X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=security%2Fselinux%2Fss%2Fservices.c;h=8e4423b1c7899ff83ed6f96fc192b68968096de6;hb=9bf4aaab3e101692164d49b7ca357651eb691cb6;hp=21ab4c975f6064730787f33cbfb4442db76fe72c;hpb=db216c3d5e4c040e557a50f8f5d35d5c415e8c1c;p=linux-2.6.git diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 21ab4c975..8e4423b1c 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -40,6 +40,7 @@ #include "mls.h" extern void selnl_notify_policyload(u32 seqno); +extern int policydb_loaded_version; static rwlock_t policy_rwlock = RW_LOCK_UNLOCKED; #define POLICY_RDLOCK read_lock(&policy_rwlock) @@ -203,6 +204,17 @@ static int context_struct_compute_av(struct context *scontext, struct avtab_datum *avdatum; struct class_datum *tclass_datum; + /* + * Remap extended Netlink classes for old policy versions. + * Do this here rather than socket_type_to_security_class() + * in case a newer policy version is loaded, allowing sockets + * to remain in the correct class. + */ + if (policydb_loaded_version < POLICYDB_VERSION_NLCLASS) + if (tclass >= SECCLASS_NETLINK_ROUTE_SOCKET && + tclass <= SECCLASS_NETLINK_DNRT_SOCKET) + tclass = SECCLASS_NETLINK_SOCKET; + if (!tclass || tclass > policydb.p_classes.nprim) { printk(KERN_ERR "security_compute_av: unrecognized class %d\n", tclass); @@ -296,7 +308,7 @@ int security_compute_av(u32 ssid, u32 requested, struct av_decision *avd) { - struct context *scontext = 0, *tcontext = 0; + struct context *scontext = NULL, *tcontext = NULL; int rc = 0; if (!ss_initialized) { @@ -343,7 +355,7 @@ int context_struct_to_string(struct context *context, char **scontext, u32 *scon { char *scontextp; - *scontext = 0; + *scontext = NULL; *scontext_len = 0; /* Compute the size of the context. */ @@ -588,8 +600,8 @@ static int security_compute_sid(u32 ssid, u32 specified, u32 *out_sid) { - struct context *scontext = 0, *tcontext = 0, newcontext; - struct role_trans *roletr = 0; + struct context *scontext = NULL, *tcontext = NULL, newcontext; + struct role_trans *roletr = NULL; struct avtab_key avkey; struct avtab_datum *avdatum; struct avtab_node *node;