5 files changed, 42 insertions, 29 deletions
diff --git a/security/seclvl.c b/security/seclvl.c
index 8a0ab0d7949e..c8e87b22c9bd 100644
--- a/security/seclvl.c
+++ b/security/seclvl.c
@@ -155,7 +155,7 @@ seclvl_attr_store(struct kobject *kobj,
        struct seclvl_obj *obj = container_of(kobj, struct seclvl_obj, kobj);
        struct seclvl_attribute *attribute =
            container_of(attr, struct seclvl_attribute, attr);
-        return (attribute->store ? attribute->store(obj, buf, len) : 0);
+        return attribute->store ? attribute->store(obj, buf, len) : -EIO;
 }
 static ssize_t
@@ -164,7 +164,7 @@ seclvl_attr_show(struct kobject *kobj, struct attribute *attr, char *buf)
        struct seclvl_obj *obj = container_of(kobj, struct seclvl_obj, kobj);
        struct seclvl_attribute *attribute =
            container_of(attr, struct seclvl_attribute, attr);
-        return (attribute->show ? attribute->show(obj, buf) : 0);
+        return attribute->show ? attribute->show(obj, buf) : -EIO;
 }
 /**
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 85a6f66a873f..451502467a9b 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -242,7 +242,7 @@ void __init avc_init(void)
        avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node),
                                             0, SLAB_PANIC, NULL, NULL);
-        audit_log(current->audit_context, "AVC INITIALIZED\n");
+        audit_log(current->audit_context, AUDIT_KERNEL, "AVC INITIALIZED\n");
 }
 int avc_get_hash_stats(char *page)
@@ -532,6 +532,7 @@ void avc_audit(u32 ssid, u32 tsid,
               u16 tclass, u32 requested,
               struct av_decision *avd, int result, struct avc_audit_data *a)
 {
+        struct task_struct *tsk = current;
        struct inode *inode = NULL;
        u32 denied, audited;
        struct audit_buffer *ab;
@@ -549,12 +550,18 @@ void avc_audit(u32 ssid, u32 tsid,
                        return;
        }
-        ab = audit_log_start(current->audit_context);
+        ab = audit_log_start(current->audit_context, AUDIT_AVC);
        if (!ab)
                return;         /* audit_panic has been called */
        audit_log_format(ab, "avc:  %s ", denied ? "denied" : "granted");
        avc_dump_av(ab, tclass,audited);
        audit_log_format(ab, " for ");
+        if (a && a->tsk)
+                tsk = a->tsk;
+        if (tsk && tsk->pid) {
+                audit_log_format(ab, " pid=%d comm=", tsk->pid);
+                audit_log_untrustedstring(ab, tsk->comm);
+        }
        if (a) {
                switch (a->type) {
                case AVC_AUDIT_DATA_IPC:
@@ -566,21 +573,18 @@ void avc_audit(u32 ssid, u32 tsid,
                case AVC_AUDIT_DATA_FS:
                        if (a->u.fs.dentry) {
                                struct dentry *dentry = a->u.fs.dentry;
-                                if (a->u.fs.mnt) {
+                                if (a->u.fs.mnt)
-                                        audit_log_d_path(ab, "path=", dentry,
+                                        audit_avc_path(dentry, a->u.fs.mnt);
-                                                        a->u.fs.mnt);
+                                audit_log_format(ab, " name=");
-                                } else {
+                                audit_log_untrustedstring(ab, dentry->d_name.name);
-                                        audit_log_format(ab, " name=%s",
-                                                         dentry->d_name.name);
-                                }
                                inode = dentry->d_inode;
                        } else if (a->u.fs.inode) {
                                struct dentry *dentry;
                                inode = a->u.fs.inode;
                                dentry = d_find_alias(inode);
                                if (dentry) {
-                                        audit_log_format(ab, " name=%s",
+                                        audit_log_format(ab, " name=");
-                                                         dentry->d_name.name);
+                                        audit_log_untrustedstring(ab, dentry->d_name.name);
                                        dput(dentry);
                                }
                        }
