diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/ss/context.h | 23 | ||||
-rw-r--r-- | security/selinux/ss/mls.c | 30 | ||||
-rw-r--r-- | security/selinux/ss/mls.h | 20 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 3 |
4 files changed, 29 insertions, 47 deletions
diff --git a/security/selinux/ss/context.h b/security/selinux/ss/context.h index 0562bacb7b99..2eee0dab524d 100644 --- a/security/selinux/ss/context.h +++ b/security/selinux/ss/context.h | |||
@@ -55,6 +55,29 @@ out: | |||
55 | return rc; | 55 | return rc; |
56 | } | 56 | } |
57 | 57 | ||
58 | /* | ||
59 | * Sets both levels in the MLS range of 'dst' to the low level of 'src'. | ||
60 | */ | ||
61 | static inline int mls_context_cpy_low(struct context *dst, struct context *src) | ||
62 | { | ||
63 | int rc; | ||
64 | |||
65 | if (!selinux_mls_enabled) | ||
66 | return 0; | ||
67 | |||
68 | dst->range.level[0].sens = src->range.level[0].sens; | ||
69 | rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat); | ||
70 | if (rc) | ||
71 | goto out; | ||
72 | |||
73 | dst->range.level[1].sens = src->range.level[0].sens; | ||
74 | rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[0].cat); | ||
75 | if (rc) | ||
76 | ebitmap_destroy(&dst->range.level[0].cat); | ||
77 | out: | ||
78 | return rc; | ||
79 | } | ||
80 | |||
58 | static inline int mls_context_cmp(struct context *c1, struct context *c2) | 81 | static inline int mls_context_cmp(struct context *c1, struct context *c2) |
59 | { | 82 | { |
60 | if (!selinux_mls_enabled) | 83 | if (!selinux_mls_enabled) |
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index b4f682dc13ff..4a8bab2f3c71 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c | |||
@@ -270,7 +270,7 @@ int mls_context_to_sid(char oldc, | |||
270 | if (!defcon) | 270 | if (!defcon) |
271 | goto out; | 271 | goto out; |
272 | 272 | ||
273 | rc = mls_copy_context(context, defcon); | 273 | rc = mls_context_cpy(context, defcon); |
274 | goto out; | 274 | goto out; |
275 | } | 275 | } |
276 | 276 | ||
@@ -401,26 +401,6 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask) | |||
401 | } | 401 | } |
402 | 402 | ||
403 | /* | 403 | /* |
404 | * Copies the effective MLS range from `src' into `dst'. | ||
405 | */ | ||
406 | static inline int mls_scopy_context(struct context *dst, | ||
407 | struct context *src) | ||
408 | { | ||
409 | int l, rc = 0; | ||
410 | |||
411 | /* Copy the MLS range from the source context */ | ||
412 | for (l = 0; l < 2; l++) { | ||
413 | dst->range.level[l].sens = src->range.level[0].sens; | ||
414 | rc = ebitmap_cpy(&dst->range.level[l].cat, | ||
415 | &src->range.level[0].cat); | ||
416 | if (rc) | ||
417 | break; | ||
418 | } | ||
419 | |||
420 | return rc; | ||
421 | } | ||
422 | |||
423 | /* | ||
424 | * Copies the MLS range `range' into `context'. | 404 | * Copies the MLS range `range' into `context'. |
425 | */ | 405 | */ |
426 | static inline int mls_range_set(struct context *context, | 406 | static inline int mls_range_set(struct context *context, |
@@ -552,19 +532,19 @@ int mls_compute_sid(struct context *scontext, | |||
552 | case AVTAB_CHANGE: | 532 | case AVTAB_CHANGE: |
553 | if (tclass == SECCLASS_PROCESS) | 533 | if (tclass == SECCLASS_PROCESS) |
554 | /* Use the process MLS attributes. */ | 534 | /* Use the process MLS attributes. */ |
555 | return mls_copy_context(newcontext, scontext); | 535 | return mls_context_cpy(newcontext, scontext); |
556 | else | 536 | else |
