summary refs log tree commit diff
path: root/security
diff options
context:
space:
mode:
authorGuido Trentalancia <guido@trentalancia.com>2010-02-03 17:06:01 +0100
committerJames Morris <jmorris@namei.org>2010-02-04 08:48:17 +1100
commit42596eafdd75257a640f64701b9b07090bcd84b0 (patch)
treed5c4eb801d70ddd00a7a03814833d99cabf38962 /security
parentb6cac5a30b325e14cda425670bb3568d3cad0aa8 (diff)
downloadlinux-42596eafdd75257a640f64701b9b07090bcd84b0.tar.gz
selinux: load the initial SIDs upon every policy load
Always load the initial SIDs, even in the case of a policy
reload and not just at the initial policy load. This comes
particularly handy after the introduction of a recent
patch for enabling runtime switching between different
policy types, although this patch is in theory independent
from that feature.

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/ss/services.c16
1 files changed, 12 insertions, 4 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 4a2bf212057b..2abbc49914e6 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1506,7 +1506,10 @@ static int clone_sid(u32 sid,
 {
 	struct sidtab *s = arg;
 
-	return sidtab_insert(s, sid, context);
+	if (sid > SECINITSID_NUM)
+		return sidtab_insert(s, sid, context);
+	else
+		return 0;
 }
 
 static inline int convert_context_handle_invalid_context(struct context *context)
@@ -1552,7 +1555,10 @@ static int convert_context(u32 key,
 	struct user_datum *usrdatum;
 	char *s;
 	u32 len;
-	int rc;
+	int rc = 0;
+
+	if (key <= SECINITSID_NUM)
+		goto out;
 
 	args = p;
 
@@ -1712,9 +1718,11 @@ int security_load_policy(void *data, size_t len)
 	if (policydb_read(&newpolicydb, fp))
 		return -EINVAL;
 
-	if (sidtab_init(&newsidtab)) {
+	rc = policydb_load_isids(&newpolicydb, &newsidtab);
+	if (rc) {
+		printk(KERN_ERR "SELinux:  unable to load the initial SIDs\n");
 		policydb_destroy(&newpolicydb);
-		return -ENOMEM;
+		return rc;
 	}
 
 	if (selinux_set_mapping(&newpolicydb, secclass_map,
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-24 08:31:46 +0000