xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[PATCH] selinux: add support for range transitions on object classes

Browse Source 
Introduces support for policy version 21.  This version of the binary
kernel policy allows for defining range transitions on security classes
other than the process security class.  As always, backwards compatibility
for older formats is retained.  The security class is read in as specified
when using the new format, while the "process" security class is assumed
when using an older policy format.

Signed-off-by: Darrel Goeddel <dgoeddel@trustedcs.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
Darrel Goeddel
2006-09-25 23:31:59 -07:00
committed by Linus Torvalds
parent 016b9bdb81
commit f3f8771420
5 changed files with 37 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
security/selinux/ss/policydb.c
View File

@@ -96,6 +96,11 @@ static struct policydb_compat_info policydb_compat[] = {
.sym_num = SYM_NUM,
.ocon_num = OCON_NUM,
},
{
.version = POLICYDB_VERSION_RANGETRANS,
.sym_num = SYM_NUM,
.ocon_num = OCON_NUM,
},
};
static struct policydb_compat_info *policydb_lookup_compat(int version)
@@ -645,15 +650,15 @@ void policydb_destroy(struct policydb *p)
for (rt = p->range_tr; rt; rt = rt -> next) {
if (lrt) {
ebitmap_destroy(&lrt->range.level[0].cat);
ebitmap_destroy(&lrt->range.level[1].cat);
ebitmap_destroy(&lrt->target_range.level[0].cat);
ebitmap_destroy(&lrt->target_range.level[1].cat);
kfree(lrt);
}
lrt = rt;
}
if (lrt) {
ebitmap_destroy(&lrt->range.level[0].cat);
ebitmap_destroy(&lrt->range.level[1].cat);
ebitmap_destroy(&lrt->target_range.level[0].cat);
ebitmap_destroy(&lrt->target_range.level[1].cat);
kfree(lrt);
}
@@ -1829,6 +1834,7 @@ int policydb_read(struct policydb *p, void *fp)
}
if (p->policyvers >= POLICYDB_VERSION_MLS) {
int new_rangetr = p->policyvers >= POLICYDB_VERSION_RANGETRANS;
rc = next_entry(buf, fp, sizeof(u32));
if (rc < 0)
goto bad;
@@ -1847,9 +1853,16 @@ int policydb_read(struct policydb *p, void *fp)
rc = next_entry(buf, fp, (sizeof(u32) * 2));
if (rc < 0)
goto bad;
rt->dom = le32_to_cpu(buf[0]);
rt->type = le32_to_cpu(buf[1]);
rc = mls_read_range_helper(&rt->range, fp);
rt->source_type = le32_to_cpu(buf[0]);
rt->target_type = le32_to_cpu(buf[1]);
if (new_rangetr) {
rc = next_entry(buf, fp, sizeof(u32));
if (rc < 0)
goto bad;
rt->target_class = le32_to_cpu(buf[0]);
} else
rt->target_class = SECCLASS_PROCESS;
rc = mls_read_range_helper(&rt->target_range, fp);
if (rc)
goto bad;
lrt = rt;