Initialize policydb.process_class eariler.
Initialize policydb.process_class once all symtabs read from policy image, so that it could be used to setup the role_trans.tclass field when a lower version policy.X is loaded. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
parent
eba71de2cb
commit
1214eac73f
|
@ -2275,6 +2275,11 @@ int policydb_read(struct policydb *p, void *fp)
|
|||
p->symtab[i].nprim = nprim;
|
||||
}
|
||||
|
||||
rc = -EINVAL;
|
||||
p->process_class = string_to_security_class(p, "process");
|
||||
if (!p->process_class)
|
||||
goto bad;
|
||||
|
||||
rc = avtab_read(&p->te_avtab, fp, p);
|
||||
if (rc)
|
||||
goto bad;
|
||||
|
@ -2358,11 +2363,6 @@ int policydb_read(struct policydb *p, void *fp)
|
|||
if (rc)
|
||||
goto bad;
|
||||
|
||||
rc = -EINVAL;
|
||||
p->process_class = string_to_security_class(p, "process");
|
||||
if (!p->process_class)
|
||||
goto bad;
|
||||
|
||||
rc = -EINVAL;
|
||||
p->process_trans_perms = string_to_av_perm(p, p->process_class, "transition");
|
||||
p->process_trans_perms |= string_to_av_perm(p, p->process_class, "dyntransition");
|
||||
|
|
Loading…
Reference in New Issue