1 files changed, 28 insertions, 21 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index cf27b3ee1a95..1de60ce90d9a 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -274,15 +274,15 @@ static int constraint_expr_eval(struct context *scontext,
                case CEXPR_AND:
                        BUG_ON(sp < 1);
                        sp--;
-                        s[sp] &= s[sp+1];
+                        s[sp] &= s[sp + 1];
                        break;
                case CEXPR_OR:
                        BUG_ON(sp < 1);
                        sp--;
-                        s[sp] |= s[sp+1];
+                        s[sp] |= s[sp + 1];
                        break;
                case CEXPR_ATTR:
-                        if (sp == (CEXPR_MAXDEPTH-1))
+                        if (sp == (CEXPR_MAXDEPTH - 1))
                                return 0;
                        switch (e->attr) {
                        case CEXPR_USER:
@@ -1216,7 +1216,7 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
        *sid = SECSID_NULL;
        /* Copy the string so that we can modify the copy as we parse it. */
-        scontext2 = kmalloc(scontext_len+1, gfp_flags);
+        scontext2 = kmalloc(scontext_len + 1, gfp_flags);
        if (!scontext2)
                return -ENOMEM;
        memcpy(scontext2, scontext, scontext_len);
@@ -1760,22 +1760,28 @@ int security_load_policy(void *data, size_t len)
        if (!ss_initialized) {
                avtab_cache_init();
-                if (policydb_read(&policydb, fp)) {
+                rc = policydb_read(&policydb, fp);
+                if (rc) {
                        avtab_cache_destroy();
-                        return -EINVAL;
+                        return rc;
                }
-                if (selinux_set_mapping(&policydb, secclass_map,
-                                        &current_mapping,
+                rc = selinux_set_mapping(&policydb, secclass_map,
-                                        &current_mapping_size)) {
+                                         &current_mapping,
+                                         &current_mapping_size);
+                if (rc) {
                        policydb_destroy(&policydb);
                        avtab_cache_destroy();
-                        return -EINVAL;
+                        return rc;
                }
-                if (policydb_load_isids(&policydb, &sidtab)) {
+                rc = policydb_load_isids(&policydb, &sidtab);
+                if (rc) {
                        policydb_destroy(&policydb);
                        avtab_cache_destroy();
-                        return -EINVAL;
+                        return rc;
                }
                security_load_policycaps();
                ss_initialized = 1;
                seqno = ++latest_granting;
@@ -1791,8 +1797,9 @@ int security_load_policy(void *data, size_t len)
        sidtab_hash_eval(&sidtab, "sids");
 #endif
-        if (policydb_read(&newpolicydb, fp))
+        rc = policydb_read(&newpolicydb, fp);
-                return -EINVAL;
+        if (rc)
+                return rc;
        /* If switching between different policy types, log MLS status */
        if (policydb.mls_enabled && !newpolicydb.mls_enabled)
@@ -1807,8 +1814,8 @@ int security_load_policy(void *data, size_t len)
                return rc;
        }
-        if (selinux_set_mapping(&newpolicydb, secclass_map,
+        rc = selinux_set_mapping(&newpolicydb, secclass_map, &map, &map_size);
-                                &map, &map_size))
+        if (rc)
                goto err;
        rc = security_preserve_bools(&newpolicydb);
@@ -1819,10 +1826,10 @@ int security_load_policy(void *data, size_t len)
        /* Clone the SID table. */
        sidtab_shutdown(&sidtab);
-        if (sidtab_map(&sidtab, clone_sid, &newsidtab)) {
-                rc = -ENOMEM;
+        rc = sidtab_map(&sidtab, clone_sid, &newsidtab);
+        if (rc)
                goto err;
-        }
        /*
         * Convert the internal representations of contexts
@@ -2101,9 +2108,9 @@ int security_get_user_sids(u32 fromsid,
        ebitmap_for_each_positive_bit(&user->roles, rnode, i) {
                role = policydb.role_val_to_struct[i];
-                usercon.role = i+1;
+                usercon.role = i + 1;
                ebitmap_for_each_positive_bit(&role->types, tnode, j) {
-                        usercon.type = j+1;
+                        usercon.type = j + 1;
                        if (mls_setup_user_range(fromcon, user, &usercon))
                                continue;

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index cf27b3ee1a95..1de60ce90d9a 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c
@@ -274,15 +274,15 @@ static int constraint_expr_eval(struct context *scontext,
274	case CEXPR_AND:	274	case CEXPR_AND:
275	BUG_ON(sp < 1);	275	BUG_ON(sp < 1);
276	sp--;	276	sp--;
277	s[sp] &= s[sp+1];	277	s[sp] &= s[sp + 1];
278	break;	278	break;
279	case CEXPR_OR:	279	case CEXPR_OR:
280	BUG_ON(sp < 1);	280	BUG_ON(sp < 1);
281	sp--;	281	sp--;
282	s[sp] \|= s[sp+1];	282	s[sp] \|= s[sp + 1];
283	break;	283	break;
284	case CEXPR_ATTR:	284	case CEXPR_ATTR:
285	if (sp == (CEXPR_MAXDEPTH-1))	285	if (sp == (CEXPR_MAXDEPTH - 1))
286	return 0;	286	return 0;
287	switch (e->attr) {	287	switch (e->attr) {
288	case CEXPR_USER:	288	case CEXPR_USER:
@@ -1216,7 +1216,7 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
1216	*sid = SECSID_NULL;	1216	*sid = SECSID_NULL;
1217		1217
1218	/* Copy the string so that we can modify the copy as we parse it. */	1218	/* Copy the string so that we can modify the copy as we parse it. */
1219	scontext2 = kmalloc(scontext_len+1, gfp_flags);	1219	scontext2 = kmalloc(scontext_len + 1, gfp_flags);
1220	if (!scontext2)	1220	if (!scontext2)
1221	return -ENOMEM;	1221	return -ENOMEM;
1222	memcpy(scontext2, scontext, scontext_len);	1222	memcpy(scontext2, scontext, scontext_len);
@@ -1760,22 +1760,28 @@ int security_load_policy(void *data, size_t len)
1760		1760
1761	if (!ss_initialized) {	1761	if (!ss_initialized) {
1762	avtab_cache_init();	1762	avtab_cache_init();
1763	if (policydb_read(&policydb, fp)) {	1763	rc = policydb_read(&policydb, fp);
		1764	if (rc) {
1764	avtab_cache_destroy();	1765	avtab_cache_destroy();
1765	return -EINVAL;	1766	return rc;
1766	}	1767	}
1767	if (selinux_set_mapping(&policydb, secclass_map,	1768
1768	&current_mapping,	1769	rc = selinux_set_mapping(&policydb, secclass_map,
1769	&current_mapping_size)) {	1770	&current_mapping,
		1771	&current_mapping_size);
		1772	if (rc) {
1770	policydb_destroy(&policydb);	1773	policydb_destroy(&policydb);
1771	avtab_cache_destroy();	1774	avtab_cache_destroy();
1772	return -EINVAL;	1775	return rc;
1773	}	1776	}
1774	if (policydb_load_isids(&policydb, &sidtab)) {	1777
		1778	rc = policydb_load_isids(&policydb, &sidtab);
		1779	if (rc) {
1775	policydb_destroy(&policydb);	1780	policydb_destroy(&policydb);
1776	avtab_cache_destroy();	1781	avtab_cache_destroy();
1777	return -EINVAL;	1782	return rc;
1778	}	1783	}
		1784
1779	security_load_policycaps();	1785	security_load_policycaps();
1780	ss_initialized = 1;	1786	ss_initialized = 1;
1781	seqno = ++latest_granting;	1787	seqno = ++latest_granting;
@@ -1791,8 +1797,9 @@ int security_load_policy(void *data, size_t len)
1791	sidtab_hash_eval(&sidtab, "sids");	1797	sidtab_hash_eval(&sidtab, "sids");
1792	#endif	1798	#endif
1793		1799
1794	if (policydb_read(&newpolicydb, fp))	1800	rc = policydb_read(&newpolicydb, fp);
1795	return -EINVAL;	1801	if (rc)
		1802	return rc;
1796		1803
1797	/* If switching between different policy types, log MLS status */	1804	/* If switching between different policy types, log MLS status */
1798	if (policydb.mls_enabled && !newpolicydb.mls_enabled)	1805	if (policydb.mls_enabled && !newpolicydb.mls_enabled)
@@ -1807,8 +1814,8 @@ int security_load_policy(void *data, size_t len)
1807	return rc;	1814	return rc;
1808	}	1815	}
1809		1816
1810	if (selinux_set_mapping(&newpolicydb, secclass_map,	1817	rc = selinux_set_mapping(&newpolicydb, secclass_map, &map, &map_size);
1811	&map, &map_size))	1818	if (rc)
1812	goto err;	1819	goto err;
1813		1820
1814	rc = security_preserve_bools(&newpolicydb);	1821	rc = security_preserve_bools(&newpolicydb);
@@ -1819,10 +1826,10 @@ int security_load_policy(void *data, size_t len)
1819		1826
1820	/* Clone the SID table. */	1827	/* Clone the SID table. */
1821	sidtab_shutdown(&sidtab);	1828	sidtab_shutdown(&sidtab);
1822	if (sidtab_map(&sidtab, clone_sid, &newsidtab)) {	1829
1823	rc = -ENOMEM;	1830	rc = sidtab_map(&sidtab, clone_sid, &newsidtab);
		1831	if (rc)
1824	goto err;	1832	goto err;
1825	}
1826		1833
1827	/*	1834	/*
1828	* Convert the internal representations of contexts	1835	* Convert the internal representations of contexts
@@ -2101,9 +2108,9 @@ int security_get_user_sids(u32 fromsid,
2101		2108
2102	ebitmap_for_each_positive_bit(&user->roles, rnode, i) {	2109	ebitmap_for_each_positive_bit(&user->roles, rnode, i) {
2103	role = policydb.role_val_to_struct[i];	2110	role = policydb.role_val_to_struct[i];
2104	usercon.role = i+1;	2111	usercon.role = i + 1;
2105	ebitmap_for_each_positive_bit(&role->types, tnode, j) {	2112	ebitmap_for_each_positive_bit(&role->types, tnode, j) {
2106	usercon.type = j+1;	2113	usercon.type = j + 1;
2107		2114
2108	if (mls_setup_user_range(fromcon, user, &usercon))	2115	if (mls_setup_user_range(fromcon, user, &usercon))
2109	continue;	2116	continue;