aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/selinux/ss/services.c42
1 files changed, 21 insertions, 21 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 84e2a98d7cc5..ab6dbce5fd2a 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -3041,7 +3041,7 @@ static void security_netlbl_cache_add(struct netlbl_lsm_secattr *secattr,
3041int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, 3041int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
3042 u32 *sid) 3042 u32 *sid)
3043{ 3043{
3044 int rc = -EIDRM; 3044 int rc;
3045 struct context *ctx; 3045 struct context *ctx;
3046 struct context ctx_new; 3046 struct context ctx_new;
3047 3047
@@ -3052,16 +3052,15 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
3052 3052
3053 read_lock(&policy_rwlock); 3053 read_lock(&policy_rwlock);
3054 3054
3055 if (secattr->flags & NETLBL_SECATTR_CACHE) { 3055 if (secattr->flags & NETLBL_SECATTR_CACHE)
3056 *sid = *(u32 *)secattr->cache->data; 3056 *sid = *(u32 *)secattr->cache->data;
3057 rc = 0; 3057 else if (secattr->flags & NETLBL_SECATTR_SECID)
3058 } else if (secattr->flags & NETLBL_SECATTR_SECID) {
3059 *sid = secattr->attr.secid; 3058 *sid = secattr->attr.secid;
3060 rc = 0; 3059 else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) {
3061 } else if (secattr->flags & NETLBL_SECATTR_MLS_LVL) { 3060 rc = -EIDRM;
3062 ctx = sidtab_search(&sidtab, SECINITSID_NETMSG); 3061 ctx = sidtab_search(&sidtab, SECINITSID_NETMSG);
3063 if (ctx == NULL) 3062 if (ctx == NULL)
3064 goto netlbl_secattr_to_sid_return; 3063 goto out;
3065 3064
3066 context_init(&ctx_new); 3065 context_init(&ctx_new);
3067 ctx_new.user = ctx->user; 3066 ctx_new.user = ctx->user;
@@ -3069,34 +3068,35 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr,
3069 ctx_new.type = ctx->type; 3068 ctx_new.type = ctx->type;
3070 mls_import_netlbl_lvl(&ctx_new, secattr); 3069 mls_import_netlbl_lvl(&ctx_new, secattr);
3071 if (secattr->flags & NETLBL_SECATTR_MLS_CAT) { 3070 if (secattr->flags & NETLBL_SECATTR_MLS_CAT) {
3072 if (ebitmap_netlbl_import(&ctx_new.range.level[0].cat, 3071 rc = ebitmap_netlbl_import(&ctx_new.range.level[0].cat,
3073 secattr->attr.mls.cat) != 0) 3072 secattr->attr.mls.cat);
3074 goto netlbl_secattr_to_sid_return; 3073 if (rc)
3074 goto out;
3075 memcpy(&ctx_new.range.level[1].cat, 3075 memcpy(&ctx_new.range.level[1].cat,
3076 &ctx_new.range.level[0].cat, 3076 &ctx_new.range.level[0].cat,
3077 sizeof(ctx_new.range.level[0].cat)); 3077 sizeof(ctx_new.range.level[0].cat));
3078 } 3078 }
3079 if (mls_context_isvalid(&policydb, &ctx_new) != 1) 3079 rc = -EIDRM;
3080 goto netlbl_secattr_to_sid_return_cleanup; 3080 if (!mls_context_isvalid(&policydb, &ctx_new))
3081 goto out_free;
3081 3082
3082 rc = sidtab_context_to_sid(&sidtab, &ctx_new, sid); 3083 rc = sidtab_context_to_sid(&sidtab, &ctx_new, sid);
3083 if (rc != 0) 3084 if (rc)
3084 goto netlbl_secattr_to_sid_return_cleanup; 3085 goto out_free;
3085 3086
3086 security_netlbl_cache_add(secattr, *sid); 3087 security_netlbl_cache_add(secattr, *sid);
3087 3088
3088 ebitmap_destroy(&ctx_new.range.level[0].cat); 3089 ebitmap_destroy(&ctx_new.range.level[0].cat);
3089 } else { 3090 } else
3090 *sid = SECSID_NULL; 3091 *sid = SECSID_NULL;
3091 rc = 0;
3092 }
3093 3092
3094netlbl_secattr_to_sid_return:
3095 read_unlock(&policy_rwlock); 3093 read_unlock(&policy_rwlock);
3096 return rc; 3094 return 0;
3097netlbl_secattr_to_sid_return_cleanup: 3095out_free:
3098 ebitmap_destroy(&ctx_new.range.level[0].cat); 3096 ebitmap_destroy(&ctx_new.range.level[0].cat);
3099 goto netlbl_secattr_to_sid_return; 3097out:
3098 read_unlock(&policy_rwlock);
3099 return rc;
3100} 3100}
3101 3101
3102/** 3102/**