TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

selinux: get netif_wildcard policycap from policy instead of cache

Browse Source 
Retrieve the netif_wildcard policy capability in security_netif_sid()
from the locked active policy instead of the cached value in
selinux_state.

Fixes: 8af43b61c1 ("selinux: support wildcard network interface names")
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
[PM: /netlabel/netif/ due to a typo in the description]
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Christian Göttsche
2025-03-12 09:00:48 +01:00
committed by Paul Moore
parent 8af43b61c1
commit a3d3043ef2
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
security/selinux/ss/services.c
+1 -2
View File
@@ -2587,14 +2587,13 @@ int security_netif_sid(const char *name, u32 *if_sid)
return 0; return 0;
} }
wildcard_support = selinux_policycap_netif_wildcard();
retry: retry:
rc = 0; rc = 0;
rcu_read_lock(); rcu_read_lock();
policy = rcu_dereference(selinux_state.policy); policy = rcu_dereference(selinux_state.policy);
policydb = &policy->policydb; policydb = &policy->policydb;
sidtab = policy->sidtab; sidtab = policy->sidtab;
wildcard_support = ebitmap_get_bit(&policydb->policycaps, POLICYDB_CAP_NETIF_WILDCARD);
c = policydb->ocontexts[OCON_NETIF]; c = policydb->ocontexts[OCON_NETIF];
while (c) { while (c) {