Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 63a312ca authored by Harry Ciao's avatar Harry Ciao Committed by Eric Paris
Browse files

SELinux: Compute role in newcontext for all classes 



Apply role_transition rules for all kinds of classes.

Signed-off-by: default avatarHarry Ciao <qingtao.cao@windriver.com>
Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent 8023976c

security/selinux/ss/services.c

+9 −11
Original line number Diff line number Diff line
@@ -1484,20 +1484,18 @@ static int security_compute_sid(u32 ssid, 
				      tcontext->type, tclass, qstr);



	/* Check for class-specific changes. */

	if  (tclass == policydb.process_class) {

	if (specified & AVTAB_TRANSITION) {

		/* Look for a role transition rule. */

			for (roletr = policydb.role_tr; roletr;

			     roletr = roletr->next) {

				if (roletr->role == scontext->role &&

				    roletr->type == tcontext->type) {

		for (roletr = policydb.role_tr; roletr; roletr = roletr->next) {

			if ((roletr->role == scontext->role) &&

			    (roletr->type == tcontext->type) &&

			    (roletr->tclass == tclass)) {

				/* Use the role transition rule. */

				newcontext.role = roletr->new_role;

				break;

			}

		}

	}

	}



	/* Set the MLS attributes.

	   This is done last because it may allocate memory. */