Commit e517a0cd authored Nov 08, 2005 by Stephen Smalley Committed by Linus Torvalds Nov 09, 2005

[PATCH] selinux: MLS compatibility



This patch enables files created on a MLS-enabled SELinux system to be
accessible on a non-MLS SELinux system, by skipping the MLS component of
the security context in the non-MLS case.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

parent d34d7ae2

security/selinux/ss/mls.c

+4 −1

Original line number	Diff line number	Diff line
		@@ -262,8 +262,11 @@ int mls_context_to_sid(char oldc,
		struct cat_datum catdatum, rngdatum;
		int l, rc = -EINVAL;

		if (!selinux_mls_enabled)
		if (!selinux_mls_enabled) {
		if (def_sid != SECSID_NULL && oldc)
		scontext += strlen(scontext);
		return 0;
		}

		/*
		* No MLS component to the security context, try and map to