diff options
author | Harry Ciao <harrytaurus200@hotmail.com> | 2011-03-25 06:51:58 +0100 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2011-03-28 20:21:01 +0200 |
commit | 63a312ca55d09a3f6526919df495fff1073c88f4 (patch) | |
tree | 43fe9a17837fff6bc71e789dbb8fa0f8d03d01aa /security/selinux | |
parent | SELinux: Add class support to the role_trans structure (diff) | |
download | linux-63a312ca55d09a3f6526919df495fff1073c88f4.tar.xz linux-63a312ca55d09a3f6526919df495fff1073c88f4.zip |
SELinux: Compute role in newcontext for all classes
Apply role_transition rules for all kinds of classes.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security/selinux')
-rw-r--r-- | security/selinux/ss/services.c | 20 |
1 files changed, 9 insertions, 11 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 3e7544d2a07b..03f7a4748ee8 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -1484,17 +1484,15 @@ static int security_compute_sid(u32 ssid, tcontext->type, tclass, qstr); /* Check for class-specific changes. */ - if (tclass == policydb.process_class) { - if (specified & AVTAB_TRANSITION) { - /* Look for a role transition rule. */ - for (roletr = policydb.role_tr; roletr; - roletr = roletr->next) { - if (roletr->role == scontext->role && - roletr->type == tcontext->type) { - /* Use the role transition rule. */ - newcontext.role = roletr->new_role; - break; - } + if (specified & AVTAB_TRANSITION) { + /* Look for a role transition rule. */ + for (roletr = policydb.role_tr; roletr; roletr = roletr->next) { + if ((roletr->role == scontext->role) && + (roletr->type == tcontext->type) && + (roletr->tclass == tclass)) { + /* Use the role transition rule. */ + newcontext.role = roletr->new_role; + break; } } } |