1 files changed, 23 insertions, 0 deletions
diff --git a/security/selinux/ss/context.h b/security/selinux/ss/context.h
index 0562bacb7b99..2eee0dab524d 100644
--- a/security/selinux/ss/context.h
+++ b/security/selinux/ss/context.h
@@ -55,6 +55,29 @@ out:
        return rc;
 }
+/*
+ * Sets both levels in the MLS range of 'dst' to the low level of 'src'.
+ */
+static inline int mls_context_cpy_low(struct context *dst, struct context *src)
+{
+        int rc;
+        if (!selinux_mls_enabled)
+                return 0;
+        dst->range.level[0].sens = src->range.level[0].sens;
+        rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat);
+        if (rc)
+                goto out;
+        dst->range.level[1].sens = src->range.level[0].sens;
+        rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[0].cat);
+        if (rc)
+                ebitmap_destroy(&dst->range.level[0].cat);
+out:
+        return rc;
+}
 static inline int mls_context_cmp(struct context *c1, struct context *c2)
 {
        if (!selinux_mls_enabled)

diff --git a/security/selinux/ss/context.h b/security/selinux/ss/context.h index 0562bacb7b99..2eee0dab524d 100644 --- a/security/selinux/ss/context.h +++ b/security/selinux/ss/context.h
@@ -55,6 +55,29 @@ out:
55	return rc;	55	return rc;
56	}	56	}
57		57
		58	/*
		59	* Sets both levels in the MLS range of 'dst' to the low level of 'src'.
		60	*/
		61	static inline int mls_context_cpy_low(struct context dst, struct context src)
		62	{
		63	int rc;
		64
		65	if (!selinux_mls_enabled)
		66	return 0;
		67
		68	dst->range.level[0].sens = src->range.level[0].sens;
		69	rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat);
		70	if (rc)
		71	goto out;
		72
		73	dst->range.level[1].sens = src->range.level[0].sens;
		74	rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[0].cat);
		75	if (rc)
		76	ebitmap_destroy(&dst->range.level[0].cat);
		77	out:
		78	return rc;
		79	}
		80
58	static inline int mls_context_cmp(struct context c1, struct context c2)	81	static inline int mls_context_cmp(struct context c1, struct context c2)
59	{	82	{
60	if (!selinux_mls_enabled)	83	if (!selinux_mls_enabled)