Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

selinux: get netif_wildcard policycap from policy instead of cache 

Retrieve the netif_wildcard policy capability in security_netif_sid()
from the locked active policy instead of the cached value in
selinux_state.

Fixes: 8af43b61c1 ("selinux: support wildcard network interface names")
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
[PM: /netlabel/netif/ due to a typo in the description]
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Christian Göttsche 2025-03-12 09:00:48 +01:00 committed by Paul Moore
parent 8af43b61c1
commit a3d3043ef2
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
security/selinux/ss/services.c
View File

@ -2587,14 +2587,13 @@ int security_netif_sid(const char *name, u32 *if_sid)
return 0;
}
wildcard_support = selinux_policycap_netif_wildcard();
retry:
rc = 0;
rcu_read_lock();
policy = rcu_dereference(selinux_state.policy);
policydb = &policy->policydb;
sidtab = policy->sidtab;
wildcard_support = ebitmap_get_bit(&policydb->policycaps, POLICYDB_CAP_NETIF_WILDCARD);
c = policydb->ocontexts[OCON_NETIF];
while (c) {