diff options
author | Eric Paris <eparis@redhat.com> | 2012-03-20 14:35:12 -0400 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2012-04-09 12:22:48 -0400 |
commit | eed7795d0a2c9b2e934afc088e903fa2c17b7958 (patch) | |
tree | 8f402c793774abfea12fd86bec741f0056302324 /security/selinux/ss/services.c | |
parent | aa893269de6277b44be88e25dcd5331c934c29c4 (diff) | |
download | op-kernel-dev-eed7795d0a2c9b2e934afc088e903fa2c17b7958.zip op-kernel-dev-eed7795d0a2c9b2e934afc088e903fa2c17b7958.tar.gz |
SELinux: add default_type statements
Because Fedora shipped userspace based on my development tree we now
have policy version 27 in the wild defining only default user, role, and
range. Thus to add default_type we need a policy.28.
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'security/selinux/ss/services.c')
-rw-r--r-- | security/selinux/ss/services.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 2ea108c..1ded0ec 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -1472,12 +1472,18 @@ static int security_compute_sid(u32 ssid, } /* Set the type to default values. */ - if ((tclass == policydb.process_class) || (sock == true)) { - /* Use the type of process. */ + if (cladatum && cladatum->default_type == DEFAULT_SOURCE) { newcontext.type = scontext->type; - } else { - /* Use the type of the related object. */ + } else if (cladatum && cladatum->default_type == DEFAULT_TARGET) { newcontext.type = tcontext->type; + } else { + if ((tclass == policydb.process_class) || (sock == true)) { + /* Use the type of process. */ + newcontext.type = scontext->type; + } else { + /* Use the type of the related object. */ + newcontext.type = tcontext->type; + } } /* Look for a type transition/member/change rule. */ |