Merge git://git.infradead.org/users/eparis/selinux

Conflicts:
	security/selinux/hooks.c

Pull Eric's existing SELinux tree as there are a number of patches in
there that are not yet upstream.  There was some minor fixup needed to
resolve a conflict in security/selinux/hooks.c:selinux_set_mnt_opts()
between the labeled NFS patches and Eric's security_fs_use()
simplification patch.

1 files changed, 7 insertions, 15 deletions

diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index 40de8d3f208e..c85bc1ec040c 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -160,8 +160,6 @@ void mls_sid_to_context(struct context *context,
 int mls_level_isvalid(struct policydb *p, struct mls_level *l)
 {
         struct level_datum *levdatum;
-        struct ebitmap_node *node;
-        int i;
 
         if (!l->sens || l->sens > p->p_levels.nprim)
                 return 0;
@@ -170,19 +168,13 @@ int mls_level_isvalid(struct policydb *p, struct mls_level *l)
         if (!levdatum)
                 return 0;
 
-        ebitmap_for_each_positive_bit(&l->cat, node, i) {
-                if (i > p->p_cats.nprim)
-                        return 0;
-                if (!ebitmap_get_bit(&levdatum->level->cat, i)) {
-                        /*
-                         * Category may not be associated with
-                         * sensitivity.
-                         */
-                        return 0;
-                }
-        }
-
-        return 1;
+        /*
+         * Return 1 iff all the bits set in l->cat are also be set in
+         * levdatum->level->cat and no bit in l->cat is larger than
+         * p->p_cats.nprim.
+         */
+        return ebitmap_contains(&levdatum->level->cat, &l->cat,
+                                p->p_cats.nprim);
 }
 
 int mls_range_isvalid(struct policydb *p, struct mls_range *r)