mbox series

[v3,0/2] selinux: fix changing booleans

Message ID 20210402085619.1763971-1-omosnace@redhat.com (mailing list archive)
Headers show
Series selinux: fix changing booleans | expand

Message

Ondrej Mosnacek April 2, 2021, 8:56 a.m. UTC 
This series contains a patch that fixes broken conditional AV list
duplication introduced by c7c556f1e81b ("selinux: refactor changing
booleans") and a couple "and while I'm here..." cleanup patches on top.

v3:
- move the avtab_alloc_common() call in avtab_alloc() under the
  conditional block

v2:
- drop the follow-up cleanup patches from this series
- add a patch fixing the current handling of nrules/nslots being zero
- fix this handling also in the original v1 patch
- simplify the loop that computes nslots

Ondrej Mosnacek (2):
  selinux: make nslot handling in avtab more robust
  selinux: fix cond_list corruption when changing booleans

 security/selinux/ss/avtab.c       | 101 ++++++++++--------------------
 security/selinux/ss/avtab.h       |   2 +-
 security/selinux/ss/conditional.c |  12 ++--
 3 files changed, 40 insertions(+), 75 deletions(-)