From: Stephen Smalley <sds@tycho.nsa.gov>
This patch from Adrian Bunk makes needlessly global code static and removes
a number of unused global and static functions from SELinux. Please apply.
Author: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---
25-akpm/security/selinux/avc.c | 174 ------------------------------
25-akpm/security/selinux/hooks.c | 40 +++---
25-akpm/security/selinux/include/avc.h | 7 -
25-akpm/security/selinux/include/avc_ss.h | 13 --
25-akpm/security/selinux/include/objsec.h | 2
25-akpm/security/selinux/selinuxfs.c | 4
25-akpm/security/selinux/ss/avtab.c | 29 -----
25-akpm/security/selinux/ss/avtab.h | 6 -
25-akpm/security/selinux/ss/conditional.c | 2
25-akpm/security/selinux/ss/ebitmap.c | 43 -------
25-akpm/security/selinux/ss/ebitmap.h | 1
25-akpm/security/selinux/ss/hashtab.c | 113 -------------------
25-akpm/security/selinux/ss/hashtab.h | 38 ------
25-akpm/security/selinux/ss/policydb.c | 10 -
25-akpm/security/selinux/ss/policydb.h | 3
25-akpm/security/selinux/ss/services.c | 18 +--
25-akpm/security/selinux/ss/services.h | 6 -
25-akpm/security/selinux/ss/sidtab.c | 36 ------
18 files changed, 42 insertions(+), 503 deletions(-)
diff -puN security/selinux/avc.c~selinux-make-code-static-and-remove-unused-code security/selinux/avc.c
--- 25/security/selinux/avc.c~selinux-make-code-static-and-remove-unused-code 2005-03-21 21:49:06.000000000 -0800
+++ 25-akpm/security/selinux/avc.c 2005-03-21 21:49:06.000000000 -0800
@@ -139,7 +139,7 @@ static inline int avc_hash(u32 ssid, u32
* @tclass: target security class
* @av: access vector
*/
-void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av)
+static void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av)
{
const char **common_pts = NULL;
u32 common_base = 0;
@@ -199,7 +199,7 @@ void avc_dump_av(struct audit_buffer *ab
* @tsid: target security identifier
* @tclass: target security class
*/
-void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tclass)
+static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tclass)
{
int rc;
char *scontext;
@@ -828,136 +828,6 @@ out:
return rc;
}
-static int avc_update_cache(u32 event, u32 ssid, u32 tsid,
- u16 tclass, u32 perms)
-{
- struct avc_node *node;
- int i;
-
- rcu_read_lock();
-
- if (ssid == SECSID_WILD || tsid == SECSID_WILD) {
- /* apply to all matching nodes */
- for (i = 0; i < AVC_CACHE_SLOTS; i++) {
- list_for_each_entry_rcu(node, &avc_cache.slots[i], list) {
- if (avc_sidcmp(ssid, node->ae.ssid) &&
- avc_sidcmp(tsid, node->ae.tsid) &&
- tclass == node->ae.tclass ) {
- avc_update_node(event, perms, node->ae.ssid,
- node->ae.tsid, node->ae.tclass);
- }
- }
- }
- } else {
- /* apply to one node */
- avc_update_node(event, perms, ssid, tsid, tclass);
- }
-
- rcu_read_unlock();
-
- return 0;
-}
-
-static int avc_control(u32 event, u32 ssid, u32 tsid,
- u16 tclass, u32 perms,
- u32 seqno, u32 *out_retained)
-{
- struct avc_callback_node *c;
- u32 tretained = 0, cretained = 0;
- int rc = 0;
-
- /*
- * try_revoke only removes permissions from the cache
- * state if they are not retained by the object manager.
- * Hence, try_revoke must wait until after the callbacks have
- * been invoked to update the cache state.
- */
- if (event != AVC_CALLBACK_TRY_REVOKE)
- avc_update_cache(event,ssid,tsid,tclass,perms);
-
- for (c = avc_callbacks; c; c = c->next)
- {
- if ((c->events & event) &&
- avc_sidcmp(c->ssid, ssid) &&
- avc_sidcmp(c->tsid, tsid) &&
- c->tclass == tclass &&
- (c->perms & perms)) {
- cretained = 0;
- rc = c->callback(event, ssid, tsid, tclass,
- (c->perms & perms),
- &cretained);
- if (rc)
- goto out;
- tretained |= cretained;
- }
- }
-
- if (event == AVC_CALLBACK_TRY_REVOKE) {
- /* revoke any unretained permissions */
- perms &= ~tretained;
- avc_update_cache(event,ssid,tsid,tclass,perms);
- *out_retained = tretained;
- }
-
- avc_latest_notif_update(seqno, 0);
-
-out:
- return rc;
-}
-
-/**
- * avc_ss_grant - Grant previously denied permissions.
