1 files changed, 5 insertions, 25 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index a90cab207d9a..ff17820d35ec 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -488,6 +488,7 @@ static int context_struct_compute_av(struct context *scontext,
        avd->auditallow = 0;
        avd->auditdeny = 0xffffffff;
        avd->seqno = latest_granting;
+        avd->flags = 0;
        /*
         * Check for all the invalid cases.
@@ -606,31 +607,6 @@ inval_class:
        return 0;
 }
-/*
- * Given a sid find if the type has the permissive flag set
- */
-int security_permissive_sid(u32 sid)
-{
-        struct context *context;
-        u32 type;
-        int rc;
-        read_lock(&policy_rwlock);
-        context = sidtab_search(&sidtab, sid);
-        BUG_ON(!context);
-        type = context->type;
-        /*
-         * we are intentionally using type here, not type-1, the 0th bit may
-         * someday indicate that we are globally setting permissive in policy.
-         */
-        rc = ebitmap_get_bit(&policydb.permissive_map, type);
-        read_unlock(&policy_rwlock);
-        return rc;
-}
 static int security_validtrans_handle_fail(struct context *ocontext,
                                           struct context *ncontext,
                                           struct context *tcontext,
@@ -865,6 +841,10 @@ int security_compute_av(u32 ssid,
        rc = context_struct_compute_av(scontext, tcontext, tclass,
                                       requested, avd);
+        /* permissive domain? */
+        if (ebitmap_get_bit(&policydb.permissive_map, scontext->type))
+            avd->flags |= AVD_FLAGS_PERMISSIVE;
 out:
        read_unlock(&policy_rwlock);
        return rc;

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index a90cab207d9a..ff17820d35ec 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c
@@ -488,6 +488,7 @@ static int context_struct_compute_av(struct context *scontext,
488	avd->auditallow = 0;	488	avd->auditallow = 0;
489	avd->auditdeny = 0xffffffff;	489	avd->auditdeny = 0xffffffff;
490	avd->seqno = latest_granting;	490	avd->seqno = latest_granting;
		491	avd->flags = 0;
491		492
492	/*	493	/*
493	* Check for all the invalid cases.	494	* Check for all the invalid cases.
@@ -606,31 +607,6 @@ inval_class:
606	return 0;	607	return 0;
607	}	608	}
608		609
609	/*
610	* Given a sid find if the type has the permissive flag set
611	*/
612	int security_permissive_sid(u32 sid)
613	{
614	struct context *context;
615	u32 type;
616	int rc;
617
618	read_lock(&policy_rwlock);
619
620	context = sidtab_search(&sidtab, sid);
621	BUG_ON(!context);
622
623	type = context->type;
624	/*
625	* we are intentionally using type here, not type-1, the 0th bit may
626	* someday indicate that we are globally setting permissive in policy.
627	*/
628	rc = ebitmap_get_bit(&policydb.permissive_map, type);
629
630	read_unlock(&policy_rwlock);
631	return rc;
632	}
633
634	static int security_validtrans_handle_fail(struct context *ocontext,	610	static int security_validtrans_handle_fail(struct context *ocontext,
635	struct context *ncontext,	611	struct context *ncontext,
636	struct context *tcontext,	612	struct context *tcontext,
@@ -865,6 +841,10 @@ int security_compute_av(u32 ssid,
865		841
866	rc = context_struct_compute_av(scontext, tcontext, tclass,	842	rc = context_struct_compute_av(scontext, tcontext, tclass,
867	requested, avd);	843	requested, avd);
		844
		845	/* permissive domain? */
		846	if (ebitmap_get_bit(&policydb.permissive_map, scontext->type))
		847	avd->flags \|= AVD_FLAGS_PERMISSIVE;
868	out:	848	out:
869	read_unlock(&policy_rwlock);	849	read_unlock(&policy_rwlock);
870	return rc;	850	return rc;