selinux: fix all of the W=1 build warnings

There were a number of places in the code where the function
definition did not match the associated comment block as well
at least one file where the appropriate header files were not
included (missing function declaration/prototype); this patch
fixes all of these issue such that building the SELinux code
with "W=1" is now warning free.

 % make W=1 security/selinux/

Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Paul Moore 2020-11-18 21:15:08 -05:00
parent 1d1e1ded13
commit e9fd729293
6 changed files with 33 additions and 8 deletions

View File

@ -547,6 +547,7 @@ static inline struct avc_node *avc_search_node(struct selinux_avc *avc,
/**
* avc_lookup - Look up an AVC entry.
* @avc: the access vector cache
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
@ -597,6 +598,7 @@ static int avc_latest_notif_update(struct selinux_avc *avc,
/**
* avc_insert - Insert an AVC entry.
* @avc: the access vector cache
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
@ -825,9 +827,14 @@ out:
/**
* avc_update_node - Update an AVC entry
* @avc: the access vector cache
* @event : Updating event
* @perms : Permission mask bits
* @ssid,@tsid,@tclass : identifier of an AVC entry
* @driver: xperm driver information
* @xperm: xperm permissions
* @ssid: AVC entry source sid
* @tsid: AVC entry target sid
* @tclass : AVC entry target object class
* @seqno : sequence number when decision was made
* @xpd: extended_perms_decision to be added to the node
* @flags: the AVC_* flags, e.g. AVC_EXTENDED_PERMS, or 0.
@ -928,6 +935,7 @@ out:
/**
* avc_flush - Flush the cache
* @avc: the access vector cache
*/
static void avc_flush(struct selinux_avc *avc)
{
@ -956,6 +964,7 @@ static void avc_flush(struct selinux_avc *avc)
/**
* avc_ss_reset - Flush the cache and revalidate migrated permissions.
* @avc: the access vector cache
* @seqno: policy sequence number
*/
int avc_ss_reset(struct selinux_avc *avc, u32 seqno)
@ -1105,6 +1114,7 @@ decision:
/**
* avc_has_perm_noaudit - Check permissions but perform no auditing.
* @state: SELinux state
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
@ -1156,6 +1166,7 @@ inline int avc_has_perm_noaudit(struct selinux_state *state,
/**
* avc_has_perm - Check permissions and perform any appropriate auditing.
* @state: SELinux state
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class

View File

@ -29,6 +29,7 @@
/**
* selinux_netlbl_sidlookup_cached - Cache a SID lookup
* @skb: the packet
* @family: the packet's address family
* @secattr: the NetLabel security attributes
* @sid: the SID
*
@ -128,6 +129,7 @@ void selinux_netlbl_cache_invalidate(void)
/**
* selinux_netlbl_err - Handle a NetLabel packet error
* @skb: the packet
* @family: the packet's address family
* @error: the error code
* @gateway: true if host is acting as a gateway, false otherwise
*
@ -160,7 +162,6 @@ void selinux_netlbl_sk_security_free(struct sk_security_struct *sksec)
/**
* selinux_netlbl_sk_security_reset - Reset the NetLabel fields
* @sksec: the sk_security_struct
* @family: the socket family
*
* Description:
* Called when the NetLabel state of a sk_security_struct needs to be reset.
@ -313,6 +314,7 @@ assoc_request_return:
/**
* selinux_netlbl_inet_conn_request - Label an incoming stream connection
* @req: incoming connection request socket
* @family: the request socket's address family
*
* Description:
* A new incoming connection request is represented by @req, we need to label
@ -343,6 +345,7 @@ inet_conn_request_return:
/**
* selinux_netlbl_inet_csk_clone - Initialize the newly created sock
* @sk: the new sock
* @family: the sock's address family
*
* Description:
* A new connection has been established using @sk, we've already labeled the
@ -378,7 +381,7 @@ void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk)
/**
* selinux_netlbl_socket_post_create - Label a socket using NetLabel
* @sock: the socket to label
* @sk: the sock to label
* @family: protocol family
*
* Description:

View File

@ -73,7 +73,7 @@ static unsigned int sel_netport_hashfn(u16 pnum)
/**
* sel_netport_find - Search for a port record
* @protocol: protocol
* @port: pnum
* @pnum: port
*
* Description:
* Search the network port table and return the matching record. If an entry

View File

@ -8,6 +8,7 @@
#include <linux/slab.h>
#include <linux/errno.h>
#include "hashtab.h"
#include "security.h"
static struct kmem_cache *hashtab_node_cachep __ro_after_init;

View File

@ -553,6 +553,7 @@ int mls_compute_sid(struct policydb *p,
#ifdef CONFIG_NETLABEL
/**
* mls_export_netlbl_lvl - Export the MLS sensitivity levels to NetLabel
* @p: the policy
* @context: the security context
* @secattr: the NetLabel security attributes
*
@ -574,6 +575,7 @@ void mls_export_netlbl_lvl(struct policydb *p,
/**
* mls_import_netlbl_lvl - Import the NetLabel MLS sensitivity levels
* @p: the policy
* @context: the security context
* @secattr: the NetLabel security attributes
*
@ -595,6 +597,7 @@ void mls_import_netlbl_lvl(struct policydb *p,
/**
* mls_export_netlbl_cat - Export the MLS categories to NetLabel
* @p: the policy
* @context: the security context
* @secattr: the NetLabel security attributes
*
@ -622,6 +625,7 @@ int mls_export_netlbl_cat(struct policydb *p,
/**
* mls_import_netlbl_cat - Import the MLS categories from NetLabel
* @p: the policy
* @context: the security context
* @secattr: the NetLabel security attributes
*

View File

@ -1102,7 +1102,7 @@ allow:
* @state: SELinux state
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
* @orig_tclass: target security class
* @avd: access vector decisions
* @xperms: extended permissions
*
@ -1626,6 +1626,7 @@ int security_context_str_to_sid(struct selinux_state *state,
* @scontext_len: length in bytes
* @sid: security identifier, SID
* @def_sid: default SID to assign on error
* @gfp_flags: the allocator get-free-page (GFP) flags
*
* Obtains a SID associated with the security context that
* has the string representation specified by @scontext.
@ -1919,6 +1920,7 @@ out:
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
* @qstr: object name
* @out_sid: security identifier for new subject/object
*
* Compute a SID to use for labeling a new subject or object in the
@ -1947,6 +1949,7 @@ int security_transition_sid_user(struct selinux_state *state,
/**
* security_member_sid - Compute the SID for member selection.
* @state: SELinux state
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
@ -2273,6 +2276,7 @@ void selinux_policy_commit(struct selinux_state *state,
* @state: SELinux state
* @data: binary policy data
* @len: length of data in bytes
* @load_state: policy load state
*
* Load a new set of security policy configuration data,
* validate it and convert the SID table as necessary.
@ -2525,7 +2529,7 @@ out:
* security_ib_endport_sid - Obtain the SID for a subnet management interface.
* @state: SELinux state
* @dev_name: device name
* @port: port number
* @port_num: port number
* @out_sid: security identifier
*/
int security_ib_endport_sid(struct selinux_state *state,
@ -2856,9 +2860,10 @@ out_unlock:
/**
* __security_genfs_sid - Helper to obtain a SID for a file in a filesystem
* @policy: policy
* @fstype: filesystem type
* @path: path from root of mount
* @sclass: file security class
* @orig_sclass: file security class
* @sid: SID for path
*
* Obtain a SID to use for a file in a filesystem that
@ -2915,7 +2920,7 @@ static inline int __security_genfs_sid(struct selinux_policy *policy,
* @state: SELinux state
* @fstype: filesystem type
* @path: path from root of mount
* @sclass: file security class
* @orig_sclass: file security class
* @sid: SID for path
*
* Acquire policy_rwlock before calling __security_genfs_sid() and release
@ -3297,6 +3302,7 @@ out_unlock:
* @nlbl_sid: NetLabel SID
* @nlbl_type: NetLabel labeling protocol type
* @xfrm_sid: XFRM SID
* @peer_sid: network peer sid
*
* Description:
* Compare the @nlbl_sid and @xfrm_sid values and if the two SIDs can be