Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (26 commits)
  selinux: include vmalloc.h for vmalloc_user
  secmark: fix config problem when CONFIG_NF_CONNTRACK_SECMARK is not set
  selinux: implement mmap on /selinux/policy
  SELinux: allow userspace to read policy back out of the kernel
  SELinux: drop useless (and incorrect) AVTAB_MAX_SIZE
  SELinux: deterministic ordering of range transition rules
  kernel: roundup should only reference arguments once
  kernel: rounddown helper function
  secmark: export secctx, drop secmark in procfs
  conntrack: export lsm context rather than internal secid via netlink
  security: secid_to_secctx returns len when data is NULL
  secmark: make secmark object handling generic
  secmark: do not return early if there was no error
  AppArmor: Ensure the size of the copy is < the buffer allocated to hold it
  TOMOYO: Print URL information before panic().
  security: remove unused parameter from security_task_setscheduler()
  tpm: change 'tpm_suspend_pcr' to be module parameter
  selinux: fix up style problem on /selinux/status
  selinux: change to new flag variable
  selinux: really fix dependency causing parallel compile failure.
  ...

1 files changed, 44 insertions, 2 deletions

diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
index 929480c6c430..a3dd9faa19c0 100644
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@@ -266,8 +266,8 @@ int avtab_alloc(struct avtab *h, u32 nrules)
         if (shift > 2)
                 shift = shift - 2;
         nslot = 1 << shift;
-        if (nslot > MAX_AVTAB_SIZE)
-                nslot = MAX_AVTAB_SIZE;
+        if (nslot > MAX_AVTAB_HASH_BUCKETS)
+                nslot = MAX_AVTAB_HASH_BUCKETS;
         mask = nslot - 1;
 
         h->htable = kcalloc(nslot, sizeof(*(h->htable)), GFP_KERNEL);
@@ -501,6 +501,48 @@ bad:
         goto out;
 }
 
+int avtab_write_item(struct policydb *p, struct avtab_node *cur, void *fp)
+{
+        __le16 buf16[4];
+        __le32 buf32[1];
+        int rc;
+
+        buf16[0] = cpu_to_le16(cur->key.source_type);
+        buf16[1] = cpu_to_le16(cur->key.target_type);
+        buf16[2] = cpu_to_le16(cur->key.target_class);
+        buf16[3] = cpu_to_le16(cur->key.specified);
+        rc = put_entry(buf16, sizeof(u16), 4, fp);
+        if (rc)
+                return rc;
+        buf32[0] = cpu_to_le32(cur->datum.data);
+        rc = put_entry(buf32, sizeof(u32), 1, fp);
+        if (rc)
+                return rc;
+        return 0;
+}
+
+int avtab_write(struct policydb *p, struct avtab *a, void *fp)
+{
+        unsigned int i;
+        int rc = 0;
+        struct avtab_node *cur;
+        __le32 buf[1];
+
+        buf[0] = cpu_to_le32(a->nel);
+        rc = put_entry(buf, sizeof(u32), 1, fp);
+        if (rc)
+                return rc;
+
+        for (i = 0; i < a->nslot; i++) {
+                for (cur = a->htable[i]; cur; cur = cur->next) {
+                        rc = avtab_write_item(p, cur, fp);
+                        if (rc)
+                                return rc;
+                }
+        }
+
+        return rc;
+}
 void avtab_cache_init(void)
 {
         avtab_node_cachep = kmem_cache_create("avtab_node",