lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1517320017.14420.7.camel@tycho.nsa.gov>
Date:   Tue, 30 Jan 2018 08:46:57 -0500
From:   Stephen Smalley <sds@...ho.nsa.gov>
To:     peter.enderborg@...y.com, Paul Moore <paul@...l-moore.com>,
        Eric Paris <eparis@...isplace.org>,
        James Morris <james.l.morris@...cle.com>,
        Daniel Jurgens <danielj@...lanox.com>,
        Doug Ledford <dledford@...hat.com>, selinux@...ho.nsa.gov,
        linux-security-module@...r.kernel.org,
        linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...hat.com>,
        alsa-devel@...a-project.org, "Serge E . Hallyn" <serge@...lyn.com>
Subject: Re: [PATCH v2 1/5] selinux:Remove direct references to policydb.

On Fri, 2018-01-26 at 15:32 +0100, peter.enderborg@...y.com wrote:
> From: Peter Enderborg <peter.enderborg@...y.com>
> 
> To be able to use rcu locks we seed to address the policydb
> though a pointer. This preparation removes the export of the
> policydb and send pointers to it through parameter agruments.

Just for reference, I have a patch series that does this not only for
the policydb, sidtab, and class/perm mapping, but for all of the
SELinux global state, see:
https://github.com/stephensmalley/selinux-kernel/tree/selinuxns
and in particular
https://github.com/stephensmalley/selinux-kernel/commit/c10d90b43cd720c8f8aab51007e805bf7c4f10d2
https://github.com/stephensmalley/selinux-kernel/commit/ec038a64173d56a331423b6d1564b801f0915afc
https://github.com/stephensmalley/selinux-kernel/commit/97aa5d7a05e4458bc4562c47d8f7bc4f56fbfefd

Those first three patches should have no effect on SELinux behavior.
They need to be re-based to latest selinux next branch (some minor
conflict resolution required) but I was waiting for that to advance to
something 4.15-rcX based.  I could however re-base it now if desired.

> 
> Signed-off-by: Peter Enderborg <peter.enderborg@...y.com>
> ---
>  security/selinux/ss/mls.c      | 69 ++++++++++++++++----------------
>  security/selinux/ss/mls.h      | 37 +++++++++--------
>  security/selinux/ss/services.c | 90 +++++++++++++++++++++++++++-----
> ----------
>  security/selinux/ss/services.h |  3 --
>  4 files changed, 114 insertions(+), 85 deletions(-)
> 
> diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
> index ad982ce..b1f35d3 100644
> --- a/security/selinux/ss/mls.c
> +++ b/security/selinux/ss/mls.c
> @@ -33,20 +33,20 @@
>   * Return the length in bytes for the MLS fields of the
>   * security context string representation of `context'.
>   */
> -int mls_compute_context_len(struct context *context)
> +int mls_compute_context_len(struct policydb *p, struct context
> *context)
>  {
>  	int i, l, len, head, prev;
>  	char *nm;
>  	struct ebitmap *e;
>  	struct ebitmap_node *node;
>  
> -	if (!policydb.mls_enabled)
> +	if (!p->mls_enabled)
>  		return 0;
>  
>  	len = 1; /* for the beginning ":" */
>  	for (l = 0; l < 2; l++) {
>  		int index_sens = context->range.level[l].sens;
> -		len += strlen(sym_name(&policydb, SYM_LEVELS,
> index_sens - 1));
> +		len += strlen(sym_name(p, SYM_LEVELS, index_sens -
> 1));
>  
>  		/* categories */
>  		head = -2;
> @@ -56,17 +56,17 @@ int mls_compute_context_len(struct context
> *context)
>  			if (i - prev > 1) {
>  				/* one or more negative bits are
> skipped */
>  				if (head != prev) {
> -					nm = sym_name(&policydb,
> SYM_CATS, prev);
> +					nm = sym_name(p, SYM_CATS,
> prev);
>  					len += strlen(nm) + 1;
>  				}
> -				nm = sym_name(&policydb, SYM_CATS,
> i);
> +				nm = sym_name(p, SYM_CATS, i);
>  				len += strlen(nm) + 1;
>  				head = i;
>  			}
>  			prev = i;
>  		}
>  		if (prev != head) {
> -			nm = sym_name(&policydb, SYM_CATS, prev);
> +			nm = sym_name(p, SYM_CATS, prev);
>  			len += strlen(nm) + 1;
>  		}
>  		if (l == 0) {
> @@ -86,7 +86,7 @@ int mls_compute_context_len(struct context
> *context)
>   * the MLS fields of `context' into the string `*scontext'.
