This patch from Adrian Bunk makes needlessly global code static and
removes a number of unused global and static functions from SELinux.
Please apply.

Author:  Adrian Bunk <[EMAIL PROTECTED]>
Signed-off-by:  Stephen Smalley <[EMAIL PROTECTED]>

 security/selinux/avc.c            |  174 --------------------------------------
 security/selinux/hooks.c          |   40 ++++----
 security/selinux/include/avc.h    |    7 -
 security/selinux/include/avc_ss.h |   13 --
 security/selinux/include/objsec.h |    2 
 security/selinux/selinuxfs.c      |    4 
 security/selinux/ss/avtab.c       |   29 ------
 security/selinux/ss/avtab.h       |    6 -
 security/selinux/ss/conditional.c |    2 
 security/selinux/ss/ebitmap.c     |   43 ---------
 security/selinux/ss/ebitmap.h     |    1 
 security/selinux/ss/hashtab.c     |  113 ------------------------
 security/selinux/ss/hashtab.h     |   38 --------
 security/selinux/ss/policydb.c    |   10 +-
 security/selinux/ss/policydb.h    |    3 
 security/selinux/ss/services.c    |   18 +--
 security/selinux/ss/services.h    |    6 -
 security/selinux/ss/sidtab.c      |   36 -------
 18 files changed, 42 insertions(+), 503 deletions(-)

diff -X /home/sds/dontdiff -rup linux-2.6.11-mm3/security/selinux/avc.c 
linux-2.6.11-mm3-adrian/security/selinux/avc.c
--- linux-2.6.11-mm3/security/selinux/avc.c     2005-03-02 02:38:17.000000000 
-0500
+++ linux-2.6.11-mm3-adrian/security/selinux/avc.c      2005-03-14 
14:08:28.000000000 -0500
@@ -139,7 +139,7 @@ static inline int avc_hash(u32 ssid, u32
  * @tclass: target security class
  * @av: access vector
  */
-void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av)
+static void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av)
 {
        const char **common_pts = NULL;
        u32 common_base = 0;
@@ -199,7 +199,7 @@ void avc_dump_av(struct audit_buffer *ab
  * @tsid: target security identifier
  * @tclass: target security class
  */
-void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tclass)
+static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 
tclass)
 {
        int rc;
        char *scontext;
@@ -828,136 +828,6 @@ out:
        return rc;
 }
 
-static int avc_update_cache(u32 event, u32 ssid, u32 tsid,
-                            u16 tclass, u32 perms)
-{
-       struct avc_node *node;
-       int i;
-
-       rcu_read_lock();
-
-       if (ssid == SECSID_WILD || tsid == SECSID_WILD) {
-               /* apply to all matching nodes */
-               for (i = 0; i < AVC_CACHE_SLOTS; i++) {
-                       list_for_each_entry_rcu(node, &avc_cache.slots[i], 
list) {
-                               if (avc_sidcmp(ssid, node->ae.ssid) &&
-                                   avc_sidcmp(tsid, node->ae.tsid) &&
-                                   tclass == node->ae.tclass ) {
-                                       avc_update_node(event, perms, 
node->ae.ssid,
-                                                       node->ae.tsid, 
node->ae.tclass);
-                               }
-                       }
-               }
-       } else {
-               /* apply to one node */
-               avc_update_node(event, perms, ssid, tsid, tclass);
-       }
-
-       rcu_read_unlock();
-
-       return 0;
-}
-
-static int avc_control(u32 event, u32 ssid, u32 tsid,
-                       u16 tclass, u32 perms,
-                       u32 seqno, u32 *out_retained)
-{
-       struct avc_callback_node *c;
-       u32 tretained = 0, cretained = 0;
-       int rc = 0;
-
-       /*
-        * try_revoke only removes permissions from the cache
-        * state if they are not retained by the object manager.
-        * Hence, try_revoke must wait until after the callbacks have
-        * been invoked to update the cache state.
-        */
-       if (event != AVC_CALLBACK_TRY_REVOKE)
-               avc_update_cache(event,ssid,tsid,tclass,perms);
-
-       for (c = avc_callbacks; c; c = c->next)
-       {
-               if ((c->events & event) &&
-                   avc_sidcmp(c->ssid, ssid) &&
-                   avc_sidcmp(c->tsid, tsid) &&
-                   c->tclass == tclass &&
-                   (c->perms & perms)) {
-                       cretained = 0;
-                       rc = c->callback(event, ssid, tsid, tclass,
-                                        (c->perms & perms),
-                                        &cretained);
-                       if (rc)
-                               goto out;
-                       tretained |= cretained;
-               }
-       }
-
-       if (event == AVC_CALLBACK_TRY_REVOKE) {
-               /* revoke any unretained permissions */
-               perms &= ~tretained;
-               avc_update_cache(event,ssid,tsid,tclass,perms);
-               *out_retained = tretained;
-       }
-
-       avc_latest_notif_update(seqno, 0);
-
-out:
-       return rc;
-}
-
-/**
- * avc_ss_grant - Grant previously denied permissions.
- * @ssid: source security identifier or %SECSID_WILD
- * @tsid: target security identifier or %SECSID_WILD
- * @tclass: target security class
- * @perms: permissions to grant
- * @seqno: policy sequence number
- */
-int avc_ss_grant(u32 ssid, u32 tsid, u16 tclass,
-                 u32 perms, u32 seqno)
-{
-       return avc_control(AVC_CALLBACK_GRANT,
-                          ssid, tsid, tclass, perms, seqno, NULL);
-}
-
-/**
- * avc_ss_try_revoke - Try to revoke previously granted permissions.
- * @ssid: source security identifier or %SECSID_WILD
- * @tsid: target security identifier or %SECSID_WILD
- * @tclass: target security class
- * @perms: permissions to grant
- * @seqno: policy sequence number
- * @out_retained: subset of @perms that are retained
- *
- * Try to revoke previously granted permissions, but
- * only if they are not retained as migrated permissions.
- * Return the subset of permissions that are retained via @out_retained.
- */
-int avc_ss_try_revoke(u32 ssid, u32 tsid, u16 tclass,
-                      u32 perms, u32 seqno, u32 *out_retained)
-{
-       return avc_control(AVC_CALLBACK_TRY_REVOKE,
-                          ssid, tsid, tclass, perms, seqno, out_retained);
-}
-
-/**
- * avc_ss_revoke - Revoke previously granted permissions.
- * @ssid: source security identifier or %SECSID_WILD
- * @tsid: target security identifier or %SECSID_WILD
- * @tclass: target security class
- * @perms: permissions to grant
- * @seqno: policy sequence number
- *
- * Revoke previously granted permissions, even if
- * they are retained as migrated permissions.
- */
-int avc_ss_revoke(u32 ssid, u32 tsid, u16 tclass,
-                  u32 perms, u32 seqno)
-{
-       return avc_control(AVC_CALLBACK_REVOKE,
-                          ssid, tsid, tclass, perms, seqno, NULL);
-}
-
 /**
  * avc_ss_reset - Flush the cache and revalidate migrated permissions.
  * @seqno: policy sequence number
@@ -991,46 +861,6 @@ out:
 }
 