@@ -623,22 +627,20 @@ void avc_audit(u32 ssid, u32 tsid,
                                case AF_UNIX:
                                        u = unix_sk(sk);
                                        if (u->dentry) {
-                                                audit_log_d_path(ab, "path=",
+                                                audit_avc_path(u->dentry, u->mnt);
-                                                        u->dentry, u->mnt);
+                                                audit_log_format(ab, " name=");
+                                                audit_log_untrustedstring(ab, u->dentry->d_name.name);
                                                break;
                                        }
                                        if (!u->addr)
                                                break;
                                        len = u->addr->len-sizeof(short);
                                        p = &u->addr->name->sun_path[0];
+                                        audit_log_format(ab, " path=");
                                        if (*p)
-                                                audit_log_format(ab,
+                                                audit_log_untrustedstring(ab, p);
-                                                        "path=%*.*s", len,
-                                                        len, p);
                                        else
-                                                audit_log_format(ab,
+                                                audit_log_hex(ab, p, len);
-                                                        "path=@%*.*s", len-1,
-                                                        len-1, p+1);
                                        break;
                                }
                        }
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index aae1e794fe48..87302a49067b 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1945,6 +1945,7 @@ static int selinux_sb_copy_data(struct file_system_type *type, void *orig, void
        } while (*in_end++);
        copy_page(in_save, nosec_save);
+        free_page((unsigned long)nosec_save);
 out:
        return rc;
 }
@@ -3419,7 +3420,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
        err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
        if (err) {
                if (err == -EINVAL) {
-                        audit_log(current->audit_context,
+                        audit_log(current->audit_context, AUDIT_SELINUX_ERR,
                                  "SELinux:  unrecognized netlink message"
                                  " type=%hu for sclass=%hu\n",
                                  nlh->nlmsg_type, isec->sclass);
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index b3adb481bc25..92b057becb4b 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -63,6 +63,8 @@ static struct nlmsg_perm nlmsg_route_perms[] =
        { RTM_GETPREFIX,        NETLINK_ROUTE_SOCKET__NLMSG_READ  },
        { RTM_GETMULTICAST,     NETLINK_ROUTE_SOCKET__NLMSG_READ  },
        { RTM_GETANYCAST,       NETLINK_ROUTE_SOCKET__NLMSG_READ  },
+        { RTM_GETNEIGHTBL,      NETLINK_ROUTE_SOCKET__NLMSG_READ  },
+        { RTM_SETNEIGHTBL,      NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
 };
 static struct nlmsg_perm nlmsg_firewall_perms[] =
@@ -97,6 +99,7 @@ static struct nlmsg_perm nlmsg_audit_perms[] =
        { AUDIT_ADD,            NETLINK_AUDIT_SOCKET__NLMSG_WRITE    },
        { AUDIT_DEL,            NETLINK_AUDIT_SOCKET__NLMSG_WRITE    },
        { AUDIT_USER,           NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
+        { AUDIT_SIGNAL_INFO,    NETLINK_AUDIT_SOCKET__NLMSG_READ     },
 };
@@ -141,8 +144,13 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
                break;
        case SECCLASS_NETLINK_AUDIT_SOCKET:
-                err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,
+                if (nlmsg_type >= AUDIT_FIRST_USER_MSG &&
-                                 sizeof(nlmsg_audit_perms));
+                    nlmsg_type <= AUDIT_LAST_USER_MSG) {
+                        *perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY;
+                } else {
+                        err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,