- * @ssid: source security identifier or %SECSID_WILD
- * @tsid: target security identifier or %SECSID_WILD
- * @tclass: target security class
- * @perms: permissions to grant
- * @seqno: policy sequence number
- */
-int avc_ss_grant(u32 ssid, u32 tsid, u16 tclass,
- u32 perms, u32 seqno)
-{
- return avc_control(AVC_CALLBACK_GRANT,
- ssid, tsid, tclass, perms, seqno, NULL);
-}
-
-/**
- * avc_ss_try_revoke - Try to revoke previously granted permissions.
- * @ssid: source security identifier or %SECSID_WILD
- * @tsid: target security identifier or %SECSID_WILD
- * @tclass: target security class
- * @perms: permissions to grant
- * @seqno: policy sequence number
- * @out_retained: subset of @perms that are retained
- *
- * Try to revoke previously granted permissions, but
- * only if they are not retained as migrated permissions.
- * Return the subset of permissions that are retained via @out_retained.
- */
-int avc_ss_try_revoke(u32 ssid, u32 tsid, u16 tclass,
- u32 perms, u32 seqno, u32 *out_retained)
-{
- return avc_control(AVC_CALLBACK_TRY_REVOKE,
- ssid, tsid, tclass, perms, seqno, out_retained);
-}
-
-/**
- * avc_ss_revoke - Revoke previously granted permissions.
- * @ssid: source security identifier or %SECSID_WILD
- * @tsid: target security identifier or %SECSID_WILD
- * @tclass: target security class
- * @perms: permissions to grant
- * @seqno: policy sequence number
- *
- * Revoke previously granted permissions, even if
- * they are retained as migrated permissions.
- */
-int avc_ss_revoke(u32 ssid, u32 tsid, u16 tclass,
- u32 perms, u32 seqno)
-{
- return avc_control(AVC_CALLBACK_REVOKE,
- ssid, tsid, tclass, perms, seqno, NULL);
-}
-
/**
* avc_ss_reset - Flush the cache and revalidate migrated permissions.
* @seqno: policy sequence number
@@ -991,46 +861,6 @@ out:
}
/**
- * avc_ss_set_auditallow - Enable or disable auditing of granted permissions.
- * @ssid: source security identifier or %SECSID_WILD
- * @tsid: target security identifier or %SECSID_WILD
- * @tclass: target security class
- * @perms: permissions to grant
- * @seqno: policy sequence number
- * @enable: enable flag.
- */
-int avc_ss_set_auditallow(u32 ssid, u32 tsid, u16 tclass,
- u32 perms, u32 seqno, u32 enable)
-{
- if (enable)
- return avc_control(AVC_CALLBACK_AUDITALLOW_ENABLE,
- ssid, tsid, tclass, perms, seqno, NULL);
- else
- return avc_control(AVC_CALLBACK_AUDITALLOW_DISABLE,
- ssid, tsid, tclass, perms, seqno, NULL);
-}
-
-/**
- * avc_ss_set_auditdeny - Enable or disable auditing of denied permissions.
- * @ssid: source security identifier or %SECSID_WILD
- * @tsid: target security identifier or %SECSID_WILD
- * @tclass: target security class
- * @perms: permissions to grant
- * @seqno: policy sequence number
- * @enable: enable flag.
- */
-int avc_ss_set_auditdeny(u32 ssid, u32 tsid, u16 tclass,
- u32 perms, u32 seqno, u32 enable)
-{
- if (enable)
- return avc_control(AVC_CALLBACK_AUDITDENY_ENABLE,
- ssid, tsid, tclass, perms, seqno, NULL);
- else
- return avc_control(AVC_CALLBACK_AUDITDENY_DISABLE,
- ssid, tsid, tclass, perms, seqno, NULL);
-}
-
-/**
* avc_has_perm_noaudit - Check permissions but perform no auditing.
