Merge branch 'for-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jmorris/selinux-2.6

	return rc;

}

/*

 * Sets both levels in the MLS range of 'dst' to the low level of 'src'.

 */

static inline int mls_context_cpy_low(struct context *dst, struct context *src)

{

	int rc;

	if (!selinux_mls_enabled)

		return 0;

	dst->range.level[0].sens = src->range.level[0].sens;

	rc = ebitmap_cpy(&dst->range.level[0].cat, &src->range.level[0].cat);

	if (rc)

		goto out;

	dst->range.level[1].sens = src->range.level[0].sens;

	rc = ebitmap_cpy(&dst->range.level[1].cat, &src->range.level[0].cat);

	if (rc)

		ebitmap_destroy(&dst->range.level[0].cat);

out:

	return rc;

}

static inline int mls_context_cmp(struct context *c1, struct context *c2)

{

	if (!selinux_mls_enabled)

		if (!defcon)

			goto out;

		rc = mls_copy_context(context, defcon);

		rc = mls_context_cpy(context, defcon);

		goto out;

	}

	return rc;

}

/*

 * Copies the effective MLS range from `src' into `dst'.

 */

static inline int mls_scopy_context(struct context *dst,

                                    struct context *src)

{

	int l, rc = 0;

	/* Copy the MLS range from the source context */

	for (l = 0; l < 2; l++) {

		dst->range.level[l].sens = src->range.level[0].sens;

		rc = ebitmap_cpy(&dst->range.level[l].cat,

				 &src->range.level[0].cat);

		if (rc)

			break;

	}

	return rc;

}

/*

 * Copies the MLS range `range' into `context'.

 */

	case AVTAB_CHANGE:

		if (tclass == SECCLASS_PROCESS)

			/* Use the process MLS attributes. */

			return mls_copy_context(newcontext, scontext);

			return mls_context_cpy(newcontext, scontext);

		else

			/* Use the process effective MLS attributes. */

			return mls_scopy_context(newcontext, scontext);

			return mls_context_cpy_low(newcontext, scontext);

	case AVTAB_MEMBER:

		/* Only polyinstantiate the MLS attributes if

		   the type is being polyinstantiated */

		if (newcontext->type != tcontext->type) {

			/* Use the process effective MLS attributes. */

			return mls_scopy_context(newcontext, scontext);

			return mls_context_cpy_low(newcontext, scontext);

		} else {

			/* Use the related object MLS attributes. */

			return mls_copy_context(newcontext, tcontext);

			return mls_context_cpy(newcontext, tcontext);

		}

	default:

		return -EINVAL;

#include "context.h"

#include "policydb.h"

/*

 * Copies the MLS range from `src' into `dst'.

 */

static inline int mls_copy_context(struct context *dst,

				   struct context *src)

{

	int l, rc = 0;

	/* Copy the MLS range from the source context */

	for (l = 0; l < 2; l++) {

		dst->range.level[l].sens = src->range.level[l].sens;

		rc = ebitmap_cpy(&dst->range.level[l].cat,

				 &src->range.level[l].cat);

		if (rc)

			break;

	}

	return rc;

}

int mls_compute_context_len(struct context *context);

void mls_sid_to_context(struct context *context, char **scontext);

int mls_context_isvalid(struct policydb *p, struct context *c);

	newcon.user = context1->user;

	newcon.role = context1->role;

	newcon.type = context1->type;

	rc = mls_copy_context(&newcon, context2);

	rc = mls_context_cpy(&newcon, context2);

	if (rc)

		goto out_unlock;

	/* Check the validity of the new context. */

	if (!policydb_context_isvalid(&policydb, &newcon)) {

		rc = convert_context_handle_invalid_context(&newcon);