
+	.inode_setsecurity =		selinux_inode_setsecurity,
+	.inode_listsecurity =		selinux_inode_listsecurity,
 	.inode_need_killpriv =		selinux_inode_need_killpriv,
 	.inode_killpriv =		selinux_inode_killpriv,
 	.inode_getsecid =               selinux_inode_getsecid,
@@ -5372,7 +5368,7 @@ static struct security_operations selinux_ops = {
 	.file_send_sigiotask =		selinux_file_send_sigiotask,
 	.file_receive =			selinux_file_receive,
 
-	.dentry_open =                  selinux_dentry_open,
+	.dentry_open =			selinux_dentry_open,
 
 	.task_create =			selinux_task_create,
 	.task_alloc_security =		selinux_task_alloc_security,
@@ -5382,7 +5378,7 @@ static struct security_operations selinux_ops = {
 	.task_setgid =			selinux_task_setgid,
 	.task_setpgid =			selinux_task_setpgid,
 	.task_getpgid =			selinux_task_getpgid,
-	.task_getsid =		        selinux_task_getsid,
+	.task_getsid =			selinux_task_getsid,
 	.task_getsecid =		selinux_task_getsecid,
 	.task_setgroups =		selinux_task_setgroups,
 	.task_setnice =			selinux_task_setnice,
@@ -5396,7 +5392,7 @@ static struct security_operations selinux_ops = {
 	.task_wait =			selinux_task_wait,
 	.task_prctl =			selinux_task_prctl,
 	.task_reparent_to_init =	selinux_task_reparent_to_init,
-	.task_to_inode =                selinux_task_to_inode,
+	.task_to_inode =		selinux_task_to_inode,
 
 	.ipc_permission =		selinux_ipc_permission,
 	.ipc_getsecid =                 selinux_ipc_getsecid,
@@ -5417,24 +5413,24 @@ static struct security_operations selinux_ops = {
 	.shm_shmctl =			selinux_shm_shmctl,
 	.shm_shmat =			selinux_shm_shmat,
 
-	.sem_alloc_security = 		selinux_sem_alloc_security,
-	.sem_free_security =  		selinux_sem_free_security,
+	.sem_alloc_security =		selinux_sem_alloc_security,
+	.sem_free_security =		selinux_sem_free_security,
 	.sem_associate =		selinux_sem_associate,
 	.sem_semctl =			selinux_sem_semctl,
 	.sem_semop =			selinux_sem_semop,
 
 	.register_security =		selinux_register_security,
 
-	.d_instantiate =                selinux_d_instantiate,
+	.d_instantiate =		selinux_d_instantiate,
 
-	.getprocattr =                  selinux_getprocattr,
-	.setprocattr =                  selinux_setprocattr,
+	.getprocattr =			selinux_getprocattr,
+	.setprocattr =			selinux_setprocattr,
 
 	.secid_to_secctx =		selinux_secid_to_secctx,
 	.secctx_to_secid =		selinux_secctx_to_secid,
 	.release_secctx =		selinux_release_secctx,
 
-        .unix_stream_connect =		selinux_socket_unix_stream_connect,
+	.unix_stream_connect =		selinux_socket_unix_stream_connect,
 	.unix_may_send =		selinux_socket_unix_may_send,
 
 	.socket_create =		selinux_socket_create,
@@ -5456,7 +5452,7 @@ static struct security_operations selinux_ops = {
 	.sk_alloc_security =		selinux_sk_alloc_security,
 	.sk_free_security =		selinux_sk_free_security,
 	.sk_clone_security =		selinux_sk_clone_security,
-	.sk_getsecid = 			selinux_sk_getsecid,
+	.sk_getsecid =			selinux_sk_getsecid,
 	.sock_graft =			selinux_sock_graft,
 	.inet_conn_request =		selinux_inet_conn_request,
 	.inet_csk_clone =		selinux_inet_csk_clone,
@@ -5471,15 +5467,15 @@ static struct security_operations selinux_ops = {
 	.xfrm_state_alloc_security =	selinux_xfrm_state_alloc,
 	.xfrm_state_free_security =	selinux_xfrm_state_free,
 	.xfrm_state_delete_security =	selinux_xfrm_state_delete,
-	.xfrm_policy_lookup = 		selinux_xfrm_policy_lookup,
+	.xfrm_policy_lookup =		selinux_xfrm_policy_lookup,
 	.xfrm_state_pol_flow_match =	selinux_xfrm_state_pol_flow_match,
 	.xfrm_decode_session =		selinux_xfrm_decode_session,
 #endif
 
 #ifdef CONFIG_KEYS
-	.key_alloc =                    selinux_key_alloc,
-	.key_free =                     selinux_key_free,
-	.key_permission =               selinux_key_permission,
+	.key_alloc =			selinux_key_alloc,
+	.key_free =			selinux_key_free,
+	.key_permission =		selinux_key_permission,
 #endif
 
 #ifdef CONFIG_AUDIT
@@ -5519,15 +5515,14 @@ static __init int selinux_init(void)
 
 	original_ops = secondary_ops = security_ops;
 	if (!secondary_ops)
-		panic ("SELinux: No initial security operations\n");
-	if (register_security (&selinux_ops))
+		panic("SELinux: No initial security operations\n");
+	if (register_security(&selinux_ops))
 		panic("SELinux: Unable to register with kernel.\n");
 
-	if (selinux_enforcing) {
+	if (selinux_enforcing)
 		printk(KERN_DEBUG "SELinux:  Starting in enforcing mode\n");
-	} else {
+	else
 		printk(KERN_DEBUG "SELinux:  Starting in permissive mode\n");
-	}
 
 #ifdef CONFIG_KEYS
 	/* Add security information to initial keyrings */
@@ -5552,8 +5547,8 @@ next_sb:
 	if (!list_empty(&superblock_security_head)) {
 		struct superblock_security_struct *sbsec =
 				list_entry(superblock_security_head.next,
-				           struct superblock_security_struct,
-				           list);
+					   struct superblock_security_struct,
+					   list);
 		struct super_block *sb = sbsec->sb;
 		sb->s_count++;
 		spin_unlock(&sb_security_lock);
@@ -5672,10 +5667,11 @@ static void selinux_nf_ip_exit(void)
 #endif /* CONFIG_NETFILTER */
 
 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
+static int selinux_disabled;
+
 int selinux_disable(void)
 {
 	extern void exit_sel_fs(void);
-	static int selinux_disabled = 0;
 
 	if (ss_initialized) {
 		/* Not permitted after initial policy load. */

security/selinux/netif.c

@@ -8,7 +8,7 @@
  *
  * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
  * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
- *                    Paul Moore <paul.moore@hp.com>
+ *		      Paul Moore <paul.moore@hp.com>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2,
@@ -31,8 +31,7 @@
 #define SEL_NETIF_HASH_SIZE	64
 #define SEL_NETIF_HASH_MAX	1024
 
-struct sel_netif
-{
+struct sel_netif {
 	struct list_head list;
 	struct netif_security_struct nsec;
 	struct rcu_head rcu_head;
@@ -92,10 +91,10 @@ static inline struct sel_netif *sel_netif_find(int ifindex)
 static int sel_netif_insert(struct sel_netif *netif)
 {
 	int idx;
-	
+
 	if (sel_netif_total >= SEL_NETIF_HASH_MAX)
 		return -ENOSPC;
-	
+
 	idx = sel_netif_hashfn(netif->nsec.ifindex);
 	list_add_rcu(&netif->list, &sel_netif_hash[idx]);
 	sel_netif_total++;
@@ -267,7 +266,7 @@ static void sel_netif_flush(void)
 }
 
 static int sel_netif_avc_callback(u32 event, u32 ssid, u32 tsid,
-                                  u16 class, u32 perms, u32 *retained)
+				  u16 class, u32 perms, u32 *retained)
 {
 	if (event == AVC_CALLBACK_RESET) {
 		sel_netif_flush();
@@ -277,7 +276,7 @@ static int sel_netif_avc_callback(u32 event, u32 ssid, u32 tsid,
 }
 
 static int sel_netif_netdev_notifier_handler(struct notifier_block *this,
-                                             unsigned long event, void *ptr)
+					     unsigned long event, void *ptr)
 {
 	struct net_device *dev = ptr;
 
@@ -297,7 +296,7 @@ static struct notifier_block sel_netif_netdev_notifier = {
 static __init int sel_netif_init(void)
 {
 	int i, err;
-	
+
 	if (!selinux_enabled)
 		return 0;
 
@@ -305,9 +304,9 @@ static __init int sel_netif_init(void)
 		INIT_LIST_HEAD(&sel_netif_hash[i]);
 
 	register_netdevice_notifier(&sel_netif_netdev_notifier);
-	
+
 	err = avc_add_callback(sel_netif_avc_callback, AVC_CALLBACK_RESET,
-	                       SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
+			       SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
 	if (err)
 		panic("avc_add_callback() failed, error %d\n", err);
 

security/selinux/netlabel.c

@@ -118,7 +118,7 @@ void selinux_netlbl_cache_invalidate(void)
 void selinux_netlbl_sk_security_reset(struct sk_security_struct *ssec,
 				      int family)
 {
-        if (family == PF_INET)
+	if (family == PF_INET)
 		ssec->nlbl_state = NLBL_REQUIRE;
 	else
 		ssec->nlbl_state = NLBL_UNSET;

security/selinux/netlink.c

@@ -24,16 +24,16 @@ static struct sock *selnl;
 static int selnl_msglen(int msgtype)
 {
 	int ret = 0;
-	
+
 	switch (msgtype) {
 	case SELNL_MSG_SETENFORCE:
 		ret = sizeof(struct selnl_msg_setenforce);
 		break;
-	
+
 	case SELNL_MSG_POLICYLOAD:
 		ret = sizeof(struct selnl_msg_policyload);
 		break;
-		
+
 	default:
 		BUG();
 	}
@@ -45,15 +45,15 @@ static void selnl_add_payload(struct nlmsghdr *nlh, int len, int msgtype, void *
 	switch (msgtype) {
 	case SELNL_MSG_SETENFORCE: {
 		struct selnl_msg_setenforce *msg = NLMSG_DATA(nlh);
-		
+
 		memset(msg, 0, len);
 		msg->val = *((int *)data);
 		break;
 	}
-	
+
 	case SELNL_MSG_POLICYLOAD: {
 		struct selnl_msg_policyload *msg = NLMSG_DATA(nlh);
-		
+
 		memset(msg, 0, len);
 		msg->seqno = *((u32 *)data);
 		break;
@@ -70,9 +70,9 @@ static void selnl_notify(int msgtype, void *data)
 	sk_buff_data_t tmp;
 	struct sk_buff *skb;
 	struct nlmsghdr *nlh;
-	
+
 	len = selnl_msglen(msgtype);
-	
+
 	skb = alloc_skb(NLMSG_SPACE(len), GFP_USER);
 	if (!skb)
 		goto oom;
@@ -85,7 +85,7 @@ static void selnl_notify(int msgtype, void *data)
 	netlink_broadcast(selnl, skb, 0, SELNLGRP_AVC, GFP_USER);
 out:
 	return;
-	
+
 nlmsg_failure:
 	kfree_skb(skb);
 oom:
@@ -109,7 +109,7 @@ static int __init selnl_init(void)
 				      SELNLGRP_MAX, NULL, NULL, THIS_MODULE);
 	if (selnl == NULL)
 		panic("SELinux:  Cannot create netlink socket.");
-	netlink_set_nonroot(NETLINK_SELINUX, NL_NONROOT_RECV);	
+	netlink_set_nonroot(NETLINK_SELINUX, NL_NONROOT_RECV);
 	return 0;
 }
 

security/selinux/netnode.c

@@ -344,7 +344,7 @@ static __init int sel_netnode_init(void)
 		INIT_LIST_HEAD(&sel_netnode_hash[iter]);
 
 	ret = avc_add_callback(sel_netnode_avc_callback, AVC_CALLBACK_RESET,
-	                       SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
+			       SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
 	if (ret != 0)
 		panic("avc_add_callback() failed, error %d\n", ret);
 

security/selinux/nlmsgtab.c

@@ -23,8 +23,7 @@
 #include "flask.h"
 #include "av_permissions.h"
 