557 | /* Use the process effective MLS attributes. */ | 537 | /* Use the process effective MLS attributes. */ |
558 | return mls_scopy_context(newcontext, scontext); | 538 | return mls_context_cpy_low(newcontext, scontext); |
559 | case AVTAB_MEMBER: | 539 | case AVTAB_MEMBER: |
560 | /* Only polyinstantiate the MLS attributes if | 540 | /* Only polyinstantiate the MLS attributes if |
561 | the type is being polyinstantiated */ | 541 | the type is being polyinstantiated */ |
562 | if (newcontext->type != tcontext->type) { | 542 | if (newcontext->type != tcontext->type) { |
563 | /* Use the process effective MLS attributes. */ | 543 | /* Use the process effective MLS attributes. */ |
564 | return mls_scopy_context(newcontext, scontext); | 544 | return mls_context_cpy_low(newcontext, scontext); |
565 | } else { | 545 | } else { |
566 | /* Use the related object MLS attributes. */ | 546 | /* Use the related object MLS attributes. */ |
567 | return mls_copy_context(newcontext, tcontext); | 547 | return mls_context_cpy(newcontext, tcontext); |
568 | } | 548 | } |
569 | default: | 549 | default: |
570 | return -EINVAL; | 550 | return -EINVAL; |
diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h index 661d6fc76966..096d1b4ef7fb 100644 --- a/security/selinux/ss/mls.h +++ b/security/selinux/ss/mls.h | |||
@@ -24,26 +24,6 @@ | |||
24 | #include "context.h" | 24 | #include "context.h" |
25 | #include "policydb.h" | 25 | #include "policydb.h" |
26 | 26 | ||
27 | /* | ||
28 | * Copies the MLS range from `src' into `dst'. | ||
29 | */ | ||
30 | static inline int mls_copy_context(struct context *dst, | ||
31 | struct context *src) | ||
32 | { | ||
33 | int l, rc = 0; | ||
34 | |||
35 | /* Copy the MLS range from the source context */ | ||
36 | for (l = 0; l < 2; l++) { | ||
37 | dst->range.level[l].sens = src->range.level[l].sens; | ||
38 | rc = ebitmap_cpy(&dst->range.level[l].cat, | ||
39 | &src->range.level[l].cat); | ||
40 | if (rc) | ||
41 | break; | ||
42 | } | ||
43 | |||
44 | return rc; | ||
45 | } | ||
46 | |||
47 | int mls_compute_context_len(struct context *context); | 27 | int mls_compute_context_len(struct context *context); |
48 | void mls_sid_to_context(struct context *context, char **scontext); | 28 | void mls_sid_to_context(struct context *context, char **scontext); |
49 | int mls_context_isvalid(struct policydb *p, struct context *c); | 29 | int mls_context_isvalid(struct policydb *p, struct context *c); |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index ee0581557966..372eaade3ca6 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -1916,11 +1916,10 @@ int security_sid_mls_copy(u32 sid, u32 mls_sid, u32 *new_sid) | |||
1916 | newcon.user = context1->user; | 1916 | newcon.user = context1->user; |
1917 | newcon.role = context1->role; | 1917 | newcon.role = context1->role; |
1918 | newcon.type = context1->type; | 1918 | newcon.type = context1->type; |
1919 | rc = mls_copy_context(&newcon, context2); | 1919 | rc = mls_context_cpy(&newcon, context2); |
1920 | if (rc) | 1920 | if (rc) |
1921 | goto out_unlock; | 1921 | goto out_unlock; |
1922 | 1922 | ||
1923 | |||
1924 | /* Check the validity of the new context. */ | 1923 | /* Check the validity of the new context. */ |
1925 | if (!policydb_context_isvalid(&policydb, &newcon)) { | 1924 | if (!policydb_context_isvalid(&policydb, &newcon)) { |
1926 | rc = convert_context_handle_invalid_context(&newcon); | 1925 | rc = convert_context_handle_invalid_context(&newcon); |