Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
  SELinux: one little, two little, three little whitespaces, the avc.c saga.
  SELinux: cleanup on isle selinuxfs.c
  changing whitespace for fun and profit: policydb.c
  SELinux: whitespace and formating fixes for hooks.c
  SELinux: clean up printks
  SELinux: sidtab.c whitespace, syntax, and static declaraction cleanups
  SELinux: services.c whitespace, syntax, and static declaraction cleanups
  SELinux: mls.c whitespace, syntax, and static declaraction cleanups
  SELinux: hashtab.c whitespace, syntax, and static declaraction cleanups
  SELinux: ebitmap.c whitespace, syntax, and static declaraction cleanups
  SELinux: conditional.c whitespace, syntax, and static declaraction cleanups
  SELinux: avtab.c whitespace, syntax, and static declaraction cleanups
  SELinux: xfrm.c whitespace, syntax, and static declaraction cleanups
  SELinux: nlmsgtab.c whitespace, syntax, and static declaraction cleanups
  SELinux: netnode.c whitespace, syntax, and static declaraction cleanups
  SELinux: netlink.c whitespace, syntax, and static declaraction cleanups
  SELinux: netlabel.c whitespace, syntax, and static declaraction cleanups
  SELinux: netif.c whitespace, syntax, and static declaraction cleanups

17 files changed, 609 insertions, 634 deletions

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index a4fc6e6d038a..1d69f6649bff 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -2,16 +2,16 @@
  * Implementation of the kernel access vector cache (AVC).
  *
  * Authors:  Stephen Smalley, <sds@epoch.ncsc.mil>
- *           James Morris <jmorris@redhat.com>
+ *	     James Morris <jmorris@redhat.com>
  *
  * Update:   KaiGai, Kohei <kaigai@ak.jp.nec.com>
- *     Replaced the avc_lock spinlock by RCU.
+ *	Replaced the avc_lock spinlock by RCU.
  *
  * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
  *
  *	This program is free software; you can redistribute it and/or modify
  *	it under the terms of the GNU General Public License version 2,
- *      as published by the Free Software Foundation.
+ *	as published by the Free Software Foundation.
  */
 #include <linux/types.h>
 #include <linux/stddef.h>
@@ -44,7 +44,7 @@ static const char *class_to_string[] = {
 #undef S_
 };
 
-#define TB_(s) static const char * s [] = {
+#define TB_(s) static const char *s[] = {
 #define TE_(s) };
 #define S_(s) s,
 #include "common_perm_to_string.h"
@@ -72,7 +72,7 @@ const struct selinux_class_perm selinux_class_perm = {
 #define AVC_CACHE_RECLAIM		16
 
 #ifdef CONFIG_SECURITY_SELINUX_AVC_STATS
-#define avc_cache_stats_incr(field) 				\
+#define avc_cache_stats_incr(field)				\
 do {								\
 	per_cpu(avc_cache_stats, get_cpu()).field++;		\
 	put_cpu();						\
@@ -92,7 +92,7 @@ struct avc_entry {
 struct avc_node {
 	struct avc_entry	ae;
 	struct list_head	list;
-	struct rcu_head         rhead;
+	struct rcu_head		rhead;
 };
 
 struct avc_cache {
@@ -105,8 +105,8 @@ struct avc_cache {
 
 struct avc_callback_node {
 	int (*callback) (u32 event, u32 ssid, u32 tsid,
-	                 u16 tclass, u32 perms,
-	                 u32 *out_retained);
+			 u16 tclass, u32 perms,
+			 u32 *out_retained);
 	u32 events;
 	u32 ssid;
 	u32 tsid;
@@ -202,7 +202,7 @@ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tcla
 	char *scontext;
 	u32 scontext_len;
 
- 	rc = security_sid_to_context(ssid, &scontext, &scontext_len);
+	rc = security_sid_to_context(ssid, &scontext, &scontext_len);
 	if (rc)
 		audit_log_format(ab, "ssid=%d", ssid);
 	else {
@@ -306,7 +306,7 @@ static inline int avc_reclaim_node(void)
 	int hvalue, try, ecx;
 	unsigned long flags;
 
-	for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++ ) {
+	for (try = 0, ecx = 0; try < AVC_CACHE_SLOTS; try++) {
 		hvalue = atomic_inc_return(&avc_cache.lru_hint) & (AVC_CACHE_SLOTS - 1);
 
 		if (!spin_trylock_irqsave(&avc_cache.slots_lock[hvalue], flags))
@@ -426,7 +426,7 @@ static int avc_latest_notif_update(int seqno, int is_insert)
 	spin_lock_irqsave(&notif_lock, flag);
 	if (is_insert) {
 		if (seqno < avc_cache.latest_notif) {
-			printk(KERN_WARNING "avc:  seqno %d < latest_notif %d\n",
+			printk(KERN_WARNING "SELinux: avc:  seqno %d < latest_notif %d\n",
 			       seqno, avc_cache.latest_notif);
 			ret = -EAGAIN;
 		}
@@ -475,7 +475,7 @@ static struct avc_node *avc_insert(u32 ssid, u32 tsid, u16 tclass, struct avc_en
 			if (pos->ae.ssid == ssid &&
 			    pos->ae.tsid == tsid &&
 			    pos->ae.tclass == tclass) {
-			    	avc_node_replace(node, pos);
+				avc_node_replace(node, pos);
 				goto found;
 			}
 		}
@@ -526,8 +526,8 @@ static inline void avc_print_ipv4_addr(struct audit_buffer *ab, __be32 addr,
  * before calling the auditing code.
  */
 void avc_audit(u32 ssid, u32 tsid,
-               u16 tclass, u32 requested,
-               struct av_decision *avd, int result, struct avc_audit_data *a)
+	       u16 tclass, u32 requested,
+	       struct av_decision *avd, int result, struct avc_audit_data *a)
 {
 	struct task_struct *tsk = current;
 	struct inode *inode = NULL;
@@ -541,7 +541,7 @@ void avc_audit(u32 ssid, u32 tsid,
 			return;
 	} else if (result) {
 		audited = denied = requested;
-        } else {
+	} else {
 		audited = requested;
 		if (!(audited & avd->auditallow))
 			return;
@@ -551,7 +551,7 @@ void avc_audit(u32 ssid, u32 tsid,
 	if (!ab)
 		return;		/* audit_panic has been called */
 	audit_log_format(ab, "avc:  %s ", denied ? "denied" : "granted");
-	avc_dump_av(ab, tclass,audited);
+	avc_dump_av(ab, tclass, audited);
 	audit_log_format(ab, " for ");
 	if (a && a->tsk)
 		tsk = a->tsk;
@@ -647,7 +647,7 @@ void avc_audit(u32 ssid, u32 tsid,
 					break;
 				}
 			}
-			
+
 			switch (a->u.net.family) {
 			case AF_INET:
 				avc_print_ipv4_addr(ab, a->u.net.v4info.saddr,
@@ -702,10 +702,10 @@ void avc_audit(u32 ssid, u32 tsid,
  * -%ENOMEM if insufficient memory exists to add the callback.
  */
 int avc_add_callback(int (*callback)(u32 event, u32 ssid, u32 tsid,
-                                     u16 tclass, u32 perms,
-                                     u32 *out_retained),
-                     u32 events, u32 ssid, u32 tsid,
-                     u16 tclass, u32 perms)
+				     u16 tclass, u32 perms,
+				     u32 *out_retained),
+		     u32 events, u32 ssid, u32 tsid,
+		     u16 tclass, u32 perms)
 {
 	struct avc_callback_node *c;
 	int rc = 0;
@@ -759,10 +759,10 @@ static int avc_update_node(u32 event, u32 perms, u32 ssid, u32 tsid, u16 tclass)
 	hvalue = avc_hash(ssid, tsid, tclass);
 	spin_lock_irqsave(&avc_cache.slots_lock[hvalue], flag);
 
-	list_for_each_entry(pos, &avc_cache.slots[hvalue], list){
-		if ( ssid==pos->ae.ssid &&
-		     tsid==pos->ae.tsid &&
-		     tclass==pos->ae.tclass ){
+	list_for_each_entry(pos, &avc_cache.slots[hvalue], list) {
+		if (ssid == pos->ae.ssid &&
+		    tsid == pos->ae.tsid &&
+		    tclass == pos->ae.tclass){
 			orig = pos;
 			break;
 		}
@@ -829,7 +829,7 @@ int avc_ss_reset(u32 seqno)
 	for (c = avc_callbacks; c; c = c->next) {
 		if (c->events & AVC_CALLBACK_RESET) {
 			tmprc = c->callback(AVC_CALLBACK_RESET,
-			                    0, 0, 0, 0, NULL);
+					    0, 0, 0, 0, NULL);
 			/* save the first error encountered for the return
 			   value and continue processing the callbacks */
 			if (!rc)
@@ -878,11 +878,11 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
 	node = avc_lookup(ssid, tsid, tclass, requested);
 	if (!node) {
 		rcu_read_unlock();
-		rc = security_compute_av(ssid,tsid,tclass,requested,&entry.avd);
+		rc = security_compute_av(ssid, tsid, tclass, requested, &entry.avd);
 		if (rc)
 			goto out;
 		rcu_read_lock();
-		node = avc_insert(ssid,tsid,tclass,&entry);
+		node = avc_insert(ssid, tsid, tclass, &entry);
 	}
 
 	p_ae = node ? &node->ae : &entry;
@@ -924,7 +924,7 @@ out:
  * another -errno upon other errors.
  */
 int avc_has_perm(u32 ssid, u32 tsid, u16 tclass,
-                 u32 requested, struct avc_audit_data *auditdata)
+		 u32 requested, struct avc_audit_data *auditdata)
 {
 	struct av_decision avd;
 	int rc;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index f9927f02bc3d..1bf2543ea942 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4,22 +4,22 @@
  *  This file contains the SELinux hook function implementations.
  *
  *  Authors:  Stephen Smalley, <sds@epoch.ncsc.mil>
- *            Chris Vance, <cvance@nai.com>
- *            Wayne Salamon, <wsalamon@nai.com>
- *            James Morris <jmorris@redhat.com>
+ *	      Chris Vance, <cvance@nai.com>
+ *	      Wayne Salamon, <wsalamon@nai.com>
+ *	      James Morris <jmorris@redhat.com>
  *
  *  Copyright (C) 2001,2002 Networks Associates Technology, Inc.
  *  Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
  *  Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
- *                          <dgoeddel@trustedcs.com>
+ *			    <dgoeddel@trustedcs.com>
  *  Copyright (C) 2006, 2007 Hewlett-Packard Development Company, L.P.
- *                Paul Moore <paul.moore@hp.com>
+ *		Paul Moore <paul.moore@hp.com>
  *  Copyright (C) 2007 Hitachi Software Engineering Co., Ltd.
- *                     Yuichi Nakamura <ynakam@hitachisoft.jp>
+ *		       Yuichi Nakamura <ynakam@hitachisoft.jp>
  *
  *	This program is free software; you can redistribute it and/or modify
  *	it under the terms of the GNU General Public License version 2,
- *      as published by the Free Software Foundation.
+ *	as published by the Free Software Foundation.
  */
 
 #include <linux/init.h>
@@ -99,11 +99,11 @@ extern struct security_operations *security_ops;
 atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
 
 #ifdef CONFIG_SECURITY_SELINUX_DEVELOP
-int selinux_enforcing = 0;
+int selinux_enforcing;
 
 static int __init enforcing_setup(char *str)
 {
-	selinux_enforcing = simple_strtol(str,NULL,0);
+	selinux_enforcing = simple_strtol(str, NULL, 0);
 	return 1;
 }
 __setup("enforcing=", enforcing_setup);
@@ -123,13 +123,13 @@ int selinux_enabled = 1;
 #endif
 
 /* Original (dummy) security module. */
-static struct security_operations *original_ops = NULL;
+static struct security_operations *original_ops;
 
 /* Minimal support for a secondary security module,
    just to allow the use of the dummy or capability modules.
    The owlsm module can alternatively be used as a secondary
    module as long as CONFIG_OWLSM_FD is not enabled. */
-static struct security_operations *secondary_ops = NULL;
+static struct security_operations *secondary_ops;
 
 /* Lists of inode and superblock security structures initialized
    before the policy was loaded. */
@@ -575,8 +575,8 @@ static int selinux_set_mnt_opts(struct super_block *sb,
 			goto out;
 		}
 		rc = -EINVAL;
-		printk(KERN_WARNING "Unable to set superblock options before "
-		       "the security server is initialized\n");
+		printk(KERN_WARNING "SELinux: Unable to set superblock options "
+			"before the security server is initialized\n");
 		goto out;
 	}
 
@@ -1054,7 +1054,7 @@ static int selinux_proc_get_sid(struct proc_dir_entry *de,
 	int buflen, rc;
 	char *buffer, *path, *end;
 
-	buffer = (char*)__get_free_page(GFP_KERNEL);
+	buffer = (char *)__get_free_page(GFP_KERNEL);
 	if (!buffer)
 		return -ENOMEM;
 
@@ -1135,7 +1135,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
 			dentry = d_find_alias(inode);
 		}
 		if (!dentry) {
-			printk(KERN_WARNING "%s:  no dentry for dev=%s "
+			printk(KERN_WARNING "SELinux: %s:  no dentry for dev=%s "
 			       "ino=%ld\n", __func__, inode->i_sb->s_id,
 			       inode->i_ino);
 			goto out_unlock;
@@ -1173,7 +1173,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
 		dput(dentry);
 		if (rc < 0) {
 			if (rc != -ENODATA) {
-				printk(KERN_WARNING "%s:  getxattr returned "
+				printk(KERN_WARNING "SELinux: %s:  getxattr returned "
 				       "%d for dev=%s ino=%ld\n", __func__,
 				       -rc, inode->i_sb->s_id, inode->i_ino);
 				kfree(context);
@@ -1187,7 +1187,7 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
 							     sbsec->def_sid,
 							     GFP_NOFS);
 			if (rc) {
-				printk(KERN_WARNING "%s:  context_to_sid(%s) "
+				printk(KERN_WARNING "SELinux: %s:  context_to_sid(%s) "
 				       "returned %d for dev=%s ino=%ld\n",
 				       __func__, context, -rc,
 				       inode->i_sb->s_id, inode->i_ino);
@@ -1305,7 +1305,7 @@ static int task_has_capability(struct task_struct *tsk,
 
 	tsec = tsk->security;
 
-	AVC_AUDIT_DATA_INIT(&ad,CAP);
+	AVC_AUDIT_DATA_INIT(&ad, CAP);
 	ad.tsk = tsk;
 	ad.u.cap = cap;
 
@@ -1348,7 +1348,7 @@ static int inode_has_perm(struct task_struct *tsk,
 	struct inode_security_struct *isec;
 	struct avc_audit_data ad;
 
-	if (unlikely (IS_PRIVATE (inode)))
+	if (unlikely(IS_PRIVATE(inode)))
 		return 0;
 
 	tsec = tsk->security;
@@ -1373,7 +1373,7 @@ static inline int dentry_has_perm(struct task_struct *tsk,
 {
 	struct inode *inode = dentry->d_inode;
 	struct avc_audit_data ad;
-	AVC_AUDIT_DATA_INIT(&ad,FS);
+	AVC_AUDIT_DATA_INIT(&ad, FS);
 	ad.u.fs.path.mnt = mnt;
 	ad.u.fs.path.dentry = dentry;
 	return inode_has_perm(tsk, inode, av, &ad);
@@ -1470,9 +1470,9 @@ static int may_create_key(u32 ksid,
 	return avc_has_perm(tsec->sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL);
 }
 
-#define MAY_LINK   0
-#define MAY_UNLINK 1
-#define MAY_RMDIR  2
+#define MAY_LINK	0
+#define MAY_UNLINK	1
+#define MAY_RMDIR	2
 
 /* Check whether a task can link, unlink, or rmdir a file/directory. */
 static int may_link(struct inode *dir,
@@ -1510,7 +1510,8 @@ static int may_link(struct inode *dir,
 		av = DIR__RMDIR;
 		break;
 	default:
-		printk(KERN_WARNING "may_link:  unrecognized kind %d\n", kind);
+		printk(KERN_WARNING "SELinux: %s:  unrecognized kind %d\n",
+			__func__, kind);
 		return 0;
 	}
 
@@ -1640,8 +1641,8 @@ static inline u32 open_file_mask_to_av(int mode, int mask)
 		else if (S_ISDIR(mode))
 			av |= DIR__OPEN;
 		else
-			printk(KERN_ERR "SELinux: WARNING: inside open_file_to_av "
-				"with unknown mode:%x\n", mode);
+			printk(KERN_ERR "SELinux: WARNING: inside %s with "
+				"unknown mode:%x\n", __func__, mode);
 	}
 	return av;
 }
@@ -1675,7 +1676,7 @@ static int selinux_ptrace(struct task_struct *parent, struct task_struct *child)
 {
 	int rc;
 
-	rc = secondary_ops->ptrace(parent,child);
+	rc = secondary_ops->ptrace(parent, child);
 	if (rc)
 		return rc;
 
@@ -1683,7 +1684,7 @@ static int selinux_ptrace(struct task_struct *parent, struct task_struct *child)
 }
 
 static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
-                          kernel_cap_t *inheritable, kernel_cap_t *permitted)
+			  kernel_cap_t *inheritable, kernel_cap_t *permitted)
 {
 	int error;
 
@@ -1695,7 +1696,7 @@ static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
 }
 
 static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effective,
-                                kernel_cap_t *inheritable, kernel_cap_t *permitted)
+				kernel_cap_t *inheritable, kernel_cap_t *permitted)
 {
 	int error;
 
@@ -1707,7 +1708,7 @@ static int selinux_capset_check(struct task_struct *target, kernel_cap_t *effect
 }
 
 static void selinux_capset_set(struct task_struct *target, kernel_cap_t *effective,
-                               kernel_cap_t *inheritable, kernel_cap_t *permitted)
+			       kernel_cap_t *inheritable, kernel_cap_t *permitted)
 {
 	secondary_ops->capset_set(target, effective, inheritable, permitted);
 }
@@ -1720,7 +1721,7 @@ static int selinux_capable(struct task_struct *tsk, int cap)
 	if (rc)
 		return rc;
 
-	return task_has_capability(tsk,cap);
+	return task_has_capability(tsk, cap);
 }
 
 static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)
@@ -1729,7 +1730,7 @@ static int selinux_sysctl_get_sid(ctl_table *table, u16 tclass, u32 *sid)
 	char *buffer, *path, *end;
 
 	rc = -ENOMEM;
-	buffer = (char*)__get_free_page(GFP_KERNEL);
+	buffer = (char *)__get_free_page(GFP_KERNEL);
 	if (!buffer)
 		goto out;
 
@@ -1787,7 +1788,7 @@ static int selinux_sysctl(ctl_table *table, int op)
 
 	/* The op values are "defined" in sysctl.c, thereby creating
 	 * a bad coupling between this module and sysctl.c */
-	if(op == 001) {
+	if (op == 001) {
 		error = avc_has_perm(tsec->sid, tsid,
 				     SECCLASS_DIR, DIR__SEARCH, NULL);
 	} else {
@@ -1799,7 +1800,7 @@ static int selinux_sysctl(ctl_table *table, int op)
 		if (av)
 			error = avc_has_perm(tsec->sid, tsid,
 					     SECCLASS_FILE, av, NULL);
-        }
+	}
 
 	return error;
 }
@@ -1812,25 +1813,23 @@ static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
 		return 0;
 
 	switch (cmds) {
-		case Q_SYNC:
-		case Q_QUOTAON:
-		case Q_QUOTAOFF:
-	        case Q_SETINFO:
-		case Q_SETQUOTA:
-			rc = superblock_has_perm(current,
-						 sb,
-						 FILESYSTEM__QUOTAMOD, NULL);
-			break;
-	        case Q_GETFMT:
-	        case Q_GETINFO:
-		case Q_GETQUOTA:
-			rc = superblock_has_perm(current,
-						 sb,
-						 FILESYSTEM__QUOTAGET, NULL);
-			break;
-		default:
-			rc = 0;  /* let the kernel handle invalid cmds */
-			break;
+	case Q_SYNC:
+	case Q_QUOTAON:
+	case Q_QUOTAOFF:
+	case Q_SETINFO:
+	case Q_SETQUOTA:
+		rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAMOD,
+					 NULL);
+		break;
+	case Q_GETFMT:
+	case Q_GETINFO:
+	case Q_GETQUOTA:
+		rc = superblock_has_perm(current, sb, FILESYSTEM__QUOTAGET,
+					 NULL);
+		break;
+	default:
+		rc = 0;  /* let the kernel handle invalid cmds */
+		break;
 	}
 	return rc;
 }
@@ -1849,23 +1848,23 @@ static int selinux_syslog(int type)
 		return rc;
 
 	switch (type) {
-		case 3:         /* Read last kernel messages */
-		case 10:        /* Return size of the log buffer */
-			rc = task_has_system(current, SYSTEM__SYSLOG_READ);
-			break;
-		case 6:         /* Disable logging to console */
-		case 7:         /* Enable logging to console */
-		case 8:		/* Set level of messages printed to console */
-			rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
-			break;
-		case 0:         /* Close log */
-		case 1:         /* Open log */
-		case 2:         /* Read from log */
-		case 4:         /* Read/clear last kernel messages */
-		case 5:         /* Clear ring buffer */
-		default:
-			rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
-			break;
+	case 3:		/* Read last kernel messages */
+	case 10:	/* Return size of the log buffer */
+		rc = task_has_system(current, SYSTEM__SYSLOG_READ);
+		break;
+	case 6:		/* Disable logging to console */
+	case 7:		/* Enable logging to console */
+	case 8:		/* Set level of messages printed to console */
+		rc = task_has_system(current, SYSTEM__SYSLOG_CONSOLE);
+		break;
+	case 0:		/* Close log */
+	case 1:		/* Open log */
+	case 2:		/* Read from log */
+	case 4:		/* Read/clear last kernel messages */
+	case 5:		/* Clear ring buffer */
+	default:
+		rc = task_has_system(current, SYSTEM__SYSLOG_MOD);
+		break;
 	}
 	return rc;
 }
@@ -1971,7 +1970,7 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm)
 	} else {
 		/* Check for a default transition on this program. */
 		rc = security_transition_sid(tsec->sid, isec->sid,
-		                             SECCLASS_PROCESS, &newsid);
+					     SECCLASS_PROCESS, &newsid);
 		if (rc)
 			return rc;
 	}
@@ -1982,7 +1981,7 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm)
 	if (bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)
 		newsid = tsec->sid;
 
-        if (tsec->sid == newsid) {
+	if (tsec->sid == newsid) {
 		rc = avc_has_perm(tsec->sid, isec->sid,
 				  SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, &ad);
 		if (rc)
@@ -2010,13 +2009,13 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm)
 	return 0;
 }
 
-static int selinux_bprm_check_security (struct linux_binprm *bprm)
+static int selinux_bprm_check_security(struct linux_binprm *bprm)
 {
 	return secondary_ops->bprm_check_security(bprm);
 }
 
 
-static int selinux_bprm_secureexec (struct linux_binprm *bprm)
+static int selinux_bprm_secureexec(struct linux_binprm *bprm)
 {
 	struct task_security_struct *tsec = current->security;
 	int atsecure = 0;
@@ -2043,7 +2042,7 @@ extern struct vfsmount *selinuxfs_mount;
 extern struct dentry *selinux_null;
 
 /* Derived from fs/exec.c:flush_old_files. */
-static inline void flush_unauthorized_files(struct files_struct * files)
+static inline void flush_unauthorized_files(struct files_struct *files)
 {
 	struct avc_audit_data ad;
 	struct file *file, *devnull = NULL;
@@ -2078,7 +2077,7 @@ static inline void flush_unauthorized_files(struct files_struct * files)
 
 	/* Revalidate access to inherited open files. */
 
-	AVC_AUDIT_DATA_INIT(&ad,FS);
+	AVC_AUDIT_DATA_INIT(&ad, FS);
 
 	spin_lock(&files->file_lock);
 	for (;;) {
@@ -2094,7 +2093,7 @@ static inline void flush_unauthorized_files(struct files_struct * files)
 		if (!set)
 			continue;
 		spin_unlock(&files->file_lock);
-		for ( ; set ; i++,set >>= 1) {
+		for ( ; set ; i++, set >>= 1) {
 			if (set & 1) {
 				file = fget(i);
 				if (!file)
@@ -2251,7 +2250,7 @@ static void selinux_bprm_post_apply_creds(struct linux_binprm *bprm)
 		for (i = 0; i < RLIM_NLIMITS; i++) {
 			rlim = current->signal->rlim + i;
 			initrlim = init_task.signal->rlim+i;
-			rlim->rlim_cur = min(rlim->rlim_max,initrlim->rlim_cur);
+			rlim->rlim_cur = min(rlim->rlim_max, initrlim->rlim_cur);
 		}
 		if (current->signal->rlim[RLIMIT_CPU].rlim_cur != RLIM_INFINITY) {
 			/*
@@ -2306,16 +2305,15 @@ static inline void take_option(char **to, char *from, int *first, int len)
 	*to += len;
 }
 
-static inline void take_selinux_option(char **to, char *from, int *first, 
-		                       int len)
+static inline void take_selinux_option(char **to, char *from, int *first,
+				       int len)
 {
 	int current_size = 0;
 
 	if (!*first) {
 		**to = '|';
 		*to += 1;
-	}
-	else
+	} else
 		*first = 0;
 
 	while (current_size < len) {
@@ -2379,7 +2377,7 @@ static int selinux_sb_kern_mount(struct super_block *sb, void *data)
 	if (rc)
 		return rc;
 
-	AVC_AUDIT_DATA_INIT(&ad,FS);
+	AVC_AUDIT_DATA_INIT(&ad, FS);
 	ad.u.fs.path.dentry = sb->s_root;
 	return superblock_has_perm(current, sb, FILESYSTEM__MOUNT, &ad);
 }
@@ -2388,16 +2386,16 @@ static int selinux_sb_statfs(struct dentry *dentry)
 {
 	struct avc_audit_data ad;
 
-	AVC_AUDIT_DATA_INIT(&ad,FS);
+	AVC_AUDIT_DATA_INIT(&ad, FS);
 	ad.u.fs.path.dentry = dentry->d_sb->s_root;
 	return superblock_has_perm(current, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
 }
 
-static int selinux_mount(char * dev_name,
-                         struct nameidata *nd,
-                         char * type,
-                         unsigned long flags,
-                         void * data)
+static int selinux_mount(char *dev_name,
+			 struct nameidata *nd,
+			 char *type,
+			 unsigned long flags,
+			 void *data)
 {
 	int rc;
 
@@ -2407,10 +2405,10 @@ static int selinux_mount(char * dev_name,
 
 	if (flags & MS_REMOUNT)
 		return superblock_has_perm(current, nd->path.mnt->mnt_sb,
-		                           FILESYSTEM__REMOUNT, NULL);
+					   FILESYSTEM__REMOUNT, NULL);
 	else
 		return dentry_has_perm(current, nd->path.mnt, nd->path.dentry,
-		                       FILE__MOUNTON);
+				       FILE__MOUNTON);
 }
 
 static int selinux_umount(struct vfsmount *mnt, int flags)
@@ -2421,8 +2419,8 @@ static int selinux_umount(struct vfsmount *mnt, int flags)
 	if (rc)
 		return rc;
 
-	return superblock_has_perm(current,mnt->mnt_sb,
-	                           FILESYSTEM__UNMOUNT,NULL);
+	return superblock_has_perm(current, mnt->mnt_sb,
+				   FILESYSTEM__UNMOUNT, NULL);
 }
 
 /* inode security operations */
@@ -2508,7 +2506,7 @@ static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, stru
 {
 	int rc;
 
-	rc = secondary_ops->inode_link(old_dentry,dir,new_dentry);
+	rc = secondary_ops->inode_link(old_dentry, dir, new_dentry);
 	if (rc)
 		return rc;
 	return may_link(dir, old_dentry, MAY_LINK);
@@ -2551,7 +2549,7 @@ static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mod
 }
 
 static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
-                                struct inode *new_inode, struct dentry *new_dentry)
+				struct inode *new_inode, struct dentry *new_dentry)
 {
 	return may_rename(old_inode, old_dentry, new_inode, new_dentry);
 }
@@ -2565,7 +2563,7 @@ static int selinux_inode_follow_link(struct dentry *dentry, struct nameidata *na
 {
 	int rc;
 
-	rc = secondary_ops->inode_follow_link(dentry,nameidata);
+	rc = secondary_ops->inode_follow_link(dentry, nameidata);
 	if (rc)
 		return rc;
 	return dentry_has_perm(current, NULL, dentry, FILE__READ);
@@ -2651,7 +2649,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value
 	if (!is_owner_or_cap(inode))
 		return -EPERM;
 
-	AVC_AUDIT_DATA_INIT(&ad,FS);
+	AVC_AUDIT_DATA_INIT(&ad, FS);
 	ad.u.fs.path.dentry = dentry;
 
 	rc = avc_has_perm(tsec->sid, isec->sid, isec->sclass,
@@ -2669,7 +2667,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value
 		return rc;
 
 	rc = security_validate_transition(isec->sid, newsid, tsec->sid,
-	                                  isec->sclass);
+					  isec->sclass);
 	if (rc)
 		return rc;
 
@@ -2681,7 +2679,7 @@ static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value
 }
 
 static void selinux_inode_post_setxattr(struct dentry *dentry, char *name,
-                                        void *value, size_t size, int flags)
+					void *value, size_t size, int flags)
 {
 	struct inode *inode = dentry->d_inode;
 	struct inode_security_struct *isec = inode->i_security;
@@ -2704,17 +2702,17 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, char *name,
 	return;
 }
 
-static int selinux_inode_getxattr (struct dentry *dentry, char *name)
+static int selinux_inode_getxattr(struct dentry *dentry, char *name)
 {
 	return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
 }
 
-static int selinux_inode_listxattr (struct dentry *dentry)
+static int selinux_inode_listxattr(struct dentry *dentry)
 {
 	return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
 }
 
-static int selinux_inode_removexattr (struct dentry *dentry, char *name)
+static int selinux_inode_removexattr(struct dentry *dentry, char *name)
 {
 	if (strcmp(name, XATTR_NAME_SELINUX))
 		return selinux_inode_setotherxattr(dentry, name);
@@ -2755,7 +2753,7 @@ out_nofree:
 }
 
 static int selinux_inode_setsecurity(struct inode *inode, const char *name,
-                                     const void *value, size_t size, int flags)
+				     const void *value, size_t size, int flags)
 {
 	struct inode_security_struct *isec = inode->i_security;
 	u32 newsid;
@@ -2767,7 +2765,7 @@ static int selinux_inode_setsecurity(struct inode *inode, const char *name,
 	if (!value || !size)
 		return -EACCES;
 