-struct nlmsg_perm
-{
+struct nlmsg_perm {
 	u16	nlmsg_type;
 	u32	perm;
 };
@@ -159,7 +158,7 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
 		if ((nlmsg_type >= AUDIT_FIRST_USER_MSG &&
 		     nlmsg_type <= AUDIT_LAST_USER_MSG) ||
 		    (nlmsg_type >= AUDIT_FIRST_USER_MSG2 &&
-                     nlmsg_type <= AUDIT_LAST_USER_MSG2)) {
+		     nlmsg_type <= AUDIT_LAST_USER_MSG2)) {
 			*perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY;
 		} else {
 			err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,

security/selinux/selinuxfs.c

@@ -1,16 +1,16 @@
 /* Updated: Karl MacMillan <kmacmillan@tresys.com>
  *
- * 	Added conditional policy language extensions
+ *	Added conditional policy language extensions
  *
  *  Updated: Hewlett-Packard <paul.moore@hp.com>
  *
- *      Added support for the policy capability bitmap
+ *	Added support for the policy capability bitmap
  *
  * Copyright (C) 2007 Hewlett-Packard Development Company, L.P.
  * Copyright (C) 2003 - 2004 Tresys Technology, LLC
  * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
  *	This program is free software; you can redistribute it and/or modify
- *  	it under the terms of the GNU General Public License as published by
+ *	it under the terms of the GNU General Public License as published by
  *	the Free Software Foundation, version 2.
  */
 
@@ -57,14 +57,14 @@ int selinux_compat_net = SELINUX_COMPAT_NET_VALUE;
 
 static int __init checkreqprot_setup(char *str)
 {
-	selinux_checkreqprot = simple_strtoul(str,NULL,0) ? 1 : 0;
+	selinux_checkreqprot = simple_strtoul(str, NULL, 0) ? 1 : 0;
 	return 1;
 }
 __setup("checkreqprot=", checkreqprot_setup);
 
 static int __init selinux_compat_net_setup(char *str)
 {
-	selinux_compat_net = simple_strtoul(str,NULL,0) ? 1 : 0;
+	selinux_compat_net = simple_strtoul(str, NULL, 0) ? 1 : 0;
 	return 1;
 }
 __setup("selinux_compat_net=", selinux_compat_net_setup);
@@ -73,17 +73,17 @@ __setup("selinux_compat_net=", selinux_compat_net_setup);
 static DEFINE_MUTEX(sel_mutex);
 
 /* global data for booleans */
-static struct dentry *bool_dir = NULL;
-static int bool_num = 0;
+static struct dentry *bool_dir;
+static int bool_num;
 static char **bool_pending_names;
-static int *bool_pending_values = NULL;
+static int *bool_pending_values;
 
 /* global data for classes */
-static struct dentry *class_dir = NULL;
+static struct dentry *class_dir;
 static unsigned long last_class_ino;
 
 /* global data for policy capabilities */
-static struct dentry *policycap_dir = NULL;
+static struct dentry *policycap_dir;
 
 extern void selnl_notify_setenforce(int val);
 
@@ -142,7 +142,7 @@ static ssize_t sel_read_enforce(struct file *filp, char __user *buf,
 }
 
 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
-static ssize_t sel_write_enforce(struct file * file, const char __user * buf,
+static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
 				 size_t count, loff_t *ppos)
 
 {
@@ -156,7 +156,7 @@ static ssize_t sel_write_enforce(struct file * file, const char __user * buf,
 		/* No partial writes. */
 		return -EINVAL;
 	}
-	page = (char*)get_zeroed_page(GFP_KERNEL);
+	page = (char *)get_zeroed_page(GFP_KERNEL);
 	if (!page)
 		return -ENOMEM;
 	length = -EFAULT;
@@ -213,7 +213,7 @@ static const struct file_operations sel_handle_unknown_ops = {
 };
 
 #ifdef CONFIG_SECURITY_SELINUX_DISABLE
-static ssize_t sel_write_disable(struct file * file, const char __user * buf,
+static ssize_t sel_write_disable(struct file *file, const char __user *buf,
 				 size_t count, loff_t *ppos)
 
 {
@@ -228,7 +228,7 @@ static ssize_t sel_write_disable(struct file * file, const char __user * buf,
 		/* No partial writes. */
 		return -EINVAL;
 	}
-	page = (char*)get_zeroed_page(GFP_KERNEL);
+	page = (char *)get_zeroed_page(GFP_KERNEL);
 	if (!page)
 		return -ENOMEM;
 	length = -EFAULT;
@@ -263,7 +263,7 @@ static const struct file_operations sel_disable_ops = {
 };
 
 static ssize_t sel_read_policyvers(struct file *filp, char __user *buf,
-                                   size_t count, loff_t *ppos)
+				   size_t count, loff_t *ppos)
 {
 	char tmpbuf[TMPBUFLEN];
 	ssize_t length;
@@ -299,7 +299,7 @@ static const struct file_operations sel_mls_ops = {
 	.read		= sel_read_mls,
 };
 
-static ssize_t sel_write_load(struct file * file, const char __user * buf,
+static ssize_t sel_write_load(struct file *file, const char __user *buf,
 			      size_t count, loff_t *ppos)
 
 {
@@ -371,7 +371,7 @@ static const struct file_operations sel_load_ops = {
 	.write		= sel_write_load,
 };
 
-static ssize_t sel_write_context(struct file * file, char *buf, size_t size)
+static ssize_t sel_write_context(struct file *file, char *buf, size_t size)
 {
 	char *canon;
 	u32 sid, len;
@@ -390,8 +390,8 @@ static ssize_t sel_write_context(struct file * file, char *buf, size_t size)
 		return length;
 
 	if (len > SIMPLE_TRANSACTION_LIMIT) {
-		printk(KERN_ERR "%s:  context size (%u) exceeds payload "
-		       "max\n", __func__, len);
+		printk(KERN_ERR "SELinux: %s:  context size (%u) exceeds "
+			"payload max\n", __func__, len);
 		length = -ERANGE;
 		goto out;
 	}
@@ -413,7 +413,7 @@ static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf,
 	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
 }
 
-static ssize_t sel_write_checkreqprot(struct file * file, const char __user * buf,
+static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf,
 				      size_t count, loff_t *ppos)
 {
 	char *page;
@@ -430,7 +430,7 @@ static ssize_t sel_write_checkreqprot(struct file * file, const char __user * bu
 		/* No partial writes. */
 		return -EINVAL;
 	}
-	page = (char*)get_zeroed_page(GFP_KERNEL);
+	page = (char *)get_zeroed_page(GFP_KERNEL);
 	if (!page)
 		return -ENOMEM;
 	length = -EFAULT;
@@ -462,7 +462,7 @@ static ssize_t sel_read_compat_net(struct file *filp, char __user *buf,
 	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
 }
 
-static ssize_t sel_write_compat_net(struct file * file, const char __user * buf,
+static ssize_t sel_write_compat_net(struct file *file, const char __user *buf,
 				    size_t count, loff_t *ppos)
 {
 	char *page;
@@ -479,7 +479,7 @@ static ssize_t sel_write_compat_net(struct file * file, const char __user * buf,
 		/* No partial writes. */
 		return -EINVAL;
 	}
-	page = (char*)get_zeroed_page(GFP_KERNEL);
+	page = (char *)get_zeroed_page(GFP_KERNEL);
 	if (!page)
 		return -ENOMEM;
 	length = -EFAULT;
@@ -504,11 +504,11 @@ static const struct file_operations sel_compat_net_ops = {
 /*
  * Remaining nodes use transaction based IO methods like nfsd/nfsctl.c
  */
-static ssize_t sel_write_access(struct file * file, char *buf, size_t size);
-static ssize_t sel_write_create(struct file * file, char *buf, size_t size);
-static ssize_t sel_write_relabel(struct file * file, char *buf, size_t size);
-static ssize_t sel_write_user(struct file * file, char *buf, size_t size);
-static ssize_t sel_write_member(struct file * file, char *buf, size_t size);
+static ssize_t sel_write_access(struct file *file, char *buf, size_t size);
+static ssize_t sel_write_create(struct file *file, char *buf, size_t size);
+static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size);
+static ssize_t sel_write_user(struct file *file, char *buf, size_t size);
+static ssize_t sel_write_member(struct file *file, char *buf, size_t size);
 
 static ssize_t (*write_op[])(struct file *, char *, size_t) = {
 	[SEL_ACCESS] = sel_write_access,
@@ -521,7 +521,7 @@ static ssize_t (*write_op[])(struct file *, char *, size_t) = {
 
 static ssize_t selinux_transaction_write(struct file *file, const char __user *buf, size_t size, loff_t *pos)
 {
-	ino_t ino =  file->f_path.dentry->d_inode->i_ino;
+	ino_t ino = file->f_path.dentry->d_inode->i_ino;
 	char *data;
 	ssize_t rv;
 
@@ -532,8 +532,8 @@ static ssize_t selinux_transaction_write(struct file *file, const char __user *b
 	if (IS_ERR(data))
 		return PTR_ERR(data);
 
-	rv =  write_op[ino](file, data, size);
-	if (rv>0) {
+	rv = write_op[ino](file, data, size);
+	if (rv > 0) {
 		simple_transaction_set(file, rv);
 		rv = size;
 	}
@@ -552,7 +552,7 @@ static const struct file_operations transaction_ops = {
  * and the length returned.  Otherwise return 0 or and -error.
  */
 
-static ssize_t sel_write_access(struct file * file, char *buf, size_t size)
+static ssize_t sel_write_access(struct file *file, char *buf, size_t size)
 {
 	char *scon, *tcon;
 	u32 ssid, tsid;
@@ -601,7 +601,7 @@ out:
 	return length;
 }
 
