From c80f2a7d20343fe5ef31df1392bd7032740d4311 Mon Sep 17 00:00:00 2001
From: Guido Trentalancia <guido@trentalancia.com>
Date: Wed, 3 Feb 2010 17:06:01 +0100
Subject: [PATCH] --- yaml --- r: 184907 b: refs/heads/master c:
 42596eafdd75257a640f64701b9b07090bcd84b0 h: refs/heads/master i:   184905:
 5f1ffc4870f5a20e257d418f134e1fbef2869961   184903:
 dbbddd3b42a486a6483ef1c8ac1acf3e316540bd v: v3

---
 [refs]                               |  2 +-
 trunk/security/selinux/ss/services.c | 16 ++++++++++++----
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/[refs] b/[refs]
index eede0c75fdd7..de5c578b37e2 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: b6cac5a30b325e14cda425670bb3568d3cad0aa8
+refs/heads/master: 42596eafdd75257a640f64701b9b07090bcd84b0
diff --git a/trunk/security/selinux/ss/services.c b/trunk/security/selinux/ss/services.c
index 4a2bf212057b..2abbc49914e6 100644
--- a/trunk/security/selinux/ss/services.c
+++ b/trunk/security/selinux/ss/services.c
@@ -1506,7 +1506,10 @@ static int clone_sid(u32 sid,
 {
 	struct sidtab *s = arg;
 
-	return sidtab_insert(s, sid, context);
+	if (sid > SECINITSID_NUM)
+		return sidtab_insert(s, sid, context);
+	else
+		return 0;
 }
 
 static inline int convert_context_handle_invalid_context(struct context *context)
@@ -1552,7 +1555,10 @@ static int convert_context(u32 key,
 	struct user_datum *usrdatum;
 	char *s;
 	u32 len;
-	int rc;
+	int rc = 0;
+
+	if (key <= SECINITSID_NUM)
+		goto out;
 
 	args = p;
 
@@ -1712,9 +1718,11 @@ int security_load_policy(void *data, size_t len)
 	if (policydb_read(&newpolicydb, fp))
 		return -EINVAL;
 
-	if (sidtab_init(&newsidtab)) {
+	rc = policydb_load_isids(&newpolicydb, &newsidtab);
+	if (rc) {
+		printk(KERN_ERR "SELinux:  unable to load the initial SIDs\n");
 		policydb_destroy(&newpolicydb);
-		return -ENOMEM;
+		return rc;
 	}
 
 	if (selinux_set_mapping(&newpolicydb, secclass_map,