diff options
Diffstat (limited to 'security/selinux/ss/policydb.c')
| -rw-r--r-- | security/selinux/ss/policydb.c | 27 |
1 files changed, 20 insertions, 7 deletions
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index f03960e697ce..b18895302555 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c | |||
| @@ -96,6 +96,11 @@ static struct policydb_compat_info policydb_compat[] = { | |||
| 96 | .sym_num = SYM_NUM, | 96 | .sym_num = SYM_NUM, |
| 97 | .ocon_num = OCON_NUM, | 97 | .ocon_num = OCON_NUM, |
| 98 | }, | 98 | }, |
| 99 | { | ||
| 100 | .version = POLICYDB_VERSION_RANGETRANS, | ||
| 101 | .sym_num = SYM_NUM, | ||
| 102 | .ocon_num = OCON_NUM, | ||
| 103 | }, | ||
| 99 | }; | 104 | }; |
| 100 | 105 | ||
| 101 | static struct policydb_compat_info *policydb_lookup_compat(int version) | 106 | static struct policydb_compat_info *policydb_lookup_compat(int version) |
| @@ -645,15 +650,15 @@ void policydb_destroy(struct policydb *p) | |||
| 645 | 650 | ||
| 646 | for (rt = p->range_tr; rt; rt = rt -> next) { | 651 | for (rt = p->range_tr; rt; rt = rt -> next) { |
| 647 | if (lrt) { | 652 | if (lrt) { |
| 648 | ebitmap_destroy(&lrt->range.level[0].cat); | 653 | ebitmap_destroy(&lrt->target_range.level[0].cat); |
| 649 | ebitmap_destroy(&lrt->range.level[1].cat); | 654 | ebitmap_destroy(&lrt->target_range.level[1].cat); |
| 650 | kfree(lrt); | 655 | kfree(lrt); |
| 651 | } | 656 | } |
| 652 | lrt = rt; | 657 | lrt = rt; |
| 653 | } | 658 | } |
| 654 | if (lrt) { | 659 | if (lrt) { |
| 655 | ebitmap_destroy(&lrt->range.level[0].cat); | 660 | ebitmap_destroy(&lrt->target_range.level[0].cat); |
| 656 | ebitmap_destroy(&lrt->range.level[1].cat); | 661 | ebitmap_destroy(&lrt->target_range.level[1].cat); |
| 657 | kfree(lrt); | 662 | kfree(lrt); |
| 658 | } | 663 | } |
| 659 | 664 | ||
| @@ -1829,6 +1834,7 @@ int policydb_read(struct policydb *p, void *fp) | |||
| 1829 | } | 1834 | } |
| 1830 | 1835 | ||
| 1831 | if (p->policyvers >= POLICYDB_VERSION_MLS) { | 1836 | if (p->policyvers >= POLICYDB_VERSION_MLS) { |
| 1837 | int new_rangetr = p->policyvers >= POLICYDB_VERSION_RANGETRANS; | ||
| 1832 | rc = next_entry(buf, fp, sizeof(u32)); | 1838 | rc = next_entry(buf, fp, sizeof(u32)); |
| 1833 | if (rc < 0) | 1839 | if (rc < 0) |
| 1834 | goto bad; | 1840 | goto bad; |
| @@ -1847,9 +1853,16 @@ int policydb_read(struct policydb *p, void *fp) | |||
| 1847 | rc = next_entry(buf, fp, (sizeof(u32) * 2)); | 1853 | rc = next_entry(buf, fp, (sizeof(u32) * 2)); |
| 1848 | if (rc < 0) | 1854 | if (rc < 0) |
| 1849 | goto bad; | 1855 | goto bad; |
| 1850 | rt->dom = le32_to_cpu(buf[0]); | 1856 | rt->source_type = le32_to_cpu(buf[0]); |
| 1851 | rt->type = le32_to_cpu(buf[1]); | 1857 | rt->target_type = le32_to_cpu(buf[1]); |
| 1852 | rc = mls_read_range_helper(&rt->range, fp); | 1858 | if (new_rangetr) { |
| 1859 | rc = next_entry(buf, fp, sizeof(u32)); | ||
| 1860 | if (rc < 0) | ||
| 1861 | goto bad; | ||
| 1862 | rt->target_class = le32_to_cpu(buf[0]); | ||
| 1863 | } else | ||
| 1864 | rt->target_class = SECCLASS_PROCESS; | ||
| 1865 | rc = mls_read_range_helper(&rt->target_range, fp); | ||
| 1853 | if (rc) | 1866 | if (rc) |
| 1854 | goto bad; | 1867 | goto bad; |
| 1855 | lrt = rt; | 1868 | lrt = rt; |