aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2005-11-09 00:34:32 -0500
committerLinus Torvalds <torvalds@g5.osdl.org>2005-11-09 10:55:51 -0500
commite517a0cd859ae0c4d9451107113fc2b076456f8f (patch)
treecf1c23d7d6715267ff7ee2b3dd5ba1c5ea8c0345
parentd34d7ae266b23932809c43f115fda71fc5e5fcb1 (diff)
[PATCH] selinux: MLS compatibility
This patch enables files created on a MLS-enabled SELinux system to be accessible on a non-MLS SELinux system, by skipping the MLS component of the security context in the non-MLS case. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--security/selinux/ss/mls.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index aaefac2921f1..640d0bfdbc68 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -262,8 +262,11 @@ int mls_context_to_sid(char oldc,
262 struct cat_datum *catdatum, *rngdatum; 262 struct cat_datum *catdatum, *rngdatum;
263 int l, rc = -EINVAL; 263 int l, rc = -EINVAL;
264 264
265 if (!selinux_mls_enabled) 265 if (!selinux_mls_enabled) {
266 if (def_sid != SECSID_NULL && oldc)
267 *scontext += strlen(*scontext);
266 return 0; 268 return 0;
269 }
267 270
268 /* 271 /*
269 * No MLS component to the security context, try and map to 272 * No MLS component to the security context, try and map to