1 files changed, 23 insertions, 25 deletions
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index 3f2b2706b5bb..372b773f8210 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -39,7 +39,7 @@ int mls_compute_context_len(struct context *context)
        struct ebitmap *e;
        struct ebitmap_node *node;
-        if (!selinux_mls_enabled)
+        if (!policydb.mls_enabled)
                return 0;
        len = 1; /* for the beginning ":" */
@@ -93,7 +93,7 @@ void mls_sid_to_context(struct context *context,
        struct ebitmap *e;
        struct ebitmap_node *node;
-        if (!selinux_mls_enabled)
+        if (!policydb.mls_enabled)
                return;
        scontextp = *scontext;
@@ -200,7 +200,7 @@ int mls_context_isvalid(struct policydb *p, struct context *c)
 {
        struct user_datum *usrdatum;
-        if (!selinux_mls_enabled)
+        if (!p->mls_enabled)
                return 1;
        if (!mls_range_isvalid(p, &c->range))
@@ -253,7 +253,7 @@ int mls_context_to_sid(struct policydb *pol,
        struct cat_datum *catdatum, *rngdatum;
        int l, rc = -EINVAL;
-        if (!selinux_mls_enabled) {
+        if (!pol->mls_enabled) {
                if (def_sid != SECSID_NULL && oldc)
                        *scontext += strlen(*scontext)+1;
                return 0;
@@ -387,7 +387,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask)
        char *tmpstr, *freestr;
        int rc;
-        if (!selinux_mls_enabled)
+        if (!policydb.mls_enabled)
                return -EINVAL;
        /* we need freestr because mls_context_to_sid will change
@@ -407,7 +407,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask)
 /*
 * Copies the MLS range `range' into `context'.
 */
-static inline int mls_range_set(struct context *context,
+int mls_range_set(struct context *context,
                                struct mls_range *range)
 {
        int l, rc = 0;
@@ -427,7 +427,7 @@ static inline int mls_range_set(struct context *context,
 int mls_setup_user_range(struct context *fromcon, struct user_datum *user,
                         struct context *usercon)
 {
-        if (selinux_mls_enabled) {
+        if (policydb.mls_enabled) {
                struct mls_level *fromcon_sen = &(fromcon->range.level[0]);
                struct mls_level *fromcon_clr = &(fromcon->range.level[1]);
                struct mls_level *user_low = &(user->range.level[0]);
@@ -477,7 +477,7 @@ int mls_convert_context(struct policydb *oldp,
        struct ebitmap_node *node;
        int l, i;
-        if (!selinux_mls_enabled)
+        if (!policydb.mls_enabled)
                return 0;
        for (l = 0; l < 2; l++) {
@@ -513,23 +513,21 @@ int mls_compute_sid(struct context *scontext,
                    u32 specified,
                    struct context *newcontext)
 {
-        struct range_trans *rtr;
+        struct range_trans rtr;
+        struct mls_range *r;
-        if (!selinux_mls_enabled)
+        if (!policydb.mls_enabled)
                return 0;
        switch (specified) {
        case AVTAB_TRANSITION:
                /* Look for a range transition rule. */
-                for (rtr = policydb.range_tr; rtr; rtr = rtr->next) {
+                rtr.source_type = scontext->type;
-                        if (rtr->source_type == scontext->type &&
+                rtr.target_type = tcontext->type;
-                            rtr->target_type == tcontext->type &&
+                rtr.target_class = tclass;
-                            rtr->target_class == tclass) {
+                r = hashtab_search(policydb.range_tr, &rtr);
-                                /* Set the range from the rule */
+                if (r)
-                                return mls_range_set(newcontext,
+                        return mls_range_set(newcontext, r);
-                                                     &rtr->target_range);
