aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEamon Walsh <ewalsh@tycho.nsa.gov>2008-01-24 15:30:52 -0500
committerJames Morris <jmorris@namei.org>2008-01-24 19:29:56 -0500
commit2e08c0c1c3977a5ddc88887dd3af1b26c433e9d0 (patch)
tree2487c7d7bf54a5a26c53416ee4f1f14886121e15
parent1996a10948e50e546dc2b64276723c0b64d3173b (diff)
selinux: make mls_compute_sid always polyinstantiate
This patch removes the requirement that the new and related object types differ in order to polyinstantiate by MLS level. This allows MLS polyinstantiation to occur in the absence of explicit type_member rules or when the type has not changed. Potential users of this support include pam_namespace.so (directory polyinstantiation) and the SELinux X support (property polyinstantiation). Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--security/selinux/ss/mls.c11
1 files changed, 2 insertions, 9 deletions
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index fb5d70a6628d..3bbcb5369af9 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -537,15 +537,8 @@ int mls_compute_sid(struct context *scontext,
537 /* Use the process effective MLS attributes. */ 537 /* Use the process effective MLS attributes. */
538 return mls_context_cpy_low(newcontext, scontext); 538 return mls_context_cpy_low(newcontext, scontext);
539 case AVTAB_MEMBER: 539 case AVTAB_MEMBER:
540 /* Only polyinstantiate the MLS attributes if 540 /* Use the process effective MLS attributes. */
541 the type is being polyinstantiated */ 541 return mls_context_cpy_low(newcontext, scontext);
542 if (newcontext->type != tcontext->type) {
543 /* Use the process effective MLS attributes. */
544 return mls_context_cpy_low(newcontext, scontext);
545 } else {
546 /* Use the related object MLS attributes. */
547 return mls_context_cpy(newcontext, tcontext);
548 }
549 default: 542 default:
550 return -EINVAL; 543 return -EINVAL;
551 } 544 }