diff options
author | Andrew Morton <akpm@osdl.org> | 2004-04-20 17:44:05 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2004-04-20 17:44:05 -0700 |
commit | ed3280822a048d1b92b2bbf968fd9e60861400b0 (patch) | |
tree | 826d879f3e97c076d42877be4ac27fbf7f220182 /security | |
parent | c59f3ad7826ada93c3216d8bb0796997d3d16388 (diff) | |
download | history-ed3280822a048d1b92b2bbf968fd9e60861400b0.tar.gz |
[PATCH] selinux: remove hardcoded policy assumption from get_user_sids() logic
From: Stephen Smalley <sds@epoch.ncsc.mil>
This patch removes a hardcoded policy assumption from the get_user_sids logic
in the SELinux module that was preventing it from returning contexts that had
the same type as the caller even if the policy allowed such a transition. The
assumption is not valid for all policies, and can be handled via policy
configuration and userspace rather than hardcoding it in the module logic.
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/ss/services.c | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 12e6777f5d23fc..7d0fedf0417939 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -1341,8 +1341,6 @@ int security_get_user_sids(u32 fromsid, if (!ebitmap_get_bit(&role->types, j)) continue; usercon.type = j+1; - if (usercon.type == fromcon->type) - continue; mls_for_user_ranges(user,usercon) { rc = context_struct_compute_av(fromcon, &usercon, SECCLASS_PROCESS, |