-                        }
-                }
                /* Fallthrough */
        case AVTAB_CHANGE:
                if (tclass == policydb.process_class)
@@ -541,8 +539,8 @@ int mls_compute_sid(struct context *scontext,
        case AVTAB_MEMBER:
                /* Use the process effective MLS attributes. */
                return mls_context_cpy_low(newcontext, scontext);
-        default:
-                return -EINVAL;
+        /* fall through */
        }
        return -EINVAL;
 }
@@ -561,7 +559,7 @@ int mls_compute_sid(struct context *scontext,
 void mls_export_netlbl_lvl(struct context *context,
                           struct netlbl_lsm_secattr *secattr)
 {
-        if (!selinux_mls_enabled)
+        if (!policydb.mls_enabled)
                return;
        secattr->attr.mls.lvl = context->range.level[0].sens - 1;
@@ -581,7 +579,7 @@ void mls_export_netlbl_lvl(struct context *context,
 void mls_import_netlbl_lvl(struct context *context,
                           struct netlbl_lsm_secattr *secattr)
 {
-        if (!selinux_mls_enabled)
+        if (!policydb.mls_enabled)
                return;
        context->range.level[0].sens = secattr->attr.mls.lvl + 1;
@@ -603,7 +601,7 @@ int mls_export_netlbl_cat(struct context *context,
 {
        int rc;
-        if (!selinux_mls_enabled)
+        if (!policydb.mls_enabled)
                return 0;
        rc = ebitmap_netlbl_export(&context->range.level[0].cat,
@@ -631,7 +629,7 @@ int mls_import_netlbl_cat(struct context *context,
 {
        int rc;
-        if (!selinux_mls_enabled)
+        if (!policydb.mls_enabled)
                return 0;
        rc = ebitmap_netlbl_import(&context->range.level[0].cat,

diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index 3f2b2706b5bb..372b773f8210 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c
@@ -39,7 +39,7 @@ int mls_compute_context_len(struct context *context)
39	struct ebitmap *e;	39	struct ebitmap *e;
40	struct ebitmap_node *node;	40	struct ebitmap_node *node;
41		41
42	if (!selinux_mls_enabled)	42	if (!policydb.mls_enabled)
43	return 0;	43	return 0;
44		44
45	len = 1; /* for the beginning ":" */	45	len = 1; /* for the beginning ":" */
@@ -93,7 +93,7 @@ void mls_sid_to_context(struct context *context,
93	struct ebitmap *e;	93	struct ebitmap *e;
94	struct ebitmap_node *node;	94	struct ebitmap_node *node;
95		95
96	if (!selinux_mls_enabled)	96	if (!policydb.mls_enabled)
97	return;	97	return;
98		98
99	scontextp = *scontext;	99	scontextp = *scontext;
@@ -200,7 +200,7 @@ int mls_context_isvalid(struct policydb p, struct context c)
200	{	200	{
201	struct user_datum *usrdatum;	201	struct user_datum *usrdatum;
202		202
203	if (!selinux_mls_enabled)	203	if (!p->mls_enabled)
204	return 1;	204	return 1;
205		205
206	if (!mls_range_isvalid(p, &c->range))	206	if (!mls_range_isvalid(p, &c->range))
@@ -253,7 +253,7 @@ int mls_context_to_sid(struct policydb *pol,
253	struct cat_datum catdatum, rngdatum;	253	struct cat_datum catdatum, rngdatum;
254	int l, rc = -EINVAL;	254	int l, rc = -EINVAL;
255		255
256	if (!selinux_mls_enabled) {	256	if (!pol->mls_enabled) {
257	if (def_sid != SECSID_NULL && oldc)	257	if (def_sid != SECSID_NULL && oldc)
258	scontext += strlen(scontext)+1;	258	scontext += strlen(scontext)+1;
259	return 0;	259	return 0;
@@ -387,7 +387,7 @@ int mls_from_string(char str, struct context context, gfp_t gfp_mask)
387	char tmpstr, freestr;	387	char tmpstr, freestr;
388	int rc;	388	int rc;
389		389
390	if (!selinux_mls_enabled)	390	if (!policydb.mls_enabled)
391	return -EINVAL;	391	return -EINVAL;
392		392
393	/* we need freestr because mls_context_to_sid will change	393	/* we need freestr because mls_context_to_sid will change
@@ -407,7 +407,7 @@ int mls_from_string(char str, struct context context, gfp_t gfp_mask)
407	/*	407	/*
408	* Copies the MLS range `range' into `context'.	408	* Copies the MLS range `range' into `context'.