* @ssid: source security identifier
* @tsid: target security identifier
diff -puN security/selinux/hooks.c~selinux-make-code-static-and-remove-unused-code security/selinux/hooks.c
--- 25/security/selinux/hooks.c~selinux-make-code-static-and-remove-unused-code 2005-03-21 21:49:06.000000000 -0800
+++ 25-akpm/security/selinux/hooks.c 2005-03-21 21:49:06.000000000 -0800
@@ -921,9 +921,9 @@ static inline u32 signal_to_av(int sig)
/* Check permission betweeen a pair of tasks, e.g. signal checks,
fork check, ptrace check, etc. */
-int task_has_perm(struct task_struct *tsk1,
- struct task_struct *tsk2,
- u32 perms)
+static int task_has_perm(struct task_struct *tsk1,
+ struct task_struct *tsk2,
+ u32 perms)
{
struct task_security_struct *tsec1, *tsec2;
@@ -934,8 +934,8 @@ int task_has_perm(struct task_struct *ts
}
/* Check whether a task is allowed to use a capability. */
-int task_has_capability(struct task_struct *tsk,
- int cap)
+static int task_has_capability(struct task_struct *tsk,
+ int cap)
{
struct task_security_struct *tsec;
struct avc_audit_data ad;
@@ -951,8 +951,8 @@ int task_has_capability(struct task_stru
}
/* Check whether a task is allowed to use a system operation. */
-int task_has_system(struct task_struct *tsk,
- u32 perms)
+static int task_has_system(struct task_struct *tsk,
+ u32 perms)
{
struct task_security_struct *tsec;
@@ -965,10 +965,10 @@ int task_has_system(struct task_struct *
/* Check whether a task has a particular permission to an inode.
The 'adp' parameter is optional and allows other audit
data to be passed (e.g. the dentry). */
-int inode_has_perm(struct task_struct *tsk,
- struct inode *inode,
- u32 perms,
- struct avc_audit_data *adp)
+static int inode_has_perm(struct task_struct *tsk,
+ struct inode *inode,
+ u32 perms,
+ struct avc_audit_data *adp)
{
struct task_security_struct *tsec;
struct inode_security_struct *isec;
@@ -1190,10 +1190,10 @@ static inline int may_rename(struct inod
}
/* Check whether a task can perform a filesystem operation. */
-int superblock_has_perm(struct task_struct *tsk,
- struct super_block *sb,
- u32 perms,
- struct avc_audit_data *ad)
+static int superblock_has_perm(struct task_struct *tsk,
+ struct super_block *sb,
+ u32 perms,
+ struct avc_audit_data *ad)
{
struct task_security_struct *tsec;
struct superblock_security_struct *sbsec;
@@ -1250,7 +1250,7 @@ static inline u32 file_to_av(struct file
}
/* Set an inode's SID to a specified value. */
-int inode_security_set_sid(struct inode *inode, u32 sid)
+static int inode_security_set_sid(struct inode *inode, u32 sid)
{
struct inode_security_struct *isec = inode->i_security;
struct superblock_security_struct *sbsec = inode->i_sb->s_security;
@@ -4019,7 +4019,7 @@ static int selinux_ipc_permission(struct
}
/* module stacking operations */
-int selinux_register_security (const char *name, struct security_operations *ops)
+static int selinux_register_security (const char *name, struct security_operations *ops)
{
if (secondary_ops != original_ops) {
printk(KERN_INFO "%s: There is already a secondary security "
@@ -4036,7 +4036,7 @@ int selinux_register_security (const cha
return 0;
}
-int selinux_unregister_security (const char *name, struct security_operations *ops)
+static int selinux_unregister_security (const char *name, struct security_operations *ops)
{
if (ops != secondary_ops) {
printk (KERN_INFO "%s: trying to unregister a security module "
@@ -4203,7 +4203,7 @@ static int selinux_setprocattr(struct ta
return size;
}
-struct security_operations selinux_ops = {
+static struct security_operations selinux_ops = {
.ptrace = selinux_ptrace,
.capget = selinux_capget,
.capset_check = selinux_capset_check,
