diff options
Diffstat (limited to 'security/selinux/avc.c')
| -rw-r--r-- | security/selinux/avc.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index cb3f0ce0b00a..a4fc6e6d038a 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
| @@ -893,12 +893,13 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid, | |||
| 893 | denied = requested & ~(p_ae->avd.allowed); | 893 | denied = requested & ~(p_ae->avd.allowed); |
| 894 | 894 | ||
| 895 | if (denied) { | 895 | if (denied) { |
| 896 | if (selinux_enforcing || (flags & AVC_STRICT)) | 896 | if (flags & AVC_STRICT) |
| 897 | rc = -EACCES; | 897 | rc = -EACCES; |
| 898 | else if (!selinux_enforcing || security_permissive_sid(ssid)) | ||
| 899 | avc_update_node(AVC_CALLBACK_GRANT, requested, ssid, | ||
| 900 | tsid, tclass); | ||
| 898 | else | 901 | else |
| 899 | if (node) | 902 | rc = -EACCES; |
| 900 | avc_update_node(AVC_CALLBACK_GRANT,requested, | ||
| 901 | ssid,tsid,tclass); | ||
| 902 | } | 903 | } |
| 903 | 904 | ||
| 904 | rcu_read_unlock(); | 905 | rcu_read_unlock(); |