diff options
-rw-r--r-- | security/selinux/ss/services.c | 20 |
1 files changed, 9 insertions, 11 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 3e7544d2a07b..03f7a4748ee8 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -1484,17 +1484,15 @@ static int security_compute_sid(u32 ssid, | |||
1484 | tcontext->type, tclass, qstr); | 1484 | tcontext->type, tclass, qstr); |
1485 | 1485 | ||
1486 | /* Check for class-specific changes. */ | 1486 | /* Check for class-specific changes. */ |
1487 | if (tclass == policydb.process_class) { | 1487 | if (specified & AVTAB_TRANSITION) { |
1488 | if (specified & AVTAB_TRANSITION) { | 1488 | /* Look for a role transition rule. */ |
1489 | /* Look for a role transition rule. */ | 1489 | for (roletr = policydb.role_tr; roletr; roletr = roletr->next) { |
1490 | for (roletr = policydb.role_tr; roletr; | 1490 | if ((roletr->role == scontext->role) && |
1491 | roletr = roletr->next) { | 1491 | (roletr->type == tcontext->type) && |
1492 | if (roletr->role == scontext->role && | 1492 | (roletr->tclass == tclass)) { |
1493 | roletr->type == tcontext->type) { | 1493 | /* Use the role transition rule. */ |
1494 | /* Use the role transition rule. */ | 1494 | newcontext.role = roletr->new_role; |
1495 | newcontext.role = roletr->new_role; | 1495 | break; |
1496 | break; | ||
1497 | } | ||
1498 | } | 1496 | } |
1499 | } | 1497 | } |
1500 | } | 1498 | } |