aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/ss
diff options
context:
space:
mode:
authorJames Morris <jmorris@namei.org>2009-06-19 08:20:55 +1000
committerJames Morris <jmorris@namei.org>2009-06-19 08:20:55 +1000
commitd905163c5b23f6d8511971e06081a1b525e8a0bd (patch)
treef76918c1be802ec068d37763466f5518efdb690e /security/selinux/ss
parent44c2d9bdd7022ca7d240d5adc009296fc1c6ce08 (diff)
parent0732f87761dbe417cb6e084b712d07e879e876ef (diff)
downloadmrst-s0i3-test-d905163c5b23f6d8511971e06081a1b525e8a0bd.tar.gz
mrst-s0i3-test-d905163c5b23f6d8511971e06081a1b525e8a0bd.tar.xz
mrst-s0i3-test-d905163c5b23f6d8511971e06081a1b525e8a0bd.zip
Merge branch 'master' into next
Diffstat (limited to 'security/selinux/ss')
-rw-r--r--security/selinux/ss/services.c30
1 files changed, 5 insertions, 25 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index a90cab207d9..ff17820d35e 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -488,6 +488,7 @@ static int context_struct_compute_av(struct context *scontext,
avd->auditallow = 0;
avd->auditdeny = 0xffffffff;
avd->seqno = latest_granting;
+ avd->flags = 0;
/*
* Check for all the invalid cases.
@@ -606,31 +607,6 @@ inval_class:
return 0;
}
-/*
- * Given a sid find if the type has the permissive flag set
- */
-int security_permissive_sid(u32 sid)
-{
- struct context *context;
- u32 type;
- int rc;
-
- read_lock(&policy_rwlock);
-
- context = sidtab_search(&sidtab, sid);
- BUG_ON(!context);
-
- type = context->type;
- /*
- * we are intentionally using type here, not type-1, the 0th bit may
- * someday indicate that we are globally setting permissive in policy.
- */
- rc = ebitmap_get_bit(&policydb.permissive_map, type);
-
- read_unlock(&policy_rwlock);
- return rc;
-}
-
static int security_validtrans_handle_fail(struct context *ocontext,
struct context *ncontext,
struct context *tcontext,
@@ -865,6 +841,10 @@ int security_compute_av(u32 ssid,
rc = context_struct_compute_av(scontext, tcontext, tclass,
requested, avd);
+
+ /* permissive domain? */
+ if (ebitmap_get_bit(&policydb.permissive_map, scontext->type))
+ avd->flags |= AVD_FLAGS_PERMISSIVE;
out:
read_unlock(&policy_rwlock);
return rc;