From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Mon, 22 Mar 2021 18:34:31 +0000 (-0700)
Subject: Merge tag 'selinux-pr-20210322' of git://git.kernel.org/pub/scm/linux/kernel/git... 
X-Git-Tag: accepted/tizen/unified/20230118.172025~7594
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=84196390620ac0e5070ae36af84c137c6216a7dc;p=platform%2Fkernel%2Flinux-rpi.git

Merge tag 'selinux-pr-20210322' of git://git./linux/kernel/git/pcmoore/selinux

Pull selinux fixes from Paul Moore:
 "Three SELinux patches:

   - Fix a problem where a local variable is used outside its associated
     function. Thankfully this can only be triggered by reloading the
     SELinux policy, which is a restricted operation for other obvious
     reasons.

   - Fix some incorrect, and inconsistent, audit and printk messages
     when loading the SELinux policy.

  All three patches are relatively minor and have been through our
  testing with no failures"

* tag 'selinux-pr-20210322' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinuxfs: unify policy load error reporting
  selinux: fix variable scope issue in live sidtab conversion
  selinux: don't log MAC_POLICY_LOAD record on failed policy load
---

84196390620ac0e5070ae36af84c137c6216a7dc
diff --cc security/selinux/include/security.h
index 6fe2530,25db66e..7650de0
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@@ -219,18 -219,24 +219,25 @@@ static inline bool selinux_policycap_ge
  	return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS]);
  }
  
+ struct selinux_policy_convert_data;
+ 
+ struct selinux_load_state {
+ 	struct selinux_policy *policy;
+ 	struct selinux_policy_convert_data *convert_data;
+ };
+ 
  int security_mls_enabled(struct selinux_state *state);
  int security_load_policy(struct selinux_state *state,
- 			void *data, size_t len,
- 			struct selinux_policy **newpolicyp);
+ 			 void *data, size_t len,
+ 			 struct selinux_load_state *load_state);
  void selinux_policy_commit(struct selinux_state *state,
- 			struct selinux_policy *newpolicy);
+ 			   struct selinux_load_state *load_state);
  void selinux_policy_cancel(struct selinux_state *state,
- 			struct selinux_policy *policy);
+ 			   struct selinux_load_state *load_state);
  int security_read_policy(struct selinux_state *state,
  			 void **data, size_t *len);
 -
 +int security_read_state_kernel(struct selinux_state *state,
 +			       void **data, size_t *len);
  int security_policycap_supported(struct selinux_state *state,
  				 unsigned int req_cap);
  
diff --cc security/selinux/ss/services.c
index 3438d01,4a907e0..d91e41d
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@@ -65,8 -65,18 +65,19 @@@
  #include "ebitmap.h"
  #include "audit.h"
  #include "policycap_names.h"
 +#include "ima.h"
  
+ struct convert_context_args {
+ 	struct selinux_state *state;
+ 	struct policydb *oldp;
+ 	struct policydb *newp;
+ };
+ 
+ struct selinux_policy_convert_data {
+ 	struct convert_context_args args;
+ 	struct sidtab_convert_params sidtab_params;
+ };
+ 
  /* Forward declaration. */
  static int context_struct_to_string(struct policydb *policydb,
  				    struct context *context,