diff options
Diffstat (limited to 'security/selinux/ss')
| -rw-r--r-- | security/selinux/ss/policydb.c | 8 | ||||
| -rw-r--r-- | security/selinux/ss/services.c | 10 |
2 files changed, 12 insertions, 6 deletions
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index c0f498842129..9c5cdc2caaef 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c | |||
| @@ -3338,10 +3338,10 @@ static int filename_write_helper(void *key, void *data, void *ptr) | |||
| 3338 | if (rc) | 3338 | if (rc) |
| 3339 | return rc; | 3339 | return rc; |
| 3340 | 3340 | ||
| 3341 | buf[0] = ft->stype; | 3341 | buf[0] = cpu_to_le32(ft->stype); |
| 3342 | buf[1] = ft->ttype; | 3342 | buf[1] = cpu_to_le32(ft->ttype); |
| 3343 | buf[2] = ft->tclass; | 3343 | buf[2] = cpu_to_le32(ft->tclass); |
| 3344 | buf[3] = otype->otype; | 3344 | buf[3] = cpu_to_le32(otype->otype); |
| 3345 | 3345 | ||
| 3346 | rc = put_entry(buf, sizeof(u32), 4, fp); | 3346 | rc = put_entry(buf, sizeof(u32), 4, fp); |
| 3347 | if (rc) | 3347 | if (rc) |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index c93c21127f0c..4bca49414a40 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
| @@ -1232,6 +1232,10 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len, | |||
| 1232 | struct context context; | 1232 | struct context context; |
| 1233 | int rc = 0; | 1233 | int rc = 0; |
| 1234 | 1234 | ||
| 1235 | /* An empty security context is never valid. */ | ||
| 1236 | if (!scontext_len) | ||
| 1237 | return -EINVAL; | ||
| 1238 | |||
| 1235 | if (!ss_initialized) { | 1239 | if (!ss_initialized) { |
| 1236 | int i; | 1240 | int i; |
| 1237 | 1241 | ||
| @@ -1285,16 +1289,18 @@ out: | |||
| 1285 | * @scontext: security context | 1289 | * @scontext: security context |
| 1286 | * @scontext_len: length in bytes | 1290 | * @scontext_len: length in bytes |
| 1287 | * @sid: security identifier, SID | 1291 | * @sid: security identifier, SID |
| 1292 | * @gfp: context for the allocation | ||
| 1288 | * | 1293 | * |
| 1289 | * Obtains a SID associated with the security context that | 1294 | * Obtains a SID associated with the security context that |
| 1290 | * has the string representation specified by @scontext. | 1295 | * has the string representation specified by @scontext. |
| 1291 | * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient | 1296 | * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient |
| 1292 | * memory is available, or 0 on success. | 1297 | * memory is available, or 0 on success. |
| 1293 | */ | 1298 | */ |
| 1294 | int security_context_to_sid(const char *scontext, u32 scontext_len, u32 *sid) | 1299 | int security_context_to_sid(const char *scontext, u32 scontext_len, u32 *sid, |
| 1300 | gfp_t gfp) | ||
| 1295 | { | 1301 | { |
| 1296 | return security_context_to_sid_core(scontext, scontext_len, | 1302 | return security_context_to_sid_core(scontext, scontext_len, |
| 1297 | sid, SECSID_NULL, GFP_KERNEL, 0); | 1303 | sid, SECSID_NULL, gfp, 0); |
| 1298 | } | 1304 | } |
| 1299 | 1305 | ||
| 1300 | /** | 1306 | /** |