aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/selinux/ss/services.c16
1 files changed, 12 insertions, 4 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 4a2bf212057b..2abbc49914e6 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1506,7 +1506,10 @@ static int clone_sid(u32 sid,
1506{ 1506{
1507 struct sidtab *s = arg; 1507 struct sidtab *s = arg;
1508 1508
1509 return sidtab_insert(s, sid, context); 1509 if (sid > SECINITSID_NUM)
1510 return sidtab_insert(s, sid, context);
1511 else
1512 return 0;
1510} 1513}
1511 1514
1512static inline int convert_context_handle_invalid_context(struct context *context) 1515static inline int convert_context_handle_invalid_context(struct context *context)
@@ -1552,7 +1555,10 @@ static int convert_context(u32 key,
1552 struct user_datum *usrdatum; 1555 struct user_datum *usrdatum;
1553 char *s; 1556 char *s;
1554 u32 len; 1557 u32 len;
1555 int rc; 1558 int rc = 0;
1559
1560 if (key <= SECINITSID_NUM)
1561 goto out;
1556 1562
1557 args = p; 1563 args = p;
1558 1564
@@ -1712,9 +1718,11 @@ int security_load_policy(void *data, size_t len)
1712 if (policydb_read(&newpolicydb, fp)) 1718 if (policydb_read(&newpolicydb, fp))
1713 return -EINVAL; 1719 return -EINVAL;
1714 1720
1715 if (sidtab_init(&newsidtab)) { 1721 rc = policydb_load_isids(&newpolicydb, &newsidtab);
1722 if (rc) {
1723 printk(KERN_ERR "SELinux: unable to load the initial SIDs\n");
1716 policydb_destroy(&newpolicydb); 1724 policydb_destroy(&newpolicydb);
1717 return -ENOMEM; 1725 return rc;
1718 } 1726 }
1719 1727
1720 if (selinux_set_mapping(&newpolicydb, secclass_map, 1728 if (selinux_set_mapping(&newpolicydb, secclass_map,