From patchwork Wed Oct 18 00:53:16 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thiago Jung Bauermann X-Patchwork-Id: 10013289 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 090CE600CC for ; Wed, 18 Oct 2017 00:59:46 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EC61528A68 for ; Wed, 18 Oct 2017 00:59:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DFA9D28A6A; Wed, 18 Oct 2017 00:59:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F1F2628A68 for ; Wed, 18 Oct 2017 00:59:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758833AbdJRAyT (ORCPT ); Tue, 17 Oct 2017 20:54:19 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:36152 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1758707AbdJRAyP (ORCPT ); Tue, 17 Oct 2017 20:54:15 -0400 Received: from pps.filterd (m0098396.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id v9I0s4m9141227 for ; Tue, 17 Oct 2017 20:54:14 -0400 Received: from e17.ny.us.ibm.com (e17.ny.us.ibm.com [129.33.205.207]) by mx0a-001b2d01.pphosted.com with ESMTP id 2dnsxtx7nm-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Tue, 17 Oct 2017 20:54:14 -0400 Received: from localhost by e17.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 17 Oct 2017 20:54:13 -0400 Received: from b01cxnp22034.gho.pok.ibm.com (9.57.198.24) by e17.ny.us.ibm.com (146.89.104.204) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Tue, 17 Oct 2017 20:54:08 -0400 Received: from b01ledav004.gho.pok.ibm.com (b01ledav004.gho.pok.ibm.com [9.57.199.109]) by b01cxnp22034.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id v9I0s8Uq52953200; Wed, 18 Oct 2017 00:54:08 GMT Received: from b01ledav004.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id C59A9112034; Tue, 17 Oct 2017 20:53:40 -0400 (EDT) Received: from morokweng.ibm.com (unknown [9.85.160.64]) by b01ledav004.gho.pok.ibm.com (Postfix) with ESMTP id 3370A112054; Tue, 17 Oct 2017 20:53:37 -0400 (EDT) From: Thiago Jung Bauermann To: linux-integrity@vger.kernel.org Cc: linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-crypto@vger.kernel.org, linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, Mimi Zohar , Dmitry Kasatkin , James Morris , "Serge E. Hallyn" , David Howells , David Woodhouse , Jessica Yu , Rusty Russell , Herbert Xu , "David S. Miller" , "AKASHI, Takahiro" , Thiago Jung Bauermann Subject: [PATCH v5 03/18] evm, ima: Remove superfluous parentheses Date: Tue, 17 Oct 2017 22:53:16 -0200 X-Mailer: git-send-email 2.14.2 In-Reply-To: <20171018005331.2688-1-bauerman@linux.vnet.ibm.com> References: <20171018005331.2688-1-bauerman@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 17101800-0040-0000-0000-000003B44F4E X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00007909; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000237; SDB=6.00932660; UDB=6.00469691; IPR=6.00712950; BA=6.00005643; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00017583; XFM=3.00000015; UTC=2017-10-18 00:54:12 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17101800-0041-0000-0000-000007A955FE Message-Id: <20171018005331.2688-4-bauerman@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-10-17_15:, , signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=1 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000 definitions=main-1710180012 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP This patch removes unnecessary parentheses from all EVM and IMA files touched by this patch series. The difference from the previous patch is that it cleans up the files as a whole, not just the lines that were already going to be modified by other patches. It is separate from the previous one so that it can be easily dropped if the churn and conflict potential is deemed not worth it. Confirmed that the patch is correct by comparing the object files from before and after the patch. They are identical. Signed-off-by: Thiago Jung Bauermann --- security/integrity/evm/evm_crypto.c | 2 +- security/integrity/evm/evm_main.c | 13 +++++----- security/integrity/ima/ima_api.c | 2 +- security/integrity/ima/ima_appraise.c | 2 +- security/integrity/ima/ima_main.c | 11 +++++---- security/integrity/ima/ima_policy.c | 41 ++++++++++++++++--------------- security/integrity/ima/ima_template.c | 25 +++++++++---------- security/integrity/ima/ima_template_lib.c | 6 ++--- 8 files changed, 51 insertions(+), 51 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c index bcd64baf8788..9c2d88c80b9d 100644 --- a/security/integrity/evm/evm_crypto.c +++ b/security/integrity/evm/evm_crypto.c @@ -199,7 +199,7 @@ static int evm_calc_hmac_or_hash(struct dentry *dentry, error = -ENODATA; for (xattrname = evm_config_xattrnames; *xattrname != NULL; xattrname++) { - if ((req_xattr_name && req_xattr_value) + if (req_xattr_name && req_xattr_value && !strcmp(*xattrname, req_xattr_name)) { error = 0; crypto_shash_update(desc, (const u8 *)req_xattr_value, diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 9826c02e2db8..37f062d38d5f 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -188,7 +188,7 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry, } if (rc) - evm_status = (rc == -ENODATA) ? + evm_status = rc == -ENODATA ? INTEGRITY_NOXATTRS : INTEGRITY_FAIL; out: if (iint) @@ -205,8 +205,8 @@ static int evm_protected_xattr(const char *req_xattr_name) namelen = strlen(req_xattr_name); for (xattrname = evm_config_xattrnames; *xattrname != NULL; xattrname++) { - if ((strlen(*xattrname) == namelen) - && (strncmp(req_xattr_name, *xattrname, namelen) == 0)) { + if (strlen(*xattrname) == namelen + && strncmp(req_xattr_name, *xattrname, namelen) == 0) { found = 1; break; } @@ -294,8 +294,8 @@ static int evm_protect_xattr(struct dentry *dentry, const char *xattr_name, if (!posix_xattr_acl(xattr_name)) return 0; evm_status = evm_verify_current_integrity(dentry); - if ((evm_status == INTEGRITY_PASS) || - (evm_status == INTEGRITY_NOXATTRS)) + if (evm_status == INTEGRITY_PASS || + evm_status == INTEGRITY_NOXATTRS) return 0; goto out; } @@ -434,8 +434,7 @@ int evm_inode_setattr(struct dentry *dentry, struct iattr *attr) if (!(ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID))) return 0; evm_status = evm_verify_current_integrity(dentry); - if ((evm_status == INTEGRITY_PASS) || - (evm_status == INTEGRITY_NOXATTRS)) + if (evm_status == INTEGRITY_PASS || evm_status == INTEGRITY_NOXATTRS) return 0; integrity_audit_msg(AUDIT_INTEGRITY_METADATA, d_backing_inode(dentry), dentry->d_name.name, "appraise_metadata", diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index c7e8db0ea4c0..c6d346e9f708 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -54,7 +54,7 @@ int ima_alloc_init_template(struct ima_event_data *event_data, u32 len; result = field->field_init(event_data, - &((*entry)->template_data[i])); + &(*entry)->template_data[i]); if (result != 0) goto out; diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index bce0b36778bd..58c6a60c7e83 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -401,7 +401,7 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, result = ima_protect_xattr(dentry, xattr_name, xattr_value, xattr_value_len); if (result == 1) { - if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST)) + if (!xattr_value_len || xvalue->type >= IMA_XATTR_LAST) return -EINVAL; ima_reset_appraise_flags(d_backing_inode(dentry), xvalue->type == EVM_IMA_XATTR_DIGSIG); diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index e4ab8ef8016e..747a4fd9e2de 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -96,7 +96,7 @@ static void ima_rdwr_violation_check(struct file *file, send_tomtou = true; } } else { - if ((atomic_read(&inode->i_writecount) > 0) && must_measure) + if (atomic_read(&inode->i_writecount) > 0 && must_measure) send_writers = true; } @@ -123,7 +123,7 @@ static void ima_check_last_writer(struct integrity_iint_cache *iint, inode_lock(inode); if (atomic_read(&inode->i_writecount) == 1) { - if ((iint->version != inode->i_version) || + if (iint->version != inode->i_version || (iint->flags & IMA_NEW_FILE)) { iint->flags &= ~(IMA_DONE_MASK | IMA_NEW_FILE); iint->measured_pcrs = 0; @@ -179,8 +179,9 @@ static int process_measurement(struct file *file, char *buf, loff_t size, * Included is the appraise submask. */ action = ima_get_action(inode, mask, func, &pcr); - violation_check = ((func == FILE_CHECK || func == MMAP_CHECK) && - (ima_policy_flag & IMA_MEASURE)); + + violation_check = (func == FILE_CHECK || func == MMAP_CHECK) && + (ima_policy_flag & IMA_MEASURE); if (!action && !violation_check) return 0; @@ -260,7 +261,7 @@ static int process_measurement(struct file *file, char *buf, loff_t size, __putname(pathbuf); out: inode_unlock(inode); - if ((rc && must_appraise) && (ima_appraise & IMA_APPRAISE_ENFORCE)) + if (rc && must_appraise && (ima_appraise & IMA_APPRAISE_ENFORCE)) return -EACCES; return 0; } diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 95209a5f8595..efd8e1c60c10 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -41,8 +41,8 @@ #define DONT_APPRAISE 0x0008 #define AUDIT 0x0040 -#define INVALID_PCR(a) (((a) < 0) || \ - (a) >= (FIELD_SIZEOF(struct integrity_iint_cache, measured_pcrs) * 8)) +#define INVALID_PCR(a) ((a) < 0 || \ + (a) >= FIELD_SIZEOF(struct integrity_iint_cache, measured_pcrs) * 8) int ima_policy_flag; static int temp_ima_appraise; @@ -193,7 +193,7 @@ static int __init policy_setup(char *str) while ((p = strsep(&str, " |\n")) != NULL) { if (*p == ' ') continue; - if ((strcmp(p, "tcb") == 0) && !ima_policy) + if (strcmp(p, "tcb") == 0 && !ima_policy) ima_policy = DEFAULT_TCB; else if (strcmp(p, "appraise_tcb") == 0) ima_use_appraise_tcb = 1; @@ -254,13 +254,13 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, int i; if ((rule->flags & IMA_FUNC) && - (rule->func != func && func != POST_SETATTR)) + rule->func != func && func != POST_SETATTR) return false; if ((rule->flags & IMA_MASK) && - (rule->mask != mask && func != POST_SETATTR)) + rule->mask != mask && func != POST_SETATTR) return false; if ((rule->flags & IMA_INMASK) && - (!(rule->mask & mask) && func != POST_SETATTR)) + !(rule->mask & mask) && func != POST_SETATTR) return false; if ((rule->flags & IMA_FSMAGIC) && rule->fsmagic != inode->i_sb->s_magic) @@ -314,7 +314,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, struct inode *inode, default: break; } - if ((rc < 0) && (!retried)) { + if (rc < 0 && !retried) { retried = 1; ima_lsm_update_rules(); goto retry; @@ -388,7 +388,7 @@ int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask, else actmask &= ~(entry->action | entry->action >> 1); - if ((pcr) && (entry->flags & IMA_PCR)) + if (pcr && (entry->flags & IMA_PCR)) *pcr = entry->pcr; if (!actmask) @@ -627,7 +627,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) if (result < 0) break; - if ((*p == '\0') || (*p == ' ') || (*p == '\t')) + if (*p == '\0' || *p == ' ' || *p == '\t') continue; token = match_token(p, policy_tokens, args); switch (token) { @@ -686,8 +686,8 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) entry->func = MODULE_CHECK; else if (strcmp(args[0].from, "FIRMWARE_CHECK") == 0) entry->func = FIRMWARE_CHECK; - else if ((strcmp(args[0].from, "FILE_MMAP") == 0) - || (strcmp(args[0].from, "MMAP_CHECK") == 0)) + else if (strcmp(args[0].from, "FILE_MMAP") == 0 + || strcmp(args[0].from, "MMAP_CHECK") == 0) entry->func = MMAP_CHECK; else if (strcmp(args[0].from, "BPRM_CHECK") == 0) entry->func = BPRM_CHECK; @@ -714,7 +714,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) if (*from == '^') from++; - if ((strcmp(from, "MAY_EXEC")) == 0) + if (strcmp(from, "MAY_EXEC") == 0) entry->mask = MAY_EXEC; else if (strcmp(from, "MAY_WRITE") == 0) entry->mask = MAY_WRITE; @@ -757,13 +757,13 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) entry->uid_op = &uid_gt; case Opt_uid_lt: case Opt_euid_lt: - if ((token == Opt_uid_lt) || (token == Opt_euid_lt)) + if (token == Opt_uid_lt || token == Opt_euid_lt) entry->uid_op = &uid_lt; case Opt_uid_eq: case Opt_euid_eq: - uid_token = (token == Opt_uid_eq) || - (token == Opt_uid_gt) || - (token == Opt_uid_lt); + uid_token = token == Opt_uid_eq || + token == Opt_uid_gt || + token == Opt_uid_lt; ima_log_string_op(ab, uid_token ? "uid" : "euid", args[0].from, entry->uid_op); @@ -802,7 +802,8 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) result = kstrtoul(args[0].from, 10, &lnum); if (!result) { entry->fowner = make_kuid(current_user_ns(), (uid_t)lnum); - if (!uid_valid(entry->fowner) || (((uid_t)lnum) != lnum)) + if (!uid_valid(entry->fowner) || + (uid_t) lnum != lnum) result = -EINVAL; else entry->flags |= IMA_FOWNER; @@ -851,7 +852,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) } ima_log_string(ab, "appraise_type", args[0].from); - if ((strcmp(args[0].from, "imasig")) == 0) + if (strcmp(args[0].from, "imasig") == 0) entry->flags |= IMA_DIGSIG_REQUIRED; else result = -EINVAL; @@ -879,7 +880,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) break; } } - if (!result && (entry->action == UNKNOWN)) + if (!result && entry->action == UNKNOWN) result = -EINVAL; else if (entry->func == MODULE_CHECK) temp_ima_appraise |= IMA_APPRAISE_MODULES; @@ -1001,7 +1002,7 @@ void *ima_policy_next(struct seq_file *m, void *v, loff_t *pos) rcu_read_unlock(); (*pos)++; - return (&entry->list == ima_rules) ? NULL : entry; + return &entry->list == ima_rules ? NULL : entry; } void ima_policy_stop(struct seq_file *m, void *v) diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c index 7412d0291ab9..3cc1d2763fd2 100644 --- a/security/integrity/ima/ima_template.c +++ b/security/integrity/ima/ima_template.c @@ -115,8 +115,8 @@ static struct ima_template_desc *lookup_template_desc(const char *name) rcu_read_lock(); list_for_each_entry_rcu(template_desc, &defined_templates, list) { - if ((strcmp(template_desc->name, name) == 0) || - (strcmp(template_desc->fmt, name) == 0)) { + if (strcmp(template_desc->name, name) == 0 || + strcmp(template_desc->fmt, name) == 0) { found = 1; break; } @@ -233,13 +233,12 @@ int __init ima_init_template(void) struct ima_template_desc *template = ima_template_desc_current(); int result; - result = template_desc_init_fields(template->fmt, - &(template->fields), - &(template->num_fields)); + result = template_desc_init_fields(template->fmt, &template->fields, + &template->num_fields); if (result < 0) pr_err("template %s init failed, result: %d\n", - (strlen(template->name) ? - template->name : template->fmt), result); + strlen(template->name) ? template->name : template->fmt, + result); return result; } @@ -367,10 +366,10 @@ int ima_restore_measurement_list(loff_t size, void *buf) * template-data-size, template-data */ bufendp = buf + khdr->buffer_size; - while ((bufp < bufendp) && (count++ < khdr->count)) { + while (bufp < bufendp && count++ < khdr->count) { int enforce_mask = ENFORCE_FIELDS; - enforce_mask |= (count == khdr->count) ? ENFORCE_BUFEND : 0; + enforce_mask |= count == khdr->count ? ENFORCE_BUFEND : 0; ret = ima_parse_buf(bufp, bufendp, &bufp, HDR__LAST, hdr, NULL, hdr_mask, enforce_mask, "entry header"); if (ret < 0) @@ -407,8 +406,8 @@ int ima_restore_measurement_list(loff_t size, void *buf) * on boot. As needed, initialize the other template formats. */ ret = template_desc_init_fields(template_desc->fmt, - &(template_desc->fields), - &(template_desc->num_fields)); + &template_desc->fields, + &template_desc->num_fields); if (ret < 0) { pr_err("attempting to restore the template fmt \"%s\" \ failed\n", template_desc->fmt); @@ -425,8 +424,8 @@ int ima_restore_measurement_list(loff_t size, void *buf) memcpy(entry->digest, hdr[HDR_DIGEST].data, hdr[HDR_DIGEST].len); - entry->pcr = !ima_canonical_fmt ? *(hdr[HDR_PCR].data) : - le32_to_cpu(*(hdr[HDR_PCR].data)); + entry->pcr = !ima_canonical_fmt ? *hdr[HDR_PCR].data : + le32_to_cpu(*hdr[HDR_PCR].data); ret = ima_restore_measurement_entry(entry); if (ret < 0) break; diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c index 8bebcbb61162..d941260e979f 100644 --- a/security/integrity/ima/ima_template_lib.c +++ b/security/integrity/ima/ima_template_lib.c @@ -100,7 +100,7 @@ static void ima_show_template_data_binary(struct seq_file *m, enum data_formats datafmt, struct ima_field_data *field_data) { - u32 len = (show == IMA_SHOW_BINARY_OLD_STRING_FMT) ? + u32 len = show == IMA_SHOW_BINARY_OLD_STRING_FMT ? strlen(field_data->data) : field_data->len; if (show != IMA_SHOW_BINARY_NO_FIELD_LEN) { @@ -182,7 +182,7 @@ int ima_parse_buf(void *bufstartp, void *bufendp, void **bufcurp, for (i = 0; i < maxfields; i++) { if (len_mask == NULL || !test_bit(i, len_mask)) { - if (bufp > (bufendp - sizeof(u32))) + if (bufp > bufendp - sizeof(u32)) break; fields[i].len = *(u32 *)bufp; @@ -192,7 +192,7 @@ int ima_parse_buf(void *bufstartp, void *bufendp, void **bufcurp, bufp += sizeof(u32); } - if (bufp > (bufendp - fields[i].len)) + if (bufp > bufendp - fields[i].len) break; fields[i].data = bufp;