summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--security/selinux/avc.c13
-rw-r--r--security/selinux/netlabel.c7
-rw-r--r--security/selinux/netport.c2
-rw-r--r--security/selinux/ss/hashtab.c1
-rw-r--r--security/selinux/ss/mls.c4
-rw-r--r--security/selinux/ss/services.c14
6 files changed, 33 insertions, 8 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 97f4c944a20f..abcd9740d10f 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -547,6 +547,7 @@ static inline struct avc_node *avc_search_node(struct selinux_avc *avc,
/**
* avc_lookup - Look up an AVC entry.
+ * @avc: the access vector cache
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
@@ -597,6 +598,7 @@ static int avc_latest_notif_update(struct selinux_avc *avc,
/**
* avc_insert - Insert an AVC entry.
+ * @avc: the access vector cache
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
@@ -825,9 +827,14 @@ out:
/**
* avc_update_node - Update an AVC entry
+ * @avc: the access vector cache
* @event : Updating event
* @perms : Permission mask bits
- * @ssid,@tsid,@tclass : identifier of an AVC entry
+ * @driver: xperm driver information
+ * @xperm: xperm permissions
+ * @ssid: AVC entry source sid
+ * @tsid: AVC entry target sid
+ * @tclass : AVC entry target object class
* @seqno : sequence number when decision was made
* @xpd: extended_perms_decision to be added to the node
* @flags: the AVC_* flags, e.g. AVC_EXTENDED_PERMS, or 0.
@@ -928,6 +935,7 @@ out:
/**
* avc_flush - Flush the cache
+ * @avc: the access vector cache
*/
static void avc_flush(struct selinux_avc *avc)
{
@@ -956,6 +964,7 @@ static void avc_flush(struct selinux_avc *avc)
/**
* avc_ss_reset - Flush the cache and revalidate migrated permissions.
+ * @avc: the access vector cache
* @seqno: policy sequence number
*/
int avc_ss_reset(struct selinux_avc *avc, u32 seqno)
@@ -1105,6 +1114,7 @@ decision:
/**
* avc_has_perm_noaudit - Check permissions but perform no auditing.
+ * @state: SELinux state
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
@@ -1156,6 +1166,7 @@ inline int avc_has_perm_noaudit(struct selinux_state *state,
/**
* avc_has_perm - Check permissions and perform any appropriate auditing.
+ * @state: SELinux state
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c
index abaab7683840..29b88e81869b 100644
--- a/security/selinux/netlabel.c
+++ b/security/selinux/netlabel.c
@@ -29,6 +29,7 @@
/**
* selinux_netlbl_sidlookup_cached - Cache a SID lookup
* @skb: the packet
+ * @family: the packet's address family
* @secattr: the NetLabel security attributes
* @sid: the SID
*
@@ -128,6 +129,7 @@ void selinux_netlbl_cache_invalidate(void)
/**
* selinux_netlbl_err - Handle a NetLabel packet error
* @skb: the packet
+ * @family: the packet's address family
* @error: the error code
* @gateway: true if host is acting as a gateway, false otherwise
*
@@ -160,7 +162,6 @@ void selinux_netlbl_sk_security_free(struct sk_security_struct *sksec)
/**
* selinux_netlbl_sk_security_reset - Reset the NetLabel fields
* @sksec: the sk_security_struct
- * @family: the socket family
*
* Description:
* Called when the NetLabel state of a sk_security_struct needs to be reset.
