1 files changed, 7 insertions, 15 deletions

diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index 40de8d3f208e..c85bc1ec040c 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -160,8 +160,6 @@ void mls_sid_to_context(struct context *context,
 int mls_level_isvalid(struct policydb *p, struct mls_level *l)
 {
         struct level_datum *levdatum;
-        struct ebitmap_node *node;
-        int i;
 
         if (!l->sens || l->sens > p->p_levels.nprim)
                 return 0;
@@ -170,19 +168,13 @@ int mls_level_isvalid(struct policydb *p, struct mls_level *l)
         if (!levdatum)
                 return 0;
 
-        ebitmap_for_each_positive_bit(&l->cat, node, i) {
-                if (i > p->p_cats.nprim)
-                        return 0;
-                if (!ebitmap_get_bit(&levdatum->level->cat, i)) {
-                        /*
-                         * Category may not be associated with
-                         * sensitivity.
-                         */
-                        return 0;
-                }
-        }
-
-        return 1;
+        /*
+         * Return 1 iff all the bits set in l->cat are also be set in
+         * levdatum->level->cat and no bit in l->cat is larger than
+         * p->p_cats.nprim.
+         */
+        return ebitmap_contains(&levdatum->level->cat, &l->cat,
+                                p->p_cats.nprim);
 }
 
 int mls_range_isvalid(struct policydb *p, struct mls_range *r)