---

yaml --- r: 169151 b: refs/heads/master c: 941fc5b h: refs/heads/master i: 169149: 8e541c2 169147: d205625 169143: af2d69b 169135: e39720b 169119: 2ceb46d 169087: 296244d v: v3
git-mirror · Oct 7, 2009 · 45e5d50 · 45e5d50
1 parent 842dff1
commit 45e5d50
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 31 deletions.
diff --git a/[refs] b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 8753f6bec352392b52ed9b5e290afb34379f4612
+refs/heads/master: 941fc5b2bf8f7dd1d0a9c502e152fa719ff6578e
diff --git a/trunk/security/selinux/hooks.c b/trunk/security/selinux/hooks.c
@@ -91,7 +91,6 @@
 
 #define NUM_SEL_MNT_OPTS 5
 
-extern unsigned int policydb_loaded_version;
 extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm);
 extern struct security_operations *security_ops;
 
@@ -4714,10 +4713,7 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
 	if (err)
 		return err;
 
-	if (policydb_loaded_version >= POLICYDB_VERSION_NLCLASS)
-		err = selinux_nlmsg_perm(sk, skb);
-
-	return err;
+	return selinux_nlmsg_perm(sk, skb);
 }
 
 static int selinux_netlink_recv(struct sk_buff *skb, int capability)

diff --git a/trunk/security/selinux/ss/services.c b/trunk/security/selinux/ss/services.c
@@ -65,7 +65,6 @@
 #include "audit.h"
 
 extern void selnl_notify_policyload(u32 seqno);
-unsigned int policydb_loaded_version;
 
 int selinux_policycap_netpeer;
 int selinux_policycap_openperm;
@@ -616,17 +615,6 @@ static int context_struct_compute_av(struct context *scontext,
 	struct ebitmap_node *snode, *tnode;
 	unsigned int i, j;
 
-	/*
-	 * Remap extended Netlink classes for old policy versions.
-	 * Do this here rather than socket_type_to_security_class()
-	 * in case a newer policy version is loaded, allowing sockets
-	 * to remain in the correct class.
-	 */
-	if (policydb_loaded_version < POLICYDB_VERSION_NLCLASS)
-		if (tclass >= unmap_class(SECCLASS_NETLINK_ROUTE_SOCKET) &&
-		    tclass <= unmap_class(SECCLASS_NETLINK_DNRT_SOCKET))
-			tclass = unmap_class(SECCLASS_NETLINK_SOCKET);
-
 	/*
 	 * Initialize the access vectors to the default values.
 	 */
@@ -761,17 +749,6 @@ int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
 
 	tclass = unmap_class(orig_tclass);
 
-	/*
-	 * Remap extended Netlink classes for old policy versions.
-	 * Do this here rather than socket_type_to_security_class()
-	 * in case a newer policy version is loaded, allowing sockets
-	 * to remain in the correct class.
-	 */
-	if (policydb_loaded_version < POLICYDB_VERSION_NLCLASS)
-		if (tclass >= unmap_class(SECCLASS_NETLINK_ROUTE_SOCKET) &&
-		    tclass <= unmap_class(SECCLASS_NETLINK_DNRT_SOCKET))
-			tclass = unmap_class(SECCLASS_NETLINK_SOCKET);
-
 	if (!tclass || tclass > policydb.p_classes.nprim) {
 		printk(KERN_ERR "SELinux: %s:  unrecognized class %d\n",
 			__func__, tclass);
@@ -1766,7 +1743,6 @@ int security_load_policy(void *data, size_t len)
 			return -EINVAL;
 		}
 		security_load_policycaps();
-		policydb_loaded_version = policydb.policyvers;
 		ss_initialized = 1;
 		seqno = ++latest_granting;
 		selinux_complete_init();
@@ -1829,7 +1805,6 @@ int security_load_policy(void *data, size_t len)
 	current_mapping = map;
 	current_mapping_size = map_size;
 	seqno = ++latest_granting;
-	policydb_loaded_version = policydb.policyvers;
 	write_unlock_irq(&policy_rwlock);
 
 	/* Free the old policydb and SID table. */