409	*/	409	*/
410	static inline int mls_range_set(struct context *context,	410	int mls_range_set(struct context *context,
411	struct mls_range *range)	411	struct mls_range *range)
412	{	412	{
413	int l, rc = 0;	413	int l, rc = 0;
@@ -427,7 +427,7 @@ static inline int mls_range_set(struct context *context,
427	int mls_setup_user_range(struct context fromcon, struct user_datum user,	427	int mls_setup_user_range(struct context fromcon, struct user_datum user,
428	struct context *usercon)	428	struct context *usercon)
429	{	429	{
430	if (selinux_mls_enabled) {	430	if (policydb.mls_enabled) {
431	struct mls_level *fromcon_sen = &(fromcon->range.level[0]);	431	struct mls_level *fromcon_sen = &(fromcon->range.level[0]);
432	struct mls_level *fromcon_clr = &(fromcon->range.level[1]);	432	struct mls_level *fromcon_clr = &(fromcon->range.level[1]);
433	struct mls_level *user_low = &(user->range.level[0]);	433	struct mls_level *user_low = &(user->range.level[0]);
@@ -477,7 +477,7 @@ int mls_convert_context(struct policydb *oldp,
477	struct ebitmap_node *node;	477	struct ebitmap_node *node;
478	int l, i;	478	int l, i;
479		479
480	if (!selinux_mls_enabled)	480	if (!policydb.mls_enabled)
481	return 0;	481	return 0;
482		482
483	for (l = 0; l < 2; l++) {	483	for (l = 0; l < 2; l++) {
@@ -513,23 +513,21 @@ int mls_compute_sid(struct context *scontext,
513	u32 specified,	513	u32 specified,
514	struct context *newcontext)	514	struct context *newcontext)
515	{	515	{
516	struct range_trans *rtr;	516	struct range_trans rtr;
		517	struct mls_range *r;
517		518
518	if (!selinux_mls_enabled)	519	if (!policydb.mls_enabled)
519	return 0;	520	return 0;
520		521
521	switch (specified) {	522	switch (specified) {
522	case AVTAB_TRANSITION:	523	case AVTAB_TRANSITION:
523	/* Look for a range transition rule. */	524	/* Look for a range transition rule. */
524	for (rtr = policydb.range_tr; rtr; rtr = rtr->next) {	525	rtr.source_type = scontext->type;
525	if (rtr->source_type == scontext->type &&	526	rtr.target_type = tcontext->type;
526	rtr->target_type == tcontext->type &&	527	rtr.target_class = tclass;
527	rtr->target_class == tclass) {	528	r = hashtab_search(policydb.range_tr, &rtr);
528	/* Set the range from the rule */	529	if (r)
529	return mls_range_set(newcontext,	530	return mls_range_set(newcontext, r);
530	&rtr->target_range);
531	}
532	}
533	/* Fallthrough */	531	/* Fallthrough */
534	case AVTAB_CHANGE:	532	case AVTAB_CHANGE:
535	if (tclass == policydb.process_class)	533	if (tclass == policydb.process_class)
@@ -541,8 +539,8 @@ int mls_compute_sid(struct context *scontext,
541	case AVTAB_MEMBER:	539	case AVTAB_MEMBER:
542	/* Use the process effective MLS attributes. */	540	/* Use the process effective MLS attributes. */
543	return mls_context_cpy_low(newcontext, scontext);	541	return mls_context_cpy_low(newcontext, scontext);
544	default:	542
545	return -EINVAL;	543	/* fall through */
546	}	544	}
547	return -EINVAL;	545	return -EINVAL;
548	}	546	}
@@ -561,7 +559,7 @@ int mls_compute_sid(struct context *scontext,
561	void mls_export_netlbl_lvl(struct context *context,	559	void mls_export_netlbl_lvl(struct context *context,
562	struct netlbl_lsm_secattr *secattr)	560	struct netlbl_lsm_secattr *secattr)
563	{	561	{
564	if (!selinux_mls_enabled)	562	if (!policydb.mls_enabled)
565	return;	563	return;
566		564
567	secattr->attr.mls.lvl = context->range.level[0].sens - 1;	565	secattr->attr.mls.lvl = context->range.level[0].sens - 1;
@@ -581,7 +579,7 @@ void mls_export_netlbl_lvl(struct context *context,
581	void mls_import_netlbl_lvl(struct context *context,	579	void mls_import_netlbl_lvl(struct context *context,
582	struct netlbl_lsm_secattr *secattr)	580	struct netlbl_lsm_secattr *secattr)
583	{	581	{
584	if (!selinux_mls_enabled)	582	if (!policydb.mls_enabled)
585	return;	583	return;
586		584
587	context->range.level[0].sens = secattr->attr.mls.lvl + 1;	585	context->range.level[0].sens = secattr->attr.mls.lvl + 1;
@@ -603,7 +601,7 @@ int mls_export_netlbl_cat(struct context *context,
603	{	601	{
604	int rc;	602	int rc;
605		603
606	if (!selinux_mls_enabled)	604	if (!policydb.mls_enabled)
607	return 0;	605	return 0;
608		606
609	rc = ebitmap_netlbl_export(&context->range.level[0].cat,	607	rc = ebitmap_netlbl_export(&context->range.level[0].cat,
@@ -631,7 +629,7 @@ int mls_import_netlbl_cat(struct context *context,
631	{	629	{
632	int rc;	630	int rc;
633		631
634	if (!selinux_mls_enabled)	632	if (!policydb.mls_enabled)
635	return 0;	633	return 0;
636		634
637	rc = ebitmap_netlbl_import(&context->range.level[0].cat,	635	rc = ebitmap_netlbl_import(&context->range.level[0].cat,