>   * Update `*scontext' to point to the end of the MLS fields.
>   */
> -void mls_sid_to_context(struct context *context,
> +void mls_sid_to_context(struct policydb *p, struct context *context,
>  			char **scontext)
>  {
>  	char *scontextp, *nm;
> @@ -94,7 +94,7 @@ void mls_sid_to_context(struct context *context,
>  	struct ebitmap *e;
>  	struct ebitmap_node *node;
>  
> -	if (!policydb.mls_enabled)
> +	if (!p->mls_enabled)
>  		return;
>  
>  	scontextp = *scontext;
> @@ -103,7 +103,7 @@ void mls_sid_to_context(struct context *context,
>  	scontextp++;
>  
>  	for (l = 0; l < 2; l++) {
> -		strcpy(scontextp, sym_name(&policydb, SYM_LEVELS,
> +		strcpy(scontextp, sym_name(p, SYM_LEVELS,
>  					   context-
> >range.level[l].sens - 1));
>  		scontextp += strlen(scontextp);
>  
> @@ -119,7 +119,7 @@ void mls_sid_to_context(struct context *context,
>  						*scontextp++ = '.';
>  					else
>  						*scontextp++ = ',';
> -					nm = sym_name(&policydb,
> SYM_CATS, prev);
> +					nm = sym_name(p, SYM_CATS,
> prev);
>  					strcpy(scontextp, nm);
>  					scontextp += strlen(nm);
>  				}
> @@ -127,7 +127,7 @@ void mls_sid_to_context(struct context *context,
>  					*scontextp++ = ':';
>  				else
>  					*scontextp++ = ',';
> -				nm = sym_name(&policydb, SYM_CATS,
> i);
> +				nm = sym_name(p, SYM_CATS, i);
>  				strcpy(scontextp, nm);
>  				scontextp += strlen(nm);
>  				head = i;
> @@ -140,7 +140,7 @@ void mls_sid_to_context(struct context *context,
>  				*scontextp++ = '.';
>  			else
>  				*scontextp++ = ',';
> -			nm = sym_name(&policydb, SYM_CATS, prev);
> +			nm = sym_name(p, SYM_CATS, prev);
>  			strcpy(scontextp, nm);
>  			scontextp += strlen(nm);
>  		}
> @@ -375,12 +375,13 @@ int mls_context_to_sid(struct policydb *pol,
>   * the string `str'.  This function will allocate temporary memory
> with the
>   * given constraints of gfp_mask.
>   */
> -int mls_from_string(char *str, struct context *context, gfp_t
> gfp_mask)
> +int mls_from_string(struct policydb *p, char *str, struct context
> *context,
> +		    gfp_t gfp_mask)
>  {
>  	char *tmpstr, *freestr;
>  	int rc;
>  
> -	if (!policydb.mls_enabled)
> +	if (!p->mls_enabled)
>  		return -EINVAL;
>  
>  	/* we need freestr because mls_context_to_sid will change
> @@ -389,7 +390,7 @@ int mls_from_string(char *str, struct context
> *context, gfp_t gfp_mask)
>  	if (!tmpstr) {
>  		rc = -ENOMEM;
>  	} else {
> -		rc = mls_context_to_sid(&policydb, ':', &tmpstr,
> context,
> +		rc = mls_context_to_sid(p, ':', &tmpstr, context,
>  					NULL, SECSID_NULL);
>  		kfree(freestr);
>  	}
> @@ -417,10 +418,10 @@ int mls_range_set(struct context *context,
>  	return rc;
>  }
>  
> -int mls_setup_user_range(struct context *fromcon, struct user_datum
> *user,
> -			 struct context *usercon)
> +int mls_setup_user_range(struct policydb *p, struct context
> *fromcon,
> +			 struct user_datum *user, struct context
> *usercon)
>  {
> -	if (policydb.mls_enabled) {
> +	if (p->mls_enabled) {
>  		struct mls_level *fromcon_sen = &(fromcon-
> >range.level[0]);
>  		struct mls_level *fromcon_clr = &(fromcon-
> >range.level[1]);
>  		struct mls_level *user_low = &(user-
> >range.level[0]);
> @@ -460,7 +461,7 @@ int mls_setup_user_range(struct context *fromcon,
> struct user_datum *user,
>   * structure `c' from the values specified in the
>   * policy `oldp' to the values specified in the policy `newp'.