@@ -4352,7 +4352,7 @@ struct security_operations selinux_ops =
#endif
};
-__init int selinux_init(void)
+static __init int selinux_init(void)
{
struct task_security_struct *tsec;
diff -puN security/selinux/include/avc.h~selinux-make-code-static-and-remove-unused-code security/selinux/include/avc.h
--- 25/security/selinux/include/avc.h~selinux-make-code-static-and-remove-unused-code 2005-03-21 21:49:06.000000000 -0800
+++ 25-akpm/security/selinux/include/avc.h 2005-03-21 21:49:06.000000000 -0800
@@ -93,13 +93,6 @@ struct avc_cache_stats
};
/*
- * AVC display support
- */
-struct audit_buffer;
-void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av);
-void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tclass);
-
-/*
* AVC operations
*/
diff -puN security/selinux/include/avc_ss.h~selinux-make-code-static-and-remove-unused-code security/selinux/include/avc_ss.h
--- 25/security/selinux/include/avc_ss.h~selinux-make-code-static-and-remove-unused-code 2005-03-21 21:49:06.000000000 -0800
+++ 25-akpm/security/selinux/include/avc_ss.h 2005-03-21 21:49:06.000000000 -0800
@@ -8,20 +8,7 @@
#include "flask.h"
-int avc_ss_grant(u32 ssid, u32 tsid, u16 tclass, u32 perms, u32 seqno);
-
-int avc_ss_try_revoke(u32 ssid, u32 tsid, u16 tclass, u32 perms, u32 seqno,
- u32 *out_retained);
-
-int avc_ss_revoke(u32 ssid, u32 tsid, u16 tclass, u32 perms, u32 seqno);
-
int avc_ss_reset(u32 seqno);
-int avc_ss_set_auditallow(u32 ssid, u32 tsid, u16 tclass, u32 perms,
- u32 seqno, u32 enable);
-
-int avc_ss_set_auditdeny(u32 ssid, u32 tsid, u16 tclass, u32 perms,
- u32 seqno, u32 enable);
-
#endif /* _SELINUX_AVC_SS_H_ */
diff -puN security/selinux/include/objsec.h~selinux-make-code-static-and-remove-unused-code security/selinux/include/objsec.h
--- 25/security/selinux/include/objsec.h~selinux-make-code-static-and-remove-unused-code 2005-03-21 21:49:06.000000000 -0800
+++ 25-akpm/security/selinux/include/objsec.h 2005-03-21 21:49:06.000000000 -0800
@@ -107,8 +107,6 @@ struct sk_security_struct {
u32 peer_sid; /* SID of peer */
};
-extern int inode_security_set_sid(struct inode *inode, u32 sid);
-
extern unsigned int selinux_checkreqprot;
#endif /* _SELINUX_OBJSEC_H_ */
diff -puN security/selinux/selinuxfs.c~selinux-make-code-static-and-remove-unused-code security/selinux/selinuxfs.c
--- 25/security/selinux/selinuxfs.c~selinux-make-code-static-and-remove-unused-code 2005-03-21 21:49:06.000000000 -0800
+++ 25-akpm/security/selinux/selinuxfs.c 2005-03-21 21:49:06.000000000 -0800
@@ -54,8 +54,8 @@ static int *bool_pending_values = NULL;
extern void selnl_notify_setenforce(int val);
/* Check whether a task is allowed to use a security operation. */
-int task_has_security(struct task_struct *tsk,
- u32 perms)
+static int task_has_security(struct task_struct *tsk,
+ u32 perms)
{
struct task_security_struct *tsec;
diff -puN security/selinux/ss/avtab.c~selinux-make-code-static-and-remove-unused-code security/selinux/ss/avtab.c
--- 25/security/selinux/ss/avtab.c~selinux-make-code-static-and-remove-unused-code 2005-03-21 21:49:06.000000000 -0800
+++ 25-akpm/security/selinux/ss/avtab.c 2005-03-21 21:49:06.000000000 -0800
@@ -31,7 +31,8 @@
static kmem_cache_t *avtab_node_cachep;
static struct avtab_node*
-avtab_insert_node(struct avtab *h, int hvalue, struct avtab_node * prev, struct avtab_node * cur,
+avtab_insert_node(struct avtab *h, int hvalue,
+ struct avtab_node * prev, struct avtab_node * cur,
struct avtab_key *key, struct avtab_datum *datum)
{
struct avtab_node * newnode;
@@ -53,7 +54,7 @@ avtab_insert_node(struct avtab *h, int h
return newnode;
}
-int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum)
+static int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_datum *datum)