-static ssize_t sel_write_create(struct file * file, char *buf, size_t size)
+static ssize_t sel_write_create(struct file *file, char *buf, size_t size)
 {
 	char *scon, *tcon;
 	u32 ssid, tsid, newsid;
@@ -643,8 +643,8 @@ static ssize_t sel_write_create(struct file * file, char *buf, size_t size)
 		goto out2;
 
 	if (len > SIMPLE_TRANSACTION_LIMIT) {
-		printk(KERN_ERR "%s:  context size (%u) exceeds payload "
-		       "max\n", __func__, len);
+		printk(KERN_ERR "SELinux: %s:  context size (%u) exceeds "
+			"payload max\n", __func__, len);
 		length = -ERANGE;
 		goto out3;
 	}
@@ -660,7 +660,7 @@ out:
 	return length;
 }
 
-static ssize_t sel_write_relabel(struct file * file, char *buf, size_t size)
+static ssize_t sel_write_relabel(struct file *file, char *buf, size_t size)
 {
 	char *scon, *tcon;
 	u32 ssid, tsid, newsid;
@@ -717,7 +717,7 @@ out:
 	return length;
 }
 
-static ssize_t sel_write_user(struct file * file, char *buf, size_t size)
+static ssize_t sel_write_user(struct file *file, char *buf, size_t size)
 {
 	char *con, *user, *ptr;
 	u32 sid, *sids;
@@ -778,7 +778,7 @@ out:
 	return length;
 }
 
-static ssize_t sel_write_member(struct file * file, char *buf, size_t size)
+static ssize_t sel_write_member(struct file *file, char *buf, size_t size)
 {
 	char *scon, *tcon;
 	u32 ssid, tsid, newsid;
@@ -820,8 +820,8 @@ static ssize_t sel_write_member(struct file * file, char *buf, size_t size)
 		goto out2;
 
 	if (len > SIMPLE_TRANSACTION_LIMIT) {
-		printk(KERN_ERR "%s:  context size (%u) exceeds payload "
-		       "max\n", __func__, len);
+		printk(KERN_ERR "SELinux: %s:  context size (%u) exceeds "
+			"payload max\n", __func__, len);
 		length = -ERANGE;
 		goto out3;
 	}
@@ -872,7 +872,8 @@ static ssize_t sel_read_bool(struct file *filep, char __user *buf,
 		ret = -EINVAL;
 		goto out;
 	}
-	if (!(page = (char*)get_zeroed_page(GFP_KERNEL))) {
+	page = (char *)get_zeroed_page(GFP_KERNEL);
+	if (!page) {
 		ret = -ENOMEM;
 		goto out;
 	}
@@ -923,7 +924,7 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf,
 		length = -EINVAL;
 		goto out;
 	}
-	page = (char*)get_zeroed_page(GFP_KERNEL);
+	page = (char *)get_zeroed_page(GFP_KERNEL);
 	if (!page) {
 		length = -ENOMEM;
 		goto out;
@@ -951,8 +952,8 @@ out:
 }
 
 static const struct file_operations sel_bool_ops = {
-	.read           = sel_read_bool,
-	.write          = sel_write_bool,
+	.read		= sel_read_bool,
+	.write		= sel_write_bool,
 };
 
 static ssize_t sel_commit_bools_write(struct file *filep,
@@ -977,7 +978,7 @@ static ssize_t sel_commit_bools_write(struct file *filep,
 		/* No partial writes. */
 		goto out;
 	}
-	page = (char*)get_zeroed_page(GFP_KERNEL);
+	page = (char *)get_zeroed_page(GFP_KERNEL);
 	if (!page) {
 		length = -ENOMEM;
 		goto out;
@@ -991,9 +992,8 @@ static ssize_t sel_commit_bools_write(struct file *filep,
 	if (sscanf(page, "%d", &new_value) != 1)
 		goto out;
 
-	if (new_value && bool_pending_values) {
+	if (new_value && bool_pending_values)
 		security_set_bools(bool_num, bool_pending_values);
-	}
 
 	length = count;
 
@@ -1005,7 +1005,7 @@ out:
 }
 
 static const struct file_operations sel_commit_bools_ops = {
-	.write          = sel_commit_bools_write,
+	.write		= sel_commit_bools_write,
 };
 
 static void sel_remove_entries(struct dentry *de)
@@ -1055,7 +1055,8 @@ static int sel_make_bools(void)
 
 	sel_remove_entries(dir);
 
-	if (!(page = (char*)get_zeroed_page(GFP_KERNEL)))
+	page = (char *)get_zeroed_page(GFP_KERNEL);
+	if (!page)
 		return -ENOMEM;
 
 	ret = security_get_bools(&num, &names, &values);
@@ -1082,8 +1083,9 @@ static int sel_make_bools(void)
 			ret = -ENAMETOOLONG;
 			goto err;
 		}
-		isec = (struct inode_security_struct*)inode->i_security;
-		if ((ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid)))
+		isec = (struct inode_security_struct *)inode->i_security;
+		ret = security_genfs_sid("selinuxfs", page, SECCLASS_FILE, &sid);
+		if (ret)
 			goto err;
 		isec->sid = sid;
 		isec->initialized = 1;
@@ -1111,7 +1113,7 @@ err:
 
 #define NULL_FILE_NAME "null"
 
-struct dentry *selinux_null = NULL;
+struct dentry *selinux_null;
 
 static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf,
 					    size_t count, loff_t *ppos)
@@ -1123,8 +1125,8 @@ static ssize_t sel_read_avc_cache_threshold(struct file *filp, char __user *buf,
 	return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
 }
 
-static ssize_t sel_write_avc_cache_threshold(struct file * file,
-					     const char __user * buf,
+static ssize_t sel_write_avc_cache_threshold(struct file *file,
+					     const char __user *buf,
 					     size_t count, loff_t *ppos)
 
 {
@@ -1143,7 +1145,7 @@ static ssize_t sel_write_avc_cache_threshold(struct file * file,
 		goto out;
 	}
 
-	page = (char*)get_zeroed_page(GFP_KERNEL);
+	page = (char *)get_zeroed_page(GFP_KERNEL);
 	if (!page) {
 		ret = -ENOMEM;
 		goto out;
@@ -1301,7 +1303,7 @@ out:
 	return ret;
 }
 
-static ssize_t sel_read_initcon(struct file * file, char __user *buf,
+static ssize_t sel_read_initcon(struct file *file, char __user *buf,
 				size_t count, loff_t *ppos)
 {
 	struct inode *inode;
@@ -1375,7 +1377,7 @@ static inline u32 sel_ino_to_perm(unsigned long ino)
 	return (ino & SEL_INO_MASK) % (SEL_VEC_MAX + 1);
 }
 
-static ssize_t sel_read_class(struct file * file, char __user *buf,
+static ssize_t sel_read_class(struct file *file, char __user *buf,
 				size_t count, loff_t *ppos)
 {
 	ssize_t rc, len;
@@ -1399,7 +1401,7 @@ static const struct file_operations sel_class_ops = {
 	.read		= sel_read_class,
 };
 
-static ssize_t sel_read_perm(struct file * file, char __user *buf,
+static ssize_t sel_read_perm(struct file *file, char __user *buf,
 				size_t count, loff_t *ppos)
 {
 	ssize_t rc, len;
@@ -1412,7 +1414,7 @@ static ssize_t sel_read_perm(struct file * file, char __user *buf,
 		goto out;
 	}
 
-	len = snprintf(page, PAGE_SIZE,"%d", sel_ino_to_perm(ino));
+	len = snprintf(page, PAGE_SIZE, "%d", sel_ino_to_perm(ino));
 	rc = simple_read_from_buffer(buf, count, ppos, page, len);
 	free_page((unsigned long)page);
 out:
@@ -1640,7 +1642,7 @@ out:
 	return ret;
 }
 
-static int sel_fill_super(struct super_block * sb, void * data, int silent)
+static int sel_fill_super(struct super_block *sb, void *data, int silent)
 {
 	int ret;
 	struct dentry *dentry;
@@ -1696,7 +1698,7 @@ static int sel_fill_super(struct super_block * sb, void * data, int silent)
 		goto err;
 	}
 	inode->i_ino = ++sel_last_ino;
-	isec = (struct inode_security_struct*)inode->i_security;
+	isec = (struct inode_security_struct *)inode->i_security;
 	isec->sid = SECINITSID_DEVNULL;
 	isec->sclass = SECCLASS_CHR_FILE;
 	isec->initialized = 1;
@@ -1760,7 +1762,8 @@ static int sel_fill_super(struct super_block * sb, void * data, int silent)
 out:
 	return ret;
 err:
-	printk(KERN_ERR "%s:  failed while creating inodes\n", __func__);
+	printk(KERN_ERR "SELinux: %s:  failed while creating inodes\n",
+		__func__);
 	goto out;
 }
 

security/selinux/ss/avtab.c

@@ -6,15 +6,15 @@
 
 /* Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
  *
- * 	Added conditional policy language extensions
+ *	Added conditional policy language extensions
  *
  * Copyright (C) 2003 Tresys Technology, LLC
  *	This program is free software; you can redistribute it and/or modify
- *  	it under the terms of the GNU General Public License as published by
+ *	it under the terms of the GNU General Public License as published by
  *	the Free Software Foundation, version 2.
  *
  * Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>
- * 	Tuned number of hash slots for avtab to reduce memory usage
+ *	Tuned number of hash slots for avtab to reduce memory usage
  */
 
 #include <linux/kernel.h>
@@ -33,10 +33,10 @@ static inline int avtab_hash(struct avtab_key *keyp, u16 mask)
 
 static struct avtab_node*
 avtab_insert_node(struct avtab *h, int hvalue,
-		  struct avtab_node * prev, struct avtab_node * cur,
+		  struct avtab_node *prev, struct avtab_node *cur,
 		  struct avtab_key *key, struct avtab_datum *datum)
 {
-	struct avtab_node * newnode;
+	struct avtab_node *newnode;
 	newnode = kmem_cache_zalloc(avtab_node_cachep, GFP_KERNEL);
 	if (newnode == NULL)
 		return NULL;
@@ -84,7 +84,7 @@ static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_dat
 	}
 
 	newnode = avtab_insert_node(h, hvalue, prev, cur, key, datum);
-	if(!newnode)
+	if (!newnode)
 		return -ENOMEM;
 
 	return 0;
@@ -95,7 +95,7 @@ static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_dat
  * It also returns a pointer to the node inserted.
  */
 struct avtab_node *
-avtab_insert_nonunique(struct avtab * h, struct avtab_key * key, struct avtab_datum * datum)
+avtab_insert_nonunique(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum)
 {
 	int hvalue;
 	struct avtab_node *prev, *cur, *newnode;
@@ -310,8 +310,8 @@ void avtab_hash_eval(struct avtab *h, char *tag)
 		}
 	}
 
