1 files changed, 0 insertions, 91 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index bfe122764c98..33ae1020091e 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1018,89 +1018,6 @@ int security_change_sid(u32 ssid,
        return security_compute_sid(ssid, tsid, tclass, AVTAB_CHANGE, out_sid);
 }
-/*
- * Verify that each permission that is defined under the
- * existing policy is still defined with the same value
- * in the new policy.
- */
-static int validate_perm(void *key, void *datum, void *p)
-{
-        struct hashtab *h;
-        struct perm_datum *perdatum, *perdatum2;
-        int rc = 0;
-        h = p;
-        perdatum = datum;
-        perdatum2 = hashtab_search(h, key);
-        if (!perdatum2) {
-                printk(KERN_ERR "security:  permission %s disappeared",
-                       (char *)key);
-                rc = -ENOENT;
-                goto out;
-        }
-        if (perdatum->value != perdatum2->value) {
-                printk(KERN_ERR "security:  the value of permission %s changed",
-                       (char *)key);
-                rc = -EINVAL;
-        }
-out:
-        return rc;
-}
-/*
- * Verify that each class that is defined under the
- * existing policy is still defined with the same
- * attributes in the new policy.
- */
-static int validate_class(void *key, void *datum, void *p)
-{
-        struct policydb *newp;
-        struct class_datum *cladatum, *cladatum2;
-        int rc;
-        newp = p;
-        cladatum = datum;
-        cladatum2 = hashtab_search(newp->p_classes.table, key);
-        if (!cladatum2) {
-                printk(KERN_ERR "security:  class %s disappeared\n",
-                       (char *)key);
-                rc = -ENOENT;
-                goto out;
-        }
-        if (cladatum->value != cladatum2->value) {
-                printk(KERN_ERR "security:  the value of class %s changed\n",
-                       (char *)key);
-                rc = -EINVAL;
-                goto out;
-        }
-        if ((cladatum->comdatum && !cladatum2->comdatum) ||
-            (!cladatum->comdatum && cladatum2->comdatum)) {
-                printk(KERN_ERR "security:  the inherits clause for the access "
-                       "vector definition for class %s changed\n", (char *)key);
-                rc = -EINVAL;
-                goto out;
-        }
-        if (cladatum->comdatum) {
-                rc = hashtab_map(cladatum->comdatum->permissions.table, validate_perm,
-                                 cladatum2->comdatum->permissions.table);
-                if (rc) {
-                        printk(" in the access vector definition for class "
-                               "%s\n", (char *)key);
-                        goto out;
-                }
-        }
-        rc = hashtab_map(cladatum->permissions.table, validate_perm,
-                         cladatum2->permissions.table);
-        if (rc)
-                printk(" in access vector definition for class %s\n",
-                       (char *)key);
-out:
-        return rc;
-}
 /* Clone the SID into the new SID table. */
 static int clone_sid(u32 sid,
                     struct context *context,
@@ -1265,14 +1182,6 @@ int security_load_policy(void *data, size_t len)
        sidtab_init(&newsidtab);
-        /* Verify that the existing classes did not change. */
-        if (hashtab_map(policydb.p_classes.table, validate_class, &newpolicydb)) {
-                printk(KERN_ERR "security:  the definition of an existing "
-                       "class changed\n");
-                rc = -EINVAL;
-                goto err;
-        }
        /* Clone the SID table. */
        sidtab_shutdown(&sidtab);
        if (sidtab_map(&sidtab, clone_sid, &newsidtab)) {

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index bfe122764c98..33ae1020091e 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c
@@ -1018,89 +1018,6 @@ int security_change_sid(u32 ssid,
1018	return security_compute_sid(ssid, tsid, tclass, AVTAB_CHANGE, out_sid);	1018	return security_compute_sid(ssid, tsid, tclass, AVTAB_CHANGE, out_sid);
1019	}	1019	}
1020		1020
1021	/*
1022	* Verify that each permission that is defined under the
1023	* existing policy is still defined with the same value
1024	* in the new policy.