{
int hvalue;
struct avtab_node *prev, *cur, *newnode;
@@ -237,30 +238,6 @@ void avtab_destroy(struct avtab *h)
}
-int avtab_map(struct avtab *h,
- int (*apply) (struct avtab_key *k,
- struct avtab_datum *d,
- void *args),
- void *args)
-{
- int i, ret;
- struct avtab_node *cur;
-
- if (!h)
- return 0;
-
- for (i = 0; i < AVTAB_SIZE; i++) {
- cur = h->htable[i];
- while (cur != NULL) {
- ret = apply(&cur->key, &cur->datum, args);
- if (ret)
- return ret;
- cur = cur->next;
- }
- }
- return 0;
-}
-
int avtab_init(struct avtab *h)
{
int i;
diff -puN security/selinux/ss/avtab.h~selinux-make-code-static-and-remove-unused-code security/selinux/ss/avtab.h
--- 25/security/selinux/ss/avtab.h~selinux-make-code-static-and-remove-unused-code 2005-03-21 21:49:06.000000000 -0800
+++ 25-akpm/security/selinux/ss/avtab.h 2005-03-21 21:49:06.000000000 -0800
@@ -58,14 +58,8 @@ struct avtab {
};
int avtab_init(struct avtab *);
-int avtab_insert(struct avtab *h, struct avtab_key *k, struct avtab_datum *d);
struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *k, int specified);
void avtab_destroy(struct avtab *h);
-int avtab_map(struct avtab *h,
- int (*apply) (struct avtab_key *k,
- struct avtab_datum *d,
- void *args),
- void *args);
void avtab_hash_eval(struct avtab *h, char *tag);
int avtab_read_item(void *fp, struct avtab_datum *avdatum, struct avtab_key *avkey);
diff -puN security/selinux/ss/conditional.c~selinux-make-code-static-and-remove-unused-code security/selinux/ss/conditional.c
--- 25/security/selinux/ss/conditional.c~selinux-make-code-static-and-remove-unused-code 2005-03-21 21:49:06.000000000 -0800
+++ 25-akpm/security/selinux/ss/conditional.c 2005-03-21 21:49:06.000000000 -0800
@@ -208,7 +208,7 @@ int cond_index_bool(void *key, void *dat
return 0;
}
-int bool_isvalid(struct cond_bool_datum *b)
+static int bool_isvalid(struct cond_bool_datum *b)
{
if (!(b->state == 0 || b->state == 1))
return 0;
diff -puN security/selinux/ss/ebitmap.c~selinux-make-code-static-and-remove-unused-code security/selinux/ss/ebitmap.c
--- 25/security/selinux/ss/ebitmap.c~selinux-make-code-static-and-remove-unused-code 2005-03-21 21:49:06.000000000 -0800
+++ 25-akpm/security/selinux/ss/ebitmap.c 2005-03-21 21:49:06.000000000 -0800
@@ -9,49 +9,6 @@
#include "ebitmap.h"
#include "policydb.h"
-int ebitmap_or(struct ebitmap *dst, struct ebitmap *e1, struct ebitmap *e2)
-{
- struct ebitmap_node *n1, *n2, *new, *prev;
-
- ebitmap_init(dst);
-
- n1 = e1->node;
- n2 = e2->node;
- prev = NULL;
- while (n1 || n2) {
- new = kmalloc(sizeof(*new), GFP_ATOMIC);
- if (!new) {
- ebitmap_destroy(dst);
- return -ENOMEM;
- }
- memset(new, 0, sizeof(*new));
- if (n1 && n2 && n1->startbit == n2->startbit) {
- new->startbit = n1->startbit;
- new->map = n1->map | n2->map;
- n1 = n1->next;
- n2 = n2->next;
- } else if (!n2 || (n1 && n1->startbit < n2->startbit)) {
- new->startbit = n1->startbit;
- new->map = n1->map;
- n1 = n1->next;
- } else {
- new->startbit = n2->startbit;
- new->map = n2->map;
- n2 = n2->next;
- }
-
- new->next = NULL;
- if (prev)
- prev->next = new;
- else
- dst->node = new;
- prev = new;
- }
-
- dst->highbit = (e1->highbit > e2->highbit) ? e1->highbit : e2->highbit;
- return 0;
-}
-
int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2)
{
struct ebitmap_node *n1, *n2;
diff -puN security/selinux/ss/ebitmap.h~selinux-make-code-static-and-remove-unused-code security/selinux/ss/ebitmap.h
--- 25/security/selinux/ss/ebitmap.h~selinux-make-code-static-and-remove-unused-code 2005-03-21 21:49:06.000000000 -0800
+++ 25-akpm/security/selinux/ss/ebitmap.h 2005-03-21 21:49:06.000000000 -0800