-	printk(KERN_DEBUG "%s:  %d entries and %d/%d buckets used, longest "
-	       "chain length %d sum of chain length^2 %Lu\n",
+	printk(KERN_DEBUG "SELinux: %s:  %d entries and %d/%d buckets used, "
+	       "longest chain length %d sum of chain length^2 %Lu\n",
 	       tag, h->nel, slots_used, h->nslot, max_chain_len,
 	       chain2_len_sum);
 }
@@ -326,7 +326,7 @@ static uint16_t spec_order[] = {
 };
 
 int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
-	            int (*insertf)(struct avtab *a, struct avtab_key *k,
+		    int (*insertf)(struct avtab *a, struct avtab_key *k,
 				   struct avtab_datum *d, void *p),
 		    void *p)
 {
@@ -364,19 +364,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
 		val = le32_to_cpu(buf32[items++]);
 		key.source_type = (u16)val;
 		if (key.source_type != val) {
-			printk("SELinux: avtab: truncated source type\n");
+			printk(KERN_ERR "SELinux: avtab: truncated source type\n");
 			return -1;
 		}
 		val = le32_to_cpu(buf32[items++]);
 		key.target_type = (u16)val;
 		if (key.target_type != val) {
-			printk("SELinux: avtab: truncated target type\n");
+			printk(KERN_ERR "SELinux: avtab: truncated target type\n");
 			return -1;
 		}
 		val = le32_to_cpu(buf32[items++]);
 		key.target_class = (u16)val;
 		if (key.target_class != val) {
-			printk("SELinux: avtab: truncated target class\n");
+			printk(KERN_ERR "SELinux: avtab: truncated target class\n");
 			return -1;
 		}
 
@@ -384,12 +384,12 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
 		enabled = (val & AVTAB_ENABLED_OLD) ? AVTAB_ENABLED : 0;
 
 		if (!(val & (AVTAB_AV | AVTAB_TYPE))) {
-			printk("SELinux: avtab: null entry\n");
+			printk(KERN_ERR "SELinux: avtab: null entry\n");
 			return -1;
 		}
 		if ((val & AVTAB_AV) &&
 		    (val & AVTAB_TYPE)) {
-			printk("SELinux: avtab: entry has both access vectors and types\n");
+			printk(KERN_ERR "SELinux: avtab: entry has both access vectors and types\n");
 			return -1;
 		}
 
@@ -398,12 +398,13 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
 				key.specified = spec_order[i] | enabled;
 				datum.data = le32_to_cpu(buf32[items++]);
 				rc = insertf(a, &key, &datum, p);
-				if (rc) return rc;
+				if (rc)
+					return rc;
 			}
 		}
 
 		if (items != items2) {
-			printk("SELinux: avtab: entry only had %d items, expected %d\n", items2, items);
+			printk(KERN_ERR "SELinux: avtab: entry only had %d items, expected %d\n", items2, items);
 			return -1;
 		}
 		return 0;
@@ -411,7 +412,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
 
 	rc = next_entry(buf16, fp, sizeof(u16)*4);
 	if (rc < 0) {
-		printk("SELinux: avtab: truncated entry\n");
+		printk(KERN_ERR "SELinux: avtab: truncated entry\n");
 		return -1;
 	}
 
@@ -424,7 +425,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
 	if (!policydb_type_isvalid(pol, key.source_type) ||
 	    !policydb_type_isvalid(pol, key.target_type) ||
 	    !policydb_class_isvalid(pol, key.target_class)) {
-		printk(KERN_WARNING "SELinux: avtab: invalid type or class\n");
+		printk(KERN_ERR "SELinux: avtab: invalid type or class\n");
 		return -1;
 	}
 
@@ -434,20 +435,19 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol,
 			set++;
 	}
 	if (!set || set > 1) {
-		printk(KERN_WARNING
-			"SELinux:  avtab:  more than one specifier\n");
+		printk(KERN_ERR "SELinux:  avtab:  more than one specifier\n");
 		return -1;
 	}
 
 	rc = next_entry(buf32, fp, sizeof(u32));
 	if (rc < 0) {
-		printk("SELinux: avtab: truncated entry\n");
+		printk(KERN_ERR "SELinux: avtab: truncated entry\n");
 		return -1;
 	}
 	datum.data = le32_to_cpu(*buf32);
 	if ((key.specified & AVTAB_TYPE) &&
 	    !policydb_type_isvalid(pol, datum.data)) {
-		printk(KERN_WARNING "SELinux: avtab: invalid type\n");
+		printk(KERN_ERR "SELinux: avtab: invalid type\n");
 		return -1;
 	}
 	return insertf(a, &key, &datum, p);
@@ -513,5 +513,5 @@ void avtab_cache_init(void)
 
 void avtab_cache_destroy(void)
 {
-	kmem_cache_destroy (avtab_node_cachep);
+	kmem_cache_destroy(avtab_node_cachep);
 }

security/selinux/ss/conditional.c

@@ -1,9 +1,9 @@
 /* Authors: Karl MacMillan <kmacmillan@tresys.com>
- *          Frank Mayer <mayerf@tresys.com>
+ *	    Frank Mayer <mayerf@tresys.com>
  *
  * Copyright (C) 2003 - 2004 Tresys Technology, LLC
  *	This program is free software; you can redistribute it and/or modify
- *  	it under the terms of the GNU General Public License as published by
+ *	it under the terms of the GNU General Public License as published by
  *	the Free Software Foundation, version 2.
  */
 
@@ -89,7 +89,7 @@ static int cond_evaluate_expr(struct policydb *p, struct cond_expr *expr)
 int evaluate_cond_node(struct policydb *p, struct cond_node *node)
 {
 	int new_state;
-	struct cond_av_list* cur;
+	struct cond_av_list *cur;
 
 	new_state = cond_evaluate_expr(p, node->expr);
 	if (new_state != node->cur_state) {
@@ -98,20 +98,18 @@ int evaluate_cond_node(struct policydb *p, struct cond_node *node)
 			printk(KERN_ERR "SELinux: expression result was undefined - disabling all rules.\n");
 		/* turn the rules on or off */
 		for (cur = node->true_list; cur != NULL; cur = cur->next) {
-			if (new_state <= 0) {
+			if (new_state <= 0)
 				cur->node->key.specified &= ~AVTAB_ENABLED;
-			} else {
+			else
 				cur->node->key.specified |= AVTAB_ENABLED;
-			}
 		}
 
 		for (cur = node->false_list; cur != NULL; cur = cur->next) {
 			/* -1 or 1 */
-			if (new_state) {
+			if (new_state)
 				cur->node->key.specified &= ~AVTAB_ENABLED;
-			} else {
+			else
 				cur->node->key.specified |= AVTAB_ENABLED;
-			}
 		}
 	}
 	return 0;
@@ -173,8 +171,8 @@ void cond_policydb_destroy(struct policydb *p)
 int cond_init_bool_indexes(struct policydb *p)
 {
 	kfree(p->bool_val_to_struct);
-	p->bool_val_to_struct = (struct cond_bool_datum**)
-		kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum*), GFP_KERNEL);
+	p->bool_val_to_struct = (struct cond_bool_datum **)
+		kmalloc(p->p_bools.nprim * sizeof(struct cond_bool_datum *), GFP_KERNEL);
 	if (!p->bool_val_to_struct)
 		return -1;
 	return 0;
@@ -199,7 +197,7 @@ int cond_index_bool(void *key, void *datum, void *datap)
 		return -EINVAL;
 
 	p->p_bool_val_to_name[booldatum->value - 1] = key;
-	p->bool_val_to_struct[booldatum->value -1] = booldatum;
+	p->bool_val_to_struct[booldatum->value - 1] = booldatum;
 
 	return 0;
 }
@@ -251,8 +249,7 @@ err:
 	return -1;
 }
 
-struct cond_insertf_data
-{
+struct cond_insertf_data {
 	struct policydb *p;
 	struct cond_av_list *other;
 	struct cond_av_list *head;
@@ -275,7 +272,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
 	 */
 	if (k->specified & AVTAB_TYPE) {
 		if (avtab_search(&p->te_avtab, k)) {
-			printk("SELinux: type rule already exists outside of a conditional.");
+			printk(KERN_ERR "SELinux: type rule already exists outside of a conditional.\n");
 			goto err;
 		}
 		/*
@@ -290,7 +287,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
 			node_ptr = avtab_search_node(&p->te_cond_avtab, k);
 			if (node_ptr) {
 				if (avtab_search_node_next(node_ptr, k->specified)) {
-					printk("SELinux: too many conflicting type rules.");
+					printk(KERN_ERR "SELinux: too many conflicting type rules.\n");
 					goto err;
 				}
 				found = 0;
@@ -301,13 +298,13 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
 					}
 				}
 				if (!found) {
-					printk("SELinux: conflicting type rules.\n");
+					printk(KERN_ERR "SELinux: conflicting type rules.\n");
 					goto err;
 				}
 			}
 		} else {
 			if (avtab_search(&p->te_cond_avtab, k)) {
-				printk("SELinux: conflicting type rules when adding type rule for true.\n");
+				printk(KERN_ERR "SELinux: conflicting type rules when adding type rule for true.\n");
 				goto err;
 			}
 		}
@@ -315,7 +312,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
 
 	node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);
 	if (!node_ptr) {
-		printk("SELinux: could not insert rule.");
+		printk(KERN_ERR "SELinux: could not insert rule.\n");
 		goto err;
 	}
 
@@ -352,9 +349,8 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list *
 		return -1;
 
 	len = le32_to_cpu(buf[0]);
-	if (len == 0) {
+	if (len == 0)
 		return 0;
-	}
 
 	data.p = p;
 	data.other = other;
@@ -375,12 +371,12 @@ static int cond_read_av_list(struct policydb *p, void *fp, struct cond_av_list *
 static int expr_isvalid(struct policydb *p, struct cond_expr *expr)
 {
 	if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) {
-		printk("SELinux: conditional expressions uses unknown operator.\n");
+		printk(KERN_ERR "SELinux: conditional expressions uses unknown operator.\n");
 		return 0;
 	}
 
 	if (expr->bool > p->p_bools.nprim) {
-		printk("SELinux: conditional expressions uses unknown bool.\n");
+		printk(KERN_ERR "SELinux: conditional expressions uses unknown bool.\n");
 		return 0;
 	}
 	return 1;
@@ -407,15 +403,14 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
 	/* expr */
 	len = le32_to_cpu(buf[0]);
 
-	for (i = 0; i < len; i++ ) {
+	for (i = 0; i < len; i++) {
 		rc = next_entry(buf, fp, sizeof(u32) * 2);
 		if (rc < 0)
 			goto err;
 
 		expr = kzalloc(sizeof(struct cond_expr), GFP_KERNEL);
-		if (!expr) {
+		if (!expr)
 			goto err;
-		}
 
 		expr->expr_type = le32_to_cpu(buf[0]);
 		expr->bool = le32_to_cpu(buf[1]);
@@ -425,11 +420,10 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
 			goto err;
 		}
 
-		if (i == 0) {
+		if (i == 0)
 			node->expr = expr;
-		} else {
+		else
 			last->next = expr;
-		}
 		last = expr;
 	}
 
@@ -468,11 +462,10 @@ int cond_read_list(struct policydb *p, void *fp)
 		if (cond_read_node(p, node, fp) != 0)
 			goto err;
 
-		if (i == 0) {
+		if (i == 0)
 			p->cond_list = node;
-		} else {
+		else
 			last->next = node;
-		}
 		last = node;
 	}
 	return 0;
@@ -489,24 +482,24 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key, struct av_decisi
 {
 	struct avtab_node *node;
 