 /**
- * avc_ss_set_auditallow - Enable or disable auditing of granted permissions.
- * @ssid: source security identifier or %SECSID_WILD
- * @tsid: target security identifier or %SECSID_WILD
- * @tclass: target security class
- * @perms: permissions to grant
- * @seqno: policy sequence number
- * @enable: enable flag.
- */
-int avc_ss_set_auditallow(u32 ssid, u32 tsid, u16 tclass,
-                          u32 perms, u32 seqno, u32 enable)
-{
-       if (enable)
-               return avc_control(AVC_CALLBACK_AUDITALLOW_ENABLE,
-                                  ssid, tsid, tclass, perms, seqno, NULL);
-       else
-               return avc_control(AVC_CALLBACK_AUDITALLOW_DISABLE,
-                                  ssid, tsid, tclass, perms, seqno, NULL);
-}
-
-/**
- * avc_ss_set_auditdeny - Enable or disable auditing of denied permissions.
- * @ssid: source security identifier or %SECSID_WILD
- * @tsid: target security identifier or %SECSID_WILD
- * @tclass: target security class
- * @perms: permissions to grant
- * @seqno: policy sequence number
- * @enable: enable flag.
- */
-int avc_ss_set_auditdeny(u32 ssid, u32 tsid, u16 tclass,
-                         u32 perms, u32 seqno, u32 enable)
-{
-       if (enable)
-               return avc_control(AVC_CALLBACK_AUDITDENY_ENABLE,
-                                  ssid, tsid, tclass, perms, seqno, NULL);
-       else
-               return avc_control(AVC_CALLBACK_AUDITDENY_DISABLE,
-                                  ssid, tsid, tclass, perms, seqno, NULL);
-}
-
-/**
  * avc_has_perm_noaudit - Check permissions but perform no auditing.
  * @ssid: source security identifier
  * @tsid: target security identifier
diff -X /home/sds/dontdiff -rup linux-2.6.11-mm3/security/selinux/hooks.c 
linux-2.6.11-mm3-adrian/security/selinux/hooks.c
--- linux-2.6.11-mm3/security/selinux/hooks.c   2005-03-14 13:56:06.000000000 
-0500
+++ linux-2.6.11-mm3-adrian/security/selinux/hooks.c    2005-03-14 
14:08:28.000000000 -0500
@@ -921,9 +921,9 @@ static inline u32 signal_to_av(int sig)
 