-	rc = security_context_to_sid((void*)value, size, &newsid);
+	rc = security_context_to_sid((void *)value, size, &newsid);
 	if (rc)
 		return rc;
 
@@ -2858,42 +2856,41 @@ static int selinux_file_ioctl(struct file *file, unsigned int cmd,
 	int error = 0;
 
 	switch (cmd) {
-		case FIONREAD:
-		/* fall through */
-		case FIBMAP:
-		/* fall through */
-		case FIGETBSZ:
-		/* fall through */
-		case EXT2_IOC_GETFLAGS:
-		/* fall through */
-		case EXT2_IOC_GETVERSION:
-			error = file_has_perm(current, file, FILE__GETATTR);
-			break;
-
-		case EXT2_IOC_SETFLAGS:
-		/* fall through */
-		case EXT2_IOC_SETVERSION:
-			error = file_has_perm(current, file, FILE__SETATTR);
-			break;
+	case FIONREAD:
+	/* fall through */
+	case FIBMAP:
+	/* fall through */
+	case FIGETBSZ:
+	/* fall through */
+	case EXT2_IOC_GETFLAGS:
+	/* fall through */
+	case EXT2_IOC_GETVERSION:
+		error = file_has_perm(current, file, FILE__GETATTR);
+		break;
 
-		/* sys_ioctl() checks */
-		case FIONBIO:
-		/* fall through */
-		case FIOASYNC:
-			error = file_has_perm(current, file, 0);
-			break;
+	case EXT2_IOC_SETFLAGS:
+	/* fall through */
+	case EXT2_IOC_SETVERSION:
+		error = file_has_perm(current, file, FILE__SETATTR);
+		break;
 
-	        case KDSKBENT:
-	        case KDSKBSENT:
-			error = task_has_capability(current,CAP_SYS_TTY_CONFIG);
-			break;
+	/* sys_ioctl() checks */
+	case FIONBIO:
+	/* fall through */
+	case FIOASYNC:
+		error = file_has_perm(current, file, 0);
+		break;
 
-		/* default case assumes that the command will go
-		 * to the file's ioctl() function.
-		 */
-		default:
-			error = file_has_perm(current, file, FILE__IOCTL);
+	case KDSKBENT:
+	case KDSKBSENT:
+		error = task_has_capability(current, CAP_SYS_TTY_CONFIG);
+		break;
 
+	/* default case assumes that the command will go
+	 * to the file's ioctl() function.
+	 */
+	default:
+		error = file_has_perm(current, file, FILE__IOCTL);
 	}
 	return error;
 }
@@ -2934,7 +2931,7 @@ static int selinux_file_mmap(struct file *file, unsigned long reqprot,
 			     unsigned long addr, unsigned long addr_only)
 {
 	int rc = 0;
-	u32 sid = ((struct task_security_struct*)(current->security))->sid;
+	u32 sid = ((struct task_security_struct *)(current->security))->sid;
 
 	if (addr < mmap_min_addr)
 		rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
@@ -3003,39 +3000,39 @@ static int selinux_file_fcntl(struct file *file, unsigned int cmd,
 	int err = 0;
 
 	switch (cmd) {
-	        case F_SETFL:
-			if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
-				err = -EINVAL;
-				break;
-			}
+	case F_SETFL:
+		if (!file->f_path.dentry || !file->f_path.dentry->d_inode) {
+			err = -EINVAL;
+			break;
+		}
 
-			if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
-				err = file_has_perm(current, file,FILE__WRITE);
-				break;
-			}
-			/* fall through */
-	        case F_SETOWN:
-	        case F_SETSIG:
-	        case F_GETFL:
-	        case F_GETOWN:
-	        case F_GETSIG:
-			/* Just check FD__USE permission */
-			err = file_has_perm(current, file, 0);
+		if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
+			err = file_has_perm(current, file, FILE__WRITE);
 			break;
-		case F_GETLK:
-		case F_SETLK:
-	        case F_SETLKW:
+		}
+		/* fall through */
+	case F_SETOWN:
+	case F_SETSIG:
+	case F_GETFL:
+	case F_GETOWN:
+	case F_GETSIG:
+		/* Just check FD__USE permission */
+		err = file_has_perm(current, file, 0);
+		break;
+	case F_GETLK:
+	case F_SETLK:
+	case F_SETLKW:
 #if BITS_PER_LONG == 32
-	        case F_GETLK64:
-		case F_SETLK64:
-	        case F_SE