aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/ss/policydb.c
diff options
context:
space:
mode:
authorDarrel Goeddel <dgoeddel@TrustedCS.com>2006-09-26 02:31:59 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-09-26 11:48:52 -0400
commitf3f8771420737004da55159c2f2dc0b6f483a4ef (patch)
tree01ff2aa4dc82cdc5b2383648f9fabb8378250d00 /security/selinux/ss/policydb.c
parent016b9bdb81d9c9c7800e4e224ade38d8b37669d3 (diff)
[PATCH] selinux: add support for range transitions on object classes
Introduces support for policy version 21. This version of the binary kernel policy allows for defining range transitions on security classes other than the process security class. As always, backwards compatibility for older formats is retained. The security class is read in as specified when using the new format, while the "process" security class is assumed when using an older policy format. Signed-off-by: Darrel Goeddel <dgoeddel@trustedcs.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Acked-by: Eric Paris <eparis@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security/selinux/ss/policydb.c')
-rw-r--r--security/selinux/ss/policydb.c27
1 files changed, 20 insertions, 7 deletions
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index f03960e697ce..b18895302555 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -96,6 +96,11 @@ static struct policydb_compat_info policydb_compat[] = {
96 .sym_num = SYM_NUM, 96 .sym_num = SYM_NUM,
97 .ocon_num = OCON_NUM, 97 .ocon_num = OCON_NUM,
98 }, 98 },
99 {
100 .version = POLICYDB_VERSION_RANGETRANS,
101 .sym_num = SYM_NUM,
102 .ocon_num = OCON_NUM,
103 },
99}; 104};
100 105
101static struct policydb_compat_info *policydb_lookup_compat(int version) 106static struct policydb_compat_info *policydb_lookup_compat(int version)
@@ -645,15 +650,15 @@ void policydb_destroy(struct policydb *p)
645 650
646 for (rt = p->range_tr; rt; rt = rt -> next) { 651 for (rt = p->range_tr; rt; rt = rt -> next) {
647 if (lrt) { 652 if (lrt) {
648 ebitmap_destroy(&lrt->range.level[0].cat); 653 ebitmap_destroy(&lrt->target_range.level[0].cat);
649 ebitmap_destroy(&lrt->range.level[1].cat); 654 ebitmap_destroy(&lrt->target_range.level[1].cat);
650 kfree(lrt); 655 kfree(lrt);
651 } 656 }
652 lrt = rt; 657 lrt = rt;
653 } 658 }
654 if (lrt) { 659 if (lrt) {
655 ebitmap_destroy(&lrt->range.level[0].cat); 660 ebitmap_destroy(&lrt->target_range.level[0].cat);
656 ebitmap_destroy(&lrt->range.level[1].cat); 661 ebitmap_destroy(&lrt->target_range.level[1].cat);
657 kfree(lrt); 662 kfree(lrt);
658 } 663 }
659 664
@@ -1829,6 +1834,7 @@ int policydb_read(struct policydb *p, void *fp)
1829 } 1834 }
1830 1835
1831 if (p->policyvers >= POLICYDB_VERSION_MLS) { 1836 if (p->policyvers >= POLICYDB_VERSION_MLS) {
1837 int new_rangetr = p->policyvers >= POLICYDB_VERSION_RANGETRANS;
1832 rc = next_entry(buf, fp, sizeof(u32)); 1838 rc = next_entry(buf, fp, sizeof(u32));
1833 if (rc < 0) 1839 if (rc < 0)
1834 goto bad; 1840 goto bad;
@@ -1847,9 +1853,16 @@ int policydb_read(struct policydb *p, void *fp)
1847 rc = next_entry(buf, fp, (sizeof(u32) * 2)); 1853 rc = next_entry(buf, fp, (sizeof(u32) * 2));
1848 if (rc < 0) 1854 if (rc < 0)
1849 goto bad; 1855 goto bad;
1850 rt->dom = le32_to_cpu(buf[0]); 1856 rt->source_type = le32_to_cpu(buf[0]);
1851 rt->type = le32_to_cpu(buf[1]); 1857 rt->target_type = le32_to_cpu(buf[1]);
1852 rc = mls_read_range_helper(&rt->range, fp); 1858 if (new_rangetr) {
1859 rc = next_entry(buf, fp, sizeof(u32));
1860 if (rc < 0)
1861 goto bad;
1862 rt->target_class = le32_to_cpu(buf[0]);
1863 } else
1864 rt->target_class = SECCLASS_PROCESS;
1865 rc = mls_read_range_helper(&rt->target_range, fp);
1853 if (rc) 1866 if (rc)
1854 goto bad; 1867 goto bad;
1855 lrt = rt; 1868 lrt = rt;
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-10 23:44:36 -0500