selinux: load the initial SIDs upon every policy load

Always load the initial SIDs, even in the case of a policy
reload and not just at the initial policy load. This comes
particularly handy after the introduction of a recent
patch for enabling runtime switching between different
policy types, although this patch is in theory independent
from that feature.

Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Guido Trentalancia 2010-02-03 17:06:01 +01:00 коммит произвёл James Morris
Родитель b6cac5a30b
Коммит 42596eafdd
1 изменённых файлов: 12 добавлений и 4 удалений

Просмотреть файл

@ -1506,7 +1506,10 @@ static int clone_sid(u32 sid,
{
struct sidtab *s = arg;
return sidtab_insert(s, sid, context);
if (sid > SECINITSID_NUM)
return sidtab_insert(s, sid, context);
else
return 0;
}
static inline int convert_context_handle_invalid_context(struct context *context)
@ -1552,7 +1555,10 @@ static int convert_context(u32 key,
struct user_datum *usrdatum;
char *s;
u32 len;
int rc;
int rc = 0;
if (key <= SECINITSID_NUM)
goto out;
args = p;
@ -1712,9 +1718,11 @@ int security_load_policy(void *data, size_t len)
if (policydb_read(&newpolicydb, fp))
return -EINVAL;
if (sidtab_init(&newsidtab)) {
rc = policydb_load_isids(&newpolicydb, &newsidtab);
if (rc) {
printk(KERN_ERR "SELinux: unable to load the initial SIDs\n");
policydb_destroy(&newpolicydb);
return -ENOMEM;
return rc;
}
if (selinux_set_mapping(&newpolicydb, secclass_map,