aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c6
-rw-r--r--security/selinux/ss/services.c25
2 files changed, 1 insertions, 30 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index a985d0bc59bb..a29d6612a328 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -91,7 +91,6 @@
91 91
92#define NUM_SEL_MNT_OPTS 5 92#define NUM_SEL_MNT_OPTS 5
93 93
94extern unsigned int policydb_loaded_version;
95extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm); 94extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
96extern struct security_operations *security_ops; 95extern struct security_operations *security_ops;
97 96
@@ -4714,10 +4713,7 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
4714 if (err) 4713 if (err)
4715 return err; 4714 return err;
4716 4715
4717 if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS) 4716 return selinux_nlmsg_perm(sk, skb);
4718 err = selinux_nlmsg_perm(sk, skb);
4719
4720 return err;
4721} 4717}
4722 4718
4723static int selinux_netlink_recv(struct sk_buff *skb, int capability) 4719static int selinux_netlink_recv(struct sk_buff *skb, int capability)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index e19baa81fdec..f270e378c0e4 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -65,7 +65,6 @@
65#include "audit.h" 65#include "audit.h"
66 66
67extern void selnl_notify_policyload(u32 seqno); 67extern void selnl_notify_policyload(u32 seqno);
68unsigned int policydb_loaded_version;
69 68
70int selinux_policycap_netpeer; 69int selinux_policycap_netpeer;
71int selinux_policycap_openperm; 70int selinux_policycap_openperm;
@@ -617,17 +616,6 @@ static int context_struct_compute_av(struct context *scontext,
617 unsigned int i, j; 616 unsigned int i, j;
618 617
619 /* 618 /*
620 * Remap extended Netlink classes for old policy versions.
621 * Do this here rather than socket_type_to_security_class()
622 * in case a newer policy version is loaded, allowing sockets
623 * to remain in the correct class.
624 */
625 if (policydb_loaded_version < POLICYDB_VERSION_NLCLASS)
626 if (tclass >= unmap_class(SECCLASS_NETLINK_ROUTE_SOCKET) &&
627 tclass <= unmap_class(SECCLASS_NETLINK_DNRT_SOCKET))
628 tclass = unmap_class(SECCLASS_NETLINK_SOCKET);
629
630 /*
631 * Initialize the access vectors to the default values. 619 * Initialize the access vectors to the default values.
632 */ 620 */
633 avd->allowed = 0; 621 avd->allowed = 0;
@@ -761,17 +749,6 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
761 749
762 tclass = unmap_class(orig_tclass); 750 tclass = unmap_class(orig_tclass);
763 751
764 /*
765 * Remap extended Netlink classes for old policy versions.
766 * Do this here rather than socket_type_to_security_class()
767 * in case a newer policy version is loaded, allowing sockets
768 * to remain in the correct class.
769 */
770 if (policydb_loaded_version < POLICYDB_VERSION_NLCLASS)
771 if (tclass >= unmap_class(SECCLASS_NETLINK_ROUTE_SOCKET) &&
772 tclass <= unmap_class(SECCLASS_NETLINK_DNRT_SOCKET))
773 tclass = unmap_class(SECCLASS_NETLINK_SOCKET);
774
775 if (!tclass || tclass > policydb.p_classes.nprim) { 752 if (!tclass || tclass > policydb.p_classes.nprim) {
776 printk(KERN_ERR "SELinux: %s: unrecognized class %d\n", 753 printk(KERN_ERR "SELinux: %s: unrecognized class %d\n",
777 __func__, tclass); 754 __func__, tclass);
@@ -1766,7 +1743,6 @@ int security_load_policy(void *data, size_t len)
1766 return -EINVAL; 1743 return -EINVAL;
1767 } 1744 }
1768 security_load_policycaps(); 1745 security_load_policycaps();
1769 policydb_loaded_version = policydb.policyvers;
1770 ss_initialized = 1; 1746 ss_initialized = 1;
1771 seqno = ++latest_granting; 1747 seqno = ++latest_granting;
1772 selinux_complete_init(); 1748 selinux_complete_init();
@@ -1829,7 +1805,6 @@ int security_load_policy(void *data, size_t len)
1829 current_mapping = map; 1805 current_mapping = map;
1830 current_mapping_size = map_size; 1806 current_mapping_size = map_size;
1831 seqno = ++latest_granting; 1807 seqno = ++latest_granting;
1832 policydb_loaded_version = policydb.policyvers;
1833 write_unlock_irq(&policy_rwlock); 1808 write_unlock_irq(&policy_rwlock);
1834 1809
1835 /* Free the old policydb and SID table. */ 1810 /* Free the old policydb and SID table. */