[PATCH] selinux: remove hardcoded policy assumption from get_user_sids() logic

From: Stephen Smalley <sds@epoch.ncsc.mil> This patch removes a hardcoded policy assumption from the get_user_sids logic in the SELinux module that was preventing it from returning contexts that had the same type as the caller even if the policy allowed such a transition. The assumption is not valid for all policies, and can be handled via policy configuration and userspace rather than hardcoding it in the module logic.

[PATCH] selinux: remove hardcoded policy assumption from get_user_sids() logic
From: Stephen Smalley <sds@epoch.ncsc.mil> This patch removes a hardcoded policy assumption from the get_user_sids logic in the SELinux module that was preventing it from returning contexts that had the same type as the caller even if the policy allowed such a transition. The assumption is not valid for all policies, and can be handled via policy configuration and userspace rather than hardcoding it in the module logic.
ed328082 · Andrew Morton · Linus Torvalds · c59f3ad7 · ed328082
Commit ed328082 authored Apr 20, 2004 by Andrew Morton Committed by Linus Torvalds Apr 20, 2004
Hide whitespace changes
Inline Side-by-side

Showing with 0 additions and 2 deletions

security/selinux/ss/services.c security/selinux/ss/services.c +0 -2

No files found.
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1341,8 +1341,6 @@ int security_get_user_sids(u32 fromsid,
 			if (!ebitmap_get_bit(&role->types, j))
 				continue;
 			usercon.type = j+1;
-			if (usercon.type == fromcon->type)
-				continue;
 			mls_for_user_ranges(user,usercon) {
 				rc = context_struct_compute_av(fromcon, &usercon,
 							       SECCLASS_PROCESS,