+                                         sizeof(nlmsg_audit_perms));
+                }
                break;
        /* No messaging from userspace, or class unknown/unhandled */
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 5a820cf88c9c..b6149147d5cb 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -365,7 +365,7 @@ static int security_validtrans_handle_fail(struct context *ocontext,
                goto out;
        if (context_struct_to_string(tcontext, &t, &tlen) < 0)
                goto out;
-        audit_log(current->audit_context,
+        audit_log(current->audit_context, AUDIT_SELINUX_ERR,
                  "security_validate_transition:  denied for"
                  " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
                  o, n, t, policydb.p_class_val_to_name[tclass-1]);
@@ -476,8 +476,8 @@ int security_compute_av(u32 ssid,
        int rc = 0;
        if (!ss_initialized) {
-                avd->allowed = requested;
+                avd->allowed = 0xffffffff;
-                avd->decided = requested;
+                avd->decided = 0xffffffff;
                avd->auditallow = 0;
                avd->auditdeny = 0xffffffff;
                avd->seqno = latest_granting;
@@ -742,7 +742,7 @@ static int compute_sid_handle_invalid_context(
                goto out;
        if (context_struct_to_string(newcontext, &n, &nlen) < 0)
                goto out;
-        audit_log(current->audit_context,
+        audit_log(current->audit_context, AUDIT_SELINUX_ERR,
                  "security_compute_sid:  invalid context %s"
                  " for scontext=%s"
                  " tcontext=%s"
@@ -1196,9 +1196,11 @@ int security_load_policy(void *data, size_t len)
                }
                policydb_loaded_version = policydb.policyvers;
                ss_initialized = 1;
+                seqno = ++latest_granting;
                LOAD_UNLOCK;
                selinux_complete_init();
+                avc_ss_reset(seqno);
+                selnl_notify_policyload(seqno);
                return 0;
        }

diff --git a/security/seclvl.c b/security/seclvl.c index 8a0ab0d7949e..c8e87b22c9bd 100644 --- a/security/seclvl.c +++ b/security/seclvl.c
@@ -155,7 +155,7 @@ seclvl_attr_store(struct kobject *kobj,
155	struct seclvl_obj *obj = container_of(kobj, struct seclvl_obj, kobj);	155	struct seclvl_obj *obj = container_of(kobj, struct seclvl_obj, kobj);
156	struct seclvl_attribute *attribute =	156	struct seclvl_attribute *attribute =
157	container_of(attr, struct seclvl_attribute, attr);	157	container_of(attr, struct seclvl_attribute, attr);
158	return (attribute->store ? attribute->store(obj, buf, len) : 0);	158	return attribute->store ? attribute->store(obj, buf, len) : -EIO;
159	}	159	}
160		160
161	static ssize_t	161	static ssize_t
@@ -164,7 +164,7 @@ seclvl_attr_show(struct kobject kobj, struct attribute attr, char *buf)
164	struct seclvl_obj *obj = container_of(kobj, struct seclvl_obj, kobj);	164	struct seclvl_obj *obj = container_of(kobj, struct seclvl_obj, kobj);
165	struct seclvl_attribute *attribute =	165	struct seclvl_attribute *attribute =
166	container_of(attr, struct seclvl_attribute, attr);	166	container_of(attr, struct seclvl_attribute, attr);
167	return (attribute->show ? attribute->show(obj, buf) : 0);	167	return attribute->show ? attribute->show(obj, buf) : -EIO;
168	}	168	}
169		169
170	/**	170	/**


diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 85a6f66a873f..451502467a9b 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c
@@ -242,7 +242,7 @@ void __init avc_init(void)
242	avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node),	242	avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node),
243	0, SLAB_PANIC, NULL, NULL);	243	0, SLAB_PANIC, NULL, NULL);
244		244
245	audit_log(current->audit_context, "AVC INITIALIZED\n");	245	audit_log(current->audit_context, AUDIT_KERNEL, "AVC INITIALIZED\n");
246	}	246	}
247		247
248	int avc_get_hash_stats(char *page)	248	int avc_get_hash_stats(char *page)
@@ -532,6 +532,7 @@ void avc_audit(u32 ssid, u32 tsid,
532	u16 tclass, u32 requested,	532	u16 tclass, u32 requested,
533	struct av_decision avd, int result, struct avc_audit_data a)	533	struct av_decision avd, int result, struct avc_audit_data a)
534	{	534	{
		535	struct task_struct *tsk = current;
