1 files changed, 24 insertions, 0 deletions
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index fbf9c5816c71..40de8d3f208e 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -517,6 +517,8 @@ int mls_compute_sid(struct context *scontext,
 {
        struct range_trans rtr;
        struct mls_range *r;
+        struct class_datum *cladatum;
+        int default_range = 0;
        if (!policydb.mls_enabled)
                return 0;
@@ -530,6 +532,28 @@ int mls_compute_sid(struct context *scontext,
                r = hashtab_search(policydb.range_tr, &rtr);
                if (r)
                        return mls_range_set(newcontext, r);
+                if (tclass && tclass <= policydb.p_classes.nprim) {
+                        cladatum = policydb.class_val_to_struct[tclass - 1];
+                        if (cladatum)
+                                default_range = cladatum->default_range;
+                }
+                switch (default_range) {
+                case DEFAULT_SOURCE_LOW:
+                        return mls_context_cpy_low(newcontext, scontext);
+                case DEFAULT_SOURCE_HIGH:
+                        return mls_context_cpy_high(newcontext, scontext);
+                case DEFAULT_SOURCE_LOW_HIGH:
+                        return mls_context_cpy(newcontext, scontext);
+                case DEFAULT_TARGET_LOW:
+                        return mls_context_cpy_low(newcontext, tcontext);
+                case DEFAULT_TARGET_HIGH:
+                        return mls_context_cpy_high(newcontext, tcontext);
+                case DEFAULT_TARGET_LOW_HIGH:
+                        return mls_context_cpy(newcontext, tcontext);
+                }
                /* Fallthrough */
        case AVTAB_CHANGE:
                if ((tclass == policydb.process_class) || (sock == true))

diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index fbf9c5816c71..40de8d3f208e 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c
@@ -517,6 +517,8 @@ int mls_compute_sid(struct context *scontext,
517	{	517	{
518	struct range_trans rtr;	518	struct range_trans rtr;
519	struct mls_range *r;	519	struct mls_range *r;
		520	struct class_datum *cladatum;
		521	int default_range = 0;
520		522
521	if (!policydb.mls_enabled)	523	if (!policydb.mls_enabled)
522	return 0;	524	return 0;
@@ -530,6 +532,28 @@ int mls_compute_sid(struct context *scontext,
530	r = hashtab_search(policydb.range_tr, &rtr);	532	r = hashtab_search(policydb.range_tr, &rtr);
531	if (r)	533	if (r)
532	return mls_range_set(newcontext, r);	534	return mls_range_set(newcontext, r);
		535
		536	if (tclass && tclass <= policydb.p_classes.nprim) {
		537	cladatum = policydb.class_val_to_struct[tclass - 1];
		538	if (cladatum)
		539	default_range = cladatum->default_range;
		540	}
		541
		542	switch (default_range) {
		543	case DEFAULT_SOURCE_LOW:
		544	return mls_context_cpy_low(newcontext, scontext);
		545	case DEFAULT_SOURCE_HIGH:
		546	return mls_context_cpy_high(newcontext, scontext);
		547	case DEFAULT_SOURCE_LOW_HIGH:
		548	return mls_context_cpy(newcontext, scontext);
		549	case DEFAULT_TARGET_LOW:
		550	return mls_context_cpy_low(newcontext, tcontext);
		551	case DEFAULT_TARGET_HIGH:
		552	return mls_context_cpy_high(newcontext, tcontext);
		553	case DEFAULT_TARGET_LOW_HIGH:
		554	return mls_context_cpy(newcontext, tcontext);
		555	}
		556
533	/* Fallthrough */	557	/* Fallthrough */
534	case AVTAB_CHANGE:	558	case AVTAB_CHANGE:
535	if ((tclass == policydb.process_class) \|\| (sock == true))	559	if ((tclass == policydb.process_class) \|\| (sock == true))