-	if(!ctab || !key || !avd)
+	if (!ctab || !key || !avd)
 		return;
 
-	for(node = avtab_search_node(ctab, key); node != NULL;
+	for (node = avtab_search_node(ctab, key); node != NULL;
 				node = avtab_search_node_next(node, key->specified)) {
-		if ( (u16) (AVTAB_ALLOWED|AVTAB_ENABLED) ==
-		     (node->key.specified & (AVTAB_ALLOWED|AVTAB_ENABLED)))
+		if ((u16)(AVTAB_ALLOWED|AVTAB_ENABLED) ==
+		    (node->key.specified & (AVTAB_ALLOWED|AVTAB_ENABLED)))
 			avd->allowed |= node->datum.data;
-		if ( (u16) (AVTAB_AUDITDENY|AVTAB_ENABLED) ==
-		     (node->key.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED)))
+		if ((u16)(AVTAB_AUDITDENY|AVTAB_ENABLED) ==
+		    (node->key.specified & (AVTAB_AUDITDENY|AVTAB_ENABLED)))
 			/* Since a '0' in an auditdeny mask represents a
 			 * permission we do NOT want to audit (dontaudit), we use
 			 * the '&' operand to ensure that all '0's in the mask
 			 * are retained (much unlike the allow and auditallow cases).
 			 */
 			avd->auditdeny &= node->datum.data;
-		if ( (u16) (AVTAB_AUDITALLOW|AVTAB_ENABLED) ==
-		     (node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED)))
+		if ((u16)(AVTAB_AUDITALLOW|AVTAB_ENABLED) ==
+		    (node->key.specified & (AVTAB_AUDITALLOW|AVTAB_ENABLED)))
 			avd->auditallow |= node->datum.data;
 	}
 	return;

security/selinux/ss/ebitmap.c

@@ -411,11 +411,10 @@ int ebitmap_read(struct ebitmap *e, void *fp)
 			}
 			/* round down */
 			tmp->startbit = startbit - (startbit % EBITMAP_SIZE);
-			if (n) {
+			if (n)
 				n->next = tmp;
-			} else {
+			else
 				e->node = tmp;
-			}
 			n = tmp;
 		} else if (startbit <= n->startbit) {
 			printk(KERN_ERR "SELinux: ebitmap: start bit %d"

security/selinux/ss/hashtab.c

@@ -9,8 +9,8 @@
 #include "hashtab.h"
 
 struct hashtab *hashtab_create(u32 (*hash_value)(struct hashtab *h, const void *key),
-                               int (*keycmp)(struct hashtab *h, const void *key1, const void *key2),
-                               u32 size)
+			       int (*keycmp)(struct hashtab *h, const void *key1, const void *key2),
+			       u32 size)
 {
 	struct hashtab *p;
 	u32 i;

security/selinux/ss/mls.c

@@ -32,7 +32,7 @@
  * Return the length in bytes for the MLS fields of the
  * security context string representation of `context'.
  */
-int mls_compute_context_len(struct context * context)
+int mls_compute_context_len(struct context *context)
 {
 	int i, l, len, head, prev;
 	char *nm;
@@ -86,7 +86,7 @@ int mls_compute_context_len(struct context * context)
  * Update `*scontext' to point to the end of the MLS fields.
  */
 void mls_sid_to_context(struct context *context,
-                        char **scontext)
+			char **scontext)
 {
 	char *scontextp, *nm;
 	int i, l, head, prev;
@@ -146,7 +146,7 @@ void mls_sid_to_context(struct context *context,
 
 		if (l == 0) {
 			if (mls_level_eq(&context->range.level[0],
-			                 &context->range.level[1]))
+					 &context->range.level[1]))
 				break;
 			else
 				*scontextp++ = '-';
@@ -305,20 +305,21 @@ int mls_context_to_sid(char oldc,
 					*p++ = 0;
 
 				/* Separate into range if exists */
-				if ((rngptr = strchr(scontextp, '.')) != NULL) {
+				rngptr = strchr(scontextp, '.');
+				if (rngptr != NULL) {
 					/* Remove '.' */
 					*rngptr++ = 0;
 				}
 
 				catdatum = hashtab_search(policydb.p_cats.table,
-				                          scontextp);
+							  scontextp);
 				if (!catdatum) {
 					rc = -EINVAL;
 					goto out;
 				}
 
 				rc = ebitmap_set_bit(&context->range.level[l].cat,
-				                     catdatum->value - 1, 1);
+						     catdatum->value - 1, 1);
 				if (rc)
 					goto out;
 
@@ -395,7 +396,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask)
 		rc = -ENOMEM;
 	} else {
 		rc = mls_context_to_sid(':', &tmpstr, context,
-		                        NULL, SECSID_NULL);
+					NULL, SECSID_NULL);
 		kfree(freestr);
 	}
 
@@ -406,7 +407,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask)
  * Copies the MLS range `range' into `context'.
  */
 static inline int mls_range_set(struct context *context,
-                                struct mls_range *range)
+				struct mls_range *range)
 {
 	int l, rc = 0;
 
@@ -423,7 +424,7 @@ static inline int mls_range_set(struct context *context,
 }
 
 int mls_setup_user_range(struct context *fromcon, struct user_datum *user,
-                         struct context *usercon)
+			 struct context *usercon)
 {
 	if (selinux_mls_enabled) {
 		struct mls_level *fromcon_sen = &(fromcon->range.level[0]);
@@ -449,11 +450,11 @@ int mls_setup_user_range(struct context *fromcon, struct user_datum *user,
 		   that of the user's default clearance (but
 		   only if the "fromcon" clearance dominates
 		   the user's computed sensitivity level) */
-		if (mls_level_dom(user_clr, fromcon_clr)) {
+		if (mls_level_dom(user_clr, fromcon_clr))
 			*usercon_clr = *fromcon_clr;
-		} else if (mls_level_dom(fromcon_clr, user_clr)) {
+		else if (mls_level_dom(fromcon_clr, user_clr))
 			*usercon_clr = *user_clr;
-		} else
+		else
 			return -EINVAL;
 	}
 
@@ -525,7 +526,7 @@ int mls_compute_sid(struct context *scontext,
 			    rtr->target_class == tclass) {
 				/* Set the range from the rule */
 				return mls_range_set(newcontext,
-				                     &rtr->target_range);
+						     &rtr->target_range);
 			}
 		}
 		/* Fallthrough */

security/selinux/ss/policydb.c

@@ -11,7 +11,7 @@
  *
  * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
  *
- * 	Added conditional policy language extensions
+ *	Added conditional policy language extensions
  *
  * Updated: Hewlett-Packard <paul.moore@hp.com>
  *
@@ -21,7 +21,7 @@
  * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
  * Copyright (C) 2003 - 2004 Tresys Technology, LLC
  *	This program is free software; you can redistribute it and/or modify
- *  	it under the terms of the GNU General Public License as published by
+ *	it under the terms of the GNU General Public License as published by
  *	the Free Software Foundation, version 2.
  */
 
@@ -51,7 +51,7 @@ static char *symtab_name[SYM_NUM] = {
 };
 #endif
 
-int selinux_mls_enabled = 0;
+int selinux_mls_enabled;
 
 static unsigned int symtab_sizes[SYM_NUM] = {
 	2,
@@ -73,39 +73,39 @@ struct policydb_compat_info {
 /* These need to be updated if SYM_NUM or OCON_NUM changes */
 static struct policydb_compat_info policydb_compat[] = {
 	{
-		.version        = POLICYDB_VERSION_BASE,
-		.sym_num        = SYM_NUM - 3,
-		.ocon_num       = OCON_NUM - 1,
+		.version	= POLICYDB_VERSION_BASE,
+		.sym_num	= SYM_NUM - 3,
+		.ocon_num	= OCON_NUM - 1,
 	},
 	{
-		.version        = POLICYDB_VERSION_BOOL,
-		.sym_num        = SYM_NUM - 2,
-		.ocon_num       = OCON_NUM - 1,
+		.version	= POLICYDB_VERSION_BOOL,
+		.sym_num	= SYM_NUM - 2,
+		.ocon_num	= OCON_NUM - 1,
 	},
 	{
-		.version        = POLICYDB_VERSION_IPV6,
-		.sym_num        = SYM_NUM - 2,
-		.ocon_num       = OCON_NUM,
+		.version	= POLICYDB_VERSION_IPV6,
+		.sym_num	= SYM_NUM - 2,
+		.ocon_num	= OCON_NUM,
 	},
 	{
-		.version        = POLICYDB_VERSION_NLCLASS,
-		.sym_num        = SYM_NUM - 2,
-		.ocon_num       = OCON_NUM,
+		.version	= POLICYDB_VERSION_NLCLASS,
+		.sym_num	= SYM_NUM - 2,
+		.ocon_num	= OCON_NUM,
 	},
 	{
-		.version        = POLICYDB_VERSION_MLS,
-		.sym_num        = SYM_NUM,
-		.ocon_num       = OCON_NUM,
+		.version	= POLICYDB_VERSION_MLS,
+		.sym_num	= SYM_NUM,
+		.ocon_num	= OCON_NUM,
 	},
 	{
-		.version        = POLICYDB_VERSION_AVTAB,
-		.sym_num        = SYM_NUM,
-		.ocon_num       = OCON_NUM,
+		.version	= POLICYDB_VERSION_AVTAB,
+		.sym_num	= SYM_NUM,
+		.ocon_num	= OCON_NUM,
 	},
 	{
-		.version        = POLICYDB_VERSION_RANGETRANS,
-		.sym_num        = SYM_NUM,
-		.ocon_num       = OCON_NUM,
+		.version	= POLICYDB_VERSION_RANGETRANS,
+		.sym_num	= SYM_NUM,
+		.ocon_num	= OCON_NUM,
 	},
 	{
 		.version	= POLICYDB_VERSION_POLCAP,
@@ -152,7 +152,7 @@ static int roles_init(struct policydb *p)
 		rc = -EINVAL;
 		goto out_free_role;
 	}
-	key = kmalloc(strlen(OBJECT_R)+1,GFP_KERNEL);
+	key = kmalloc(strlen(OBJECT_R)+1, GFP_KERNEL);
 	if (!key) {
 		rc = -ENOMEM;
 		goto out_free_role;
@@ -390,7 +390,7 @@ static void symtab_hash_eval(struct symtab *s)
 		struct hashtab_info info;
 
 		hashtab_stat(h, &info);
-		printk(KERN_DEBUG "%s:  %d entries and %d/%d buckets used, "
+		printk(KERN_DEBUG "SELinux: %s:  %d entries and %d/%d buckets used, "
 		       "longest chain length %d\n", symtab_name[i], h->nel,
 		       info.slots_used, h->size, info.max_chain_len);
 	}
@@ -424,7 +424,7 @@ static int policydb_index_others(struct policydb *p)
 
 	p->role_val_to_struct =
 		kmalloc(p->p_roles.nprim * sizeof(*(p->role_val_to_struct)),
-		        GFP_KERNEL);
+			GFP_KERNEL);
 	if (!p->role_val_to_struct) {
 		rc = -ENOMEM;
 		goto out;
@@ -432,7 +432,7 @@ static int policydb_index_others(struct policydb *p)
 
 	p->user_val_to_struct =
 		kmalloc(p->p_users.nprim * sizeof(*(p->user_val_to_struct)),
-		        GFP_KERNEL);
+			GFP_KERNEL);
 	if (!p->user_val_to_struct) {
 		rc = -ENOMEM;
 		goto out;
@@ -634,7 +634,7 @@ void policydb_destroy(struct policydb *p)
 		while (c) {
 			ctmp = c;
 			c = c->next;
-			ocontext_destroy(ctmp,i);
+			ocontext_destroy(ctmp, i);
 		}
 		p->ocontexts[i] = NULL;
 	}
@@ -647,7 +647,7 @@ void policydb_destroy(struct policydb *p)
 		while (c) {
 			ctmp = c;
 			c = c->next;
-			ocontext_destroy(ctmp,OCON_FSUSE);
+			ocontext_destroy(ctmp, OCON_FSUSE);
 		}
 		gtmp = g;
 		g = g->next;
@@ -664,14 +664,14 @@ void policydb_destroy(struct policydb *p)
 	}
 	kfree(ltr);
 
