• Ondrej Mosnacek's avatar
    selinux: policydb - fix byte order and alignment issues · 5df275cd
    Ondrej Mosnacek authored
    Do the LE conversions before doing the Infiniband-related range checks.
    The incorrect checks are otherwise causing a failure to load any policy
    with an ibendportcon rule on BE systems. This can be reproduced by
    running (on e.g. ppc64):
    
    cat >my_module.cil <<EOF
    (type test_ibendport_t)
    (roletype object_r test_ibendport_t)
    (ibendportcon mlx4_0 1 (system_u object_r test_ibendport_t ((s0) (s0))))
    EOF
    semodule -i my_module.cil
    
    Also, fix loading/storing the 64-bit subnet prefix for OCON_IBPKEY to
    use a correctly aligned buffer.
    
    Finally, do not use the 'nodebuf' (u32) buffer where 'buf' (__le32)
    should be used instead.
    
    Tested internally on a ppc64 machine with a RHEL 7 kernel with this
    patch applied.
    
    Cc: Daniel Jurgens <danielj@mellanox.com>
    Cc: Eli Cohen <eli@mellanox.com>
    Cc: James Morris <jmorris@namei.org>
    Cc: Doug Ledford <dledford@redhat.com>
    Cc: <stable@vger.kernel.org> # 4.13+
    Fixes: a806f7a1 ("selinux: Create policydb version for Infiniband support")
    Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
    Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
    Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
    5df275cd
policydb.c 71.7 KB