Pull selinux updates from Paul Moore:
"Two SELinux patches: one increases the sleep time on deprecated
functionality, and one removes the indirect calls in the sidtab
context conversion code"
* tag 'selinux-pr-
20221212' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: remove the sidtab context conversion indirect calls
selinux: increase the deprecation sleep for checkreqprot and runtime disable
return 0;
}
- /*
- * Convert the values in the security context
- * structure `oldc' from the values specified
- * in the policy `p->oldp' to the values specified
- * in the policy `p->newp', storing the new context
- * in `newc'. Verify that the context is valid
- * under the new policy.
+ /**
+ * services_convert_context - Convert a security context across policies.
+ * @args: populated convert_context_args struct
+ * @oldc: original context
+ * @newc: converted context
++ * @gfp_flags: allocation flags
+ *
+ * Convert the values in the security context structure @oldc from the values
+ * specified in the policy @args->oldp to the values specified in the policy
+ * @args->newp, storing the new context in @newc, and verifying that the
+ * context is valid under the new policy.
*/
- static int convert_context(struct context *oldc, struct context *newc, void *p,
- gfp_t gfp_flags)
+ int services_convert_context(struct convert_context_args *args,
- struct context *oldc, struct context *newc)
++ struct context *oldc, struct context *newc,
++ gfp_t gfp_flags)
{
- struct convert_context_args *args;
struct ocontext *oc;
struct role_datum *role;
struct type_datum *typdatum;
u32 len;
int rc;
- args = p;
-
if (oldc->str) {
- s = kstrdup(oldc->str, GFP_KERNEL);
+ s = kstrdup(oldc->str, gfp_flags);
if (!s)
return -ENOMEM;
u32 latest_granting;
} __randomize_layout;
- void services_compute_xperms_drivers(struct extended_perms *xperms,
- struct avtab_node *node);
+ struct convert_context_args {
+ struct selinux_state *state;
+ struct policydb *oldp;
+ struct policydb *newp;
+ };
+ void services_compute_xperms_drivers(struct extended_perms *xperms,
+ struct avtab_node *node);
void services_compute_xperms_decision(struct extended_perms_decision *xpermd,
- struct avtab_node *node);
+ struct avtab_node *node);
+
+ int services_convert_context(struct convert_context_args *args,
- struct context *oldc, struct context *newc);
++ struct context *oldc, struct context *newc,
++ gfp_t gfp_flags);
#endif /* _SS_SERVICES_H_ */
goto out_unlock;
}
- rc = convert->func(context, &dst_convert->context,
- convert->args, GFP_ATOMIC);
+ rc = services_convert_context(convert->args,
- context, &dst_convert->context);
++ context, &dst_convert->context,
++ GFP_ATOMIC);
if (rc) {
context_destroy(&dst->context);
goto out_unlock;
}
i = 0;
while (i < SIDTAB_LEAF_ENTRIES && *pos < count) {
- rc = convert->func(&esrc->ptr_leaf->entries[i].context,
- &edst->ptr_leaf->entries[i].context,
- convert->args, GFP_KERNEL);
+ rc = services_convert_context(convert->args,
+ &esrc->ptr_leaf->entries[i].context,
- &edst->ptr_leaf->entries[i].context);
++ &edst->ptr_leaf->entries[i].context,
++ GFP_KERNEL);
if (rc)
return rc;
(*pos)++;
projects / platform / kernel / linux-starfive.git / commitdiff