selinux: get netif_wildcard policycap from policy instead of cache

Retrieve the netif_wildcard policy capability in security_netif_sid()
from the locked active policy instead of the cached value in
selinux_state.

Fixes: 8af43b6 ("selinux: support wildcard network interface names")
Signed-off-by: Christian Göttsche <[email protected]>
Acked-by: Stephen Smalley <[email protected]>
[PM: /netlabel/netif/ due to a typo in the description]
Signed-off-by: Paul Moore <[email protected]>

Author: cgzones

security/selinux/ss/services.c

@@ -2587,14 +2587,13 @@ int security_netif_sid(const char *name, u32 *if_sid)
 		return 0;
 	}
 
-	wildcard_support = selinux_policycap_netif_wildcard();
-
 retry:
 	rc = 0;
 	rcu_read_lock();
 	policy = rcu_dereference(selinux_state.policy);
 	policydb = &policy->policydb;
 	sidtab = policy->sidtab;
+	wildcard_support = ebitmap_get_bit(&policydb->policycaps, POLICYDB_CAP_NETIF_WILDCARD);
 
 	c = policydb->ocontexts[OCON_NETIF];
 	while (c) {