git.baikalelectronics.ru Git - kernel.git/commit

author	Ondrej Mosnacek <omosnace@redhat.com>
	Tue, 23 Oct 2018 07:02:17 +0000 (09:02 +0200)
committer	Paul Moore <paul@paul-moore.com>
	Mon, 5 Nov 2018 20:25:50 +0000 (15:25 -0500)
commit	2793985da29daed114b32c92a4c41474e7e9f5b3
tree	7670bfeb837a0449796067ab3e5ef154888fb569	tree \| snapshot
parent	a9e80a095d95d1159b26f73bd6d9c2fadc7fb411	commit \| diff

selinux: policydb - fix byte order and alignment issues

Do the LE conversions before doing the Infiniband-related range checks.
The incorrect checks are otherwise causing a failure to load any policy
with an ibendportcon rule on BE systems. This can be reproduced by
running (on e.g. ppc64):

cat >my_module.cil <<EOF
(type test_ibendport_t)
(roletype object_r test_ibendport_t)
(ibendportcon mlx4_0 1 (system_u object_r test_ibendport_t ((s0) (s0))))
EOF
semodule -i my_module.cil

Also, fix loading/storing the 64-bit subnet prefix for OCON_IBPKEY to
use a correctly aligned buffer.

Finally, do not use the 'nodebuf' (u32) buffer where 'buf' (__le32)
should be used instead.

Tested internally on a ppc64 machine with a RHEL 7 kernel with this
patch applied.

Cc: Daniel Jurgens <danielj@mellanox.com>
Cc: Eli Cohen <eli@mellanox.com>
Cc: James Morris <jmorris@namei.org>
Cc: Doug Ledford <dledford@redhat.com>
Cc: <stable@vger.kernel.org> # 4.13+
Fixes: 3170fafb6317 ("selinux: Create policydb version for Infiniband support")
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>