diff options
Diffstat (limited to 'security/selinux/ss/mls.c')
| -rw-r--r-- | security/selinux/ss/mls.c | 24 |
1 files changed, 11 insertions, 13 deletions
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index 2fe459df3c85..18ba0c2328fb 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c | |||
| @@ -436,16 +436,17 @@ int mls_setup_user_range(struct policydb *p, | |||
| 436 | 436 | ||
| 437 | /* | 437 | /* |
| 438 | * Convert the MLS fields in the security context | 438 | * Convert the MLS fields in the security context |
| 439 | * structure `c' from the values specified in the | 439 | * structure `oldc' from the values specified in the |
| 440 | * policy `oldp' to the values specified in the policy `newp'. | 440 | * policy `oldp' to the values specified in the policy `newp', |
| 441 | * storing the resulting context in `newc'. | ||
| 441 | */ | 442 | */ |
| 442 | int mls_convert_context(struct policydb *oldp, | 443 | int mls_convert_context(struct policydb *oldp, |
| 443 | struct policydb *newp, | 444 | struct policydb *newp, |
| 444 | struct context *c) | 445 | struct context *oldc, |
| 446 | struct context *newc) | ||
| 445 | { | 447 | { |
| 446 | struct level_datum *levdatum; | 448 | struct level_datum *levdatum; |
| 447 | struct cat_datum *catdatum; | 449 | struct cat_datum *catdatum; |
| 448 | struct ebitmap bitmap; | ||
| 449 | struct ebitmap_node *node; | 450 | struct ebitmap_node *node; |
| 450 | int l, i; | 451 | int l, i; |
| 451 | 452 | ||
| @@ -455,28 +456,25 @@ int mls_convert_context(struct policydb *oldp, | |||
| 455 | for (l = 0; l < 2; l++) { | 456 | for (l = 0; l < 2; l++) { |
| 456 | levdatum = hashtab_search(newp->p_levels.table, | 457 | levdatum = hashtab_search(newp->p_levels.table, |
| 457 | sym_name(oldp, SYM_LEVELS, | 458 | sym_name(oldp, SYM_LEVELS, |
| 458 | c->range.level[l].sens - 1)); | 459 | oldc->range.level[l].sens - 1)); |
| 459 | 460 | ||
| 460 | if (!levdatum) | 461 | if (!levdatum) |
| 461 | return -EINVAL; | 462 | return -EINVAL; |
| 462 | c->range.level[l].sens = levdatum->level->sens; | 463 | newc->range.level[l].sens = levdatum->level->sens; |
| 463 | 464 | ||
| 464 | ebitmap_init(&bitmap); | 465 | ebitmap_for_each_positive_bit(&oldc->range.level[l].cat, |
| 465 | ebitmap_for_each_positive_bit(&c->range.level[l].cat, node, i) { | 466 | node, i) { |
| 466 | int rc; | 467 | int rc; |
| 467 | 468 | ||
| 468 | catdatum = hashtab_search(newp->p_cats.table, | 469 | catdatum = hashtab_search(newp->p_cats.table, |
| 469 | sym_name(oldp, SYM_CATS, i)); | 470 | sym_name(oldp, SYM_CATS, i)); |
| 470 | if (!catdatum) | 471 | if (!catdatum) |
| 471 | return -EINVAL; | 472 | return -EINVAL; |
| 472 | rc = ebitmap_set_bit(&bitmap, catdatum->value - 1, 1); | 473 | rc = ebitmap_set_bit(&newc->range.level[l].cat, |
| 474 | catdatum->value - 1, 1); | ||
| 473 | if (rc) | 475 | if (rc) |
| 474 | return rc; | 476 | return rc; |
| 475 | |||
| 476 | cond_resched(); | ||
| 477 | } | 477 | } |
| 478 | ebitmap_destroy(&c->range.level[l].cat); | ||
| 479 | c->range.level[l].cat = bitmap; | ||
| 480 | } | 478 | } |
| 481 | 479 | ||
| 482 | return 0; | 480 | return 0; |