diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/hooks.c | 6 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 25 |
2 files changed, 1 insertions, 30 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index a985d0bc59bb..a29d6612a328 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -91,7 +91,6 @@ | |||
91 | 91 | ||
92 | #define NUM_SEL_MNT_OPTS 5 | 92 | #define NUM_SEL_MNT_OPTS 5 |
93 | 93 | ||
94 | extern unsigned int policydb_loaded_version; | ||
95 | extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm); | 94 | extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm); |
96 | extern struct security_operations *security_ops; | 95 | extern struct security_operations *security_ops; |
97 | 96 | ||
@@ -4714,10 +4713,7 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb) | |||
4714 | if (err) | 4713 | if (err) |
4715 | return err; | 4714 | return err; |
4716 | 4715 | ||
4717 | if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS) | 4716 | return selinux_nlmsg_perm(sk, skb); |
4718 | err = selinux_nlmsg_perm(sk, skb); | ||
4719 | |||
4720 | return err; | ||
4721 | } | 4717 | } |
4722 | 4718 | ||
4723 | static int selinux_netlink_recv(struct sk_buff *skb, int capability) | 4719 | static int selinux_netlink_recv(struct sk_buff *skb, int capability) |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index e19baa81fdec..f270e378c0e4 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -65,7 +65,6 @@ | |||
65 | #include "audit.h" | 65 | #include "audit.h" |
66 | 66 | ||
67 | extern void selnl_notify_policyload(u32 seqno); | 67 | extern void selnl_notify_policyload(u32 seqno); |
68 | unsigned int policydb_loaded_version; | ||
69 | 68 | ||
70 | int selinux_policycap_netpeer; | 69 | int selinux_policycap_netpeer; |
71 | int selinux_policycap_openperm; | 70 | int selinux_policycap_openperm; |
@@ -617,17 +616,6 @@ static int context_struct_compute_av(struct context *scontext, | |||
617 | unsigned int i, j; | 616 | unsigned int i, j; |
618 | 617 | ||
619 | /* | 618 | /* |
620 | * Remap extended Netlink classes for old policy versions. | ||
621 | * Do this here rather than socket_type_to_security_class() | ||
622 | * in case a newer policy version is loaded, allowing sockets | ||
623 | * to remain in the correct class. | ||
624 | */ | ||
625 | if (policydb_loaded_version < POLICYDB_VERSION_NLCLASS) | ||
626 | if (tclass >= unmap_class(SECCLASS_NETLINK_ROUTE_SOCKET) && | ||
627 | tclass <= unmap_class(SECCLASS_NETLINK_DNRT_SOCKET)) | ||
628 | tclass = unmap_class(SECCLASS_NETLINK_SOCKET); | ||
629 | |||
630 | /* | ||
631 | * Initialize the access vectors to the default values. | 619 | * Initialize the access vectors to the default values. |
632 | */ | 620 | */ |
633 | avd->allowed = 0; | 621 | avd->allowed = 0; |
@@ -761,17 +749,6 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid, | |||
761 | 749 | ||
762 | tclass = unmap_class(orig_tclass); | 750 | tclass = unmap_class(orig_tclass); |
763 | 751 | ||
764 | /* | ||
765 | * Remap extended Netlink classes for old policy versions. | ||
766 | * Do this here rather than socket_type_to_security_class() | ||
767 | * in case a newer policy version is loaded, allowing sockets | ||
768 | * to remain in the correct class. | ||
769 | */ | ||
770 | if (policydb_loaded_version < POLICYDB_VERSION_NLCLASS) | ||
771 | if (tclass >= unmap_class(SECCLASS_NETLINK_ROUTE_SOCKET) && | ||
772 | tclass <= unmap_class(SECCLASS_NETLINK_DNRT_SOCKET)) | ||
773 | tclass = unmap_class(SECCLASS_NETLINK_SOCKET); | ||
774 | |||
775 | if (!tclass || tclass > policydb.p_classes.nprim) { | 752 | if (!tclass || tclass > policydb.p_classes.nprim) { |
776 | printk(KERN_ERR "SELinux: %s: unrecognized class %d\n", | 753 | printk(KERN_ERR "SELinux: %s: unrecognized class %d\n", |
777 | __func__, tclass); | 754 | __func__, tclass); |
@@ -1766,7 +1743,6 @@ int security_load_policy(void *data, size_t len) | |||
1766 | return -EINVAL; | 1743 | return -EINVAL; |
1767 | } | 1744 | } |
1768 | security_load_policycaps(); | 1745 | security_load_policycaps(); |
1769 | policydb_loaded_version = policydb.policyvers; | ||
1770 | ss_initialized = 1; | 1746 | ss_initialized = 1; |
1771 | seqno = ++latest_granting; | 1747 | seqno = ++latest_granting; |
1772 | selinux_complete_init(); | 1748 | selinux_complete_init(); |
@@ -1829,7 +1805,6 @@ int security_load_policy(void *data, size_t len) | |||
1829 | current_mapping = map; | 1805 | current_mapping = map; |
1830 | current_mapping_size = map_size; | 1806 | current_mapping_size = map_size; |
1831 | seqno = ++latest_granting; | 1807 | seqno = ++latest_granting; |
1832 | policydb_loaded_version = policydb.policyvers; | ||
1833 | write_unlock_irq(&policy_rwlock); | 1808 | write_unlock_irq(&policy_rwlock); |
1834 | 1809 | ||
1835 | /* Free the old policydb and SID table. */ | 1810 | /* Free the old policydb and SID table. */ |