From: Stephen Smalley This patch removes a hardcoded policy assumption from the get_user_sids logic in the SELinux module that was preventing it from returning contexts that had the same type as the caller even if the policy allowed such a transition. The assumption is not valid for all policies, and can be handled via policy configuration and userspace rather than hardcoding it in the module logic. --- 25-akpm/security/selinux/ss/services.c | 2 -- 1 files changed, 2 deletions(-) diff -puN security/selinux/ss/services.c~selinux-remove-hardcoded-policy-assumption-from-get_user_sids-logic security/selinux/ss/services.c --- 25/security/selinux/ss/services.c~selinux-remove-hardcoded-policy-assumption-from-get_user_sids-logic Tue Apr 20 13:07:05 2004 +++ 25-akpm/security/selinux/ss/services.c Tue Apr 20 13:07:05 2004 @@ -1341,8 +1341,6 @@ int security_get_user_sids(u32 fromsid, if (!ebitmap_get_bit(&role->types, j)) continue; usercon.type = j+1; - if (usercon.type == fromcon->type) - continue; mls_for_user_ranges(user,usercon) { rc = context_struct_compute_av(fromcon, &usercon, SECCLASS_PROCESS, _