1 files changed, 9 insertions, 11 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 3e7544d2a07b..03f7a4748ee8 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1484,17 +1484,15 @@ static int security_compute_sid(u32 ssid,
                                      tcontext->type, tclass, qstr);
        /* Check for class-specific changes. */
-        if  (tclass == policydb.process_class) {
+        if (specified & AVTAB_TRANSITION) {
-                if (specified & AVTAB_TRANSITION) {
+                /* Look for a role transition rule. */
-                        /* Look for a role transition rule. */
+                for (roletr = policydb.role_tr; roletr; roletr = roletr->next) {
-                        for (roletr = policydb.role_tr; roletr;
+                        if ((roletr->role == scontext->role) &&
-                             roletr = roletr->next) {
+                            (roletr->type == tcontext->type) &&
-                                if (roletr->role == scontext->role &&
+                            (roletr->tclass == tclass)) {
-                                    roletr->type == tcontext->type) {
+                                /* Use the role transition rule. */
-                                        /* Use the role transition rule. */
+                                newcontext.role = roletr->new_role;
-                                        newcontext.role = roletr->new_role;
+                                break;
-                                        break;
-                                }
                        }
                }
        }

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 3e7544d2a07b..03f7a4748ee8 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c
@@ -1484,17 +1484,15 @@ static int security_compute_sid(u32 ssid,
1484	tcontext->type, tclass, qstr);	1484	tcontext->type, tclass, qstr);
1485		1485
1486	/* Check for class-specific changes. */	1486	/* Check for class-specific changes. */
1487	if (tclass == policydb.process_class) {	1487	if (specified & AVTAB_TRANSITION) {
1488	if (specified & AVTAB_TRANSITION) {	1488	/* Look for a role transition rule. */
1489	/* Look for a role transition rule. */	1489	for (roletr = policydb.role_tr; roletr; roletr = roletr->next) {
1490	for (roletr = policydb.role_tr; roletr;	1490	if ((roletr->role == scontext->role) &&
1491	roletr = roletr->next) {	1491	(roletr->type == tcontext->type) &&
1492	if (roletr->role == scontext->role &&	1492	(roletr->tclass == tclass)) {
1493	roletr->type == tcontext->type) {	1493	/* Use the role transition rule. */
1494	/* Use the role transition rule. */	1494	newcontext.role = roletr->new_role;
1495	newcontext.role = roletr->new_role;	1495	break;
1496	break;
1497	}
1498	}	1496	}
1499	}	1497	}
1500	}	1498	}