[PATCH] selinux: MLS compatibility

This patch enables files created on a MLS-enabled SELinux system to be accessible on a non-MLS SELinux system, by skipping the MLS component of the security context in the non-MLS case. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: Stephen Smalley <sds@tycho.nsa.gov> 2005-11-08 21:34:32 -0800
committer: Linus Torvalds <torvalds@g5.osdl.org> 2005-11-09 07:55:51 -0800
commit: e517a0cd859ae0c4d9451107113fc2b076456f8f (patch)
tree: cf1c23d7d6715267ff7ee2b3dd5ba1c5ea8c0345
parent: d34d7ae266b23932809c43f115fda71fc5e5fcb1 (diff)
download: linux-e517a0cd859ae0c4d9451107113fc2b076456f8f.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index aaefac2921f1d9..640d0bfdbc6819 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -262,8 +262,11 @@ int mls_context_to_sid(char oldc,
 	struct cat_datum *catdatum, *rngdatum;
 	int l, rc = -EINVAL;
 
-	if (!selinux_mls_enabled)
+	if (!selinux_mls_enabled) {
+		if (def_sid != SECSID_NULL && oldc)
+			*scontext += strlen(*scontext);
 		return 0;
+	}
 
 	/*
 	 * No MLS component to the security context, try and map to
author	Stephen Smalley <sds@tycho.nsa.gov>	2005-11-08 21:34:32 -0800
committer	Linus Torvalds <torvalds@g5.osdl.org>	2005-11-09 07:55:51 -0800
commit	e517a0cd859ae0c4d9451107113fc2b076456f8f (patch)
tree	cf1c23d7d6715267ff7ee2b3dd5ba1c5ea8c0345
parent	d34d7ae266b23932809c43f115fda71fc5e5fcb1 (diff)
download	linux-e517a0cd859ae0c4d9451107113fc2b076456f8f.tar.gz