@@ -38,7 +38,6 @@ static inline void ebitmap_init(struct e
}
int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2);
-int ebitmap_or(struct ebitmap *dst, struct ebitmap *e1, struct ebitmap *e2);
int ebitmap_cpy(struct ebitmap *dst, struct ebitmap *src);
int ebitmap_contains(struct ebitmap *e1, struct ebitmap *e2);
int ebitmap_get_bit(struct ebitmap *e, unsigned long bit);
diff -puN security/selinux/ss/hashtab.c~selinux-make-code-static-and-remove-unused-code security/selinux/ss/hashtab.c
--- 25/security/selinux/ss/hashtab.c~selinux-make-code-static-and-remove-unused-code 2005-03-21 21:49:06.000000000 -0800
+++ 25-akpm/security/selinux/ss/hashtab.c 2005-03-21 21:49:06.000000000 -0800
@@ -73,81 +73,6 @@ int hashtab_insert(struct hashtab *h, vo
return 0;
}
-int hashtab_remove(struct hashtab *h, void *key,
- void (*destroy)(void *k, void *d, void *args),
- void *args)
-{
- u32 hvalue;
- struct hashtab_node *cur, *last;
-
- if (!h)
- return -EINVAL;
-
- hvalue = h->hash_value(h, key);
- last = NULL;
- cur = h->htable[hvalue];
- while (cur != NULL && h->keycmp(h, key, cur->key) > 0) {
- last = cur;
- cur = cur->next;
- }
-
- if (cur == NULL || (h->keycmp(h, key, cur->key) != 0))
- return -ENOENT;
-
- if (last == NULL)
- h->htable[hvalue] = cur->next;
- else
- last->next = cur->next;
-
- if (destroy)
- destroy(cur->key, cur->datum, args);
- kfree(cur);
- h->nel--;
- return 0;
-}
-
-int hashtab_replace(struct hashtab *h, void *key, void *datum,
- void (*destroy)(void *k, void *d, void *args),
- void *args)
-{
- u32 hvalue;
- struct hashtab_node *prev, *cur, *newnode;
-
- if (!h)
- return -EINVAL;
-
- hvalue = h->hash_value(h, key);
- prev = NULL;
- cur = h->htable[hvalue];
- while (cur != NULL && h->keycmp(h, key, cur->key) > 0) {
- prev = cur;
- cur = cur->next;
- }
-
- if (cur && (h->keycmp(h, key, cur->key) == 0)) {
- if (destroy)
- destroy(cur->key, cur->datum, args);
- cur->key = key;
- cur->datum = datum;
- } else {
- newnode = kmalloc(sizeof(*newnode), GFP_KERNEL);
- if (newnode == NULL)
- return -ENOMEM;
- memset(newnode, 0, sizeof(*newnode));
- newnode->key = key;
- newnode->datum = datum;
- if (prev) {
- newnode->next = prev->next;
- prev->next = newnode;
- } else {
- newnode->next = h->htable[hvalue];
- h->htable[hvalue] = newnode;
- }
- }
-
- return 0;
-}
-
void *hashtab_search(struct hashtab *h, void *key)
{
u32 hvalue;
@@ -215,44 +140,6 @@ int hashtab_map(struct hashtab *h,
}
-void hashtab_map_remove_on_error(struct hashtab *h,
- int (*apply)(void *k, void *d, void *args),
- void (*destroy)(void *k, void *d, void *args),
- void *args)
-{
- u32 i;
- int ret;
- struct hashtab_node *last, *cur, *temp;
-
- if (!h)
- return;
-
- for (i = 0; i < h->size; i++) {
- last = NULL;
- cur = h->htable[i];
- while (cur != NULL) {
- ret = apply(cur->key, cur->datum, args);
- if (ret) {
- if (last)
- last->next = cur->next;
- else
- h->htable[i] = cur->next;
-
- temp = cur;
- cur = cur->next;
- if (destroy)
- destroy(temp->key, temp->datum, args);
- kfree(temp);
- h->nel--;
- } else {
- last = cur;
- cur = cur->next;
- }
- }
- }
- return;
-}
-
void hashtab_stat(struct hashtab *h, struct hashtab_info *info)
{
u32 i, chain_len, slots_used, max_chain_len;
diff -puN security/selinux/ss/hashtab.h~selinux-make-code-static-and-remove-unused-code security/selinux/ss/hashtab.h
--- 25/security/selinux/ss/hashtab.h~selinux-make-code-static-and-remove-unused-code 2005-03-21 21:49:06.000000000 -0800
+++ 25-akpm/security/selinux/ss/hashtab.h 2005-03-21 21:49:06.000000000 -0800
@@ -54,33 +54,6 @@ struct hashtab *hashtab_create(u32 (*has
int hashtab_insert(struct hashtab *h, void *k, void *d);
/*
- * Removes the entry with the specified key from the hash table.
