diff options
Diffstat (limited to 'security/selinux/ss/services.c')
| -rw-r--r-- | security/selinux/ss/services.c | 23 |
1 files changed, 7 insertions, 16 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index b43dd803fd5e..bdb7070dd3dc 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
| @@ -55,6 +55,7 @@ | |||
| 55 | #include "objsec.h" | 55 | #include "objsec.h" |
| 56 | #include "selinux_netlabel.h" | 56 | #include "selinux_netlabel.h" |
| 57 | #include "xfrm.h" | 57 | #include "xfrm.h" |
| 58 | #include "ebitmap.h" | ||
| 58 | 59 | ||
| 59 | extern void selnl_notify_policyload(u32 seqno); | 60 | extern void selnl_notify_policyload(u32 seqno); |
| 60 | unsigned int policydb_loaded_version; | 61 | unsigned int policydb_loaded_version; |
| @@ -2384,13 +2385,10 @@ static int selinux_netlbl_secattr_to_sid(struct sk_buff *skb, | |||
| 2384 | ctx_new.user = ctx->user; | 2385 | ctx_new.user = ctx->user; |
| 2385 | ctx_new.role = ctx->role; | 2386 | ctx_new.role = ctx->role; |
| 2386 | ctx_new.type = ctx->type; | 2387 | ctx_new.type = ctx->type; |
| 2387 | mls_import_lvl(&ctx_new, secattr->mls_lvl, secattr->mls_lvl); | 2388 | mls_import_netlbl_lvl(&ctx_new, secattr); |
| 2388 | if (secattr->flags & NETLBL_SECATTR_MLS_CAT) { | 2389 | if (secattr->flags & NETLBL_SECATTR_MLS_CAT) { |
| 2389 | if (mls_import_cat(&ctx_new, | 2390 | if (ebitmap_netlbl_import(&ctx_new.range.level[0].cat, |
| 2390 | secattr->mls_cat, | 2391 | secattr->mls_cat) != 0) |
| 2391 | secattr->mls_cat_len, | ||
| 2392 | NULL, | ||
| 2393 | 0) != 0) | ||
| 2394 | goto netlbl_secattr_to_sid_return; | 2392 | goto netlbl_secattr_to_sid_return; |
| 2395 | ctx_new.range.level[1].cat.highbit = | 2393 | ctx_new.range.level[1].cat.highbit = |
| 2396 | ctx_new.range.level[0].cat.highbit; | 2394 | ctx_new.range.level[0].cat.highbit; |
| @@ -2486,19 +2484,12 @@ static int selinux_netlbl_socket_setsid(struct socket *sock, u32 sid) | |||
| 2486 | 2484 | ||
| 2487 | secattr.domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1], | 2485 | secattr.domain = kstrdup(policydb.p_type_val_to_name[ctx->type - 1], |
| 2488 | GFP_ATOMIC); | 2486 | GFP_ATOMIC); |
| 2489 | mls_export_lvl(ctx, &secattr.mls_lvl, NULL); | 2487 | secattr.flags |= NETLBL_SECATTR_DOMAIN; |
| 2490 | rc = mls_export_cat(ctx, | 2488 | mls_export_netlbl_lvl(ctx, &secattr); |
| 2491 | &secattr.mls_cat, | 2489 | rc = mls_export_netlbl_cat(ctx, &secattr); |
| 2492 | &secattr.mls_cat_len, | ||
| 2493 | NULL, | ||
| 2494 | NULL); | ||
| 2495 | if (rc != 0) | 2490 | if (rc != 0) |
| 2496 | goto netlbl_socket_setsid_return; | 2491 | goto netlbl_socket_setsid_return; |
| 2497 | 2492 | ||
| 2498 | secattr.flags |= NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL; | ||
| 2499 | if (secattr.mls_cat) | ||
| 2500 | secattr.flags |= NETLBL_SECATTR_MLS_CAT; | ||
| 2501 | |||
| 2502 | rc = netlbl_socket_setattr(sock, &secattr); | 2493 | rc = netlbl_socket_setattr(sock, &secattr); |
| 2503 | if (rc == 0) { | 2494 | if (rc == 0) { |
| 2504 | spin_lock(&sksec->nlbl_lock); | 2495 | spin_lock(&sksec->nlbl_lock); |