 /* Check permission betweeen a pair of tasks, e.g. signal checks,
    fork check, ptrace check, etc. */
-int task_has_perm(struct task_struct *tsk1,
-                 struct task_struct *tsk2,
-                 u32 perms)
+static int task_has_perm(struct task_struct *tsk1,
+                        struct task_struct *tsk2,
+                        u32 perms)
 {
        struct task_security_struct *tsec1, *tsec2;
 
@@ -934,8 +934,8 @@ int task_has_perm(struct task_struct *ts
 }
 
 /* Check whether a task is allowed to use a capability. */
-int task_has_capability(struct task_struct *tsk,
-                       int cap)
+static int task_has_capability(struct task_struct *tsk,
+                              int cap)
 {
        struct task_security_struct *tsec;
        struct avc_audit_data ad;
@@ -951,8 +951,8 @@ int task_has_capability(struct task_stru
 }
 
 /* Check whether a task is allowed to use a system operation. */
-int task_has_system(struct task_struct *tsk,
-                   u32 perms)
+static int task_has_system(struct task_struct *tsk,
+                          u32 perms)
 {
        struct task_security_struct *tsec;
 
@@ -965,10 +965,10 @@ int task_has_system(struct task_struct *
 /* Check whether a task has a particular permission to an inode.
    The 'adp' parameter is optional and allows other audit
    data to be passed (e.g. the dentry). */
-int inode_has_perm(struct task_struct *tsk,
-                  struct inode *inode,
-                  u32 perms,
-                  struct avc_audit_data *adp)
+static int inode_has_perm(struct task_struct *tsk,
+                         struct inode *inode,
+                         u32 perms,
+                         struct avc_audit_data *adp)
 {
        struct task_security_struct *tsec;
        struct inode_security_struct *isec;
@@ -1190,10 +1190,10 @@ static inline int may_rename(struct inod
 }
 
 /* Check whether a task can perform a filesystem operation. */
-int superblock_has_perm(struct task_struct *tsk,
-                       struct super_block *sb,
-                       u32 perms,
-                       struct avc_audit_data *ad)
+static int superblock_has_perm(struct task_struct *tsk,
+                              struct super_block *sb,
+                              u32 perms,
+                              struct avc_audit_data *ad)
 {
        struct task_security_struct *tsec;
        struct superblock_security_struct *sbsec;
@@ -1250,7 +1250,7 @@ static inline u32 file_to_av(struct file
 }
 
 /* Set an inode's SID to a specified value. */
-int inode_security_set_sid(struct inode *inode, u32 sid)
+static int inode_security_set_sid(struct inode *inode, u32 sid)
 {
        struct inode_security_struct *isec = inode->i_security;
        struct superblock_security_struct *sbsec = inode->i_sb->s_security;
@@ -4019,7 +4019,7 @@ static int selinux_ipc_permission(struct
 }
 
 /* module stacking operations */
-int selinux_register_security (const char *name, struct security_operations 
*ops)
+static int selinux_register_security (const char *name, struct 
security_operations *ops)
 {
        if (secondary_ops != original_ops) {
                printk(KERN_INFO "%s:  There is already a secondary security "
@@ -4036,7 +4036,7 @@ int selinux_register_security (const cha
        return 0;
 }
 
-int selinux_unregister_security (const char *name, struct security_operations 
*ops)
+static int selinux_unregister_security (const char *name, struct 
security_operations *ops)
 {
        if (ops != secondary_ops) {
                printk (KERN_INFO "%s:  trying to unregister a security module "
@@ -4203,7 +4203,7 @@ static int selinux_setprocattr(struct ta
        return size;
 }
 
-struct security_operations selinux_ops = {
+static struct security_operations selinux_ops = {
        .ptrace =                       selinux_ptrace,
        .capget =                       selinux_capget,
        .capset_check =                 selinux_capset_check,
@@ -4352,7 +4352,7 @@ struct security_operations selinux_ops =
 #endif
 };
 
-__init int selinux_init(void)
+static __init int selinux_init(void)
 {
        struct task_security_struct *tsec;
 
diff -X /home/sds/dontdiff -rup linux-2.6.11-mm3/security/selinux/include/avc.h 
linux-2.6.11-mm3-adrian/security/selinux/include/avc.h
--- linux-2.6.11-mm3/security/selinux/include/avc.h     2005-03-02 
02:37:49.000000000 -0500
+++ linux-2.6.11-mm3-adrian/security/selinux/include/avc.h      2005-03-14 
14:08:28.000000000 -0500
@@ -93,13 +93,6 @@ struct avc_cache_stats
 };
 
