On Thu, 2008-01-24 at 15:30 -0500, Eamon Walsh wrote:
> This patch removes the requirement that the new and related object types
> differ in order to polyinstantiate by MLS level. This allows MLS
> polyinstantiation to occur in the absence of explicit type_member rules
> or when the type has not changed.
>
> Potential users of this support include pam_namespace.so (directory
> polyinstantiation) and the SELinux X support (property polyinstantiation).
>
> Signed-off-by: Eamon Walsh <ewalsh@xxxxxxxxxxxxx>
Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
> ---
>
> mls.c | 11 ++---------
> 1 file changed, 2 insertions(+), 9 deletions(-)
(nit: use diffstat -p1 in the future)
>
> diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
> index fb5d70a..3bbcb53 100644
> --- a/security/selinux/ss/mls.c
> +++ b/security/selinux/ss/mls.c
> @@ -537,15 +537,8 @@ int mls_compute_sid(struct context *scontext,
> /* Use the process effective MLS attributes. */
> return mls_context_cpy_low(newcontext, scontext);
> case AVTAB_MEMBER:
> - /* Only polyinstantiate the MLS attributes if
> - the type is being polyinstantiated */
> - if (newcontext->type != tcontext->type) {
> - /* Use the process effective MLS attributes. */
> - return mls_context_cpy_low(newcontext, scontext);
> - } else {
> - /* Use the related object MLS attributes. */
> - return mls_context_cpy(newcontext, tcontext);
> - }
> + /* Use the process effective MLS attributes. */
> + return mls_context_cpy_low(newcontext, scontext);
> default:
> return -EINVAL;
> }
>
>
>
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
