1 files changed, 46 insertions, 1 deletions
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 785c33cf4864..7b03fa0f92b0 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -91,6 +91,11 @@ static struct policydb_compat_info policydb_compat[] = {
                .sym_num        = SYM_NUM,
                .ocon_num       = OCON_NUM,
        },
+        {
+                .version        = POLICYDB_VERSION_AVTAB,
+                .sym_num        = SYM_NUM,
+                .ocon_num       = OCON_NUM,
+        },
 };
 static struct policydb_compat_info *policydb_lookup_compat(int version)
@@ -584,6 +589,9 @@ void policydb_destroy(struct policydb *p)
        struct ocontext *c, *ctmp;
        struct genfs *g, *gtmp;
        int i;
+        struct role_allow *ra, *lra = NULL;
+        struct role_trans *tr, *ltr = NULL;
+        struct range_trans *rt, *lrt = NULL;
        for (i = 0; i < SYM_NUM; i++) {
                hashtab_map(p->symtab[i].table, destroy_f[i], NULL);
@@ -624,6 +632,28 @@ void policydb_destroy(struct policydb *p)
        cond_policydb_destroy(p);
+        for (tr = p->role_tr; tr; tr = tr->next) {
+                if (ltr) kfree(ltr);
+                ltr = tr;
+        }
+        if (ltr) kfree(ltr);
+        for (ra = p->role_allow; ra; ra = ra -> next) {
+                if (lra) kfree(lra);
+                lra = ra;
+        }
+        if (lra) kfree(lra);
+        for (rt = p->range_tr; rt; rt = rt -> next) {
+                if (lrt) kfree(lrt);
+                lrt = rt;
+        }
+        if (lrt) kfree(lrt);
+        for (i = 0; i < p->p_types.nprim; i++)
+                ebitmap_destroy(&p->type_attr_map[i]);
+        kfree(p->type_attr_map);
        return;
 }
@@ -1511,7 +1541,7 @@ int policydb_read(struct policydb *p, void *fp)
                p->symtab[i].nprim = nprim;
        }
-        rc = avtab_read(&p->te_avtab, fp, config);
+        rc = avtab_read(&p->te_avtab, fp, p->policyvers);
        if (rc)
                goto bad;
@@ -1825,6 +1855,21 @@ int policydb_read(struct policydb *p, void *fp)
                }
        }
+        p->type_attr_map = kmalloc(p->p_types.nprim*sizeof(struct ebitmap), GFP_KERNEL);
+        if (!p->type_attr_map)
+                goto bad;
+        for (i = 0; i < p->p_types.nprim; i++) {
+                ebitmap_init(&p->type_attr_map[i]);
+                if (p->policyvers >= POLICYDB_VERSION_AVTAB) {
+                        if (ebitmap_read(&p->type_attr_map[i], fp))
+                                goto bad;
+                }
+                /* add the type itself as the degenerate case */
+                if (ebitmap_set_bit(&p->type_attr_map[i], i, 1))
+                                goto bad;
+        }
        rc = 0;
 out:
        return rc;

diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 785c33cf4864..7b03fa0f92b0 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c
@@ -91,6 +91,11 @@ static struct policydb_compat_info policydb_compat[] = {
91	.sym_num = SYM_NUM,	91	.sym_num = SYM_NUM,
92	.ocon_num = OCON_NUM,	92	.ocon_num = OCON_NUM,
93	},	93	},
		94	{
		95	.version = POLICYDB_VERSION_AVTAB,
		96	.sym_num = SYM_NUM,
		97	.ocon_num = OCON_NUM,
		98	},
94	};	99	};
95		100
96	static struct policydb_compat_info *policydb_lookup_compat(int version)	101	static struct policydb_compat_info *policydb_lookup_compat(int version)
@@ -584,6 +589,9 @@ void policydb_destroy(struct policydb *p)
584	struct ocontext c, ctmp;	589	struct ocontext c, ctmp;
585	struct genfs g, gtmp;	590	struct genfs g, gtmp;
586	int i;	591	int i;
		592	struct role_allow ra, lra = NULL;
		593	struct role_trans tr, ltr = NULL;
		594	struct range_trans rt, lrt = NULL;
587		595
588	for (i = 0; i < SYM_NUM; i++) {	596	for (i = 0; i < SYM_NUM; i++) {
589	hashtab_map(p->symtab[i].table, destroy_f[i], NULL);	597	hashtab_map(p->symtab[i].table, destroy_f[i], NULL);
@@ -624,6 +632,28 @@ void policydb_destroy(struct policydb *p)
624		632
625	cond_policydb_destroy(p);	633	cond_policydb_destroy(p);
626		634
		635	for (tr = p->role_tr; tr; tr = tr->next) {
		636	if (ltr) kfree(ltr);
		637	ltr = tr;
		638	}
		639	if (ltr) kfree(ltr);
		640
		641	for (ra = p->role_allow; ra; ra = ra -> next) {
		642	if (lra) kfree(lra);
		643	lra = ra;
		644	}
		645	if (lra) kfree(lra);
		646
		647	for (rt = p->range_tr; rt; rt = rt -> next) {
		648	if (lrt) kfree(lrt);
		649	lrt = rt;
		650	}
		651	if (lrt) kfree(lrt);
		652
		653	for (i = 0; i < p->p_types.nprim; i++)
		654	ebitmap_destroy(&p->type_attr_map[i]);
		655	kfree(p->type_attr_map);
		656
627	return;	657	return;
628	}	658	}
629		659
@@ -1511,7 +1541,7 @@ int policydb_read(struct policydb p, void fp)
1511	p->symtab[i].nprim = nprim;	1541	p->symtab[i].nprim = nprim;
1512	}	1542	}
1513		1543
1514	rc = avtab_read(&p->te_avtab, fp, config);	1544	rc = avtab_read(&p->te_avtab, fp, p->policyvers);
1515	if (rc)	1545	if (rc)
1516	goto bad;	1546	goto bad;
1517		1547
@@ -1825,6 +1855,21 @@ int policydb_read(struct policydb p, void fp)
1825	}	1855	}
1826	}	1856	}
1827		1857
		1858	p->type_attr_map = kmalloc(p->p_types.nprim*sizeof(struct ebitmap), GFP_KERNEL);
		1859	if (!p->type_attr_map)
		1860	goto bad;
		1861
		1862	for (i = 0; i < p->p_types.nprim; i++) {
		1863	ebitmap_init(&p->type_attr_map[i]);
		1864	if (p->policyvers >= POLICYDB_VERSION_AVTAB) {
		1865	if (ebitmap_read(&p->type_attr_map[i], fp))
		1866	goto bad;
		1867	}
		1868	/* add the type itself as the degenerate case */
		1869	if (ebitmap_set_bit(&p->type_attr_map[i], i, 1))
		1870	goto bad;
		1871	}
		1872
1828	rc = 0;	1873	rc = 0;
1829	out:	1874	out:
1830	return rc;	1875	return rc;