[PATCH] selinux: remove hardcoded policy assumption from get_user_sids() logic

From: Stephen Smalley <sds@epoch.ncsc.mil> This patch removes a hardcoded policy assumption from the get_user_sids logic in the SELinux module that was preventing it from returning contexts that had the same type as the caller even if the policy allowed such a transition. The assumption is not valid for all policies, and can be handled via policy configuration and userspace rather than hardcoding it in the module logic.
author: Andrew Morton <akpm@osdl.org> 2004-04-20 17:44:05 -0700
committer: Linus Torvalds <torvalds@ppc970.osdl.org> 2004-04-20 17:44:05 -0700
commit: ed3280822a048d1b92b2bbf968fd9e60861400b0 (patch)
tree: 826d879f3e97c076d42877be4ac27fbf7f220182 /security
parent: c59f3ad7826ada93c3216d8bb0796997d3d16388 (diff)
download: history-ed3280822a048d1b92b2bbf968fd9e60861400b0.tar.gz
1 files changed, 0 insertions, 2 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 12e6777f5d23fc..7d0fedf0417939 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1341,8 +1341,6 @@ int security_get_user_sids(u32 fromsid,
 			if (!ebitmap_get_bit(&role->types, j))
 				continue;
 			usercon.type = j+1;
-			if (usercon.type == fromcon->type)
-				continue;
 			mls_for_user_ranges(user,usercon) {
 				rc = context_struct_compute_av(fromcon, &usercon,
 							       SECCLASS_PROCESS,
author	Andrew Morton <akpm@osdl.org>	2004-04-20 17:44:05 -0700
committer	Linus Torvalds <torvalds@ppc970.osdl.org>	2004-04-20 17:44:05 -0700
commit	ed3280822a048d1b92b2bbf968fd9e60861400b0 (patch)
tree	826d879f3e97c076d42877be4ac27fbf7f220182 /security
parent	c59f3ad7826ada93c3216d8bb0796997d3d16388 (diff)
download	history-ed3280822a048d1b92b2bbf968fd9e60861400b0.tar.gz