projects / linux-block.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: 0d02ec6 ee5de60)
Merge tag 'selinux-pr-20210322' of git://git.kernel.org/pub/scm/linux/kernel/git...
authorLinus Torvalds <torvalds@linux-foundation.org>
Mon, 22 Mar 2021 18:34:31 +0000 (11:34 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Mon, 22 Mar 2021 18:34:31 +0000 (11:34 -0700)
Pull selinux fixes from Paul Moore:
 "Three SELinux patches:

   - Fix a problem where a local variable is used outside its associated
     function. Thankfully this can only be triggered by reloading the
     SELinux policy, which is a restricted operation for other obvious
     reasons.

   - Fix some incorrect, and inconsistent, audit and printk messages
     when loading the SELinux policy.

  All three patches are relatively minor and have been through our
  testing with no failures"

* tag 'selinux-pr-20210322' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinuxfs: unify policy load error reporting
  selinux: fix variable scope issue in live sidtab conversion
  selinux: don't log MAC_POLICY_LOAD record on failed policy load

1  2 
security/selinux/include/security.h patch | diff1 | diff2 | blob | history
security/selinux/ss/services.c patch | diff1 | diff2 | blob | history

diff --cc security/selinux/include/security.h
index 6fe25300b89dc5b7aa40e55c0a525d691fe3f364,25db66e0ac5109150a224fc0a11824f06f8a1f1e..7650de0485700d4dd32d83e9e02d884b316fdc2e
--- 1/security/selinux/include/security.h
--- 2/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@@ -219,18 -219,24 +219,25 @@@ static inline bool selinux_policycap_ge
        return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS]);
  }
  
+ struct selinux_policy_convert_data;
+ struct selinux_load_state {
+       struct selinux_policy *policy;
+       struct selinux_policy_convert_data *convert_data;
+ };
  int security_mls_enabled(struct selinux_state *state);
  int security_load_policy(struct selinux_state *state,
-                       void *data, size_t len,
-                       struct selinux_policy **newpolicyp);
+                        void *data, size_t len,
+                        struct selinux_load_state *load_state);
  void selinux_policy_commit(struct selinux_state *state,
-                       struct selinux_policy *newpolicy);
+                          struct selinux_load_state *load_state);
  void selinux_policy_cancel(struct selinux_state *state,
-                       struct selinux_policy *policy);
+                          struct selinux_load_state *load_state);
  int security_read_policy(struct selinux_state *state,
                         void **data, size_t *len);
 -
 +int security_read_state_kernel(struct selinux_state *state,
 +                             void **data, size_t *len);
  int security_policycap_supported(struct selinux_state *state,
                                 unsigned int req_cap);
  
diff --cc security/selinux/ss/services.c
index 3438d0130378610132edaf6a1c8e846076f6b8fb,4a907e008a980d22cbb33f30f4ddfcb0bb4cd12b..d91e41d47777b26390b626fd38897548724c4b58
--- 1/security/selinux/ss/services.c
--- 2/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@@ -65,8 -65,18 +65,19 @@@
  #include "ebitmap.h"
  #include "audit.h"
  #include "policycap_names.h"
 +#include "ima.h"
  
+ struct convert_context_args {
+       struct selinux_state *state;
+       struct policydb *oldp;
+       struct policydb *newp;
+ };
+ struct selinux_policy_convert_data {
+       struct convert_context_args args;
+       struct sidtab_convert_params sidtab_params;
+ };
  /* Forward declaration. */
  static int context_struct_to_string(struct policydb *policydb,
                                    struct context *context,
Linux 6.x block layer and io_uring tree(s)