selinux: convert part of the sym_val_to_name array to use flex_array

The sym_val_to_name type array can be quite large as it grows linearly with
the number of types.  With known policies having over 5k types these
allocations are growing large enough that they are likely to fail.  Convert
those to flex_array so no allocation is larger than PAGE_SIZE

Signed-off-by: Eric Paris <eparis@redhat.com>

1 files changed, 5 insertions, 1 deletions

diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index 655fe1c6cc69..c3f845cbcd48 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -193,6 +193,7 @@ int cond_index_bool(void *key, void *datum, void *datap)
 {
         struct policydb *p;
         struct cond_bool_datum *booldatum;
+        struct flex_array *fa;
 
         booldatum = datum;
         p = datap;
@@ -200,7 +201,10 @@ int cond_index_bool(void *key, void *datum, void *datap)
         if (!booldatum->value || booldatum->value > p->p_bools.nprim)
                 return -EINVAL;
 
-        p->p_bool_val_to_name[booldatum->value - 1] = key;
+        fa = p->sym_val_to_name[SYM_BOOLS];
+        if (flex_array_put_ptr(fa, booldatum->value - 1, key,
+                               GFP_KERNEL | __GFP_ZERO))
+                BUG();
         p->bool_val_to_struct[booldatum->value - 1] = booldatum;
 
         return 0;