diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-12-27 15:01:58 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-12-27 15:01:58 -0500 |
| commit | fb2a624d5fe8b9206d14bff52da7a368a3a8374c (patch) | |
| tree | 634271fdc71329712acc0b95c21209b132409bac /security/selinux/ss/mls.c | |
| parent | 047ce6d380e8e66cfb6cbc22e873af89dd0c216c (diff) | |
| parent | ee1a84fdfeedfd7362e9a8a8f15fedc3482ade2d (diff) | |
Merge tag 'selinux-pr-20181224' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux patches from Paul Moore:
"I already used my best holiday pull request lines in the audit pull
request, so this one is going to be a bit more boring, sorry about
that. To make up for this, we do have a birthday of sorts to
celebrate: SELinux turns 18 years old this December. Perhaps not the
most exciting thing in the world for most people, but I think it's
safe to say that anyone reading this email doesn't exactly fall into
the "most people" category.
Back to business and the pull request itself:
Ondrej has five patches in this pull request and I lump them into
three categories: one patch to always allow submounts (using similar
logic to elsewhere in the kernel), one to fix some issues with the
SELinux policydb, and the others to cleanup and improve the SELinux
sidtab.
The other patches from Alexey and Petr and trivial fixes that are
adequately described in their respective subject lines.
With this last pull request of the year, I want to thank everyone who
has contributed patches, testing, and reviews to the SELinux project
this year, and the past 18 years. Like any good open source effort,
SELinux is only as good as the community which supports it, and I'm
very happy that we have the community we do - thank you all!"
* tag 'selinux-pr-20181224' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: overhaul sidtab to fix bug and improve performance
selinux: use separate table for initial SID lookup
selinux: make "selinux_policycap_names[]" const char *
selinux: always allow mounting submounts
selinux: refactor sidtab conversion
Documentation: Update SELinux reference policy URL
selinux: policydb - fix byte order and alignment issues
Diffstat (limited to 'security/selinux/ss/mls.c')
| -rw-r--r-- | security/selinux/ss/mls.c | 24 |
1 files changed, 11 insertions, 13 deletions
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index b7efa2296969..5e05f5b902d7 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c | |||
| @@ -440,16 +440,17 @@ int mls_setup_user_range(struct policydb *p, | |||
| 440 | 440 | ||
| 441 | /* | 441 | /* |
| 442 | * Convert the MLS fields in the security context | 442 | * Convert the MLS fields in the security context |
| 443 | * structure `c' from the values specified in the | 443 | * structure `oldc' from the values specified in the |
| 444 | * policy `oldp' to the values specified in the policy `newp'. | 444 | * policy `oldp' to the values specified in the policy `newp', |
| 445 | * storing the resulting context in `newc'. | ||
| 445 | */ | 446 | */ |
| 446 | int mls_convert_context(struct policydb *oldp, | 447 | int mls_convert_context(struct policydb *oldp, |
| 447 | struct policydb *newp, | 448 | struct policydb *newp, |
| 448 | struct context *c) | 449 | struct context *oldc, |
| 450 | struct context *newc) | ||
| 449 | { | 451 | { |
| 450 | struct level_datum *levdatum; | 452 | struct level_datum *levdatum; |
| 451 | struct cat_datum *catdatum; | 453 | struct cat_datum *catdatum; |
| 452 | struct ebitmap bitmap; | ||
| 453 | struct ebitmap_node *node; | 454 | struct ebitmap_node *node; |
| 454 | int l, i; | 455 | int l, i; |
| 455 | 456 | ||
| @@ -459,28 +460,25 @@ int mls_convert_context(struct policydb *oldp, | |||
| 459 | for (l = 0; l < 2; l++) { | 460 | for (l = 0; l < 2; l++) { |
| 460 | levdatum = hashtab_search(newp->p_levels.table, | 461 | levdatum = hashtab_search(newp->p_levels.table, |
| 461 | sym_name(oldp, SYM_LEVELS, | 462 | sym_name(oldp, SYM_LEVELS, |
| 462 | c->range.level[l].sens - 1)); | 463 | oldc->range.level[l].sens - 1)); |
| 463 | 464 | ||
| 464 | if (!levdatum) | 465 | if (!levdatum) |
| 465 | return -EINVAL; | 466 | return -EINVAL; |
| 466 | c->range.level[l].sens = levdatum->level->sens; | 467 | newc->range.level[l].sens = levdatum->level->sens; |
| 467 | 468 | ||
| 468 | ebitmap_init(&bitmap); | 469 | ebitmap_for_each_positive_bit(&oldc->range.level[l].cat, |
| 469 | ebitmap_for_each_positive_bit(&c->range.level[l].cat, node, i) { | 470 | node, i) { |
| 470 | int rc; | 471 | int rc; |
| 471 | 472 | ||
| 472 | catdatum = hashtab_search(newp->p_cats.table, | 473 | catdatum = hashtab_search(newp->p_cats.table, |
| 473 | sym_name(oldp, SYM_CATS, i)); | 474 | sym_name(oldp, SYM_CATS, i)); |
| 474 | if (!catdatum) | 475 | if (!catdatum) |
| 475 | return -EINVAL; | 476 | return -EINVAL; |
| 476 | rc = ebitmap_set_bit(&bitmap, catdatum->value - 1, 1); | 477 | rc = ebitmap_set_bit(&newc->range.level[l].cat, |
| 478 | catdatum->value - 1, 1); | ||
| 477 | if (rc) | 479 | if (rc) |
| 478 | return rc; | 480 | return rc; |
| 479 | |||
| 480 | cond_resched(); | ||
| 481 | } | 481 | } |
| 482 | ebitmap_destroy(&c->range.level[l].cat); | ||
| 483 | c->range.level[l].cat = bitmap; | ||
| 484 | } | 482 | } |
| 485 | 483 | ||
| 486 | return 0; | 484 | return 0; |