>   */
> -int mls_convert_context(struct policydb *oldp,
> +int mls_convert_context(struct policydb *p, struct policydb *oldp,
>  			struct policydb *newp,
>  			struct context *c)
>  {
> @@ -470,7 +471,7 @@ int mls_convert_context(struct policydb *oldp,
>  	struct ebitmap_node *node;
>  	int l, i;
>  
> -	if (!policydb.mls_enabled)
> +	if (!p->mls_enabled)
>  		return 0;
>  
>  	for (l = 0; l < 2; l++) {
> @@ -503,7 +504,7 @@ int mls_convert_context(struct policydb *oldp,
>  	return 0;
>  }
>  
> -int mls_compute_sid(struct context *scontext,
> +int mls_compute_sid(struct policydb *p, struct context *scontext,
>  		    struct context *tcontext,
>  		    u16 tclass,
>  		    u32 specified,
> @@ -515,7 +516,7 @@ int mls_compute_sid(struct context *scontext,
>  	struct class_datum *cladatum;
>  	int default_range = 0;
>  
> -	if (!policydb.mls_enabled)
> +	if (!p->mls_enabled)
>  		return 0;
>  
>  	switch (specified) {
> @@ -524,12 +525,12 @@ int mls_compute_sid(struct context *scontext,
>  		rtr.source_type = scontext->type;
>  		rtr.target_type = tcontext->type;
>  		rtr.target_class = tclass;
> -		r = hashtab_search(policydb.range_tr, &rtr);
> +		r = hashtab_search(p->range_tr, &rtr);
>  		if (r)
>  			return mls_range_set(newcontext, r);
>  
> -		if (tclass && tclass <= policydb.p_classes.nprim) {
> -			cladatum =
> policydb.class_val_to_struct[tclass - 1];
> +		if (tclass && tclass <= p->p_classes.nprim) {
> +			cladatum = p->class_val_to_struct[tclass -
> 1];
>  			if (cladatum)
>  				default_range = cladatum-
> >default_range;
>  		}
> @@ -551,7 +552,7 @@ int mls_compute_sid(struct context *scontext,
>  
>  		/* Fallthrough */
>  	case AVTAB_CHANGE:
> -		if ((tclass == policydb.process_class) || (sock ==
> true))
> +		if ((tclass == p->process_class) || (sock == true))
>  			/* Use the process MLS attributes. */
>  			return mls_context_cpy(newcontext,
> scontext);
>  		else
> @@ -577,10 +578,10 @@ int mls_compute_sid(struct context *scontext,
>   * NetLabel MLS sensitivity level field.
>   *
>   */
> -void mls_export_netlbl_lvl(struct context *context,
> +void mls_export_netlbl_lvl(struct policydb *p, struct context
> *context,
>  			   struct netlbl_lsm_secattr *secattr)
>  {
> -	if (!policydb.mls_enabled)
> +	if (!p->mls_enabled)
>  		return;
>  
>  	secattr->attr.mls.lvl = context->range.level[0].sens - 1;
> @@ -597,10 +598,10 @@ void mls_export_netlbl_lvl(struct context
> *context,
>   * NetLabel MLS sensitivity level into the context.
>   *
>   */
> -void mls_import_netlbl_lvl(struct context *context,
> +void mls_import_netlbl_lvl(struct policydb *p, struct context
> *context,
>  			   struct netlbl_lsm_secattr *secattr)
>  {
> -	if (!policydb.mls_enabled)
> +	if (!p->mls_enabled)
>  		return;
>  
>  	context->range.level[0].sens = secattr->attr.mls.lvl + 1;
> @@ -617,12 +618,12 @@ void mls_import_netlbl_lvl(struct context
> *context,
>   * MLS category field.  Returns zero on success, negative values on
> failure.
