diff options
| author | Ondrej Mosnacek <[email protected]> | 2018-10-23 09:02:17 +0200 |
|---|---|---|
| committer | Paul Moore <[email protected]> | 2018-11-05 15:25:50 -0500 |
| commit | 5df275cd4cf51c86d49009f1397132f284ba515e (patch) | |
| tree | 7670bfeb837a0449796067ab3e5ef154888fb569 /security/selinux/hooks.c | |
| parent | 651022382c7f8da46cb4872a545ee1da6d097d2a (diff) | |
selinux: policydb - fix byte order and alignment issues
Do the LE conversions before doing the Infiniband-related range checks.
The incorrect checks are otherwise causing a failure to load any policy
with an ibendportcon rule on BE systems. This can be reproduced by
running (on e.g. ppc64):
cat >my_module.cil <<EOF
(type test_ibendport_t)
(roletype object_r test_ibendport_t)
(ibendportcon mlx4_0 1 (system_u object_r test_ibendport_t ((s0) (s0))))
EOF
semodule -i my_module.cil
Also, fix loading/storing the 64-bit subnet prefix for OCON_IBPKEY to
use a correctly aligned buffer.
Finally, do not use the 'nodebuf' (u32) buffer where 'buf' (__le32)
should be used instead.
Tested internally on a ppc64 machine with a RHEL 7 kernel with this
patch applied.
Cc: Daniel Jurgens <[email protected]>
Cc: Eli Cohen <[email protected]>
Cc: James Morris <[email protected]>
Cc: Doug Ledford <[email protected]>
Cc: <[email protected]> # 4.13+
Fixes: a806f7a1616f ("selinux: Create policydb version for Infiniband support")
Signed-off-by: Ondrej Mosnacek <[email protected]>
Acked-by: Stephen Smalley <[email protected]>
Signed-off-by: Paul Moore <[email protected]>
Diffstat (limited to 'security/selinux/hooks.c')
0 files changed, 0 insertions, 0 deletions