 /*
- * AVC display support
- */
-struct audit_buffer;
-void avc_dump_av(struct audit_buffer *ab, u16 tclass, u32 av);
-void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tclass);
-
-/*
  * AVC operations
  */
 
diff -X /home/sds/dontdiff -rup 
linux-2.6.11-mm3/security/selinux/include/avc_ss.h 
linux-2.6.11-mm3-adrian/security/selinux/include/avc_ss.h
--- linux-2.6.11-mm3/security/selinux/include/avc_ss.h  2005-03-02 
02:38:33.000000000 -0500
+++ linux-2.6.11-mm3-adrian/security/selinux/include/avc_ss.h   2005-03-14 
14:08:28.000000000 -0500
@@ -8,20 +8,7 @@
 
 #include "flask.h"
 
-int avc_ss_grant(u32 ssid, u32 tsid, u16 tclass, u32 perms, u32 seqno);
-
-int avc_ss_try_revoke(u32 ssid, u32 tsid, u16 tclass, u32 perms, u32 seqno,
-                     u32 *out_retained);
-
-int avc_ss_revoke(u32 ssid, u32 tsid, u16 tclass, u32 perms, u32 seqno);
-
 int avc_ss_reset(u32 seqno);
 
-int avc_ss_set_auditallow(u32 ssid, u32 tsid, u16 tclass, u32 perms,
-                         u32 seqno, u32 enable);
-
-int avc_ss_set_auditdeny(u32 ssid, u32 tsid, u16 tclass, u32 perms,
-                        u32 seqno, u32 enable);
-
 #endif /* _SELINUX_AVC_SS_H_ */
 
diff -X /home/sds/dontdiff -rup 
linux-2.6.11-mm3/security/selinux/include/objsec.h 
linux-2.6.11-mm3-adrian/security/selinux/include/objsec.h
--- linux-2.6.11-mm3/security/selinux/include/objsec.h  2005-03-14 
13:56:06.000000000 -0500
+++ linux-2.6.11-mm3-adrian/security/selinux/include/objsec.h   2005-03-14 
14:08:28.000000000 -0500
@@ -107,8 +107,6 @@ struct sk_security_struct {
        u32 peer_sid;                   /* SID of peer */
 };
 
-extern int inode_security_set_sid(struct inode *inode, u32 sid);
-
 extern unsigned int selinux_checkreqprot;
 
 #endif /* _SELINUX_OBJSEC_H_ */
diff -X /home/sds/dontdiff -rup linux-2.6.11-mm3/security/selinux/selinuxfs.c 
linux-2.6.11-mm3-adrian/security/selinux/selinuxfs.c
--- linux-2.6.11-mm3/security/selinux/selinuxfs.c       2005-03-14 
13:56:06.000000000 -0500
+++ linux-2.6.11-mm3-adrian/security/selinux/selinuxfs.c        2005-03-14 
14:08:28.000000000 -0500
@@ -54,8 +54,8 @@ static int *bool_pending_values = NULL;
 extern void selnl_notify_setenforce(int val);
 
 /* Check whether a task is allowed to use a security operation. */
-int task_has_security(struct task_struct *tsk,
-                     u32 perms)
+static int task_has_security(struct task_struct *tsk,
+                            u32 perms)
 {
        struct task_security_struct *tsec;
 
diff -X /home/sds/dontdiff -rup linux-2.6.11-mm3/security/selinux/ss/avtab.c 
linux-2.6.11-mm3-adrian/security/selinux/ss/avtab.c
--- linux-2.6.11-mm3/security/selinux/ss/avtab.c        2005-03-02 
02:38:17.000000000 -0500
+++ linux-2.6.11-mm3-adrian/security/selinux/ss/avtab.c 2005-03-14 
14:08:28.000000000 -0500
@@ -31,7 +31,8 @@
 static kmem_cache_t *avtab_node_cachep;
 
 static struct avtab_node*
-avtab_insert_node(struct avtab *h, int hvalue, struct avtab_node * prev, 
struct avtab_node * cur,
+avtab_insert_node(struct avtab *h, int hvalue,
+                 struct avtab_node * prev, struct avtab_node * cur,
                  struct avtab_key *key, struct avtab_datum *datum)
 {
        struct avtab_node * newnode;
@@ -53,7 +54,7 @@ avtab_insert_node(struct avtab *h, int h
        return newnode;
 }
 
-int avtab_insert(struct avtab *h, struct avtab_key *key, struct avtab_datum 
*datum)
+static int avtab_insert(struct avtab *h, struct avtab_key *key, struct 
avtab_datum *datum)
 {
        int hvalue;
        struct avtab_node *prev, *cur, *newnode;
@@ -237,30 +238,6 @@ void avtab_destroy(struct avtab *h)
 }
 