-	for (ra = p->role_allow; ra; ra = ra -> next) {
+	for (ra = p->role_allow; ra; ra = ra->next) {
 		cond_resched();
 		kfree(lra);
 		lra = ra;
 	}
 	kfree(lra);
 
-	for (rt = p->range_tr; rt; rt = rt -> next) {
+	for (rt = p->range_tr; rt; rt = rt->next) {
 		cond_resched();
 		if (lrt) {
 			ebitmap_destroy(&lrt->target_range.level[0].cat);
@@ -924,7 +924,7 @@ static int perm_read(struct policydb *p, struct hashtab *h, void *fp)
 	len = le32_to_cpu(buf[0]);
 	perdatum->value = le32_to_cpu(buf[1]);
 
-	key = kmalloc(len + 1,GFP_KERNEL);
+	key = kmalloc(len + 1, GFP_KERNEL);
 	if (!key) {
 		rc = -ENOMEM;
 		goto bad;
@@ -971,7 +971,7 @@ static int common_read(struct policydb *p, struct hashtab *h, void *fp)
 	comdatum->permissions.nprim = le32_to_cpu(buf[2]);
 	nel = le32_to_cpu(buf[3]);
 
-	key = kmalloc(len + 1,GFP_KERNEL);
+	key = kmalloc(len + 1, GFP_KERNEL);
 	if (!key) {
 		rc = -ENOMEM;
 		goto bad;
@@ -998,7 +998,7 @@ bad:
 }
 
 static int read_cons_helper(struct constraint_node **nodep, int ncons,
-                            int allowxtarget, void *fp)
+			    int allowxtarget, void *fp)
 {
 	struct constraint_node *c, *lc;
 	struct constraint_expr *e, *le;
@@ -1012,11 +1012,10 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons,
 		if (!c)
 			return -ENOMEM;
 
-		if (lc) {
+		if (lc)
 			lc->next = c;
-		} else {
+		else
 			*nodep = c;
-		}
 
 		rc = next_entry(buf, fp, (sizeof(u32) * 2));
 		if (rc < 0)
@@ -1030,11 +1029,10 @@ static int read_cons_helper(struct constraint_node **nodep, int ncons,
 			if (!e)
 				return -ENOMEM;
 
-			if (le) {
+			if (le)
 				le->next = e;
-			} else {
+			else
 				c->expr = e;
-			}
 
 			rc = next_entry(buf, fp, (sizeof(u32) * 3));
 			if (rc < 0)
@@ -1111,7 +1109,7 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp)
 
 	ncons = le32_to_cpu(buf[5]);
 
-	key = kmalloc(len + 1,GFP_KERNEL);
+	key = kmalloc(len + 1, GFP_KERNEL);
 	if (!key) {
 		rc = -ENOMEM;
 		goto bad;
@@ -1122,7 +1120,7 @@ static int class_read(struct policydb *p, struct hashtab *h, void *fp)
 	key[len] = 0;
 
 	if (len2) {
-		cladatum->comkey = kmalloc(len2 + 1,GFP_KERNEL);
+		cladatum->comkey = kmalloc(len2 + 1, GFP_KERNEL);
 		if (!cladatum->comkey) {
 			rc = -ENOMEM;
 			goto bad;
@@ -1195,7 +1193,7 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp)
 	len = le32_to_cpu(buf[0]);
 	role->value = le32_to_cpu(buf[1]);
 
-	key = kmalloc(len + 1,GFP_KERNEL);
+	key = kmalloc(len + 1, GFP_KERNEL);
 	if (!key) {
 		rc = -ENOMEM;
 		goto bad;
@@ -1215,7 +1213,7 @@ static int role_read(struct policydb *p, struct hashtab *h, void *fp)
 
 	if (strcmp(key, OBJECT_R) == 0) {
 		if (role->value != OBJECT_R_VAL) {
-			printk(KERN_ERR "Role %s has wrong value %d\n",
+			printk(KERN_ERR "SELinux: Role %s has wrong value %d\n",
 			       OBJECT_R, role->value);
 			rc = -EINVAL;
 			goto bad;
@@ -1242,7 +1240,7 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp)
 	__le32 buf[3];
 	u32 len;
 
-	typdatum = kzalloc(sizeof(*typdatum),GFP_KERNEL);
+	typdatum = kzalloc(sizeof(*typdatum), GFP_KERNEL);
 	if (!typdatum) {
 		rc = -ENOMEM;
 		return rc;
@@ -1256,7 +1254,7 @@ static int type_read(struct policydb *p, struct hashtab *h, void *fp)
 	typdatum->value = le32_to_cpu(buf[1]);
 	typdatum->primary = le32_to_cpu(buf[2]);
 
-	key = kmalloc(len + 1,GFP_KERNEL);
+	key = kmalloc(len + 1, GFP_KERNEL);
 	if (!key) {
 		rc = -ENOMEM;
 		goto bad;
@@ -1328,7 +1326,7 @@ static int user_read(struct policydb *p, struct hashtab *h, void *fp)
 	len = le32_to_cpu(buf[0]);
 	usrdatum->value = le32_to_cpu(buf[1]);
 
-	key = kmalloc(len + 1,GFP_KERNEL);
+	key = kmalloc(len + 1, GFP_KERNEL);
 	if (!key) {
 		rc = -ENOMEM;
 		goto bad;
@@ -1382,7 +1380,7 @@ static int sens_read(struct policydb *p, struct hashtab *h, void *fp)
 	len = le32_to_cpu(buf[0]);
 	levdatum->isalias = le32_to_cpu(buf[1]);
 
-	key = kmalloc(len + 1,GFP_ATOMIC);
+	key = kmalloc(len + 1, GFP_ATOMIC);
 	if (!key) {
 		rc = -ENOMEM;
 		goto bad;
@@ -1434,7 +1432,7 @@ static int cat_read(struct policydb *p, struct hashtab *h, void *fp)
 	catdatum->value = le32_to_cpu(buf[1]);
 	catdatum->isalias = le32_to_cpu(buf[2]);
 
-	key = kmalloc(len + 1,GFP_ATOMIC);
+	key = kmalloc(len + 1, GFP_ATOMIC);
 	if (!key) {
 		rc = -ENOMEM;
 		goto bad;
@@ -1493,7 +1491,7 @@ int policydb_read(struct policydb *p, void *fp)
 		goto out;
 
 	/* Read the magic number and string length. */
-	rc = next_entry(buf, fp, sizeof(u32)* 2);
+	rc = next_entry(buf, fp, sizeof(u32) * 2);
 	if (rc < 0)
 		goto bad;
 
@@ -1511,7 +1509,7 @@ int policydb_read(struct policydb *p, void *fp)
 		       len, strlen(POLICYDB_STRING));
 		goto bad;
 	}
-	policydb_str = kmalloc(len + 1,GFP_KERNEL);
+	policydb_str = kmalloc(len + 1, GFP_KERNEL);
 	if (!policydb_str) {
 		printk(KERN_ERR "SELinux:  unable to allocate memory for policydb "
 		       "string of length %d\n", len);
@@ -1544,29 +1542,30 @@ int policydb_read(struct policydb *p, void *fp)
 	if (p->policyvers < POLICYDB_VERSION_MIN ||
 	    p->policyvers > POLICYDB_VERSION_MAX) {
 		printk(KERN_ERR "SELinux:  policydb version %d does not match "
-	    	       "my version range %d-%d\n",
-	    	       le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
-	    	goto bad;
+		       "my version range %d-%d\n",
+		       le32_to_cpu(buf[0]), POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
+		goto bad;
 	}
 
 	if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
 		if (ss_initialized && !selinux_mls_enabled) {
-			printk(KERN_ERR "Cannot switch between non-MLS and MLS "
-			       "policies\n");
+			printk(KERN_ERR "SELinux: Cannot switch between non-MLS"
+				" and MLS policies\n");
 			goto bad;
 		}
 		selinux_mls_enabled = 1;
 		config |= POLICYDB_CONFIG_MLS;
 
 		if (p->policyvers < POLICYDB_VERSION_MLS) {
-			printk(KERN_ERR "security policydb version %d (MLS) "
-			       "not backwards compatible\n", p->policyvers);
+			printk(KERN_ERR "SELinux: security policydb version %d "
+				"(MLS) not backwards compatible\n",
+				p->policyvers);
 			goto bad;
 		}
 	} else {
 		if (ss_initialized && selinux_mls_enabled) {
-			printk(KERN_ERR "Cannot switch between MLS and non-MLS "
-			       "policies\n");
+			printk(KERN_ERR "SELinux: Cannot switch between MLS and"
+				" non-MLS policies\n");
 			goto bad;
 		}
 	}
@@ -1633,11 +1632,10 @@ int policydb_read(struct policydb *p, void *fp)
 			rc = -ENOMEM;
 			goto bad;
 		}
-		if (ltr) {
+		if (ltr)
 			ltr->next = tr;
-		} else {
+		else
 			p->role_tr = tr;
-		}
 		rc = next_entry(buf, fp, sizeof(u32)*3);
 		if (rc < 0)
 			goto bad;
@@ -1664,11 +1662,10 @@ int policydb_read(struct policydb *p, void *fp)
 			rc = -ENOMEM;
 			goto bad;
 		}
-		if (lra) {
+		if (lra)
 			lra->next = ra;
-		} else {
+		else
 			p->role_allow = ra;
-		}
 		rc = next_entry(buf, fp, sizeof(u32)*2);
 		if (rc < 0)
 			goto bad;
@@ -1702,11 +1699,10 @@ int policydb_read(struct policydb *p, void *fp)
 				rc = -ENOMEM;
 				goto bad;
 			}
-			if (l) {
+			if (l)
 				l->next = c;
-			} else {
+			else
 				p->ocontexts[i] = c;
-			}
 			l = c;
 			rc = -EINVAL;
 			switch (i) {
@@ -1725,7 +1721,7 @@ int policydb_read(struct policydb *p, void *fp)
 				if (rc < 0)
 					goto bad;
 				len = le32_to_cpu(buf[0]);
-				c->u.name = kmalloc(len + 1,GFP_KERNEL);
+				c->u.name = kmalloc(len + 1, GFP_KERNEL);
 				if (!c->u.name) {
 					rc = -ENOMEM;
 					goto bad;
@@ -1753,7 +1749,7 @@ int policydb_read(struct policydb *p, void *fp)
 					goto bad;
 				break;
 			case OCON_NODE:
-				rc = next_entry(buf, fp, sizeof(u32)* 2);
+				rc = next_entry(buf, fp, sizeof(u32) * 2);
 				if (rc < 0)
 					goto bad;
 				c->u.node.addr = le32_to_cpu(buf[0]);
@@ -1770,7 +1766,7 @@ int policydb_read(struct policydb *p, void *fp)
 				if (c->v.behavior > SECURITY_FS_USE_NONE)
 					goto bad;
 				len = le32_to_cpu(buf[1]);
-				c->u.name = kmalloc(len + 1,GFP_KERNEL);
+				c->u.name = kmalloc(len + 1, GFP_KERNEL);
 				if (!c->u.name) {
 					rc = -ENOMEM;
 					goto bad;
@@ -1818,7 +1814,7 @@ int policydb_read(struct policydb *p, void *fp)
 			goto bad;
 		}
 
