diff options
Diffstat (limited to 'security/selinux/ss/mls.c')
| -rw-r--r-- | security/selinux/ss/mls.c | 24 |
1 files changed, 11 insertions, 13 deletions
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index b7efa2296969..5e05f5b902d7 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c | |||
| @@ -440,16 +440,17 @@ int mls_setup_user_range(struct policydb *p, | |||
| 440 | 440 | ||
| 441 | /* | 441 | /* |
| 442 | * Convert the MLS fields in the security context | 442 | * Convert the MLS fields in the security context |
| 443 | * structure `c' from the values specified in the | 443 | * structure `oldc' from the values specified in the |
| 444 | * policy `oldp' to the values specified in the policy `newp'. | 444 | * policy `oldp' to the values specified in the policy `newp', |
| 445 | * storing the resulting context in `newc'. | ||
| 445 | */ | 446 | */ |
| 446 | int mls_convert_context(struct policydb *oldp, | 447 | int mls_convert_context(struct policydb *oldp, |
| 447 | struct policydb *newp, | 448 | struct policydb *newp, |
| 448 | struct context *c) | 449 | struct context *oldc, |
| 450 | struct context *newc) | ||
| 449 | { | 451 | { |
| 450 | struct level_datum *levdatum; | 452 | struct level_datum *levdatum; |
| 451 | struct cat_datum *catdatum; | 453 | struct cat_datum *catdatum; |
| 452 | struct ebitmap bitmap; | ||
| 453 | struct ebitmap_node *node; | 454 | struct ebitmap_node *node; |
| 454 | int l, i; | 455 | int l, i; |
| 455 | 456 | ||
| @@ -459,28 +460,25 @@ int mls_convert_context(struct policydb *oldp, | |||
| 459 | for (l = 0; l < 2; l++) { | 460 | for (l = 0; l < 2; l++) { |
| 460 | levdatum = hashtab_search(newp->p_levels.table, | 461 | levdatum = hashtab_search(newp->p_levels.table, |
| 461 | sym_name(oldp, SYM_LEVELS, | 462 | sym_name(oldp, SYM_LEVELS, |
| 462 | c->range.level[l].sens - 1)); | 463 | oldc->range.level[l].sens - 1)); |
| 463 | 464 | ||
| 464 | if (!levdatum) | 465 | if (!levdatum) |
| 465 | return -EINVAL; | 466 | return -EINVAL; |
| 466 | c->range.level[l].sens = levdatum->level->sens; | 467 | newc->range.level[l].sens = levdatum->level->sens; |
| 467 | 468 | ||
| 468 | ebitmap_init(&bitmap); | 469 | ebitmap_for_each_positive_bit(&oldc->range.level[l].cat, |
| 469 | ebitmap_for_each_positive_bit(&c->range.level[l].cat, node, i) { | 470 | node, i) { |
| 470 | int rc; | 471 | int rc; |
| 471 | 472 | ||
| 472 | catdatum = hashtab_search(newp->p_cats.table, | 473 | catdatum = hashtab_search(newp->p_cats.table, |
| 473 | sym_name(oldp, SYM_CATS, i)); | 474 | sym_name(oldp, SYM_CATS, i)); |
| 474 | if (!catdatum) | 475 | if (!catdatum) |
| 475 | return -EINVAL; | 476 | return -EINVAL; |
| 476 | rc = ebitmap_set_bit(&bitmap, catdatum->value - 1, 1); | 477 | rc = ebitmap_set_bit(&newc->range.level[l].cat, |
| 478 | catdatum->value - 1, 1); | ||
| 477 | if (rc) | 479 | if (rc) |
| 478 | return rc; | 480 | return rc; |
| 479 | |||
| 480 | cond_resched(); | ||
| 481 | } | 481 | } |
| 482 | ebitmap_destroy(&c->range.level[l].cat); | ||
| 483 | c->range.level[l].cat = bitmap; | ||
| 484 | } | 482 | } |
| 485 | 483 | ||
| 486 | return 0; | 484 | return 0; |