summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHarry Ciao <qingtao.cao@windriver.com>2011-04-07 14:12:57 +0800
committerEric Paris <eparis@redhat.com>2011-04-07 12:00:26 -0400
commit1214eac73f798bccabc6adb55e7b2d787527c13c (patch)
tree4b379622da0d56be88d7ea87af558ef719317c7d
parenteba71de2cb7c02c5ae4f2ad3656343da71bc4661 (diff)
downloadlwn-1214eac73f798bccabc6adb55e7b2d787527c13c.tar.gz
lwn-1214eac73f798bccabc6adb55e7b2d787527c13c.zip
Initialize policydb.process_class eariler.
Initialize policydb.process_class once all symtabs read from policy image, so that it could be used to setup the role_trans.tclass field when a lower version policy.X is loaded. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r--security/selinux/ss/policydb.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index a493eae24e0a..82373eb2dc97 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -2275,6 +2275,11 @@ int policydb_read(struct policydb *p, void *fp)
p->symtab[i].nprim = nprim;
}
+ rc = -EINVAL;
+ p->process_class = string_to_security_class(p, "process");
+ if (!p->process_class)
+ goto bad;
+
rc = avtab_read(&p->te_avtab, fp, p);
if (rc)
goto bad;
@@ -2359,11 +2364,6 @@ int policydb_read(struct policydb *p, void *fp)
goto bad;
rc = -EINVAL;
- p->process_class = string_to_security_class(p, "process");
- if (!p->process_class)
- goto bad;
-
- rc = -EINVAL;
p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition");
p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition");
if (!p->process_trans_perms)