>   *
>   */
> -int mls_export_netlbl_cat(struct context *context,
> +int mls_export_netlbl_cat(struct policydb *p, struct context
> *context,
>  			  struct netlbl_lsm_secattr *secattr)
>  {
>  	int rc;
>  
> -	if (!policydb.mls_enabled)
> +	if (!p->mls_enabled)
>  		return 0;
>  
>  	rc = ebitmap_netlbl_export(&context->range.level[0].cat,
> @@ -645,12 +646,12 @@ int mls_export_netlbl_cat(struct context
> *context,
>   * negative values on failure.
>   *
>   */
> -int mls_import_netlbl_cat(struct context *context,
> +int mls_import_netlbl_cat(struct policydb *p, struct context
> *context,
>  			  struct netlbl_lsm_secattr *secattr)
>  {
>  	int rc;
>  
> -	if (!policydb.mls_enabled)
> +	if (!p->mls_enabled)
>  		return 0;
>  
>  	rc = ebitmap_netlbl_import(&context->range.level[0].cat,
> diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h
> index 131d762..cb039c0 100644
> --- a/security/selinux/ss/mls.h
> +++ b/security/selinux/ss/mls.h
> @@ -25,8 +25,9 @@
>  #include "context.h"
>  #include "policydb.h"
>  
> -int mls_compute_context_len(struct context *context);
> -void mls_sid_to_context(struct context *context, char **scontext);
> +int mls_compute_context_len(struct policydb *p, struct context
> *context);
> +void mls_sid_to_context(struct policydb *p, struct context *context,
> +			char **scontext);
>  int mls_context_isvalid(struct policydb *p, struct context *c);
>  int mls_range_isvalid(struct policydb *p, struct mls_range *r);
>  int mls_level_isvalid(struct policydb *p, struct mls_level *l);
> @@ -38,50 +39,55 @@ int mls_context_to_sid(struct policydb *p,
>  		       struct sidtab *s,
>  		       u32 def_sid);
>  
> -int mls_from_string(char *str, struct context *context, gfp_t
> gfp_mask);
> +int mls_from_string(struct policydb *p, char *str, struct context
> *context,
> +		    gfp_t gfp_mask);
>  
>  int mls_range_set(struct context *context, struct mls_range *range);
>  
> -int mls_convert_context(struct policydb *oldp,
> +int mls_convert_context(struct policydb *p, struct policydb *oldp,
>  			struct policydb *newp,
>  			struct context *context);
>  
> -int mls_compute_sid(struct context *scontext,
> +int mls_compute_sid(struct policydb *p, struct context *scontext,
>  		    struct context *tcontext,
>  		    u16 tclass,
>  		    u32 specified,
>  		    struct context *newcontext,
>  		    bool sock);
>  
> -int mls_setup_user_range(struct context *fromcon, struct user_datum
> *user,
> -			 struct context *usercon);
> +int mls_setup_user_range(struct policydb *p, struct context
> *fromcon,
> +			 struct user_datum *user, struct context
> *usercon);
>  
>  #ifdef CONFIG_NETLABEL
> -void mls_export_netlbl_lvl(struct context *context,
> +void mls_export_netlbl_lvl(struct policydb *p, struct context
> *context,
>  			   struct netlbl_lsm_secattr *secattr);
> -void mls_import_netlbl_lvl(struct context *context,
> +void mls_import_netlbl_lvl(struct policydb *p, struct context
> *context,
>  			   struct netlbl_lsm_secattr *secattr);
> -int mls_export_netlbl_cat(struct context *context,
> +int mls_export_netlbl_cat(struct policydb *p, struct context
> *context,
>  			  struct netlbl_lsm_secattr *secattr);
> -int mls_import_netlbl_cat(struct context *context,
> +int mls_import_netlbl_cat(struct policydb *p, struct context
> *context,
>  			  struct netlbl_lsm_secattr *secattr);
>  #else
> -static inline void mls_export_netlbl_lvl(struct context *context,
> +static inline void mls_export_netlbl_lvl(struct policydb *p,
> +					 struct context *context,
>  					 struct netlbl_lsm_secattr
> *secattr)
>  {
>  	return;
>  }
> -static inline void mls_import_netlbl_lvl(struct context *context,
> +static inline void mls_import_netlbl_lvl(struct policydb *p,
> +					 struct context *context,
>  					 struct netlbl_lsm_secattr
> *secattr)
>  {
>  	return;
>  }
> -static inline int mls_export_netlbl_cat(struct context *context,
> +static inline int mls_export_netlbl_cat(struct policydb *p,
> +					struct context *context,
>  					struct netlbl_lsm_secattr
> *secattr)
>  {
>  	return -ENOMEM;
>  }
> -static inline int mls_import_netlbl_cat(struct context *context,
> +static inline int mls_import_netlbl_cat(struct policydb *p,
> +					struct context *context,
>  					struct netlbl_lsm_secattr
> *secattr)
>  {
>  	return -ENOMEM;
> @@ -89,4 +95,3 @@ static inline int mls_import_netlbl_cat(struct
> context *context,
>  #endif
>  
>  #endif	/* _SS_MLS_H */
> -
> diff --git a/security/selinux/ss/services.c
> b/security/selinux/ss/services.c
> index 33cfe5d..47d8030 100644
> --- a/security/selinux/ss/services.c
> +++ b/security/selinux/ss/services.c
> @@ -90,7 +90,7 @@ int selinux_policycap_nnp_nosuid_transition;
>  static DEFINE_RWLOCK(policy_rwlock);
>  
>  static struct sidtab sidtab;
> -struct policydb policydb;
> +static struct policydb policydb;
>  int ss_initialized;
>  
>  /*
> @@ -117,8 +117,12 @@ struct selinux_mapping {
>  	u32 perms[sizeof(u32) * 8];
>  };
>  
> -static struct selinux_mapping *current_mapping;
> -static u16 current_mapping_size;
> +struct shared_current_mapping {
> +	struct selinux_mapping *current_mapping;
> +	u16 current_mapping_size;
> +};
> +
> +static struct shared_current_mapping *crm;
>  
>  static int selinux_set_mapping(struct policydb *pol,
>  			       struct security_class_mapping *map,
> @@ -208,8 +212,8 @@ static int selinux_set_mapping(struct policydb
> *pol,
>  
>  static u16 unmap_class(u16 tclass)
>  {
> -	if (tclass < current_mapping_size)
> -		return current_mapping[tclass].value;
> +	if (tclass < crm->current_mapping_size)
> +		return crm->current_mapping[tclass].value;
>  
>  	return tclass;
>  }
> @@ -221,8 +225,8 @@ static u16 map_class(u16 pol_value)
>  {
>  	u16 i;
>  
> -	for (i = 1; i < current_mapping_size; i++) {
> -		if (current_mapping[i].value == pol_value)
> +	for (i = 1; i < crm->current_mapping_size; i++) {
> +		if (crm->current_mapping[i].value == pol_value)
>  			return i;
>  	}
>  
> @@ -232,27 +236,32 @@ static u16 map_class(u16 pol_value)
>  static void map_decision(u16 tclass, struct av_decision *avd,
>  			 int allow_unknown)
>  {
> -	if (tclass < current_mapping_size) {
> -		unsigned i, n = current_mapping[tclass].num_perms;
> +	if (tclass < crm->current_mapping_size) {
> +		unsigned int i, n = crm-
> >current_mapping[tclass].num_perms;
>  		u32 result;
>  
>  		for (i = 0, result = 0; i < n; i++) {
> -			if (avd->allowed &
> current_mapping[tclass].perms[i])
> +			if (avd->allowed &
> +			    crm->current_mapping[tclass].perms[i])
>  				result |= 1<<i;
> -			if (allow_unknown &&
> !current_mapping[tclass].perms[i])
> +			if (allow_unknown &&
> +			    !crm->current_mapping[tclass].perms[i])
>  				result |= 1<<i;
>  		}
>  		avd->allowed = result;
>  
>  		for (i = 0, result = 0; i < n; i++)
> -			if (avd->auditallow &
> current_mapping[tclass].perms[i])
> +			if (avd->auditallow &
> +			    crm->current_mapping[tclass].perms[i])
>  				result |= 1<<i;
>  		avd->auditallow = result;
>  
>  		for (i = 0, result = 0; i < n; i++) {
> -			if (avd->auditdeny &
> current_mapping[tclass].perms[i])
> +			if (avd->auditdeny &
> +			    crm->current_mapping[tclass].perms[i])
>  				result |= 1<<i;
> -			if (!allow_unknown &&
> !current_mapping[tclass].perms[i])
> +			if (!allow_unknown &&
> +			    !crm->current_mapping[tclass].perms[i])
>  				result |= 1<<i;
>  		}
>  		/*
> @@ -1211,7 +1220,7 @@ static int context_struct_to_string(struct
> context *context, char **scontext, u3
>  	*scontext_len += strlen(sym_name(&policydb, SYM_USERS,
> context->user - 1)) + 1;
>  	*scontext_len += strlen(sym_name(&policydb, SYM_ROLES,
> context->role - 1)) + 1;
>  	*scontext_len += strlen(sym_name(&policydb, SYM_TYPES,
> context->type - 1)) + 1;
> -	*scontext_len += mls_compute_context_len(context);
> +	*scontext_len += mls_compute_context_len(&policydb,
> context);
>  
>  	if (!scontext)
>  		return 0;
> @@ -1230,7 +1239,7 @@ static int context_struct_to_string(struct
> context *context, char **scontext, u3
>  		sym_name(&policydb, SYM_ROLES, context->role - 1),
>  		sym_name(&policydb, SYM_TYPES, context->type - 1));
>  
> -	mls_sid_to_context(context, &scontextp);
> +	mls_sid_to_context(&policydb, context, &scontextp);
>  
>  	*scontextp = 0;
>  
> @@ -1721,7 +1730,7 @@ static int security_compute_sid(u32 ssid,
>  
>  	/* Set the MLS attributes.
