Commit 42596eaf authored by Guido Trentalancia's avatar Guido Trentalancia Committed by James Morris

selinux: load the initial SIDs upon every policy load

Always load the initial SIDs, even in the case of a policy
reload and not just at the initial policy load. This comes
particularly handy after the introduction of a recent
patch for enabling runtime switching between different
policy types, although this patch is in theory independent
from that feature.
Signed-off-by: default avatarGuido Trentalancia <guido@trentalancia.com>
Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent b6cac5a3
...@@ -1506,7 +1506,10 @@ static int clone_sid(u32 sid, ...@@ -1506,7 +1506,10 @@ static int clone_sid(u32 sid,
{ {
struct sidtab *s = arg; struct sidtab *s = arg;
return sidtab_insert(s, sid, context); if (sid > SECINITSID_NUM)
return sidtab_insert(s, sid, context);
else
return 0;
} }
static inline int convert_context_handle_invalid_context(struct context *context) static inline int convert_context_handle_invalid_context(struct context *context)
...@@ -1552,7 +1555,10 @@ static int convert_context(u32 key, ...@@ -1552,7 +1555,10 @@ static int convert_context(u32 key,
struct user_datum *usrdatum; struct user_datum *usrdatum;
char *s; char *s;
u32 len; u32 len;
int rc; int rc = 0;
if (key <= SECINITSID_NUM)
goto out;
args = p; args = p;
...@@ -1712,9 +1718,11 @@ int security_load_policy(void *data, size_t len) ...@@ -1712,9 +1718,11 @@ int security_load_policy(void *data, size_t len)
if (policydb_read(&newpolicydb, fp)) if (policydb_read(&newpolicydb, fp))
return -EINVAL; return -EINVAL;
if (sidtab_init(&newsidtab)) { rc = policydb_load_isids(&newpolicydb, &newsidtab);
if (rc) {
printk(KERN_ERR "SELinux: unable to load the initial SIDs\n");
policydb_destroy(&newpolicydb); policydb_destroy(&newpolicydb);
return -ENOMEM; return rc;
} }
if (selinux_set_mapping(&newpolicydb, secclass_map, if (selinux_set_mapping(&newpolicydb, secclass_map,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment