AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity

SELinux: Compute role in newcontext for all classes

Browse Source 
Apply role_transition rules for all kinds of classes.

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>
This commit is contained in:
Harry Ciao 2011-03-25 13:51:58 +08:00 committed by Eric Paris
parent 8023976cf4
commit 63a312ca55
1 changed files with 9 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
security/selinux/ss/services.c
View File

@ -1484,17 +1484,15 @@ static int security_compute_sid(u32 ssid,
tcontext->type, tclass, qstr); tcontext->type, tclass, qstr);
/* Check for class-specific changes. */ /* Check for class-specific changes. */
if (tclass == policydb.process_class) { if (specified & AVTAB_TRANSITION) {
if (specified & AVTAB_TRANSITION) { /* Look for a role transition rule. */
/* Look for a role transition rule. */ for (roletr = policydb.role_tr; roletr; roletr = roletr->next) {
for (roletr = policydb.role_tr; roletr; if ((roletr->role == scontext->role) &&
roletr = roletr->next) { (roletr->type == tcontext->type) &&
if (roletr->role == scontext->role && (roletr->tclass == tclass)) {
roletr->type == tcontext->type) { /* Use the role transition rule. */
/* Use the role transition rule. */ newcontext.role = roletr->new_role;
newcontext.role = roletr->new_role; break;
break;
}
} }
} }
} }