summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--security/selinux/selinuxfs.c39
1 files changed, 25 insertions, 14 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 131816878e50..19670e9bcd72 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -355,6 +355,9 @@ static int sel_make_classes(struct selinux_fs_info *fsi,
static struct dentry *sel_make_dir(struct dentry *dir, const char *name,
unsigned long *ino);
+/* declaration for sel_remove_old_policy_nodes */
+static void sel_remove_entries(struct dentry *de);
+
static ssize_t sel_read_mls(struct file *filp, char __user *buf,
size_t count, loff_t *ppos)
{
@@ -509,11 +512,33 @@ static const struct file_operations sel_policy_ops = {
.llseek = generic_file_llseek,
};
+static void sel_remove_old_policy_nodes(struct selinux_fs_info *fsi)
+{
+ u32 i;
+
+ /* bool_dir cleanup */
+ for (i = 0; i < fsi->bool_num; i++)
+ kfree(fsi->bool_pending_names[i]);
+ kfree(fsi->bool_pending_names);
+ kfree(fsi->bool_pending_values);
+ fsi->bool_num = 0;
+ fsi->bool_pending_names = NULL;
+ fsi->bool_pending_values = NULL;
+
+ sel_remove_entries(fsi->bool_dir);
+
+ /* class_dir cleanup */
+ sel_remove_entries(fsi->class_dir);
+
+}
+
static int sel_make_policy_nodes(struct selinux_fs_info *fsi,
struct selinux_policy *newpolicy)
{
int ret;
+ sel_remove_old_policy_nodes(fsi);
+
ret = sel_make_bools(fsi, newpolicy);
if (ret) {
pr_err("SELinux: failed to load policy booleans\n");
@@ -1348,17 +1373,6 @@ static int sel_make_bools(struct selinux_fs_info *fsi,
int *values = NULL;
u32 sid;
- /* remove any existing files */
- for (i = 0; i < fsi->bool_num; i++)
- kfree(fsi->bool_pending_names[i]);
- kfree(fsi->bool_pending_names);
- kfree(fsi->bool_pending_values);
- fsi->bool_num = 0;
- fsi->bool_pending_names = NULL;
- fsi->bool_pending_values = NULL;
-
- sel_remove_entries(dir);
-
ret = -ENOMEM;
page = (char *)get_zeroed_page(GFP_KERNEL);
if (!page)
@@ -1873,9 +1887,6 @@ static int sel_make_classes(struct selinux_fs_info *fsi,
int rc, nclasses, i;
char **classes;
- /* delete any existing entries */
- sel_remove_entries(fsi->class_dir);
-
rc = security_get_classes(newpolicy, &classes, &nclasses);
if (rc)
return rc;