diff options
author | James Morris <jmorris@namei.org> | 2009-06-10 21:03:14 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-06-10 21:03:14 -0400 |
commit | 73fbad283cfbbcf02939bdbda31fc4a30e729cca (patch) | |
tree | 7c89fe13e1b4a2c7f2d60f4ea6eaf69c14bccab7 /security/selinux/ss/services.c | |
parent | 769f3e8c384795cc350e2aae27de2a12374d19d4 (diff) | |
parent | 35f2c2f6f6ae13ef23c4f68e6d3073753077ca43 (diff) |
Merge branch 'next' into for-linus
Diffstat (limited to 'security/selinux/ss/services.c')
-rw-r--r-- | security/selinux/ss/services.c | 30 |
1 files changed, 5 insertions, 25 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index deeec6c013ae..500e6f78e115 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -410,6 +410,7 @@ static int context_struct_compute_av(struct context *scontext, | |||
410 | avd->auditallow = 0; | 410 | avd->auditallow = 0; |
411 | avd->auditdeny = 0xffffffff; | 411 | avd->auditdeny = 0xffffffff; |
412 | avd->seqno = latest_granting; | 412 | avd->seqno = latest_granting; |
413 | avd->flags = 0; | ||
413 | 414 | ||
414 | /* | 415 | /* |
415 | * Check for all the invalid cases. | 416 | * Check for all the invalid cases. |
@@ -528,31 +529,6 @@ inval_class: | |||
528 | return 0; | 529 | return 0; |
529 | } | 530 | } |
530 | 531 | ||
531 | /* | ||
532 | * Given a sid find if the type has the permissive flag set | ||
533 | */ | ||
534 | int security_permissive_sid(u32 sid) | ||
535 | { | ||
536 | struct context *context; | ||
537 | u32 type; | ||
538 | int rc; | ||
539 | |||
540 | read_lock(&policy_rwlock); | ||
541 | |||
542 | context = sidtab_search(&sidtab, sid); | ||
543 | BUG_ON(!context); | ||
544 | |||
545 | type = context->type; | ||
546 | /* | ||
547 | * we are intentionally using type here, not type-1, the 0th bit may | ||
548 | * someday indicate that we are globally setting permissive in policy. | ||
549 | */ | ||
550 | rc = ebitmap_get_bit(&policydb.permissive_map, type); | ||
551 | |||
552 | read_unlock(&policy_rwlock); | ||
553 | return rc; | ||
554 | } | ||
555 | |||
556 | static int security_validtrans_handle_fail(struct context *ocontext, | 532 | static int security_validtrans_handle_fail(struct context *ocontext, |
557 | struct context *ncontext, | 533 | struct context *ncontext, |
558 | struct context *tcontext, | 534 | struct context *tcontext, |
@@ -767,6 +743,10 @@ int security_compute_av(u32 ssid, | |||
767 | 743 | ||
768 | rc = context_struct_compute_av(scontext, tcontext, tclass, | 744 | rc = context_struct_compute_av(scontext, tcontext, tclass, |
769 | requested, avd); | 745 | requested, avd); |
746 | |||
747 | /* permissive domain? */ | ||
748 | if (ebitmap_get_bit(&policydb.permissive_map, scontext->type)) | ||
749 | avd->flags |= AVD_FLAGS_PERMISSIVE; | ||
770 | out: | 750 | out: |
771 | read_unlock(&policy_rwlock); | 751 | read_unlock(&policy_rwlock); |
772 | return rc; | 752 | return rc; |