summaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
authorHarry Ciao <harrytaurus200@hotmail.com>2011-03-25 06:51:58 +0100
committerEric Paris <eparis@redhat.com>2011-03-28 20:21:01 +0200
commit63a312ca55d09a3f6526919df495fff1073c88f4 (patch)
tree43fe9a17837fff6bc71e789dbb8fa0f8d03d01aa /security/selinux
parentSELinux: Add class support to the role_trans structure (diff)
downloadlinux-63a312ca55d09a3f6526919df495fff1073c88f4.tar.xz
linux-63a312ca55d09a3f6526919df495fff1073c88f4.zip
SELinux: Compute role in newcontext for all classes
Apply role_transition rules for all kinds of classes. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/ss/services.c20
1 files changed, 9 insertions, 11 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 3e7544d2a07b..03f7a4748ee8 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1484,17 +1484,15 @@ static int security_compute_sid(u32 ssid,
tcontext->type, tclass, qstr);
/* Check for class-specific changes. */
- if (tclass == policydb.process_class) {
- if (specified & AVTAB_TRANSITION) {
- /* Look for a role transition rule. */
- for (roletr = policydb.role_tr; roletr;
- roletr = roletr->next) {
- if (roletr->role == scontext->role &&
- roletr->type == tcontext->type) {
- /* Use the role transition rule. */
- newcontext.role = roletr->new_role;
- break;
- }
+ if (specified & AVTAB_TRANSITION) {
+ /* Look for a role transition rule. */
+ for (roletr = policydb.role_tr; roletr; roletr = roletr->next) {
+ if ((roletr->role == scontext->role) &&
+ (roletr->type == tcontext->type) &&
+ (roletr->tclass == tclass)) {
+ /* Use the role transition rule. */
+ newcontext.role = roletr->new_role;
+ break;
}
}
}