diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-14 16:36:55 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-07-14 16:36:55 -0400 |
commit | 847106ff628805e1a0aa91e7f53381f3fdfcd839 (patch) | |
tree | 457c8d6a5ff20f4d0f28634a196f92273298e49e /security/selinux/ss/policydb.c | |
parent | c142bda458a9c81097238800e1bd8eeeea09913d (diff) | |
parent | 6f0f0fd496333777d53daff21a4e3b28c4d03a6d (diff) |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: (25 commits)
security: remove register_security hook
security: remove dummy module fix
security: remove dummy module
security: remove unused sb_get_mnt_opts hook
LSM/SELinux: show LSM mount options in /proc/mounts
SELinux: allow fstype unknown to policy to use xattrs if present
security: fix return of void-valued expressions
SELinux: use do_each_thread as a proper do/while block
SELinux: remove unused and shadowed addrlen variable
SELinux: more user friendly unknown handling printk
selinux: change handling of invalid classes (Was: Re: 2.6.26-rc5-mm1 selinux whine)
SELinux: drop load_mutex in security_load_policy
SELinux: fix off by 1 reference of class_to_string in context_struct_compute_av
SELinux: open code sidtab lock
SELinux: open code load_mutex
SELinux: open code policy_rwlock
selinux: fix endianness bug in network node address handling
selinux: simplify ioctl checking
SELinux: enable processes with mac_admin to get the raw inode contexts
Security: split proc ptrace checking into read vs. attach
...
Diffstat (limited to 'security/selinux/ss/policydb.c')
-rw-r--r-- | security/selinux/ss/policydb.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 84f8cc73c7db..2391761ae422 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c | |||
@@ -1478,7 +1478,8 @@ int policydb_read(struct policydb *p, void *fp) | |||
1478 | struct ocontext *l, *c, *newc; | 1478 | struct ocontext *l, *c, *newc; |
1479 | struct genfs *genfs_p, *genfs, *newgenfs; | 1479 | struct genfs *genfs_p, *genfs, *newgenfs; |
1480 | int i, j, rc; | 1480 | int i, j, rc; |
1481 | __le32 buf[8]; | 1481 | __le32 buf[4]; |
1482 | u32 nodebuf[8]; | ||
1482 | u32 len, len2, config, nprim, nel, nel2; | 1483 | u32 len, len2, config, nprim, nel, nel2; |
1483 | char *policydb_str; | 1484 | char *policydb_str; |
1484 | struct policydb_compat_info *info; | 1485 | struct policydb_compat_info *info; |
@@ -1749,11 +1750,11 @@ int policydb_read(struct policydb *p, void *fp) | |||
1749 | goto bad; | 1750 | goto bad; |
1750 | break; | 1751 | break; |
1751 | case OCON_NODE: | 1752 | case OCON_NODE: |
1752 | rc = next_entry(buf, fp, sizeof(u32) * 2); | 1753 | rc = next_entry(nodebuf, fp, sizeof(u32) * 2); |
1753 | if (rc < 0) | 1754 | if (rc < 0) |
1754 | goto bad; | 1755 | goto bad; |
1755 | c->u.node.addr = le32_to_cpu(buf[0]); | 1756 | c->u.node.addr = nodebuf[0]; /* network order */ |
1756 | c->u.node.mask = le32_to_cpu(buf[1]); | 1757 | c->u.node.mask = nodebuf[1]; /* network order */ |
1757 | rc = context_read_and_validate(&c->context[0], p, fp); | 1758 | rc = context_read_and_validate(&c->context[0], p, fp); |
1758 | if (rc) | 1759 | if (rc) |
1759 | goto bad; | 1760 | goto bad; |
@@ -1782,13 +1783,13 @@ int policydb_read(struct policydb *p, void *fp) | |||
1782 | case OCON_NODE6: { | 1783 | case OCON_NODE6: { |
1783 | int k; | 1784 | int k; |
1784 | 1785 | ||
1785 | rc = next_entry(buf, fp, sizeof(u32) * 8); | 1786 | rc = next_entry(nodebuf, fp, sizeof(u32) * 8); |
1786 | if (rc < 0) | 1787 | if (rc < 0) |
1787 | goto bad; | 1788 | goto bad; |
1788 | for (k = 0; k < 4; k++) | 1789 | for (k = 0; k < 4; k++) |
1789 | c->u.node6.addr[k] = le32_to_cpu(buf[k]); | 1790 | c->u.node6.addr[k] = nodebuf[k]; |
1790 | for (k = 0; k < 4; k++) | 1791 | for (k = 0; k < 4; k++) |
1791 | c->u.node6.mask[k] = le32_to_cpu(buf[k+4]); | 1792 | c->u.node6.mask[k] = nodebuf[k+4]; |
1792 | if (context_read_and_validate(&c->context[0], p, fp)) | 1793 | if (context_read_and_validate(&c->context[0], p, fp)) |
1793 | goto bad; | 1794 | goto bad; |
1794 | break; | 1795 | break; |