selinux: remove userland security class and permission definitions

Remove userland security class and permission definitions from the kernel as the kernel only needs to use and validate its own class and permission definitions and userland definitions may change. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
2007-03-26 13:36:26 -04:00
parent 4f6a993f96
commit a764ae4b07
6 changed files with 21 additions and 314 deletions
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@ -1049,6 +1049,8 @@ static int validate_classes(struct policydb *p)

 	for (i = 1; i < kdefs->cts_len; i++) {
 		def_class = kdefs->class_to_string[i];
+		if (!def_class)
+			continue;
 		if (i > p->p_classes.nprim) {
 			printk(KERN_INFO
 			       "security:  class %s not defined in policy\n",