diff options
author | James Morris <james.l.morris@oracle.com> | 2012-05-22 11:21:06 +1000 |
---|---|---|
committer | James Morris <james.l.morris@oracle.com> | 2012-05-22 11:21:06 +1000 |
commit | ff2bb047c4bce9742e94911eeb44b4d6ff4734ab (patch) | |
tree | 9d9b1cfa3fc17f0cc13f34ca697306cb1f46b05f /security/selinux/ss/mls.c | |
parent | cffee16e8b997ab947de661e8820e486b0830c94 (diff) | |
parent | c737f8284cac91428f8fcc8281e69117fa16e887 (diff) | |
download | linux-ff2bb047c4bce9742e94911eeb44b4d6ff4734ab.tar.gz linux-ff2bb047c4bce9742e94911eeb44b4d6ff4734ab.tar.bz2 linux-ff2bb047c4bce9742e94911eeb44b4d6ff4734ab.zip |
Merge branch 'master' of git://git.infradead.org/users/eparis/selinux into next
Per pull request, for 3.5.
Diffstat (limited to 'security/selinux/ss/mls.c')
-rw-r--r-- | security/selinux/ss/mls.c | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index fbf9c5816c71..40de8d3f208e 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c @@ -517,6 +517,8 @@ int mls_compute_sid(struct context *scontext, { struct range_trans rtr; struct mls_range *r; + struct class_datum *cladatum; + int default_range = 0; if (!policydb.mls_enabled) return 0; @@ -530,6 +532,28 @@ int mls_compute_sid(struct context *scontext, r = hashtab_search(policydb.range_tr, &rtr); if (r) return mls_range_set(newcontext, r); + + if (tclass && tclass <= policydb.p_classes.nprim) { + cladatum = policydb.class_val_to_struct[tclass - 1]; + if (cladatum) + default_range = cladatum->default_range; + } + + switch (default_range) { + case DEFAULT_SOURCE_LOW: + return mls_context_cpy_low(newcontext, scontext); + case DEFAULT_SOURCE_HIGH: + return mls_context_cpy_high(newcontext, scontext); + case DEFAULT_SOURCE_LOW_HIGH: + return mls_context_cpy(newcontext, scontext); + case DEFAULT_TARGET_LOW: + return mls_context_cpy_low(newcontext, tcontext); + case DEFAULT_TARGET_HIGH: + return mls_context_cpy_high(newcontext, tcontext); + case DEFAULT_TARGET_LOW_HIGH: + return mls_context_cpy(newcontext, tcontext); + } + /* Fallthrough */ case AVTAB_CHANGE: if ((tclass == policydb.process_class) || (sock == true)) |