 
-int avtab_map(struct avtab *h,
-             int (*apply) (struct avtab_key *k,
-                           struct avtab_datum *d,
-                           void *args),
-             void *args)
-{
-       int i, ret;
-       struct avtab_node *cur;
-
-       if (!h)
-               return 0;
-
-       for (i = 0; i < AVTAB_SIZE; i++) {
-               cur = h->htable[i];
-               while (cur != NULL) {
-                       ret = apply(&cur->key, &cur->datum, args);
-                       if (ret)
-                               return ret;
-                       cur = cur->next;
-               }
-       }
-       return 0;
-}
-
 int avtab_init(struct avtab *h)
 {
        int i;
diff -X /home/sds/dontdiff -rup linux-2.6.11-mm3/security/selinux/ss/avtab.h 
linux-2.6.11-mm3-adrian/security/selinux/ss/avtab.h
--- linux-2.6.11-mm3/security/selinux/ss/avtab.h        2005-03-02 
02:37:58.000000000 -0500
+++ linux-2.6.11-mm3-adrian/security/selinux/ss/avtab.h 2005-03-14 
14:08:28.000000000 -0500
@@ -58,14 +58,8 @@ struct avtab {
 };
 
 int avtab_init(struct avtab *);
-int avtab_insert(struct avtab *h, struct avtab_key *k, struct avtab_datum *d);
 struct avtab_datum *avtab_search(struct avtab *h, struct avtab_key *k, int 
specified);
 void avtab_destroy(struct avtab *h);
-int avtab_map(struct avtab *h,
-             int (*apply) (struct avtab_key *k,
-                           struct avtab_datum *d,
-                           void *args),
-             void *args);
 void avtab_hash_eval(struct avtab *h, char *tag);
 
 int avtab_read_item(void *fp, struct avtab_datum *avdatum, struct avtab_key 
*avkey);
diff -X /home/sds/dontdiff -rup 
linux-2.6.11-mm3/security/selinux/ss/conditional.c 
linux-2.6.11-mm3-adrian/security/selinux/ss/conditional.c
--- linux-2.6.11-mm3/security/selinux/ss/conditional.c  2005-03-02 
02:37:49.000000000 -0500
+++ linux-2.6.11-mm3-adrian/security/selinux/ss/conditional.c   2005-03-14 
14:08:28.000000000 -0500
@@ -208,7 +208,7 @@ int cond_index_bool(void *key, void *dat
        return 0;
 }
 
-int bool_isvalid(struct cond_bool_datum *b)
+static int bool_isvalid(struct cond_bool_datum *b)
 {
        if (!(b->state == 0 || b->state == 1))
                return 0;
diff -X /home/sds/dontdiff -rup linux-2.6.11-mm3/security/selinux/ss/ebitmap.c 
linux-2.6.11-mm3-adrian/security/selinux/ss/ebitmap.c
--- linux-2.6.11-mm3/security/selinux/ss/ebitmap.c      2005-03-02 
02:38:38.000000000 -0500
+++ linux-2.6.11-mm3-adrian/security/selinux/ss/ebitmap.c       2005-03-14 
14:08:28.000000000 -0500
@@ -9,49 +9,6 @@
 #include "ebitmap.h"
 #include "policydb.h"
 
-int ebitmap_or(struct ebitmap *dst, struct ebitmap *e1, struct ebitmap *e2)
-{
-       struct ebitmap_node *n1, *n2, *new, *prev;
-
-       ebitmap_init(dst);
-
-       n1 = e1->node;
-       n2 = e2->node;
-       prev = NULL;
-       while (n1 || n2) {
-               new = kmalloc(sizeof(*new), GFP_ATOMIC);
-               if (!new) {
-                       ebitmap_destroy(dst);
-                       return -ENOMEM;
-               }
-               memset(new, 0, sizeof(*new));
-               if (n1 && n2 && n1->startbit == n2->startbit) {
-                       new->startbit = n1->startbit;
-                       new->map = n1->map | n2->map;
-                       n1 = n1->next;
-                       n2 = n2->next;
-               } else if (!n2 || (n1 && n1->startbit < n2->startbit)) {
-                       new->startbit = n1->startbit;
-                       new->map = n1->map;
-                       n1 = n1->next;
-               } else {
-                       new->startbit = n2->startbit;
-                       new->map = n2->map;
-                       n2 = n2->next;
-               }
-
-               new->next = NULL;
-               if (prev)
-                       prev->next = new;
-               else
-                       dst->node = new;
-               prev = new;
-       }
-
-       dst->highbit = (e1->highbit > e2->highbit) ? e1->highbit : e2->highbit;
-       return 0;
-}
-
 int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2)
 {
        struct ebitmap_node *n1, *n2;
diff -X /home/sds/dontdiff -rup linux-2.6.11-mm3/security/selinux/ss/ebitmap.h 
linux-2.6.11-mm3-adrian/security/selinux/ss/ebitmap.h
--- linux-2.6.11-mm3/security/selinux/ss/ebitmap.h      2005-03-02 
02:38:08.000000000 -0500
+++ linux-2.6.11-mm3-adrian/security/selinux/ss/ebitmap.h       2005-03-14 
14:08:28.000000000 -0500
@@ -38,7 +38,6 @@ static inline void ebitmap_init(struct e
 }
 
