1. seandroid
  2. Untitled project
  3. external/libselinux

Commits

Stephen Smalley  committed 0dbac4e

Fix a bug in the userspace AVC that broke per-domain permissive mode.

Failure to copy the entire av_decision structure, including the
flags field, would prevent preservation of the SELINUX_AVD_FLAGS_PERMISSIVE
flag and thus cause per-domain permissive to not be honored for userspace
permission checks.

Also ensure that we clear the entire structure.

Change-Id: I92fcb2522d05094a9583b0035bbe1f94cb289ecd
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

  • Participants
  • Parent commits 9ea93f2
  • Branches master

Comments (0)

Files changed (1)

File src/avc.c

View file
  • Ignore whitespace
 
 static inline void avc_clear_avc_entry(struct avc_entry *ae)
 {
-	ae->ssid = ae->tsid = ae->create_sid = NULL;
-	ae->tclass = 0;
-	ae->avd.allowed = ae->avd.decided = 0;
-	ae->avd.auditallow = ae->avd.auditdeny = 0;
-	ae->used = 0;
+	memset(ae, 0, sizeof *ae);
 }
 
 static inline struct avc_node *avc_claim_node(security_id_t ssid,
 		goto out;
 	}
 
-	node->ae.avd.allowed = ae->avd.allowed;
-	node->ae.avd.decided = ae->avd.decided;
-	node->ae.avd.auditallow = ae->avd.auditallow;
-	node->ae.avd.auditdeny = ae->avd.auditdeny;
-	node->ae.avd.seqno = ae->avd.seqno;
+	memcpy(&node->ae.avd, &ae->avd, sizeof ae->avd);
 	aeref->ae = &node->ae;
       out:
 	return rc;