SELinux: security_load_policy: Silence frame-larger-than warning

 */

int security_load_policy(void *data, size_t len)

{

	struct policydb oldpolicydb, newpolicydb;

	struct policydb *oldpolicydb, *newpolicydb;

	struct sidtab oldsidtab, newsidtab;

	struct selinux_mapping *oldmap, *map = NULL;

	struct convert_context_args args;

	int rc = 0;

	struct policy_file file = { data, len }, *fp = &file;

	oldpolicydb = kzalloc(2 * sizeof(*oldpolicydb), GFP_KERNEL);

	if (!oldpolicydb) {

		rc = -ENOMEM;

		goto out;

	}

	newpolicydb = oldpolicydb + 1;

	if (!ss_initialized) {

		avtab_cache_init();

		rc = policydb_read(&policydb, fp);

		if (rc) {

			avtab_cache_destroy();

			return rc;

			goto out;

		}

		policydb.len = len;

		if (rc) {

			policydb_destroy(&policydb);

			avtab_cache_destroy();

			return rc;

			goto out;

		}

		rc = policydb_load_isids(&policydb, &sidtab);

		if (rc) {

			policydb_destroy(&policydb);

			avtab_cache_destroy();

			return rc;

			goto out;

		}

		security_load_policycaps();

		selinux_status_update_policyload(seqno);

		selinux_netlbl_cache_invalidate();

		selinux_xfrm_notify_policyload();

		return 0;

		goto out;

	}

#if 0

	sidtab_hash_eval(&sidtab, "sids");

#endif

	rc = policydb_read(&newpolicydb, fp);

	rc = policydb_read(newpolicydb, fp);

	if (rc)

		return rc;

		goto out;

	newpolicydb.len = len;

	newpolicydb->len = len;

	/* If switching between different policy types, log MLS status */

	if (policydb.mls_enabled && !newpolicydb.mls_enabled)

	if (policydb.mls_enabled && !newpolicydb->mls_enabled)

		printk(KERN_INFO "SELinux: Disabling MLS support...\n");

	else if (!policydb.mls_enabled && newpolicydb.mls_enabled)

	else if (!policydb.mls_enabled && newpolicydb->mls_enabled)

		printk(KERN_INFO "SELinux: Enabling MLS support...\n");

	rc = policydb_load_isids(&newpolicydb, &newsidtab);

	rc = policydb_load_isids(newpolicydb, &newsidtab);

	if (rc) {

		printk(KERN_ERR "SELinux:  unable to load the initial SIDs\n");

		policydb_destroy(&newpolicydb);

		return rc;

		policydb_destroy(newpolicydb);

		goto out;

	}

	rc = selinux_set_mapping(&newpolicydb, secclass_map, &map, &map_size);

	rc = selinux_set_mapping(newpolicydb, secclass_map, &map, &map_size);

	if (rc)

		goto err;

	rc = security_preserve_bools(&newpolicydb);

	rc = security_preserve_bools(newpolicydb);

	if (rc) {

		printk(KERN_ERR "SELinux:  unable to preserve booleans\n");

		goto err;

	 * in the new SID table.

	 */

	args.oldp = &policydb;

	args.newp = &newpolicydb;

	args.newp = newpolicydb;

	rc = sidtab_map(&newsidtab, convert_context, &args);

	if (rc) {

		printk(KERN_ERR "SELinux:  unable to convert the internal"

	}

	/* Save the old policydb and SID table to free later. */

	memcpy(&oldpolicydb, &policydb, sizeof policydb);

	memcpy(oldpolicydb, &policydb, sizeof(policydb));

	sidtab_set(&oldsidtab, &sidtab);

	/* Install the new policydb and SID table. */

	write_lock_irq(&policy_rwlock);

	memcpy(&policydb, &newpolicydb, sizeof policydb);

	memcpy(&policydb, newpolicydb, sizeof(policydb));

	sidtab_set(&sidtab, &newsidtab);

	security_load_policycaps();

	oldmap = current_mapping;

	write_unlock_irq(&policy_rwlock);

	/* Free the old policydb and SID table. */

	policydb_destroy(&oldpolicydb);

	policydb_destroy(oldpolicydb);

	sidtab_destroy(&oldsidtab);

	kfree(oldmap);

	selinux_netlbl_cache_invalidate();

	selinux_xfrm_notify_policyload();

	return 0;

	rc = 0;

	goto out;

err:

	kfree(map);

	sidtab_destroy(&newsidtab);

	policydb_destroy(&newpolicydb);

	return rc;

	policydb_destroy(newpolicydb);

out:

	kfree(oldpolicydb);

	return rc;

}

size_t security_policydb_len(void)