Initialize policydb.process_class eariler.

Initialize policydb.process_class once all symtabs read from policy image,
so that it could be used to setup the role_trans.tclass field when a lower
version policy.X is loaded.

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Eric Paris <eparis@redhat.com>

1 files changed, 5 insertions, 5 deletions

diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index a493eae24e0a..82373eb2dc97 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -2275,6 +2275,11 @@ int policydb_read(struct policydb *p, void *fp)
                 p->symtab[i].nprim = nprim;
         }
 
+        rc = -EINVAL;
+        p->process_class = string_to_security_class(p, "process");
+        if (!p->process_class)
+                goto bad;
+
         rc = avtab_read(&p->te_avtab, fp, p);
         if (rc)
                 goto bad;
@@ -2359,11 +2364,6 @@ int policydb_read(struct policydb *p, void *fp)
                 goto bad;
 
         rc = -EINVAL;
-        p->process_class = string_to_security_class(p, "process");
-        if (!p->process_class)
-                goto bad;
-
-        rc = -EINVAL;
         p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition");
         p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition");
         if (!p->process_trans_perms)