From d34f51528c6060b9283e4fb48afb57e2f0b4d97e Mon Sep 17 00:00:00 2001 From: Dhruv Gera Date: Mon, 27 Mar 2023 18:56:37 +0530 Subject: [PATCH] selinux: Update 4.9 to the correct check (#324) 4.9's last release aka 4.9.337 still needs the same fallbacks as 4.9.212 and breaks otherwise, upgrade this to fix compilation Tested and working on POCO F1, 4.9.337 --- kernel/selinux/rules.c | 4 ++-- kernel/selinux/selinux.c | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/kernel/selinux/rules.c b/kernel/selinux/rules.c index 586ebaf1..38b3eb31 100644 --- a/kernel/selinux/rules.c +++ b/kernel/selinux/rules.c @@ -22,7 +22,7 @@ static struct policydb *get_policydb(void) { struct policydb *db; // selinux_state does not exists before 4.19 -#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 212) +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 337) #ifdef SELINUX_POLICY_INSTEAD_SELINUX_SS struct selinux_policy *policy = rcu_dereference(selinux_state.policy); db = &policy->policydb; @@ -170,7 +170,7 @@ static int get_object(char *buf, char __user *user_object, size_t buf_sz, // reset avc cache table, otherwise the new rules will not take effect if already denied static void reset_avc_cache() { -#if ((KERNEL_VERSION(4, 14, 0) <= LINUX_VERSION_CODE) && (LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 163))) || (LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 212)) +#if ((KERNEL_VERSION(4, 14, 0) <= LINUX_VERSION_CODE) && (LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 163))) || (LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 337)) avc_ss_reset(0); selnl_notify_policyload(0); selinux_status_update_policyload(0); diff --git a/kernel/selinux/selinux.c b/kernel/selinux/selinux.c index 4649b692..ac14f45f 100644 --- a/kernel/selinux/selinux.c +++ b/kernel/selinux/selinux.c @@ -2,7 +2,7 @@ #include "objsec.h" #include "linux/version.h" #include "../klog.h" // IWYU pragma: keep -#if ((KERNEL_VERSION(4, 14, 0) <= LINUX_VERSION_CODE) && (LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 163))) || (LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 212)) +#if ((KERNEL_VERSION(4, 14, 0) <= LINUX_VERSION_CODE) && (LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 163))) || (LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 337)) #include "avc.h" #endif @@ -57,7 +57,7 @@ if (!is_domain_permissive) { void setenforce(bool enforce) { #ifdef CONFIG_SECURITY_SELINUX_DEVELOP -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 163)) || ((KERNEL_VERSION(4, 10, 0) > LINUX_VERSION_CODE) && (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 212))) +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 163)) || ((KERNEL_VERSION(4, 10, 0) > LINUX_VERSION_CODE) && (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 337))) selinux_state.enforcing = enforce; #else selinux_enforcing = enforce; @@ -68,7 +68,7 @@ void setenforce(bool enforce) bool getenforce() { #ifdef CONFIG_SECURITY_SELINUX_DISABLE -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 163)) || ((KERNEL_VERSION(4, 10, 0) > LINUX_VERSION_CODE) && (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 212))) +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 163)) || ((KERNEL_VERSION(4, 10, 0) > LINUX_VERSION_CODE) && (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 337))) if (selinux_state.disabled) { #else if (selinux_disabled) { @@ -78,7 +78,7 @@ bool getenforce() #endif #ifdef CONFIG_SECURITY_SELINUX_DEVELOP -#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 163)) || ((KERNEL_VERSION(4, 10, 0) > LINUX_VERSION_CODE) && (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 212))) +#if (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 163)) || ((KERNEL_VERSION(4, 10, 0) > LINUX_VERSION_CODE) && (LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 337))) return selinux_state.enforcing; #else return selinux_enforcing; @@ -88,7 +88,7 @@ bool getenforce() #endif } -#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 212) +#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 337) /* * get the subjective security ID of the current task */