-		newgenfs->fstype = kmalloc(len + 1,GFP_KERNEL);
+		newgenfs->fstype = kmalloc(len + 1, GFP_KERNEL);
 		if (!newgenfs->fstype) {
 			rc = -ENOMEM;
 			kfree(newgenfs);
@@ -1864,7 +1860,7 @@ int policydb_read(struct policydb *p, void *fp)
 				goto bad;
 			}
 
-			newc->u.name = kmalloc(len + 1,GFP_KERNEL);
+			newc->u.name = kmalloc(len + 1, GFP_KERNEL);
 			if (!newc->u.name) {
 				rc = -ENOMEM;
 				goto bad_newc;
@@ -1968,7 +1964,7 @@ int policydb_read(struct policydb *p, void *fp)
 out:
 	return rc;
 bad_newc:
-	ocontext_destroy(newc,OCON_FSUSE);
+	ocontext_destroy(newc, OCON_FSUSE);
 bad:
 	if (!rc)
 		rc = -EINVAL;

security/selinux/ss/services.c

@@ -2,7 +2,7 @@
  * Implementation of the security services.
  *
  * Authors : Stephen Smalley, <sds@epoch.ncsc.mil>
- *           James Morris <jmorris@redhat.com>
+ *	     James Morris <jmorris@redhat.com>
  *
  * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
  *
@@ -11,7 +11,7 @@
  *
  * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
  *
- * 	Added conditional policy language extensions
+ *	Added conditional policy language extensions
  *
  * Updated: Hewlett-Packard <paul.moore@hp.com>
  *
@@ -27,7 +27,7 @@
  * Copyright (C) 2003 - 2004, 2006 Tresys Technology, LLC
  * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
  *	This program is free software; you can redistribute it and/or modify
- *  	it under the terms of the GNU General Public License as published by
+ *	it under the terms of the GNU General Public License as published by
  *	the Free Software Foundation, version 2.
  */
 #include <linux/kernel.h>
@@ -82,7 +82,7 @@ static DEFINE_MUTEX(load_mutex);
 
 static struct sidtab sidtab;
 struct policydb policydb;
-int ss_initialized = 0;
+int ss_initialized;
 
 /*
  * The largest sequence number that has been used when
@@ -90,7 +90,7 @@ int ss_initialized = 0;
  * The sequence number only changes when a policy change
  * occurs.
  */
-static u32 latest_granting = 0;
+static u32 latest_granting;
 
 /* Forward declaration. */
 static int context_struct_to_string(struct context *context, char **scontext,
@@ -163,10 +163,10 @@ static int constraint_expr_eval(struct context *scontext,
 								  val1 - 1);
 					continue;
 				case CEXPR_INCOMP:
-					s[++sp] = ( !ebitmap_get_bit(&r1->dominates,
-								     val2 - 1) &&
-						    !ebitmap_get_bit(&r2->dominates,
-								     val1 - 1) );
+					s[++sp] = (!ebitmap_get_bit(&r1->dominates,
+								    val2 - 1) &&
+						   !ebitmap_get_bit(&r2->dominates,
+								    val1 - 1));
 					continue;
 				default:
 					break;
@@ -409,13 +409,14 @@ static int context_struct_compute_av(struct context *scontext,
 		}
 		if (!ra)
 			avd->allowed = (avd->allowed) & ~(PROCESS__TRANSITION |
-			                                PROCESS__DYNTRANSITION);
+							PROCESS__DYNTRANSITION);
 	}
 
 	return 0;
 
 inval_class:
-	printk(KERN_ERR "%s:  unrecognized class %d\n", __func__, tclass);
+	printk(KERN_ERR "SELinux: %s:  unrecognized class %d\n", __func__,
+		tclass);
 	return -EINVAL;
 }
 
@@ -445,9 +446,9 @@ int security_permissive_sid(u32 sid)
 }
 
 static int security_validtrans_handle_fail(struct context *ocontext,
-                                           struct context *ncontext,
-                                           struct context *tcontext,
-                                           u16 tclass)
+					   struct context *ncontext,
+					   struct context *tcontext,
+					   u16 tclass)
 {
 	char *o = NULL, *n = NULL, *t = NULL;
 	u32 olen, nlen, tlen;
@@ -459,9 +460,9 @@ static int security_validtrans_handle_fail(struct context *ocontext,
 	if (context_struct_to_string(tcontext, &t, &tlen) < 0)
 		goto out;
 	audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
-	          "security_validate_transition:  denied for"
-	          " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
-	          o, n, t, policydb.p_class_val_to_name[tclass-1]);
+		  "security_validate_transition:  denied for"
+		  " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
+		  o, n, t, policydb.p_class_val_to_name[tclass-1]);
 out:
 	kfree(o);
 	kfree(n);
@@ -473,7 +474,7 @@ out:
 }
 
 int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
-                                 u16 tclass)
+				 u16 tclass)
 {
 	struct context *ocontext;
 	struct context *ncontext;
@@ -499,8 +500,8 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
 			tclass = SECCLASS_NETLINK_SOCKET;
 
 	if (!tclass || tclass > policydb.p_classes.nprim) {
-		printk(KERN_ERR "security_validate_transition:  "
-		       "unrecognized class %d\n", tclass);
+		printk(KERN_ERR "SELinux: %s:  unrecognized class %d\n",
+			__func__, tclass);
 		rc = -EINVAL;
 		goto out;
 	}
@@ -508,24 +509,24 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
 
 	ocontext = sidtab_search(&sidtab, oldsid);
 	if (!ocontext) {
-		printk(KERN_ERR "security_validate_transition: "
-		       " unrecognized SID %d\n", oldsid);
+		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
+			__func__, oldsid);
 		rc = -EINVAL;
 		goto out;
 	}
 
 	ncontext = sidtab_search(&sidtab, newsid);
 	if (!ncontext) {
-		printk(KERN_ERR "security_validate_transition: "
-		       " unrecognized SID %d\n", newsid);
+		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
+			__func__, newsid);
 		rc = -EINVAL;
 		goto out;
 	}
 
 	tcontext = sidtab_search(&sidtab, tasksid);
 	if (!tcontext) {
-		printk(KERN_ERR "security_validate_transition: "
-		       " unrecognized SID %d\n", tasksid);
+		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
+			__func__, tasksid);
 		rc = -EINVAL;
 		goto out;
 	}
@@ -533,9 +534,9 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
 	constraint = tclass_datum->validatetrans;
 	while (constraint) {
 		if (!constraint_expr_eval(ocontext, ncontext, tcontext,
-		                          constraint->expr)) {
+					  constraint->expr)) {
 			rc = security_validtrans_handle_fail(ocontext, ncontext,
-			                                     tcontext, tclass);
+							     tcontext, tclass);
 			goto out;
 		}
 		constraint = constraint->next;
@@ -581,15 +582,15 @@ int security_compute_av(u32 ssid,
 
 	scontext = sidtab_search(&sidtab, ssid);
 	if (!scontext) {
-		printk(KERN_ERR "security_compute_av:  unrecognized SID %d\n",
-		       ssid);
+		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
+		       __func__, ssid);
 		rc = -EINVAL;
 		goto out;
 	}
 	tcontext = sidtab_search(&sidtab, tsid);
 	if (!tcontext) {
-		printk(KERN_ERR "security_compute_av:  unrecognized SID %d\n",
-		       tsid);
+		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
+		       __func__, tsid);
 		rc = -EINVAL;
 		goto out;
 	}
@@ -623,9 +624,8 @@ static int context_struct_to_string(struct context *context, char **scontext, u3
 
 	/* Allocate space for the context; caller must free this space. */
 	scontextp = kmalloc(*scontext_len, GFP_ATOMIC);
-	if (!scontextp) {
+	if (!scontextp)
 		return -ENOMEM;
-	}
 	*scontext = scontextp;
 
 	/*
@@ -636,8 +636,8 @@ static int context_struct_to_string(struct context *context, char **scontext, u3
 		policydb.p_role_val_to_name[context->role - 1],
 		policydb.p_type_val_to_name[context->type - 1]);
 	scontextp += strlen(policydb.p_user_val_to_name[context->user - 1]) +
-	             1 + strlen(policydb.p_role_val_to_name[context->role - 1]) +
-	             1 + strlen(policydb.p_type_val_to_name[context->type - 1]);
+		     1 + strlen(policydb.p_role_val_to_name[context->role - 1]) +
+		     1 + strlen(policydb.p_type_val_to_name[context->type - 1]);
 
 	mls_sid_to_context(context, &scontextp);
 
@@ -678,7 +678,7 @@ int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len)
 			char *scontextp;
 
 			*scontext_len = strlen(initial_sid_to_string[sid]) + 1;
-			scontextp = kmalloc(*scontext_len,GFP_ATOMIC);
+			scontextp = kmalloc(*scontext_len, GFP_ATOMIC);
 			if (!scontextp) {
 				rc = -ENOMEM;
 				goto out;
@@ -687,16 +687,16 @@ int security_sid_to_context(u32 sid, char **scontext, u32 *scontext_len)
 			*scontext = scontextp;
 			goto out;
 		}
-		printk(KERN_ERR "security_sid_to_context:  called before initial "
-		       "load_policy on unknown SID %d\n", sid);
+		printk(KERN_ERR "SELinux: %s:  called before initial "
+		       "load_policy on unknown SID %d\n", __func__, sid);
 		rc = -EINVAL;
 		goto out;
 	}
 	POLICY_RDLOCK;
 	context = sidtab_search(&sidtab, sid);
 	if (!context) {
-		printk(KERN_ERR "security_sid_to_context:  unrecognized SID "
-		       "%d\n", sid);
+		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
+			__func__, sid);
 		rc = -EINVAL;
 		goto out_unlock;
 	}
@@ -926,15 +926,15 @@ static int security_compute_sid(u32 ssid,
 
 	scontext = sidtab_search(&sidtab, ssid);
 	if (!scontext) {
-		printk(KERN_ERR "security_compute_sid:  unrecognized SID %d\n",
-		       ssid);
+		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
+		       __func__, ssid);
 		rc = -EINVAL;
 		goto out_unlock;
 	}
 	tcontext = sidtab_search(&sidtab, tsid);
 	if (!tcontext) {
-		printk(KERN_ERR "security_compute_sid:  unrecognized SID %d\n",
-		       tsid);
+		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
+		       __func__, tsid);
 		rc = -EINVAL;
 		goto out_unlock;
 	}
@@ -974,7 +974,7 @@ static int security_compute_sid(u32 ssid,
 	avdatum = avtab_search(&policydb.te_avtab, &avkey);
 
