diff options
Diffstat (limited to 'security/selinux/ss/mls.c')
-rw-r--r-- | security/selinux/ss/mls.c | 27 |
1 files changed, 14 insertions, 13 deletions
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index feaf0a5b828f..8b1706b7b3cc 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c | |||
@@ -32,7 +32,7 @@ | |||
32 | * Return the length in bytes for the MLS fields of the | 32 | * Return the length in bytes for the MLS fields of the |
33 | * security context string representation of `context'. | 33 | * security context string representation of `context'. |
34 | */ | 34 | */ |
35 | int mls_compute_context_len(struct context * context) | 35 | int mls_compute_context_len(struct context *context) |
36 | { | 36 | { |
37 | int i, l, len, head, prev; | 37 | int i, l, len, head, prev; |
38 | char *nm; | 38 | char *nm; |
@@ -86,7 +86,7 @@ int mls_compute_context_len(struct context * context) | |||
86 | * Update `*scontext' to point to the end of the MLS fields. | 86 | * Update `*scontext' to point to the end of the MLS fields. |
87 | */ | 87 | */ |
88 | void mls_sid_to_context(struct context *context, | 88 | void mls_sid_to_context(struct context *context, |
89 | char **scontext) | 89 | char **scontext) |
90 | { | 90 | { |
91 | char *scontextp, *nm; | 91 | char *scontextp, *nm; |
92 | int i, l, head, prev; | 92 | int i, l, head, prev; |
@@ -146,7 +146,7 @@ void mls_sid_to_context(struct context *context, | |||
146 | 146 | ||
147 | if (l == 0) { | 147 | if (l == 0) { |
148 | if (mls_level_eq(&context->range.level[0], | 148 | if (mls_level_eq(&context->range.level[0], |
149 | &context->range.level[1])) | 149 | &context->range.level[1])) |
150 | break; | 150 | break; |
151 | else | 151 | else |
152 | *scontextp++ = '-'; | 152 | *scontextp++ = '-'; |
@@ -305,20 +305,21 @@ int mls_context_to_sid(char oldc, | |||
305 | *p++ = 0; | 305 | *p++ = 0; |
306 | 306 | ||
307 | /* Separate into range if exists */ | 307 | /* Separate into range if exists */ |
308 | if ((rngptr = strchr(scontextp, '.')) != NULL) { | 308 | rngptr = strchr(scontextp, '.'); |
309 | if (rngptr != NULL) { | ||
309 | /* Remove '.' */ | 310 | /* Remove '.' */ |
310 | *rngptr++ = 0; | 311 | *rngptr++ = 0; |
311 | } | 312 | } |
312 | 313 | ||
313 | catdatum = hashtab_search(policydb.p_cats.table, | 314 | catdatum = hashtab_search(policydb.p_cats.table, |
314 | scontextp); | 315 | scontextp); |
315 | if (!catdatum) { | 316 | if (!catdatum) { |
316 | rc = -EINVAL; | 317 | rc = -EINVAL; |
317 | goto out; | 318 | goto out; |
318 | } | 319 | } |
319 | 320 | ||
320 | rc = ebitmap_set_bit(&context->range.level[l].cat, | 321 | rc = ebitmap_set_bit(&context->range.level[l].cat, |
321 | catdatum->value - 1, 1); | 322 | catdatum->value - 1, 1); |
322 | if (rc) | 323 | if (rc) |
323 | goto out; | 324 | goto out; |
324 | 325 | ||
@@ -395,7 +396,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask) | |||
395 | rc = -ENOMEM; | 396 | rc = -ENOMEM; |
396 | } else { | 397 | } else { |
397 | rc = mls_context_to_sid(':', &tmpstr, context, | 398 | rc = mls_context_to_sid(':', &tmpstr, context, |
398 | NULL, SECSID_NULL); | 399 | NULL, SECSID_NULL); |
399 | kfree(freestr); | 400 | kfree(freestr); |
400 | } | 401 | } |
401 | 402 | ||
@@ -406,7 +407,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask) | |||
406 | * Copies the MLS range `range' into `context'. | 407 | * Copies the MLS range `range' into `context'. |
407 | */ | 408 | */ |
408 | static inline int mls_range_set(struct context *context, | 409 | static inline int mls_range_set(struct context *context, |
409 | struct mls_range *range) | 410 | struct mls_range *range) |
410 | { | 411 | { |
411 | int l, rc = 0; | 412 | int l, rc = 0; |
412 | 413 | ||
@@ -423,7 +424,7 @@ static inline int mls_range_set(struct context *context, | |||
423 | } | 424 | } |
424 | 425 | ||
425 | int mls_setup_user_range(struct context *fromcon, struct user_datum *user, | 426 | int mls_setup_user_range(struct context *fromcon, struct user_datum *user, |
426 | struct context *usercon) | 427 | struct context *usercon) |
427 | { | 428 | { |
428 | if (selinux_mls_enabled) { | 429 | if (selinux_mls_enabled) { |
429 | struct mls_level *fromcon_sen = &(fromcon->range.level[0]); | 430 | struct mls_level *fromcon_sen = &(fromcon->range.level[0]); |
@@ -449,11 +450,11 @@ int mls_setup_user_range(struct context *fromcon, struct user_datum *user, | |||
449 | that of the user's default clearance (but | 450 | that of the user's default clearance (but |
450 | only if the "fromcon" clearance dominates | 451 | only if the "fromcon" clearance dominates |
451 | the user's computed sensitivity level) */ | 452 | the user's computed sensitivity level) */ |
452 | if (mls_level_dom(user_clr, fromcon_clr)) { | 453 | if (mls_level_dom(user_clr, fromcon_clr)) |
453 | *usercon_clr = *fromcon_clr; | 454 | *usercon_clr = *fromcon_clr; |
454 | } else if (mls_level_dom(fromcon_clr, user_clr)) { | 455 | else if (mls_level_dom(fromcon_clr, user_clr)) |
455 | *usercon_clr = *user_clr; | 456 | *usercon_clr = *user_clr; |
456 | } else | 457 | else |
457 | return -EINVAL; | 458 | return -EINVAL; |
458 | } | 459 | } |
459 | 460 | ||
@@ -525,7 +526,7 @@ int mls_compute_sid(struct context *scontext, | |||
525 | rtr->target_class == tclass) { | 526 | rtr->target_class == tclass) { |
526 | /* Set the range from the rule */ | 527 | /* Set the range from the rule */ |
527 | return mls_range_set(newcontext, | 528 | return mls_range_set(newcontext, |
528 | &rtr->target_range); | 529 | &rtr->target_range); |
529 | } | 530 | } |
530 | } | 531 | } |
531 | /* Fallthrough */ | 532 | /* Fallthrough */ |