 int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2);
-int ebitmap_or(struct ebitmap *dst, struct ebitmap *e1, struct ebitmap *e2);
 int ebitmap_cpy(struct ebitmap *dst, struct ebitmap *src);
 int ebitmap_contains(struct ebitmap *e1, struct ebitmap *e2);
 int ebitmap_get_bit(struct ebitmap *e, unsigned long bit);
diff -X /home/sds/dontdiff -rup linux-2.6.11-mm3/security/selinux/ss/hashtab.c 
linux-2.6.11-mm3-adrian/security/selinux/ss/hashtab.c
--- linux-2.6.11-mm3/security/selinux/ss/hashtab.c      2005-03-02 
02:38:26.000000000 -0500
+++ linux-2.6.11-mm3-adrian/security/selinux/ss/hashtab.c       2005-03-14 
14:08:28.000000000 -0500
@@ -73,81 +73,6 @@ int hashtab_insert(struct hashtab *h, vo
        return 0;
 }
 
-int hashtab_remove(struct hashtab *h, void *key,
-                  void (*destroy)(void *k, void *d, void *args),
-                  void *args)
-{
-       u32 hvalue;
-       struct hashtab_node *cur, *last;
-
-       if (!h)
-               return -EINVAL;
-
-       hvalue = h->hash_value(h, key);
-       last = NULL;
-       cur = h->htable[hvalue];
-       while (cur != NULL && h->keycmp(h, key, cur->key) > 0) {
-               last = cur;
-               cur = cur->next;
-       }
-
-       if (cur == NULL || (h->keycmp(h, key, cur->key) != 0))
-               return -ENOENT;
-
-       if (last == NULL)
-               h->htable[hvalue] = cur->next;
-       else
-               last->next = cur->next;
-
-       if (destroy)
-               destroy(cur->key, cur->datum, args);
-       kfree(cur);
-       h->nel--;
-       return 0;
-}
-
-int hashtab_replace(struct hashtab *h, void *key, void *datum,
-                   void (*destroy)(void *k, void *d, void *args),
-                   void *args)
-{
-       u32 hvalue;
-       struct hashtab_node *prev, *cur, *newnode;
-
-       if (!h)
-               return -EINVAL;
-
-       hvalue = h->hash_value(h, key);
-       prev = NULL;
-       cur = h->htable[hvalue];
-       while (cur != NULL && h->keycmp(h, key, cur->key) > 0) {
-               prev = cur;
-               cur = cur->next;
-       }
-
-       if (cur && (h->keycmp(h, key, cur->key) == 0)) {
-               if (destroy)
-                       destroy(cur->key, cur->datum, args);
-               cur->key = key;
-               cur->datum = datum;
-       } else {
-               newnode = kmalloc(sizeof(*newnode), GFP_KERNEL);
-               if (newnode == NULL)
-                       return -ENOMEM;
-               memset(newnode, 0, sizeof(*newnode));
-               newnode->key = key;
-               newnode->datum = datum;
-               if (prev) {
-                       newnode->next = prev->next;
-                       prev->next = newnode;
-               } else {
-                       newnode->next = h->htable[hvalue];
-                       h->htable[hvalue] = newnode;
-               }
-       }
-
-       return 0;
-}
-
 void *hashtab_search(struct hashtab *h, void *key)
 {
        u32 hvalue;
@@ -215,44 +140,6 @@ int hashtab_map(struct hashtab *h,
 }
 
 
-void hashtab_map_remove_on_error(struct hashtab *h,
-                                 int (*apply)(void *k, void *d, void *args),
-                                 void (*destroy)(void *k, void *d, void *args),
-                                 void *args)
-{
-       u32 i;
-       int ret;
-       struct hashtab_node *last, *cur, *temp;
-
-       if (!h)
-               return;
-
-       for (i = 0; i < h->size; i++) {
-               last = NULL;
-               cur = h->htable[i];
-               while (cur != NULL) {
-                       ret = apply(cur->key, cur->datum, args);
-                       if (ret) {
-                               if (last)
-                                       last->next = cur->next;
-                               else
-                                       h->htable[i] = cur->next;
-
-                               temp = cur;
-                               cur = cur->next;
-                               if (destroy)
-                                       destroy(temp->key, temp->datum, args);
-                               kfree(temp);
-                               h->nel--;
-                       } else {
-                               last = cur;
-                               cur = cur->next;
-                       }
-               }
-       }
-       return;
-}
-
 void hashtab_stat(struct hashtab *h, struct hashtab_info *info)
 {
        u32 i, chain_len, slots_used, max_chain_len;
diff -X /home/sds/dontdiff -rup linux-2.6.11-mm3/security/selinux/ss/hashtab.h 
linux-2.6.11-mm3-adrian/security/selinux/ss/hashtab.h
--- linux-2.6.11-mm3/security/selinux/ss/hashtab.h      2005-03-02 
02:38:12.000000000 -0500
+++ linux-2.6.11-mm3-adrian/security/selinux/ss/hashtab.h       2005-03-14 
14:08:28.000000000 -0500
@@ -54,33 +54,6 @@ struct hashtab *hashtab_create(u32 (*has
 int hashtab_insert(struct hashtab *h, void *k, void *d);
 
