From: Eamon Walsh <ewalsh@tycho.nsa.gov>
To: SELinux List <selinux@tycho.nsa.gov>
Cc: linux-kernel@vger.kernel.org, James Morris <jmorris@namei.org>,
Stephen Smalley <sds@tycho.nsa.gov>
Subject: [PATCH] selinux: make mls_compute_sid always polyinstantiate
Date: Thu, 24 Jan 2008 15:30:52 -0500 [thread overview]
Message-ID: <4798F57C.8090300@tycho.nsa.gov> (raw)
This patch removes the requirement that the new and related object types
differ in order to polyinstantiate by MLS level. This allows MLS
polyinstantiation to occur in the absence of explicit type_member rules
or when the type has not changed.
Potential users of this support include pam_namespace.so (directory
polyinstantiation) and the SELinux X support (property polyinstantiation).
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
---
mls.c | 11 ++---------
1 file changed, 2 insertions(+), 9 deletions(-)
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index fb5d70a..3bbcb53 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -537,15 +537,8 @@ int mls_compute_sid(struct context *scontext,
/* Use the process effective MLS attributes. */
return mls_context_cpy_low(newcontext, scontext);
case AVTAB_MEMBER:
- /* Only polyinstantiate the MLS attributes if
- the type is being polyinstantiated */
- if (newcontext->type != tcontext->type) {
- /* Use the process effective MLS attributes. */
- return mls_context_cpy_low(newcontext, scontext);
- } else {
- /* Use the related object MLS attributes. */
- return mls_context_cpy(newcontext, tcontext);
- }
+ /* Use the process effective MLS attributes. */
+ return mls_context_cpy_low(newcontext, scontext);
default:
return -EINVAL;
}
--
Eamon Walsh <ewalsh@tycho.nsa.gov>
National Security Agency
next reply other threads:[~2008-01-24 20:45 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-24 20:30 Eamon Walsh [this message]
2008-01-24 20:36 ` [PATCH] selinux: make mls_compute_sid always polyinstantiate Stephen Smalley
2008-01-24 20:46 ` Joshua Brindle
2008-01-24 22:43 ` James Morris
2008-02-05 17:52 ` Xavier Toth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4798F57C.8090300@tycho.nsa.gov \
--to=ewalsh@tycho.nsa.gov \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox