aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/ss/policydb.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/ss/policydb.c')
-rw-r--r--security/selinux/ss/policydb.c24
1 files changed, 4 insertions, 20 deletions
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 5b92c0219207..23c6e53c102c 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -52,8 +52,6 @@ static char *symtab_name[SYM_NUM] = {
52}; 52};
53#endif 53#endif
54 54
55int selinux_mls_enabled;
56
57static unsigned int symtab_sizes[SYM_NUM] = { 55static unsigned int symtab_sizes[SYM_NUM] = {
58 2, 56 2,
59 32, 57 32,
@@ -455,7 +453,7 @@ static int policydb_index_others(struct policydb *p)
455 453
456 printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools", 454 printk(KERN_DEBUG "SELinux: %d users, %d roles, %d types, %d bools",
457 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim); 455 p->p_users.nprim, p->p_roles.nprim, p->p_types.nprim, p->p_bools.nprim);
458 if (selinux_mls_enabled) 456 if (p->mls_enabled)
459 printk(", %d sens, %d cats", p->p_levels.nprim, 457 printk(", %d sens, %d cats", p->p_levels.nprim,
460 p->p_cats.nprim); 458 p->p_cats.nprim);
461 printk("\n"); 459 printk("\n");
@@ -1717,14 +1715,12 @@ int policydb_read(struct policydb *p, void *fp)
1717 int i, j, rc; 1715 int i, j, rc;
1718 __le32 buf[4]; 1716 __le32 buf[4];
1719 u32 nodebuf[8]; 1717 u32 nodebuf[8];
1720 u32 len, len2, config, nprim, nel, nel2; 1718 u32 len, len2, nprim, nel, nel2;
1721 char *policydb_str; 1719 char *policydb_str;
1722 struct policydb_compat_info *info; 1720 struct policydb_compat_info *info;
1723 struct range_trans *rt; 1721 struct range_trans *rt;
1724 struct mls_range *r; 1722 struct mls_range *r;
1725 1723
1726 config = 0;
1727
1728 rc = policydb_init(p); 1724 rc = policydb_init(p);
1729 if (rc) 1725 if (rc)
1730 goto out; 1726 goto out;
@@ -1772,7 +1768,7 @@ int policydb_read(struct policydb *p, void *fp)
1772 kfree(policydb_str); 1768 kfree(policydb_str);
1773 policydb_str = NULL; 1769 policydb_str = NULL;
1774 1770
1775 /* Read the version, config, and table sizes. */ 1771 /* Read the version and table sizes. */
1776 rc = next_entry(buf, fp, sizeof(u32)*4); 1772 rc = next_entry(buf, fp, sizeof(u32)*4);
1777 if (rc < 0) 1773 if (rc < 0)
1778 goto bad; 1774 goto bad;
@@ -1787,13 +1783,7 @@ int policydb_read(struct policydb *p, void *fp)
1787 } 1783 }
1788 1784
1789 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) { 1785 if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_MLS)) {
1790 if (ss_initialized && !selinux_mls_enabled) { 1786 p->mls_enabled = 1;
1791 printk(KERN_ERR "SELinux: Cannot switch between non-MLS"
1792 " and MLS policies\n");
1793 goto bad;
1794 }
1795 selinux_mls_enabled = 1;
1796 config |= POLICYDB_CONFIG_MLS;
1797 1787
1798 if (p->policyvers < POLICYDB_VERSION_MLS) { 1788 if (p->policyvers < POLICYDB_VERSION_MLS) {
1799 printk(KERN_ERR "SELinux: security policydb version %d " 1789 printk(KERN_ERR "SELinux: security policydb version %d "
@@ -1801,12 +1791,6 @@ int policydb_read(struct policydb *p, void *fp)
1801 p->policyvers); 1791 p->policyvers);
1802 goto bad; 1792 goto bad;
1803 } 1793 }
1804 } else {
1805 if (ss_initialized && selinux_mls_enabled) {
1806 printk(KERN_ERR "SELinux: Cannot switch between MLS and"
1807 " non-MLS policies\n");
1808 goto bad;
1809 }
1810 } 1794 }
1811 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); 1795 p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN);
1812 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); 1796 p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN);
generated by cgit v1.2.2 (git 2.25.0) at 2024-10-15 05:13:58 -0400