[prev in list] [next in list] [prev in thread] [next in thread]
List: selinux
Subject: [PATCH][SELINUX] Remove hardcoded policy assumption from
From: Stephen Smalley <sds () epoch ! ncsc ! mil>
Date: 2004-04-20 15:36:10
Message-ID: 1082475370.7481.63.camel () moss-spartans ! epoch ! ncsc ! mil
[Download RAW message or body]
This patch against 2.6.6-rc1-mm1 removes a hardcoded policy assumption
from the get_user_sids logic in the SELinux module that was preventing
it from returning contexts that had the same type as the caller even if
the policy allowed such a transition. The assumption is not valid for
all policies, and can be handled via policy configuration and userspace
rather than hardcoding it in the module logic.
security/selinux/ss/services.c | 2 --
1 files changed, 2 deletions(-)
diff -X /home/sds/dontdiff -ru linux-2.6.old/security/selinux/ss/services.c \
linux-2.6/security/selinux/ss/services.c
--- linux-2.6.old/security/selinux/ss/services.c 2004-04-20 10:11:03.000000000 -0400
+++ linux-2.6/security/selinux/ss/services.c 2004-04-20 10:48:30.772189123 -0400
@@ -1341,8 +1341,6 @@
if (!ebitmap_get_bit(&role->types, j))
continue;
usercon.type = j+1;
- if (usercon.type == fromcon->type)
- continue;
mls_for_user_ranges(user,usercon) {
rc = context_struct_compute_av(fromcon, &usercon,
SECCLASS_PROCESS,
--
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic