Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit da8026fa authored by Paul Moore's avatar Paul Moore
Browse files

selinux: reconcile security_netlbl_secattr_to_sid() and mls_import_netlbl_cat() 



Move the NetLabel secattr MLS category import logic into
mls_import_netlbl_cat() where it belongs, and use the
mls_import_netlbl_cat() function in security_netlbl_secattr_to_sid().

Reported-by: default avatarRickard Strandqvist <rickard_strandqvist@spectrumdigital.se>
Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
parent 83d4a806

security/selinux/ss/mls.c

+3 −7
Original line number Diff line number Diff line
@@ -654,19 +654,15 @@ int mls_import_netlbl_cat(struct context *context, 


	rc = ebitmap_netlbl_import(&context->range.level[0].cat,

				   secattr->attr.mls.cat);

	if (rc != 0)

		goto import_netlbl_cat_failure;



	rc = ebitmap_cpy(&context->range.level[1].cat,

			 &context->range.level[0].cat);

	if (rc != 0)

	if (rc)

		goto import_netlbl_cat_failure;

	memcpy(&context->range.level[1].cat, &context->range.level[0].cat,

	       sizeof(context->range.level[0].cat));



	return 0;



import_netlbl_cat_failure:

	ebitmap_destroy(&context->range.level[0].cat);

	ebitmap_destroy(&context->range.level[1].cat);

	return rc;

}

#endif /* CONFIG_NETLABEL */

security/selinux/ss/services.c

+1 −5
Original line number Diff line number Diff line
@@ -3179,13 +3179,9 @@ int security_netlbl_secattr_to_sid(struct netlbl_lsm_secattr *secattr, 
		ctx_new.type = ctx->type;

		mls_import_netlbl_lvl(&ctx_new, secattr);

		if (secattr->flags & NETLBL_SECATTR_MLS_CAT) {

			rc = ebitmap_netlbl_import(&ctx_new.range.level[0].cat,

						   secattr->attr.mls.cat);

			rc = mls_import_netlbl_cat(&ctx_new, secattr);

			if (rc)

				goto out;

			memcpy(&ctx_new.range.level[1].cat,

			       &ctx_new.range.level[0].cat,

			       sizeof(ctx_new.range.level[0].cat));

		}

		rc = -EIDRM;

		if (!mls_context_isvalid(&policydb, &ctx_new))