SELinux: Compute role in newcontext for all classes

Apply role_transition rules for all kinds of classes. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Eric Paris <eparis@redhat.com>

SELinux: Compute role in newcontext for all classes
Apply role_transition rules for all kinds of classes. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Eric Paris <eparis@redhat.com>
63a312ca · Harry Ciao · Eric Paris · 8023976c · 63a312ca
Commit 63a312ca authored Mar 25, 2011 by Harry Ciao Committed by Eric Paris Mar 28, 2011
Show whitespace changes
Inline Side-by-side

Showing with 9 additions and 11 deletions

security/selinux/ss/services.c security/selinux/ss/services.c +9 -11

No files found.
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1484,20 +1484,18 @@ static int security_compute_sid(u32 ssid,
 				      tcontext->type, tclass, qstr);
 	/* Check for class-specific changes. */
-	if  (tclass == policydb.process_class) {
 	if (specified & AVTAB_TRANSITION) {
 		/* Look for a role transition rule. */
-			for (roletr = policydb.role_tr; roletr;
+		for (roletr = policydb.role_tr; roletr; roletr = roletr->next) {
-			     roletr = roletr->next) {
+			if ((roletr->role == scontext->role) &&
-				if (roletr->role == scontext->role &&
+			    (roletr->type == tcontext->type) &&
-				    roletr->type == tcontext->type) {
+			    (roletr->tclass == tclass)) {
 				/* Use the role transition rule. */
 				newcontext.role = roletr->new_role;
 				break;
 			}
 		}
 	}
-	}
 	/* Set the MLS attributes.
 	   This is done last because it may allocate memory. */