diff options
-rw-r--r-- | security/selinux/ss/services.c | 42 |
1 files changed, 21 insertions, 21 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 84e2a98d7cc5..ab6dbce5fd2a 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -3041,7 +3041,7 @@ static void security_netlbl_cache_add(struct netlbl_lsm_secattr *secattr, | |||
3041 | int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, | 3041 | int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, |
3042 | u32 *sid) | 3042 | u32 *sid) |
3043 | { | 3043 | { |
3044 | int rc = -EIDRM; | 3044 | int rc; |
3045 | struct context *ctx; | 3045 | struct context *ctx; |
3046 | struct context ctx_new; | 3046 | struct context ctx_new; |
3047 | 3047 | ||
@@ -3052,16 +3052,15 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, | |||
3052 | 3052 | ||
3053 | read_lock(&policy_rwlock); | 3053 | read_lock(&policy_rwlock); |
3054 | 3054 | ||
3055 | if (secattr->flags & NETLBL_SECATTR_CACHE) { | 3055 | if (secattr->flags & NETLBL_SECATTR_CACHE) |
3056 | *sid = *(u32 *)secattr->cache->data; | 3056 | *sid = *(u32 *)secattr->cache->data; |
3057 | rc = 0; | 3057 | else if (secattr->flags & NETLBL_SECATTR_SECID) |
3058 | } else if (secattr->flags & NETLBL_SECATTR_SECID) { | ||
3059 | *sid = secattr->attr.secid; | 3058 | *sid = secattr->attr.secid; |
3060 | rc = 0; | 3059 | else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) { |
3061 | } else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) { | 3060 | rc = -EIDRM; |
3062 | ctx = sidtab_search(&sidtab, SECINITSID_NETMSG); | 3061 | ctx = sidtab_search(&sidtab, SECINITSID_NETMSG); |
3063 | if (ctx == NULL) | 3062 | if (ctx == NULL) |
3064 | goto netlbl_secattr_to_sid_return; | 3063 | goto out; |
3065 | 3064 | ||
3066 | context_init(&ctx_new); | 3065 | context_init(&ctx_new); |
3067 | ctx_new.user = ctx->user; | 3066 | ctx_new.user = ctx->user; |
@@ -3069,34 +3068,35 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, | |||
3069 | ctx_new.type = ctx->type; | 3068 | ctx_new.type = ctx->type; |
3070 | mls_import_netlbl_lvl(&ctx_new, secattr); | 3069 | mls_import_netlbl_lvl(&ctx_new, secattr); |
3071 | if (secattr->flags & NETLBL_SECATTR_MLS_CAT) { | 3070 | if (secattr->flags & NETLBL_SECATTR_MLS_CAT) { |
3072 | if (ebitmap_netlbl_import(&ctx_new.range.level[0].cat, | 3071 | rc = ebitmap_netlbl_import(&ctx_new.range.level[0].cat, |
3073 | secattr->attr.mls.cat) != 0) | 3072 | secattr->attr.mls.cat); |
3074 | goto netlbl_secattr_to_sid_return; | 3073 | if (rc) |
3074 | goto out; | ||
3075 | memcpy(&ctx_new.range.level[1].cat, | 3075 | memcpy(&ctx_new.range.level[1].cat, |
3076 | &ctx_new.range.level[0].cat, | 3076 | &ctx_new.range.level[0].cat, |
3077 | sizeof(ctx_new.range.level[0].cat)); | 3077 | sizeof(ctx_new.range.level[0].cat)); |
3078 | } | 3078 | } |
3079 | if (mls_context_isvalid(&policydb, &ctx_new) != 1) | 3079 | rc = -EIDRM; |
3080 | goto netlbl_secattr_to_sid_return_cleanup; | 3080 | if (!mls_context_isvalid(&policydb, &ctx_new)) |
3081 | goto out_free; | ||
3081 | 3082 | ||
3082 | rc = sidtab_context_to_sid(&sidtab, &ctx_new, sid); | 3083 | rc = sidtab_context_to_sid(&sidtab, &ctx_new, sid); |
3083 | if (rc != 0) | 3084 | if (rc) |
3084 | goto netlbl_secattr_to_sid_return_cleanup; | 3085 | goto out_free; |
3085 | 3086 | ||
3086 | security_netlbl_cache_add(secattr, *sid); | 3087 | security_netlbl_cache_add(secattr, *sid); |
3087 | 3088 | ||
3088 | ebitmap_destroy(&ctx_new.range.level[0].cat); | 3089 | ebitmap_destroy(&ctx_new.range.level[0].cat); |
3089 | } else { | 3090 | } else |
3090 | *sid = SECSID_NULL; | 3091 | *sid = SECSID_NULL; |
3091 | rc = 0; | ||
3092 | } | ||
3093 | 3092 | ||
3094 | netlbl_secattr_to_sid_return: | ||
3095 | read_unlock(&policy_rwlock); | 3093 | read_unlock(&policy_rwlock); |
3096 | return rc; | 3094 | return 0; |
3097 | netlbl_secattr_to_sid_return_cleanup: | 3095 | out_free: |
3098 | ebitmap_destroy(&ctx_new.range.level[0].cat); | 3096 | ebitmap_destroy(&ctx_new.range.level[0].cat); |
3099 | goto netlbl_secattr_to_sid_return; | 3097 | out: |
3098 | read_unlock(&policy_rwlock); | ||
3099 | return rc; | ||
3100 | } | 3100 | } |
3101 | 3101 | ||
3102 | /** | 3102 | /** |