diff options
author | James Morris <jmorris@namei.org> | 2009-06-18 18:20:55 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-06-18 18:20:55 -0400 |
commit | d905163c5b23f6d8511971e06081a1b525e8a0bd (patch) | |
tree | f76918c1be802ec068d37763466f5518efdb690e /security/selinux/ss | |
parent | 44c2d9bdd7022ca7d240d5adc009296fc1c6ce08 (diff) | |
parent | 0732f87761dbe417cb6e084b712d07e879e876ef (diff) |
Merge branch 'master' into next
Diffstat (limited to 'security/selinux/ss')
-rw-r--r-- | security/selinux/ss/services.c | 30 |
1 files changed, 5 insertions, 25 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index a90cab207d9a..ff17820d35ec 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -488,6 +488,7 @@ static int context_struct_compute_av(struct context *scontext, | |||
488 | avd->auditallow = 0; | 488 | avd->auditallow = 0; |
489 | avd->auditdeny = 0xffffffff; | 489 | avd->auditdeny = 0xffffffff; |
490 | avd->seqno = latest_granting; | 490 | avd->seqno = latest_granting; |
491 | avd->flags = 0; | ||
491 | 492 | ||
492 | /* | 493 | /* |
493 | * Check for all the invalid cases. | 494 | * Check for all the invalid cases. |
@@ -606,31 +607,6 @@ inval_class: | |||
606 | return 0; | 607 | return 0; |
607 | } | 608 | } |
608 | 609 | ||
609 | /* | ||
610 | * Given a sid find if the type has the permissive flag set | ||
611 | */ | ||
612 | int security_permissive_sid(u32 sid) | ||
613 | { | ||
614 | struct context *context; | ||
615 | u32 type; | ||
616 | int rc; | ||
617 | |||
618 | read_lock(&policy_rwlock); | ||
619 | |||
620 | context = sidtab_search(&sidtab, sid); | ||
621 | BUG_ON(!context); | ||
622 | |||
623 | type = context->type; | ||
624 | /* | ||
625 | * we are intentionally using type here, not type-1, the 0th bit may | ||
626 | * someday indicate that we are globally setting permissive in policy. | ||
627 | */ | ||
628 | rc = ebitmap_get_bit(&policydb.permissive_map, type); | ||
629 | |||
630 | read_unlock(&policy_rwlock); | ||
631 | return rc; | ||
632 | } | ||
633 | |||
634 | static int security_validtrans_handle_fail(struct context *ocontext, | 610 | static int security_validtrans_handle_fail(struct context *ocontext, |
635 | struct context *ncontext, | 611 | struct context *ncontext, |
636 | struct context *tcontext, | 612 | struct context *tcontext, |
@@ -865,6 +841,10 @@ int security_compute_av(u32 ssid, | |||
865 | 841 | ||
866 | rc = context_struct_compute_av(scontext, tcontext, tclass, | 842 | rc = context_struct_compute_av(scontext, tcontext, tclass, |
867 | requested, avd); | 843 | requested, avd); |
844 | |||
845 | /* permissive domain? */ | ||
846 | if (ebitmap_get_bit(&policydb.permissive_map, scontext->type)) | ||
847 | avd->flags |= AVD_FLAGS_PERMISSIVE; | ||
868 | out: | 848 | out: |
869 | read_unlock(&policy_rwlock); | 849 | read_unlock(&policy_rwlock); |
870 | return rc; | 850 | return rc; |