- * Applies the specified destroy function to (key,datum,args) for
- * the entry.
- *
- * Returns -ENOENT if no entry has the specified key,
- * -EINVAL for general errors or
- *0 otherwise.
- */
-int hashtab_remove(struct hashtab *h, void *k,
- void (*destroy)(void *k, void *d, void *args),
- void *args);
-
-/*
- * Insert or replace the specified (key, datum) pair in the specified
- * hash table. If an entry for the specified key already exists,
- * then the specified destroy function is applied to (key,datum,args)
- * for the entry prior to replacing the entry's contents.
- *
- * Returns -ENOMEM if insufficient space is available,
- * -EINVAL for general errors or
- * 0 otherwise.
- */
-int hashtab_replace(struct hashtab *h, void *k, void *d,
- void (*destroy)(void *k, void *d, void *args),
- void *args);
-
-/*
* Searches for the entry with the specified key in the hash table.
*
* Returns NULL if no entry has the specified key or
@@ -108,17 +81,6 @@ int hashtab_map(struct hashtab *h,
int (*apply)(void *k, void *d, void *args),
void *args);
-/*
- * Same as hashtab_map, except that if apply returns a non-zero status,
- * then the (key,datum) pair will be removed from the hashtab and the
- * destroy function will be applied to (key,datum,args).
- */
-void hashtab_map_remove_on_error(struct hashtab *h,
- int (*apply)(void *k, void *d, void *args),
- void (*destroy)(void *k, void *d, void *args),
- void *args);
-
-
/* Fill info with some hash table statistics */
void hashtab_stat(struct hashtab *h, struct hashtab_info *info);
diff -puN security/selinux/ss/policydb.c~selinux-make-code-static-and-remove-unused-code security/selinux/ss/policydb.c
--- 25/security/selinux/ss/policydb.c~selinux-make-code-static-and-remove-unused-code 2005-03-21 21:49:06.000000000 -0800
+++ 25-akpm/security/selinux/ss/policydb.c 2005-03-21 21:49:06.000000000 -0800
@@ -110,7 +110,7 @@ static struct policydb_compat_info *poli
/*
* Initialize the role table.
*/
-int roles_init(struct policydb *p)
+static int roles_init(struct policydb *p)
{
char *key = NULL;
int rc;
@@ -149,7 +149,7 @@ out_free_role:
/*
* Initialize a policy database structure.
*/
-int policydb_init(struct policydb *p)
+static int policydb_init(struct policydb *p)
{
int i, rc;
@@ -321,7 +321,7 @@ static int (*index_f[SYM_NUM]) (void *ke
*
* Caller must clean up upon failure.
*/
-int policydb_index_classes(struct policydb *p)
+static int policydb_index_classes(struct policydb *p)
{
int rc;
@@ -378,7 +378,7 @@ static void symtab_hash_eval(struct symt
*
* Caller must clean up on failure.