>  	   This is done last because it may allocate memory. */
> -	rc = mls_compute_sid(scontext, tcontext, tclass, specified,
> +	rc = mls_compute_sid(&policydb, scontext, tcontext, tclass,
> specified,
>  			     &newcontext, sock);
>  	if (rc)
>  		goto out_unlock;
> @@ -1935,7 +1944,7 @@ static int convert_context(u32 key,
>  
>  	/* Convert the MLS fields if dealing with MLS policies */
>  	if (args->oldp->mls_enabled && args->newp->mls_enabled) {
> -		rc = mls_convert_context(args->oldp, args->newp, c);
> +		rc = mls_convert_context(&policydb, args->oldp,
> args->newp, c);
>  		if (rc)
>  			goto bad;
>  	} else if (args->oldp->mls_enabled && !args->newp-
> >mls_enabled) {
> @@ -2043,8 +2052,9 @@ int security_load_policy(void *data, size_t
> len)
>  {
>  	struct policydb *oldpolicydb, *newpolicydb;
>  	struct sidtab oldsidtab, newsidtab;
> -	struct selinux_mapping *oldmap, *map = NULL;
> +	struct selinux_mapping *oldmap = NULL, *map = NULL;
>  	struct convert_context_args args;
> +	struct shared_current_mapping *new_mapping;
>  	u32 seqno;
>  	u16 map_size;
>  	int rc = 0;
> @@ -2055,9 +2065,22 @@ int security_load_policy(void *data, size_t
> len)
>  		rc = -ENOMEM;
>  		goto out;
>  	}
> +	new_mapping = kzalloc(sizeof(struct shared_current_mapping),
> +			      GFP_KERNEL);
> +	if (!new_mapping) {
> +		rc = -ENOMEM;
> +		goto out;
> +	}
>  	newpolicydb = oldpolicydb + 1;
>  
>  	if (!ss_initialized) {
> +		crm = kzalloc(sizeof(struct shared_current_mapping),
> +			      GFP_KERNEL);
> +		if (!crm) {
> +			rc = -ENOMEM;
> +			goto out;
> +		}
> +
>  		avtab_cache_init();
>  		ebitmap_cache_init();
>  		hashtab_cache_init();
> @@ -2071,8 +2094,8 @@ int security_load_policy(void *data, size_t
> len)
>  
>  		policydb.len = len;
>  		rc = selinux_set_mapping(&policydb, secclass_map,
> -					 &current_mapping,
> -					 &current_mapping_size);
> +					 &crm->current_mapping,
> +					 &crm-
> >current_mapping_size);
>  		if (rc) {
>  			policydb_destroy(&policydb);
>  			avtab_cache_destroy();
> @@ -2164,9 +2187,9 @@ int security_load_policy(void *data, size_t
> len)
>  	memcpy(&policydb, newpolicydb, sizeof(policydb));
>  	sidtab_set(&sidtab, &newsidtab);
>  	security_load_policycaps();
> -	oldmap = current_mapping;
> -	current_mapping = map;
> -	current_mapping_size = map_size;
> +	oldmap = crm->current_mapping;
> +	crm->current_mapping = map;
> +	crm->current_mapping_size = map_size;
>  	seqno = ++latest_granting;
>  	write_unlock_irq(&policy_rwlock);
>  
> @@ -2516,7 +2539,8 @@ int security_get_user_sids(u32 fromsid,
>  		ebitmap_for_each_positive_bit(&role->types, tnode,
> j) {
>  			usercon.type = j + 1;
>  
> -			if (mls_setup_user_range(fromcon, user,
> &usercon))
> +			if (mls_setup_user_range(&policydb, fromcon,
> +						 user, &usercon))
>  				continue;
>  
>  			rc = sidtab_context_to_sid(&sidtab,
> &usercon, &sid);
> @@ -2580,7 +2604,7 @@ int security_get_user_sids(u32 fromsid,
>   * cannot support xattr or use a fixed labeling behavior like
>   * transition SIDs or task SIDs.
