aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/ss/mls.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/ss/mls.c')
-rw-r--r--security/selinux/ss/mls.c27
1 files changed, 14 insertions, 13 deletions
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index feaf0a5b828f..8b1706b7b3cc 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -32,7 +32,7 @@
32 * Return the length in bytes for the MLS fields of the 32 * Return the length in bytes for the MLS fields of the
33 * security context string representation of `context'. 33 * security context string representation of `context'.
34 */ 34 */
35int mls_compute_context_len(struct context * context) 35int mls_compute_context_len(struct context *context)
36{ 36{
37 int i, l, len, head, prev; 37 int i, l, len, head, prev;
38 char *nm; 38 char *nm;
@@ -86,7 +86,7 @@ int mls_compute_context_len(struct context * context)
86 * Update `*scontext' to point to the end of the MLS fields. 86 * Update `*scontext' to point to the end of the MLS fields.
87 */ 87 */
88void mls_sid_to_context(struct context *context, 88void mls_sid_to_context(struct context *context,
89 char **scontext) 89 char **scontext)
90{ 90{
91 char *scontextp, *nm; 91 char *scontextp, *nm;
92 int i, l, head, prev; 92 int i, l, head, prev;
@@ -146,7 +146,7 @@ void mls_sid_to_context(struct context *context,
146 146
147 if (l == 0) { 147 if (l == 0) {
148 if (mls_level_eq(&context->range.level[0], 148 if (mls_level_eq(&context->range.level[0],
149 &context->range.level[1])) 149 &context->range.level[1]))
150 break; 150 break;
151 else 151 else
152 *scontextp++ = '-'; 152 *scontextp++ = '-';
@@ -305,20 +305,21 @@ int mls_context_to_sid(char oldc,
305 *p++ = 0; 305 *p++ = 0;
306 306
307 /* Separate into range if exists */ 307 /* Separate into range if exists */
308 if ((rngptr = strchr(scontextp, '.')) != NULL) { 308 rngptr = strchr(scontextp, '.');
309 if (rngptr != NULL) {
309 /* Remove '.' */ 310 /* Remove '.' */
310 *rngptr++ = 0; 311 *rngptr++ = 0;
311 } 312 }
312 313
313 catdatum = hashtab_search(policydb.p_cats.table, 314 catdatum = hashtab_search(policydb.p_cats.table,
314 scontextp); 315 scontextp);
315 if (!catdatum) { 316 if (!catdatum) {
316 rc = -EINVAL; 317 rc = -EINVAL;
317 goto out; 318 goto out;
318 } 319 }
319 320
320 rc = ebitmap_set_bit(&context->range.level[l].cat, 321 rc = ebitmap_set_bit(&context->range.level[l].cat,
321 catdatum->value - 1, 1); 322 catdatum->value - 1, 1);
322 if (rc) 323 if (rc)
323 goto out; 324 goto out;
324 325
@@ -395,7 +396,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask)
395 rc = -ENOMEM; 396 rc = -ENOMEM;
396 } else { 397 } else {
397 rc = mls_context_to_sid(':', &tmpstr, context, 398 rc = mls_context_to_sid(':', &tmpstr, context,
398 NULL, SECSID_NULL); 399 NULL, SECSID_NULL);
399 kfree(freestr); 400 kfree(freestr);
400 } 401 }
401 402
@@ -406,7 +407,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask)
406 * Copies the MLS range `range' into `context'. 407 * Copies the MLS range `range' into `context'.
407 */ 408 */
408static inline int mls_range_set(struct context *context, 409static inline int mls_range_set(struct context *context,
409 struct mls_range *range) 410 struct mls_range *range)
410{ 411{
411 int l, rc = 0; 412 int l, rc = 0;
412 413
@@ -423,7 +424,7 @@ static inline int mls_range_set(struct context *context,
423} 424}
424 425
425int mls_setup_user_range(struct context *fromcon, struct user_datum *user, 426int mls_setup_user_range(struct context *fromcon, struct user_datum *user,
426 struct context *usercon) 427 struct context *usercon)
427{ 428{
428 if (selinux_mls_enabled) { 429 if (selinux_mls_enabled) {
429 struct mls_level *fromcon_sen = &(fromcon->range.level[0]); 430 struct mls_level *fromcon_sen = &(fromcon->range.level[0]);
@@ -449,11 +450,11 @@ int mls_setup_user_range(struct context *fromcon, struct user_datum *user,
449 that of the user's default clearance (but 450 that of the user's default clearance (but
450 only if the "fromcon" clearance dominates 451 only if the "fromcon" clearance dominates
451 the user's computed sensitivity level) */ 452 the user's computed sensitivity level) */
452 if (mls_level_dom(user_clr, fromcon_clr)) { 453 if (mls_level_dom(user_clr, fromcon_clr))
453 *usercon_clr = *fromcon_clr; 454 *usercon_clr = *fromcon_clr;
454 } else if (mls_level_dom(fromcon_clr, user_clr)) { 455 else if (mls_level_dom(fromcon_clr, user_clr))
455 *usercon_clr = *user_clr; 456 *usercon_clr = *user_clr;
456 } else 457 else
457 return -EINVAL; 458 return -EINVAL;
458 } 459 }
459 460
@@ -525,7 +526,7 @@ int mls_compute_sid(struct context *scontext,
525 rtr->target_class == tclass) { 526 rtr->target_class == tclass) {
526 /* Set the range from the rule */ 527 /* Set the range from the rule */
527 return mls_range_set(newcontext, 528 return mls_range_set(newcontext,
528 &rtr->target_range); 529 &rtr->target_range);
529 } 530 }
530 } 531 }
531 /* Fallthrough */ 532 /* Fallthrough */