1 files changed, 48 insertions, 0 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 60964d79e5eb..7565d16aac31 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1776,6 +1776,7 @@ int security_load_policy(void *data, size_t len)
                        return rc;
                }
+                policydb.len = len;
                rc = selinux_set_mapping(&policydb, secclass_map,
                                         &current_mapping,
                                         &current_mapping_size);
@@ -1812,6 +1813,7 @@ int security_load_policy(void *data, size_t len)
        if (rc)
                return rc;
+        newpolicydb.len = len;
        /* If switching between different policy types, log MLS status */
        if (policydb.mls_enabled && !newpolicydb.mls_enabled)
                printk(KERN_INFO "SELinux: Disabling MLS support...\n");
@@ -1892,6 +1894,17 @@ err:
 }
+size_t security_policydb_len(void)
+{
+        size_t len;
+        read_lock(&policy_rwlock);
+        len = policydb.len;
+        read_unlock(&policy_rwlock);
+        return len;
+}
 /**
 * security_port_sid - Obtain the SID for a port.
 * @protocol: protocol number
@@ -3139,3 +3152,38 @@ netlbl_sid_to_secattr_failure:
        return rc;
 }
 #endif /* CONFIG_NETLABEL */
+/**
+ * security_read_policy - read the policy.
+ * @data: binary policy data
+ * @len: length of data in bytes
+ *
+ */
+int security_read_policy(void **data, ssize_t *len)
+{
+        int rc;
+        struct policy_file fp;
+        if (!ss_initialized)
+                return -EINVAL;
+        *len = security_policydb_len();
+        *data = vmalloc(*len);
+        if (!*data)
+                return -ENOMEM;
+        fp.data = *data;
+        fp.len = *len;
+        read_lock(&policy_rwlock);
+        rc = policydb_write(&policydb, &fp);
+        read_unlock(&policy_rwlock);
+        if (rc)
+                return rc;
+        *len = (unsigned long)fp.data - (unsigned long)*data;
+        return 0;
+}

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 60964d79e5eb..7565d16aac31 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c
@@ -1776,6 +1776,7 @@ int security_load_policy(void *data, size_t len)
1776	return rc;	1776	return rc;
1777	}	1777	}
1778		1778
		1779	policydb.len = len;
1779	rc = selinux_set_mapping(&policydb, secclass_map,	1780	rc = selinux_set_mapping(&policydb, secclass_map,
1780	&current_mapping,	1781	&current_mapping,
1781	&current_mapping_size);	1782	&current_mapping_size);
@@ -1812,6 +1813,7 @@ int security_load_policy(void *data, size_t len)
1812	if (rc)	1813	if (rc)
1813	return rc;	1814	return rc;
1814		1815
		1816	newpolicydb.len = len;
1815	/* If switching between different policy types, log MLS status */	1817	/* If switching between different policy types, log MLS status */
1816	if (policydb.mls_enabled && !newpolicydb.mls_enabled)	1818	if (policydb.mls_enabled && !newpolicydb.mls_enabled)
1817	printk(KERN_INFO "SELinux: Disabling MLS support...\n");	1819	printk(KERN_INFO "SELinux: Disabling MLS support...\n");
@@ -1892,6 +1894,17 @@ err:
1892		1894
1893	}	1895	}
1894		1896
		1897	size_t security_policydb_len(void)
		1898	{
		1899	size_t len;
		1900
		1901	read_lock(&policy_rwlock);
		1902	len = policydb.len;
		1903	read_unlock(&policy_rwlock);
		1904
		1905	return len;
		1906	}
		1907
1895	/**	1908	/**
1896	* security_port_sid - Obtain the SID for a port.	1909	* security_port_sid - Obtain the SID for a port.
1897	* @protocol: protocol number	1910	* @protocol: protocol number
@@ -3139,3 +3152,38 @@ netlbl_sid_to_secattr_failure:
3139	return rc;	3152	return rc;
3140	}	3153	}
3141	#endif /* CONFIG_NETLABEL */	3154	#endif /* CONFIG_NETLABEL */
		3155
		3156	/**
		3157	* security_read_policy - read the policy.
		3158	* @data: binary policy data
		3159	* @len: length of data in bytes
		3160	*
		3161	*/
		3162	int security_read_policy(void *data, ssize_t len)
		3163	{
		3164	int rc;
		3165	struct policy_file fp;
		3166
		3167	if (!ss_initialized)
		3168	return -EINVAL;
		3169
		3170	*len = security_policydb_len();
		3171
		3172	data = vmalloc(len);
		3173	if (!*data)
		3174	return -ENOMEM;
		3175
		3176	fp.data = *data;
		3177	fp.len = *len;
		3178
		3179	read_lock(&policy_rwlock);
		3180	rc = policydb_write(&policydb, &fp);
		3181	read_unlock(&policy_rwlock);
		3182
		3183	if (rc)
		3184	return rc;
		3185
		3186	len = (unsigned long)fp.data - (unsigned long)data;
		3187	return 0;
		3188
		3189	}