@@ -313,6 +314,7 @@ assoc_request_return:
/**
* selinux_netlbl_inet_conn_request - Label an incoming stream connection
* @req: incoming connection request socket
+ * @family: the request socket's address family
*
* Description:
* A new incoming connection request is represented by @req, we need to label
@@ -343,6 +345,7 @@ inet_conn_request_return:
/**
* selinux_netlbl_inet_csk_clone - Initialize the newly created sock
* @sk: the new sock
+ * @family: the sock's address family
*
* Description:
* A new connection has been established using @sk, we've already labeled the
@@ -378,7 +381,7 @@ void selinux_netlbl_sctp_sk_clone(struct sock *sk, struct sock *newsk)
/**
* selinux_netlbl_socket_post_create - Label a socket using NetLabel
- * @sock: the socket to label
+ * @sk: the sock to label
* @family: protocol family
*
* Description:
diff --git a/security/selinux/netport.c b/security/selinux/netport.c
index b8bc3897891d..9ba09d11c0f5 100644
--- a/security/selinux/netport.c
+++ b/security/selinux/netport.c
@@ -73,7 +73,7 @@ static unsigned int sel_netport_hashfn(u16 pnum)
/**
* sel_netport_find - Search for a port record
* @protocol: protocol
- * @port: pnum
+ * @pnum: port
*
* Description:
* Search the network port table and return the matching record. If an entry
diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c
index b8f6b3e0a921..727c3b484bd3 100644
--- a/security/selinux/ss/hashtab.c
+++ b/security/selinux/ss/hashtab.c
@@ -8,6 +8,7 @@
#include <linux/slab.h>
#include <linux/errno.h>
#include "hashtab.h"
+#include "security.h"
static struct kmem_cache *hashtab_node_cachep __ro_after_init;
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index d338962fb0c4..3f5fd124342c 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -553,6 +553,7 @@ int mls_compute_sid(struct policydb *p,
#ifdef CONFIG_NETLABEL
/**
* mls_export_netlbl_lvl - Export the MLS sensitivity levels to NetLabel
+ * @p: the policy
* @context: the security context
* @secattr: the NetLabel security attributes
*
@@ -574,6 +575,7 @@ void mls_export_netlbl_lvl(struct policydb *p,
/**
* mls_import_netlbl_lvl - Import the NetLabel MLS sensitivity levels
+ * @p: the policy
* @context: the security context
* @secattr: the NetLabel security attributes
*
@@ -595,6 +597,7 @@ void mls_import_netlbl_lvl(struct policydb *p,
/**
* mls_export_netlbl_cat - Export the MLS categories to NetLabel
+ * @p: the policy
* @context: the security context
* @secattr: the NetLabel security attributes
*
@@ -622,6 +625,7 @@ int mls_export_netlbl_cat(struct policydb *p,
/**
* mls_import_netlbl_cat - Import the MLS categories from NetLabel
+ * @p: the policy
* @context: the security context
* @secattr: the NetLabel security attributes
*
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index c4931bf6f92a..8e92af7dd284 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1102,7 +1102,7 @@ allow:
* @state: SELinux state
* @ssid: source security identifier
* @tsid: target security identifier
- * @tclass: target security class
+ * @orig_tclass: target security class
* @avd: access vector decisions
* @xperms: extended permissions
*
@@ -1626,6 +1626,7 @@ int security_context_str_to_sid(struct selinux_state *state,
* @scontext_len: length in bytes
* @sid: security identifier, SID
* @def_sid: default SID to assign on error
+ * @gfp_flags: the allocator get-free-page (GFP) flags
*
* Obtains a SID associated with the security context that
* has the string representation specified by @scontext.
@@ -1919,6 +1920,7 @@ out:
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
+ * @qstr: object name
* @out_sid: security identifier for new subject/object
*
* Compute a SID to use for labeling a new subject or object in the
@@ -1947,6 +1949,7 @@ int security_transition_sid_user(struct selinux_state *state,
/**
* security_member_sid - Compute the SID for member selection.
+ * @state: SELinux state
* @ssid: source security identifier
* @tsid: target security identifier
* @tclass: target security class
@@ -2273,6 +2276,7 @@ void selinux_policy_commit(struct selinux_state *state,
* @state: SELinux state
* @data: binary policy data
* @len: length of data in bytes
+ * @load_state: policy load state
*
* Load a new set of security policy configuration data,
* validate it and convert the SID table as necessary.
@@ -2525,7 +2529,7 @@ out:
* security_ib_endport_sid - Obtain the SID for a subnet management interface.
* @state: SELinux state
* @dev_name: device name
- * @port: port number
+ * @port_num: port number
* @out_sid: security identifier
*/
int security_ib_endport_sid(struct selinux_state *state,
@@ -2856,9 +2860,10 @@ out_unlock:
/**
* __security_genfs_sid - Helper to obtain a SID for a file in a filesystem
+ * @policy: policy
* @fstype: filesystem type
* @path: path from root of mount
- * @sclass: file security class
+ * @orig_sclass: file security class
* @sid: SID for path
*
* Obtain a SID to use for a file in a filesystem that
@@ -2915,7 +2920,7 @@ static inline int __security_genfs_sid(struct selinux_policy *policy,
* @state: SELinux state
* @fstype: filesystem type
* @path: path from root of mount
- * @sclass: file security class
+ * @orig_sclass: file security class
* @sid: SID for path
*
* Acquire policy_rwlock before calling __security_genfs_sid() and release
@@ -3297,6 +3302,7 @@ out_unlock:
* @nlbl_sid: NetLabel SID
* @nlbl_type: NetLabel labeling protocol type
* @xfrm_sid: XFRM SID
+ * @peer_sid: network peer sid
*
* Description:
* Compare the @nlbl_sid and @xfrm_sid values and if the two SIDs can be