 	/* If no permanent rule, also check for enabled conditional rules */
-	if(!avdatum) {
+	if (!avdatum) {
 		node = avtab_search_node(&policydb.te_cond_avtab, &avkey);
 		for (; node != NULL; node = avtab_search_node_next(node, specified)) {
 			if (node->key.specified & AVTAB_ENABLED) {
@@ -1288,26 +1288,23 @@ static int convert_context(u32 key,
 
 	/* Convert the user. */
 	usrdatum = hashtab_search(args->newp->p_users.table,
-	                          args->oldp->p_user_val_to_name[c->user - 1]);
-	if (!usrdatum) {
+				  args->oldp->p_user_val_to_name[c->user - 1]);
+	if (!usrdatum)
 		goto bad;
-	}
 	c->user = usrdatum->value;
 
 	/* Convert the role. */
 	role = hashtab_search(args->newp->p_roles.table,
-	                      args->oldp->p_role_val_to_name[c->role - 1]);
-	if (!role) {
+			      args->oldp->p_role_val_to_name[c->role - 1]);
+	if (!role)
 		goto bad;
-	}
 	c->role = role->value;
 
 	/* Convert the type. */
 	typdatum = hashtab_search(args->newp->p_types.table,
-	                          args->oldp->p_type_val_to_name[c->type - 1]);
-	if (!typdatum) {
+				  args->oldp->p_type_val_to_name[c->type - 1]);
+	if (!typdatum)
 		goto bad;
-	}
 	c->type = typdatum->value;
 
 	rc = mls_convert_context(args->oldp, args->newp, c);
@@ -1556,8 +1553,8 @@ static int match_ipv6_addrmask(u32 *input, u32 *addr, u32 *mask)
 {
 	int i, fail = 0;
 
-	for(i = 0; i < 4; i++)
-		if(addr[i] != (input[i] & mask[i])) {
+	for (i = 0; i < 4; i++)
+		if (addr[i] != (input[i] & mask[i])) {
 			fail = 1;
 			break;
 		}
@@ -1656,7 +1653,7 @@ out:
  */
 
 int security_get_user_sids(u32 fromsid,
-	                   char *username,
+			   char *username,
 			   u32 **sids,
 			   u32 *nel)
 {
@@ -1766,7 +1763,7 @@ out:
  * transition SIDs or task SIDs.
  */
 int security_genfs_sid(const char *fstype,
-	               char *path,
+		       char *path,
 		       u16 sclass,
 		       u32 *sid)
 {
@@ -1881,7 +1878,7 @@ int security_get_bools(int *len, char ***names, int **values)
 		goto out;
 	}
 
-       *names = kcalloc(*len, sizeof(char*), GFP_ATOMIC);
+       *names = kcalloc(*len, sizeof(char *), GFP_ATOMIC);
 	if (!*names)
 		goto err;
 
@@ -1893,7 +1890,7 @@ int security_get_bools(int *len, char ***names, int **values)
 		size_t name_len;
 		(*values)[i] = policydb.bool_val_to_struct[i]->state;
 		name_len = strlen(policydb.p_bool_val_to_name[i]) + 1;
-               (*names)[i] = kmalloc(sizeof(char) * name_len, GFP_ATOMIC);
+	       (*names)[i] = kmalloc(sizeof(char) * name_len, GFP_ATOMIC);
 		if (!(*names)[i])
 			goto err;
 		strncpy((*names)[i], policydb.p_bool_val_to_name[i], name_len);
@@ -1938,11 +1935,10 @@ int security_set_bools(int len, int *values)
 				audit_get_loginuid(current),
 				audit_get_sessionid(current));
 		}
-		if (values[i]) {
+		if (values[i])
 			policydb.bool_val_to_struct[i]->state = 1;
-		} else {
+		else
 			policydb.bool_val_to_struct[i]->state = 0;
-		}
 	}
 
 	for (cur = policydb.cond_list; cur != NULL; cur = cur->next) {
@@ -2036,16 +2032,16 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid)
 	POLICY_RDLOCK;
 	context1 = sidtab_search(&sidtab, sid);
 	if (!context1) {
-		printk(KERN_ERR "security_sid_mls_copy:  unrecognized SID "
-		       "%d\n", sid);
+		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
+			__func__, sid);
 		rc = -EINVAL;
 		goto out_unlock;
 	}
 
 	context2 = sidtab_search(&sidtab, mls_sid);
 	if (!context2) {
-		printk(KERN_ERR "security_sid_mls_copy:  unrecognized SID "
-		       "%d\n", mls_sid);
+		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
+			__func__, mls_sid);
 		rc = -EINVAL;
 		goto out_unlock;
 	}
@@ -2136,17 +2132,15 @@ int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type,
 
 	nlbl_ctx = sidtab_search(&sidtab, nlbl_sid);
 	if (!nlbl_ctx) {
-		printk(KERN_ERR
-		       "security_sid_mls_cmp:  unrecognized SID %d\n",
-		       nlbl_sid);
+		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
+		       __func__, nlbl_sid);
 		rc = -EINVAL;
 		goto out_slowpath;
 	}
 	xfrm_ctx = sidtab_search(&sidtab, xfrm_sid);
 	if (!xfrm_ctx) {
-		printk(KERN_ERR
-		       "security_sid_mls_cmp:  unrecognized SID %d\n",
-		       xfrm_sid);
+		printk(KERN_ERR "SELinux: %s:  unrecognized SID %d\n",
+		       __func__, xfrm_sid);
 		rc = -EINVAL;
 		goto out_slowpath;
 	}
@@ -2226,7 +2220,7 @@ int security_get_permissions(char *class, char ***perms, int *nperms)
 
 	match = hashtab_search(policydb.p_classes.table, class);
 	if (!match) {
-		printk(KERN_ERR "%s:  unrecognized class %s\n",
+		printk(KERN_ERR "SELinux: %s:  unrecognized class %s\n",
 			__func__, class);
 		rc = -EINVAL;
 		goto out;
@@ -2435,7 +2429,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
 
 	if (!rule) {
 		audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
-		          "selinux_audit_rule_match: missing rule\n");
+			  "selinux_audit_rule_match: missing rule\n");
 		return -ENOENT;
 	}
 
@@ -2443,7 +2437,7 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
 
 	if (rule->au_seqno < latest_granting) {
 		audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
-		          "selinux_audit_rule_match: stale rule\n");
+			  "selinux_audit_rule_match: stale rule\n");
 		match = -ESTALE;
 		goto out;
 	}
@@ -2451,8 +2445,8 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
 	ctxt = sidtab_search(&sidtab, sid);
 	if (!ctxt) {
 		audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
-		          "selinux_audit_rule_match: unrecognized SID %d\n",
-		          sid);
+			  "selinux_audit_rule_match: unrecognized SID %d\n",
+			  sid);
 		match = -ENOENT;
 		goto out;
 	}
@@ -2498,36 +2492,36 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule,
 	case AUDIT_OBJ_LEV_LOW:
 	case AUDIT_OBJ_LEV_HIGH:
 		level = ((field == AUDIT_SUBJ_SEN ||
-		          field == AUDIT_OBJ_LEV_LOW) ?
-		         &ctxt->range.level[0] : &ctxt->range.level[1]);
+			  field == AUDIT_OBJ_LEV_LOW) ?
+			 &ctxt->range.level[0] : &ctxt->range.level[1]);
 		switch (op) {
 		case AUDIT_EQUAL:
 			match = mls_level_eq(&rule->au_ctxt.range.level[0],
-			                     level);
+					     level);
 			break;
 		case AUDIT_NOT_EQUAL:
 			match = !mls_level_eq(&rule->au_ctxt.range.level[0],
-			                      level);
+					      level);
 			break;
 		case AUDIT_LESS_THAN:
 			match = (mls_level_dom(&rule->au_ctxt.range.level[0],
-			                       level) &&
-			         !mls_level_eq(&rule->au_ctxt.range.level[0],
-			                       level));
+					       level) &&
+				 !mls_level_eq(&rule->au_ctxt.range.level[0],
+					       level));
 			break;
 		case AUDIT_LESS_THAN_OR_EQUAL:
 			match = mls_level_dom(&rule->au_ctxt.range.level[0],
-			                      level);
+					      level);
 			break;
 		case AUDIT_GREATER_THAN:
 			match = (mls_level_dom(level,
-			                      &rule->au_ctxt.range.level[0]) &&
-			         !mls_level_eq(level,
-			                       &rule->au_ctxt.range.level[0]));
+					      &rule->au_ctxt.range.level[0]) &&
+				 !mls_level_eq(level,
+					       &rule->au_ctxt.range.level[0]));
 			break;
 		case AUDIT_GREATER_THAN_OR_EQUAL:
 			match = mls_level_dom(level,
-			                      &rule->au_ctxt.range.level[0]);
+					      &rule->au_ctxt.range.level[0]);
 			break;
 		}
 	}
@@ -2554,7 +2548,7 @@ static int __init aurule_init(void)
 	int err;
 
 	err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET,
-	                       SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
+			       SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
 	if (err)
 		panic("avc_add_callback() failed, error %d\n", err);
 

security/selinux/ss/sidtab.c

@@ -156,12 +156,10 @@ void sidtab_map_remove_on_error(struct sidtab *s,
 		while (cur != NULL) {
 			ret = apply(cur->sid, &cur->context, args);
 			if (ret) {
-				if (last) {
+				if (last)
 					last->next = cur->next;
-				} else {
+				else
 					s->htable[i] = cur->next;
-				}
-
 				temp = cur;
 				cur = cur->next;
 				context_destroy(&temp->context);

security/selinux/xfrm.c

@@ -180,8 +180,7 @@ int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall)
 
 					if (!ckall)
 						break;
-				}
-				else if (*sid != ctx->ctx_sid)
+				} else if (*sid != ctx->ctx_sid)
 					return -EINVAL;
 			}
 		}
@@ -326,8 +325,7 @@ int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx,
  */
 void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx)
 {
-	if (ctx)
-		kfree(ctx);
+	kfree(ctx);
 }
 
 /*
@@ -372,8 +370,7 @@ int selinux_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *uct
 void selinux_xfrm_state_free(struct xfrm_state *x)
 {
 	struct xfrm_sec_ctx *ctx = x->security;
-	if (ctx)
-		kfree(ctx);
+	kfree(ctx);
 }
 
  /*