 /*
- * Removes the entry with the specified key from the hash table.
- * Applies the specified destroy function to (key,datum,args) for
- * the entry.
- *
- * Returns -ENOENT if no entry has the specified key,
- * -EINVAL for general errors or
- *0 otherwise.
- */
-int hashtab_remove(struct hashtab *h, void *k,
-                  void (*destroy)(void *k, void *d, void *args),
-                  void *args);
-
-/*
- * Insert or replace the specified (key, datum) pair in the specified
- * hash table.  If an entry for the specified key already exists,
- * then the specified destroy function is applied to (key,datum,args)
- * for the entry prior to replacing the entry's contents.
- *
- * Returns -ENOMEM if insufficient space is available,
- * -EINVAL for general errors or
- * 0 otherwise.
- */
-int hashtab_replace(struct hashtab *h, void *k, void *d,
-                   void (*destroy)(void *k, void *d, void *args),
-                   void *args);
-
-/*
  * Searches for the entry with the specified key in the hash table.
  *
  * Returns NULL if no entry has the specified key or
@@ -108,17 +81,6 @@ int hashtab_map(struct hashtab *h,
                int (*apply)(void *k, void *d, void *args),
                void *args);
 
-/*
- * Same as hashtab_map, except that if apply returns a non-zero status,
- * then the (key,datum) pair will be removed from the hashtab and the
- * destroy function will be applied to (key,datum,args).
- */
-void hashtab_map_remove_on_error(struct hashtab *h,
-                                 int (*apply)(void *k, void *d, void *args),
-                                 void (*destroy)(void *k, void *d, void *args),
-                                 void *args);
-
-
 /* Fill info with some hash table statistics */
 void hashtab_stat(struct hashtab *h, struct hashtab_info *info);
 
diff -X /home/sds/dontdiff -rup linux-2.6.11-mm3/security/selinux/ss/policydb.c 
linux-2.6.11-mm3-adrian/security/selinux/ss/policydb.c
--- linux-2.6.11-mm3/security/selinux/ss/policydb.c     2005-03-14 
13:56:06.000000000 -0500
+++ linux-2.6.11-mm3-adrian/security/selinux/ss/policydb.c      2005-03-14 
14:08:28.000000000 -0500
@@ -110,7 +110,7 @@ static struct policydb_compat_info *poli
 /*
  * Initialize the role table.
  */
-int roles_init(struct policydb *p)
+static int roles_init(struct policydb *p)
 {
        char *key = NULL;
        int rc;
@@ -149,7 +149,7 @@ out_free_role:
 /*
  * Initialize a policy database structure.
  */
-int policydb_init(struct policydb *p)
+static int policydb_init(struct policydb *p)
 {
        int i, rc;
 
@@ -321,7 +321,7 @@ static int (*index_f[SYM_NUM]) (void *ke
  *
  * Caller must clean up upon failure.
  */
-int policydb_index_classes(struct policydb *p)
+static int policydb_index_classes(struct policydb *p)
 {
        int rc;
 
@@ -378,7 +378,7 @@ static void symtab_hash_eval(struct symt
  *
  * Caller must clean up on failure.
  */
-int policydb_index_others(struct policydb *p)
+static int policydb_index_others(struct policydb *p)
 {
        int i, rc = 0;
 
@@ -566,7 +566,7 @@ static int (*destroy_f[SYM_NUM]) (void *
        cat_destroy,
 };
 
-void ocontext_destroy(struct ocontext *c, int i)
+static void ocontext_destroy(struct ocontext *c, int i)
 {
        context_destroy(&c->context[0]);
        context_destroy(&c->context[1]);
diff -X /home/sds/dontdiff -rup linux-2.6.11-mm3/security/selinux/ss/policydb.h 
linux-2.6.11-mm3-adrian/security/selinux/ss/policydb.h
--- linux-2.6.11-mm3/security/selinux/ss/policydb.h     2005-03-14 
13:56:06.000000000 -0500
+++ linux-2.6.11-mm3-adrian/security/selinux/ss/policydb.h      2005-03-14 
14:08:28.000000000 -0500
@@ -240,9 +240,6 @@ struct policydb {
        unsigned int policyvers;
 };
 