1025	*/
1026	static int validate_perm(void key, void datum, void *p)
1027	{
1028	struct hashtab *h;
1029	struct perm_datum perdatum, perdatum2;
1030	int rc = 0;
1031
1032
1033	h = p;
1034	perdatum = datum;
1035
1036	perdatum2 = hashtab_search(h, key);
1037	if (!perdatum2) {
1038	printk(KERN_ERR "security: permission %s disappeared",
1039	(char *)key);
1040	rc = -ENOENT;
1041	goto out;
1042	}
1043	if (perdatum->value != perdatum2->value) {
1044	printk(KERN_ERR "security: the value of permission %s changed",
1045	(char *)key);
1046	rc = -EINVAL;
1047	}
1048	out:
1049	return rc;
1050	}
1051
1052	/*
1053	* Verify that each class that is defined under the
1054	* existing policy is still defined with the same
1055	* attributes in the new policy.
1056	*/
1057	static int validate_class(void key, void datum, void *p)
1058	{
1059	struct policydb *newp;
1060	struct class_datum cladatum, cladatum2;
1061	int rc;
1062
1063	newp = p;
1064	cladatum = datum;
1065
1066	cladatum2 = hashtab_search(newp->p_classes.table, key);
1067	if (!cladatum2) {
1068	printk(KERN_ERR "security: class %s disappeared\n",
1069	(char *)key);
1070	rc = -ENOENT;
1071	goto out;
1072	}
1073	if (cladatum->value != cladatum2->value) {
1074	printk(KERN_ERR "security: the value of class %s changed\n",
1075	(char *)key);
1076	rc = -EINVAL;
1077	goto out;
1078	}
1079	if ((cladatum->comdatum && !cladatum2->comdatum) \|\|
1080	(!cladatum->comdatum && cladatum2->comdatum)) {
1081	printk(KERN_ERR "security: the inherits clause for the access "
1082	"vector definition for class %s changed\n", (char *)key);
1083	rc = -EINVAL;
1084	goto out;
1085	}
1086	if (cladatum->comdatum) {
1087	rc = hashtab_map(cladatum->comdatum->permissions.table, validate_perm,
1088	cladatum2->comdatum->permissions.table);
1089	if (rc) {
1090	printk(" in the access vector definition for class "
1091	"%s\n", (char *)key);
1092	goto out;
1093	}
1094	}
1095	rc = hashtab_map(cladatum->permissions.table, validate_perm,
1096	cladatum2->permissions.table);
1097	if (rc)
1098	printk(" in access vector definition for class %s\n",
1099	(char *)key);
1100	out:
1101	return rc;
1102	}
1103
1104	/* Clone the SID into the new SID table. */	1021	/* Clone the SID into the new SID table. */
1105	static int clone_sid(u32 sid,	1022	static int clone_sid(u32 sid,
1106	struct context *context,	1023	struct context *context,
@@ -1265,14 +1182,6 @@ int security_load_policy(void *data, size_t len)
1265		1182
1266	sidtab_init(&newsidtab);	1183	sidtab_init(&newsidtab);
1267		1184
1268	/* Verify that the existing classes did not change. */
1269	if (hashtab_map(policydb.p_classes.table, validate_class, &newpolicydb)) {
1270	printk(KERN_ERR "security: the definition of an existing "
1271	"class changed\n");
1272	rc = -EINVAL;
1273	goto err;
1274	}
1275
1276	/* Clone the SID table. */	1185	/* Clone the SID table. */
1277	sidtab_shutdown(&sidtab);	1186	sidtab_shutdown(&sidtab);
1278	if (sidtab_map(&sidtab, clone_sid, &newsidtab)) {	1187	if (sidtab_map(&sidtab, clone_sid, &newsidtab)) {