[PATCH][SELINUX] Remove hardcoded policy assumption fromget_user_sids logic

From: Stephen Smalley
Date: Tue Apr 20 2004 - 10:38:50 EST

This patch against 2.6.6-rc1-mm1 removes a hardcoded policy assumption
from the get_user_sids logic in the SELinux module that was preventing
it from returning contexts that had the same type as the caller even if
the policy allowed such a transition. The assumption is not valid for
all policies, and can be handled via policy configuration and userspace
rather than hardcoding it in the module logic.

security/selinux/ss/services.c | 2 --
1 files changed, 2 deletions(-)

diff -X /home/sds/dontdiff -ru linux-2.6.old/security/selinux/ss/services.c linux-2.6/security/selinux/ss/services.c
--- linux-2.6.old/security/selinux/ss/services.c 2004-04-20 10:11:03.000000000 -0400
+++ linux-2.6/security/selinux/ss/services.c 2004-04-20 10:48:30.772189123 -0400
@@ -1341,8 +1341,6 @@
if (!ebitmap_get_bit(&role->types, j))
usercon.type = j+1;
- if (usercon.type == fromcon->type)
- continue;
mls_for_user_ranges(user,usercon) {
rc = context_struct_compute_av(fromcon, &usercon,

Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/