diff options
Diffstat (limited to 'security/selinux/ss')
-rw-r--r-- | security/selinux/ss/services.c | 37 |
1 files changed, 22 insertions, 15 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 0b44f5a2b7b..1de60ce90d9 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -1760,22 +1760,28 @@ int security_load_policy(void *data, size_t len) | |||
1760 | 1760 | ||
1761 | if (!ss_initialized) { | 1761 | if (!ss_initialized) { |
1762 | avtab_cache_init(); | 1762 | avtab_cache_init(); |
1763 | if (policydb_read(&policydb, fp)) { | 1763 | rc = policydb_read(&policydb, fp); |
1764 | if (rc) { | ||
1764 | avtab_cache_destroy(); | 1765 | avtab_cache_destroy(); |
1765 | return -EINVAL; | 1766 | return rc; |
1766 | } | 1767 | } |
1767 | if (selinux_set_mapping(&policydb, secclass_map, | 1768 | |
1768 | ¤t_mapping, | 1769 | rc = selinux_set_mapping(&policydb, secclass_map, |
1769 | ¤t_mapping_size)) { | 1770 | ¤t_mapping, |
1771 | ¤t_mapping_size); | ||
1772 | if (rc) { | ||
1770 | policydb_destroy(&policydb); | 1773 | policydb_destroy(&policydb); |
1771 | avtab_cache_destroy(); | 1774 | avtab_cache_destroy(); |
1772 | return -EINVAL; | 1775 | return rc; |
1773 | } | 1776 | } |
1774 | if (policydb_load_isids(&policydb, &sidtab)) { | 1777 | |
1778 | rc = policydb_load_isids(&policydb, &sidtab); | ||
1779 | if (rc) { | ||
1775 | policydb_destroy(&policydb); | 1780 | policydb_destroy(&policydb); |
1776 | avtab_cache_destroy(); | 1781 | avtab_cache_destroy(); |
1777 | return -EINVAL; | 1782 | return rc; |
1778 | } | 1783 | } |
1784 | |||
1779 | security_load_policycaps(); | 1785 | security_load_policycaps(); |
1780 | ss_initialized = 1; | 1786 | ss_initialized = 1; |
1781 | seqno = ++latest_granting; | 1787 | seqno = ++latest_granting; |
@@ -1791,8 +1797,9 @@ int security_load_policy(void *data, size_t len) | |||
1791 | sidtab_hash_eval(&sidtab, "sids"); | 1797 | sidtab_hash_eval(&sidtab, "sids"); |
1792 | #endif | 1798 | #endif |
1793 | 1799 | ||
1794 | if (policydb_read(&newpolicydb, fp)) | 1800 | rc = policydb_read(&newpolicydb, fp); |
1795 | return -EINVAL; | 1801 | if (rc) |
1802 | return rc; | ||
1796 | 1803 | ||
1797 | /* If switching between different policy types, log MLS status */ | 1804 | /* If switching between different policy types, log MLS status */ |
1798 | if (policydb.mls_enabled && !newpolicydb.mls_enabled) | 1805 | if (policydb.mls_enabled && !newpolicydb.mls_enabled) |
@@ -1807,8 +1814,8 @@ int security_load_policy(void *data, size_t len) | |||
1807 | return rc; | 1814 | return rc; |
1808 | } | 1815 | } |
1809 | 1816 | ||
1810 | if (selinux_set_mapping(&newpolicydb, secclass_map, | 1817 | rc = selinux_set_mapping(&newpolicydb, secclass_map, &map, &map_size); |
1811 | &map, &map_size)) | 1818 | if (rc) |
1812 | goto err; | 1819 | goto err; |
1813 | 1820 | ||
1814 | rc = security_preserve_bools(&newpolicydb); | 1821 | rc = security_preserve_bools(&newpolicydb); |
@@ -1819,10 +1826,10 @@ int security_load_policy(void *data, size_t len) | |||
1819 | 1826 | ||
1820 | /* Clone the SID table. */ | 1827 | /* Clone the SID table. */ |
1821 | sidtab_shutdown(&sidtab); | 1828 | sidtab_shutdown(&sidtab); |
1822 | if (sidtab_map(&sidtab, clone_sid, &newsidtab)) { | 1829 | |
1823 | rc = -ENOMEM; | 1830 | rc = sidtab_map(&sidtab, clone_sid, &newsidtab); |
1831 | if (rc) | ||
1824 | goto err; | 1832 | goto err; |
1825 | } | ||
1826 | 1833 | ||
1827 | /* | 1834 | /* |
1828 | * Convert the internal representations of contexts | 1835 | * Convert the internal representations of contexts |