*/
-int policydb_index_others(struct policydb *p)
+static int policydb_index_others(struct policydb *p)
{
int i, rc = 0;
@@ -566,7 +566,7 @@ static int (*destroy_f[SYM_NUM]) (void *
cat_destroy,
};
-void ocontext_destroy(struct ocontext *c, int i)
+static void ocontext_destroy(struct ocontext *c, int i)
{
context_destroy(&c->context[0]);
context_destroy(&c->context[1]);
diff -puN security/selinux/ss/policydb.h~selinux-make-code-static-and-remove-unused-code security/selinux/ss/policydb.h
--- 25/security/selinux/ss/policydb.h~selinux-make-code-static-and-remove-unused-code 2005-03-21 21:49:06.000000000 -0800
+++ 25-akpm/security/selinux/ss/policydb.h 2005-03-21 21:49:06.000000000 -0800
@@ -240,9 +240,6 @@ struct policydb {
unsigned int policyvers;
};
-extern int policydb_init(struct policydb *p);
-extern int policydb_index_classes(struct policydb *p);
-extern int policydb_index_others(struct policydb *p);
extern void policydb_destroy(struct policydb *p);
extern int policydb_load_isids(struct policydb *p, struct sidtab *s);
extern int policydb_context_isvalid(struct policydb *p, struct context *c);
diff -puN security/selinux/ss/services.c~selinux-make-code-static-and-remove-unused-code security/selinux/ss/services.c
--- 25/security/selinux/ss/services.c~selinux-make-code-static-and-remove-unused-code 2005-03-21 21:49:06.000000000 -0800
+++ 25-akpm/security/selinux/ss/services.c 2005-03-21 21:49:06.000000000 -0800
@@ -52,7 +52,7 @@ static DECLARE_MUTEX(load_sem);
#define LOAD_LOCK down(&load_sem)
#define LOAD_UNLOCK up(&load_sem)
-struct sidtab sidtab;
+static struct sidtab sidtab;
struct policydb policydb;
int ss_initialized = 0;
@@ -64,9 +64,9 @@ int ss_initialized = 0;
*/
static u32 latest_granting = 0;
-/* Forward declarations. */
-int context_struct_to_string(struct context *context, char **scontext,
- u32 *scontext_len);
+/* Forward declaration. */
+static int context_struct_to_string(struct context *context, char **scontext,
+ u32 *scontext_len);
/*
* Return the boolean value of a constraint expression
@@ -79,10 +79,10 @@ int context_struct_to_string(struct cont
* of the process performing the transition. All other callers of
* constraint_expr_eval should pass in NULL for xcontext.
*/
-int constraint_expr_eval(struct context *scontext,
- struct context *tcontext,
- struct context *xcontext,
- struct constraint_expr *cexpr)
+static int constraint_expr_eval(struct context *scontext,
+ struct context *tcontext,
+ struct context *xcontext,
+ struct constraint_expr *cexpr)
{
u32 val1, val2;
struct context *c;
@@ -515,7 +515,7 @@ out:
* to point to this string and set `*scontext_len' to
* the length of the string.
*/
-int context_struct_to_string(struct context *context, char **scontext, u32 *scontext_len)
+static int context_struct_to_string(struct context *context, char **scontext, u32 *scontext_len)
{
char *scontextp;
diff -puN security/selinux/ss/services.h~selinux-make-code-static-and-remove-unused-code security/selinux/ss/services.h
--- 25/security/selinux/ss/services.h~selinux-make-code-static-and-remove-unused-code 2005-03-21 21:49:06.000000000 -0800
+++ 25-akpm/security/selinux/ss/services.h 2005-03-21 21:49:06.000000000 -0800
@@ -9,12 +9,6 @@
#include "policydb.h"
#include "sidtab.h"
-/*
- * The security server uses two global data structures
- * when providing its services: the SID table (sidtab)
- * and the policy database (policydb).
- */
-extern struct sidtab sidtab;
extern struct policydb policydb;
#endif /* _SS_SERVICES_H_ */
diff -puN security/selinux/ss/sidtab.c~selinux-make-code-static-and-remove-unused-code security/selinux/ss/sidtab.c
--- 25/security/selinux/ss/sidtab.c~selinux-make-code-static-and-remove-unused-code 2005-03-21 21:49:06.000000000 -0800
+++ 25-akpm/security/selinux/ss/sidtab.c 2005-03-21 21:49:06.000000000 -0800
@@ -87,42 +87,6 @@ out:
return rc;
}
-int sidtab_remove(struct sidtab *s, u32 sid)
-{
- int hvalue, rc = 0;
- struct sidtab_node *cur, *last;
-
- if (!s) {
- rc = -ENOENT;
- goto out;
- }
-
- hvalue = SIDTAB_HASH(sid);
- last = NULL;
- cur = s->htable[hvalue];
- while (cur != NULL && sid > cur->sid) {
- last = cur;
- cur = cur->next;
- }
-
- if (cur == NULL || sid != cur->sid) {
- rc = -ENOENT;
- goto out;
- }
-
- if (last == NULL)
- s->htable[hvalue] = cur->next;
- else
- last->next = cur->next;
-
- context_destroy(&cur->context);
-
- kfree(cur);
- s->nel--;
-out:
- return rc;
-}
-
struct context *sidtab_search(struct sidtab *s, u32 sid)
{
int hvalue;
_