-extern int policydb_init(struct policydb *p);
-extern int policydb_index_classes(struct policydb *p);
-extern int policydb_index_others(struct policydb *p);
 extern void policydb_destroy(struct policydb *p);
 extern int policydb_load_isids(struct policydb *p, struct sidtab *s);
 extern int policydb_context_isvalid(struct policydb *p, struct context *c);
diff -X /home/sds/dontdiff -rup linux-2.6.11-mm3/security/selinux/ss/services.c 
linux-2.6.11-mm3-adrian/security/selinux/ss/services.c
--- linux-2.6.11-mm3/security/selinux/ss/services.c     2005-03-14 
13:56:06.000000000 -0500
+++ linux-2.6.11-mm3-adrian/security/selinux/ss/services.c      2005-03-14 
14:08:28.000000000 -0500
@@ -52,7 +52,7 @@ static DECLARE_MUTEX(load_sem);
 #define LOAD_LOCK down(&load_sem)
 #define LOAD_UNLOCK up(&load_sem)
 
-struct sidtab sidtab;
+static struct sidtab sidtab;
 struct policydb policydb;
 int ss_initialized = 0;
 
@@ -64,9 +64,9 @@ int ss_initialized = 0;
  */
 static u32 latest_granting = 0;
 
-/* Forward declarations. */
-int context_struct_to_string(struct context *context, char **scontext,
-                             u32 *scontext_len);
+/* Forward declaration. */
+static int context_struct_to_string(struct context *context, char **scontext,
+                                   u32 *scontext_len);
 
 /*
  * Return the boolean value of a constraint expression
@@ -79,10 +79,10 @@ int context_struct_to_string(struct cont
  * of the process performing the transition.  All other callers of
  * constraint_expr_eval should pass in NULL for xcontext.
  */
-int constraint_expr_eval(struct context *scontext,
-                         struct context *tcontext,
-                         struct context *xcontext,
-                         struct constraint_expr *cexpr)
+static int constraint_expr_eval(struct context *scontext,
+                               struct context *tcontext,
+                               struct context *xcontext,
+                               struct constraint_expr *cexpr)
 {
        u32 val1, val2;
        struct context *c;
@@ -515,7 +515,7 @@ out:
  * to point to this string and set `*scontext_len' to
  * the length of the string.
  */
-int context_struct_to_string(struct context *context, char **scontext, u32 
*scontext_len)
+static int context_struct_to_string(struct context *context, char **scontext, 
u32 *scontext_len)
 {
        char *scontextp;
 
diff -X /home/sds/dontdiff -rup linux-2.6.11-mm3/security/selinux/ss/services.h 
linux-2.6.11-mm3-adrian/security/selinux/ss/services.h
--- linux-2.6.11-mm3/security/selinux/ss/services.h     2005-03-02 
02:37:49.000000000 -0500
+++ linux-2.6.11-mm3-adrian/security/selinux/ss/services.h      2005-03-14 
14:08:28.000000000 -0500
@@ -9,12 +9,6 @@
 #include "policydb.h"
 #include "sidtab.h"
 
-/*
- * The security server uses two global data structures
- * when providing its services:  the SID table (sidtab)
- * and the policy database (policydb).
- */
-extern struct sidtab sidtab;
 extern struct policydb policydb;
 
 #endif /* _SS_SERVICES_H_ */
diff -X /home/sds/dontdiff -rup linux-2.6.11-mm3/security/selinux/ss/sidtab.c 
linux-2.6.11-mm3-adrian/security/selinux/ss/sidtab.c
--- linux-2.6.11-mm3/security/selinux/ss/sidtab.c       2005-03-02 
02:38:12.000000000 -0500
+++ linux-2.6.11-mm3-adrian/security/selinux/ss/sidtab.c        2005-03-14 
14:08:28.000000000 -0500
@@ -87,42 +87,6 @@ out:
        return rc;
 }
 
-int sidtab_remove(struct sidtab *s, u32 sid)
-{
-       int hvalue, rc = 0;
-       struct sidtab_node *cur, *last;
-
-       if (!s) {
-               rc = -ENOENT;
-               goto out;
-       }
-
-       hvalue = SIDTAB_HASH(sid);
-       last = NULL;
-       cur = s->htable[hvalue];
-       while (cur != NULL && sid > cur->sid) {
-               last = cur;
-               cur = cur->next;
-       }
-
-       if (cur == NULL || sid != cur->sid) {
-               rc = -ENOENT;
-               goto out;
-       }
-
-       if (last == NULL)
-               s->htable[hvalue] = cur->next;
-       else
-               last->next = cur->next;
-
-       context_destroy(&cur->context);
-
-       kfree(cur);
-       s->nel--;
-out:
-       return rc;
-}
-
 struct context *sidtab_search(struct sidtab *s, u32 sid)
 {
        int hvalue;



-- 
Stephen Smalley <[EMAIL PROTECTED]>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to