aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/ss/services.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/selinux/ss/services.c')
-rw-r--r--security/selinux/ss/services.c12
1 files changed, 7 insertions, 5 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 47295acd09c9..5fd54f2bbaac 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -680,7 +680,8 @@ out:
680 680
681} 681}
682 682
683static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid) 683static int security_context_to_sid_core(char *scontext, u32 scontext_len,
684 u32 *sid, u32 def_sid, gfp_t gfp_flags)
684{ 685{
685 char *scontext2; 686 char *scontext2;
686 struct context context; 687 struct context context;
@@ -709,7 +710,7 @@ static int security_context_to_sid_core(char *scontext, u32 scontext_len, u32 *s
709 null suffix to the copy to avoid problems with the existing 710 null suffix to the copy to avoid problems with the existing
710 attr package, which doesn't view the null terminator as part 711 attr package, which doesn't view the null terminator as part
711 of the attribute value. */ 712 of the attribute value. */
712 scontext2 = kmalloc(scontext_len+1,GFP_KERNEL); 713 scontext2 = kmalloc(scontext_len+1, gfp_flags);
713 if (!scontext2) { 714 if (!scontext2) {
714 rc = -ENOMEM; 715 rc = -ENOMEM;
715 goto out; 716 goto out;
@@ -809,7 +810,7 @@ out:
809int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) 810int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
810{ 811{
811 return security_context_to_sid_core(scontext, scontext_len, 812 return security_context_to_sid_core(scontext, scontext_len,
812 sid, SECSID_NULL); 813 sid, SECSID_NULL, GFP_KERNEL);
813} 814}
814 815
815/** 816/**
@@ -829,10 +830,11 @@ int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
829 * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient 830 * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
830 * memory is available, or 0 on success. 831 * memory is available, or 0 on success.
831 */ 832 */
832int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid, u32 def_sid) 833int security_context_to_sid_default(char *scontext, u32 scontext_len, u32 *sid,
834 u32 def_sid, gfp_t gfp_flags)
833{ 835{
834 return security_context_to_sid_core(scontext, scontext_len, 836 return security_context_to_sid_core(scontext, scontext_len,
835 sid, def_sid); 837 sid, def_sid, gfp_flags);
836} 838}
837 839
838static int compute_sid_handle_invalid_context( 840static int compute_sid_handle_invalid_context(