>   *
> - * The caller must acquire the policy_rwlock before calling this
> function.
> + * The caller must hold rcu before calling this function.
>   */
>  static inline int __security_genfs_sid(const char *fstype,
>  				       char *path,
> @@ -2639,7 +2663,7 @@ static inline int __security_genfs_sid(const
> char *fstype,
>   * @sclass: file security class
>   * @sid: SID for path
>   *
> - * Acquire policy_rwlock before calling __security_genfs_sid() and
> release
> + * Hold rcu before calling __security_genfs_sid() and release
>   * it afterward.
>   */
>  int security_genfs_sid(const char *fstype,
> @@ -3214,7 +3238,8 @@ int selinux_audit_rule_init(u32 field, u32 op,
> char *rulestr, void **vrule)
>  	case AUDIT_SUBJ_CLR:
>  	case AUDIT_OBJ_LEV_LOW:
>  	case AUDIT_OBJ_LEV_HIGH:
> -		rc = mls_from_string(rulestr, &tmprule->au_ctxt,
> GFP_ATOMIC);
> +		rc = mls_from_string(&policydb, rulestr, &tmprule-
> >au_ctxt,
> +				     GFP_ATOMIC);
>  		if (rc)
>  			goto out;
>  		break;
> @@ -3464,9 +3489,10 @@ int security_netlbl_secattr_to_sid(struct
> netlbl_lsm_secattr *secattr,
>  		ctx_new.user = ctx->user;
>  		ctx_new.role = ctx->role;
>  		ctx_new.type = ctx->type;
> -		mls_import_netlbl_lvl(&ctx_new, secattr);
> +		mls_import_netlbl_lvl(&policydb, &ctx_new, secattr);
>  		if (secattr->flags & NETLBL_SECATTR_MLS_CAT) {
> -			rc = mls_import_netlbl_cat(&ctx_new,
> secattr);
> +			rc = mls_import_netlbl_cat(&policydb,
> &ctx_new,
> +						   secattr);
>  			if (rc)
>  				goto out;
>  		}
> @@ -3526,8 +3552,8 @@ int security_netlbl_sid_to_secattr(u32 sid,
> struct netlbl_lsm_secattr *secattr)
>  
>  	secattr->attr.secid = sid;
>  	secattr->flags |= NETLBL_SECATTR_DOMAIN_CPY |
> NETLBL_SECATTR_SECID;
> -	mls_export_netlbl_lvl(ctx, secattr);
> -	rc = mls_export_netlbl_cat(ctx, secattr);
> +	mls_export_netlbl_lvl(&policydb, ctx, secattr);
> +	rc = mls_export_netlbl_cat(&policydb, ctx, secattr);
>  out:
>  	read_unlock(&policy_rwlock);
>  	return rc;
> diff --git a/security/selinux/ss/services.h
> b/security/selinux/ss/services.h
> index 356bdd3..50c7ceb 100644
> --- a/security/selinux/ss/services.h
> +++ b/security/selinux/ss/services.h
> @@ -10,8 +10,6 @@
>  #include "policydb.h"
>  #include "sidtab.h"
>  
> -extern struct policydb policydb;
> -
>  void services_compute_xperms_drivers(struct extended_perms *xperms,
>  				struct avtab_node *node);
>  
> @@ -19,4 +17,3 @@ void services_compute_xperms_decision(struct
> extended_perms_decision *xpermd,
>  					struct avtab_node *node);
>  
>  #endif	/* _SS_SERVICES_H_ */
> -

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