535	struct inode *inode = NULL;	536	struct inode *inode = NULL;
536	u32 denied, audited;	537	u32 denied, audited;
537	struct audit_buffer *ab;	538	struct audit_buffer *ab;
@@ -549,12 +550,18 @@ void avc_audit(u32 ssid, u32 tsid,
549	return;	550	return;
550	}	551	}
551		552
552	ab = audit_log_start(current->audit_context);	553	ab = audit_log_start(current->audit_context, AUDIT_AVC);
553	if (!ab)	554	if (!ab)
554	return; /* audit_panic has been called */	555	return; /* audit_panic has been called */
555	audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted");	556	audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted");
556	avc_dump_av(ab, tclass,audited);	557	avc_dump_av(ab, tclass,audited);
557	audit_log_format(ab, " for ");	558	audit_log_format(ab, " for ");
		559	if (a && a->tsk)
		560	tsk = a->tsk;
		561	if (tsk && tsk->pid) {
		562	audit_log_format(ab, " pid=%d comm=", tsk->pid);
		563	audit_log_untrustedstring(ab, tsk->comm);
		564	}
558	if (a) {	565	if (a) {
559	switch (a->type) {	566	switch (a->type) {
560	case AVC_AUDIT_DATA_IPC:	567	case AVC_AUDIT_DATA_IPC:
@@ -566,21 +573,18 @@ void avc_audit(u32 ssid, u32 tsid,
566	case AVC_AUDIT_DATA_FS:	573	case AVC_AUDIT_DATA_FS:
567	if (a->u.fs.dentry) {	574	if (a->u.fs.dentry) {
568	struct dentry *dentry = a->u.fs.dentry;	575	struct dentry *dentry = a->u.fs.dentry;
569	if (a->u.fs.mnt) {	576	if (a->u.fs.mnt)
570	audit_log_d_path(ab, "path=", dentry,	577	audit_avc_path(dentry, a->u.fs.mnt);
571	a->u.fs.mnt);	578	audit_log_format(ab, " name=");
572	} else {	579	audit_log_untrustedstring(ab, dentry->d_name.name);
573	audit_log_format(ab, " name=%s",
574	dentry->d_name.name);
575	}
576	inode = dentry->d_inode;	580	inode = dentry->d_inode;
577	} else if (a->u.fs.inode) {	581	} else if (a->u.fs.inode) {
578	struct dentry *dentry;	582	struct dentry *dentry;
579	inode = a->u.fs.inode;	583	inode = a->u.fs.inode;
580	dentry = d_find_alias(inode);	584	dentry = d_find_alias(inode);
581	if (dentry) {	585	if (dentry) {
582	audit_log_format(ab, " name=%s",	586	audit_log_format(ab, " name=");
583	dentry->d_name.name);	587	audit_log_untrustedstring(ab, dentry->d_name.name);
584	dput(dentry);	588	dput(dentry);
585	}	589	}
586	}	590	}
@@ -623,22 +627,20 @@ void avc_audit(u32 ssid, u32 tsid,
623	case AF_UNIX:	627	case AF_UNIX:
624	u = unix_sk(sk);	628	u = unix_sk(sk);
625	if (u->dentry) {	629	if (u->dentry) {
626	audit_log_d_path(ab, "path=",	630	audit_avc_path(u->dentry, u->mnt);
627	u->dentry, u->mnt);	631	audit_log_format(ab, " name=");
		632	audit_log_untrustedstring(ab, u->dentry->d_name.name);
628	break;	633	break;
629	}	634	}
630	if (!u->addr)	635	if (!u->addr)
631	break;	636	break;
632	len = u->addr->len-sizeof(short);	637	len = u->addr->len-sizeof(short);
633	p = &u->addr->name->sun_path[0];	638	p = &u->addr->name->sun_path[0];
		639	audit_log_format(ab, " path=");
634	if (*p)	640	if (*p)
635	audit_log_format(ab,	641	audit_log_untrustedstring(ab, p);
636	"path=%.s", len,
637	len, p);
638	else	642	else
639	audit_log_format(ab,	643	audit_log_hex(ab, p, len);
640	"path=@%.s", len-1,
641	len-1, p+1);
642	break;	644	break;
643	}	645	}
644	}	646	}


diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index aae1e794fe48..87302a49067b 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -1945,6 +1945,7 @@ static int selinux_sb_copy_data(struct file_system_type type, void orig, void
1945	} while (*in_end++);	1945	} while (*in_end++);
1946		1946
1947	copy_page(in_save, nosec_save);	1947	copy_page(in_save, nosec_save);
		1948	free_page((unsigned long)nosec_save);
1948	out:	1949	out:
1949	return rc;	1950	return rc;
1950	}	1951	}
@@ -3419,7 +3420,7 @@ static int selinux_nlmsg_perm(struct sock sk, struct sk_buff skb)
3419	err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);	3420	err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
3420	if (err) {	3421	if (err) {
3421	if (err == -EINVAL) {	3422	if (err == -EINVAL) {
3422	audit_log(current->audit_context,	3423	audit_log(current->audit_context, AUDIT_SELINUX_ERR,
3423	"SELinux: unrecognized netlink message"	3424	"SELinux: unrecognized netlink message"
3424	" type=%hu for sclass=%hu\n",	3425	" type=%hu for sclass=%hu\n",
3425	nlh->nlmsg_type, isec->sclass);	3426	nlh->nlmsg_type, isec->sclass);


diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index b3adb481bc25..92b057becb4b 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c
@@ -63,6 +63,8 @@ static struct nlmsg_perm nlmsg_route_perms[] =
63	{ RTM_GETPREFIX, NETLINK_ROUTE_SOCKET__NLMSG_READ },	63	{ RTM_GETPREFIX, NETLINK_ROUTE_SOCKET__NLMSG_READ },
64	{ RTM_GETMULTICAST, NETLINK_ROUTE_SOCKET__NLMSG_READ },	64	{ RTM_GETMULTICAST, NETLINK_ROUTE_SOCKET__NLMSG_READ },
65	{ RTM_GETANYCAST, NETLINK_ROUTE_SOCKET__NLMSG_READ },	65	{ RTM_GETANYCAST, NETLINK_ROUTE_SOCKET__NLMSG_READ },
		66	{ RTM_GETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_READ },
		67	{ RTM_SETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
66	};	68	};
67		69
68	static struct nlmsg_perm nlmsg_firewall_perms[] =	70	static struct nlmsg_perm nlmsg_firewall_perms[] =
@@ -97,6 +99,7 @@ static struct nlmsg_perm nlmsg_audit_perms[] =
97	{ AUDIT_ADD, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },	99	{ AUDIT_ADD, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
98	{ AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },	100	{ AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
99	{ AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },	101	{ AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
		102	{ AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ },
100	};	103	};
101		104
102		105
@@ -141,8 +144,13 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
141	break;	144	break;
142		145
143	case SECCLASS_NETLINK_AUDIT_SOCKET:	146	case SECCLASS_NETLINK_AUDIT_SOCKET:
144	err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,	147	if (nlmsg_type >= AUDIT_FIRST_USER_MSG &&
145	sizeof(nlmsg_audit_perms));	148	nlmsg_type <= AUDIT_LAST_USER_MSG) {
		149	*perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY;
		150	} else {
		151	err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,
		152	sizeof(nlmsg_audit_perms));
		153	}
146	break;	154	break;
147		155
148	/* No messaging from userspace, or class unknown/unhandled */	156	/* No messaging from userspace, or class unknown/unhandled */


diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 5a820cf88c9c..b6149147d5cb 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c
@@ -365,7 +365,7 @@ static int security_validtrans_handle_fail(struct context *ocontext,
365	goto out;	365	goto out;
366	if (context_struct_to_string(tcontext, &t, &tlen) < 0)	366	if (context_struct_to_string(tcontext, &t, &tlen) < 0)
367	goto out;	367	goto out;
368	audit_log(current->audit_context,	368	audit_log(current->audit_context, AUDIT_SELINUX_ERR,
369	"security_validate_transition: denied for"	369	"security_validate_transition: denied for"
370	" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",	370	" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
371	o, n, t, policydb.p_class_val_to_name[tclass-1]);	371	o, n, t, policydb.p_class_val_to_name[tclass-1]);
@@ -476,8 +476,8 @@ int security_compute_av(u32 ssid,
476	int rc = 0;	476	int rc = 0;
477		477
478	if (!ss_initialized) {	478	if (!ss_initialized) {
479	avd->allowed = requested;	479	avd->allowed = 0xffffffff;
480	avd->decided = requested;	480	avd->decided = 0xffffffff;
481	avd->auditallow = 0;	481	avd->auditallow = 0;
482	avd->auditdeny = 0xffffffff;	482	avd->auditdeny = 0xffffffff;
483	avd->seqno = latest_granting;	483	avd->seqno = latest_granting;
@@ -742,7 +742,7 @@ static int compute_sid_handle_invalid_context(
742	goto out;	742	goto out;
743	if (context_struct_to_string(newcontext, &n, &nlen) < 0)	743	if (context_struct_to_string(newcontext, &n, &nlen) < 0)
744	goto out;	744	goto out;
745	audit_log(current->audit_context,	745	audit_log(current->audit_context, AUDIT_SELINUX_ERR,
746	"security_compute_sid: invalid context %s"	746	"security_compute_sid: invalid context %s"
747	" for scontext=%s"	747	" for scontext=%s"
748	" tcontext=%s"	748	" tcontext=%s"
@@ -1196,9 +1196,11 @@ int security_load_policy(void *data, size_t len)
1196	}	1196	}
1197	policydb_loaded_version = policydb.policyvers;	1197	policydb_loaded_version = policydb.policyvers;
1198	ss_initialized = 1;	1198	ss_initialized = 1;
1199		1199	seqno = ++latest_granting;
1200	LOAD_UNLOCK;	1200	LOAD_UNLOCK;
1201	selinux_complete_init();	1201	selinux_complete_init();
		1202	avc_ss_reset(seqno);
		1203	selnl_notify_policyload(seqno);
1202	return 0;	1204	return 0;
1203	}	1205	}
1204		1206