X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=security%2Fselinux%2Fss%2Fmls.c;h=8b1706b7b3ccc72dc6c373423a66f0b012fc1a39;hb=c65a3500b2947d344862da8cce626b7cc7ec5758;hp=fb5d70a6628dfe79a31a5209f20e38eccdc00bbc;hpb=d06fc1d9b5518582f4982f908e820f2303d1eece;p=linux-2.6

diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index fb5d70a662..8b1706b7b3 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -32,7 +32,7 @@
  * Return the length in bytes for the MLS fields of the
  * security context string representation of `context'.
  */
-int mls_compute_context_len(struct context * context)
+int mls_compute_context_len(struct context *context)
 {
 	int i, l, len, head, prev;
 	char *nm;
@@ -86,7 +86,7 @@ int mls_compute_context_len(struct context * context)
  * Update `*scontext' to point to the end of the MLS fields.
  */
 void mls_sid_to_context(struct context *context,
-                        char **scontext)
+			char **scontext)
 {
 	char *scontextp, *nm;
 	int i, l, head, prev;
@@ -146,7 +146,7 @@ void mls_sid_to_context(struct context *context,
 
 		if (l == 0) {
 			if (mls_level_eq(&context->range.level[0],
-			                 &context->range.level[1]))
+					 &context->range.level[1]))
 				break;
 			else
 				*scontextp++ = '-';
@@ -305,20 +305,21 @@ int mls_context_to_sid(char oldc,
 					*p++ = 0;
 
 				/* Separate into range if exists */
-				if ((rngptr = strchr(scontextp, '.')) != NULL) {
+				rngptr = strchr(scontextp, '.');
+				if (rngptr != NULL) {
 					/* Remove '.' */
 					*rngptr++ = 0;
 				}
 
 				catdatum = hashtab_search(policydb.p_cats.table,
-				                          scontextp);
+							  scontextp);
 				if (!catdatum) {
 					rc = -EINVAL;
 					goto out;
 				}
 
 				rc = ebitmap_set_bit(&context->range.level[l].cat,
-				                     catdatum->value - 1, 1);
+						     catdatum->value - 1, 1);
 				if (rc)
 					goto out;
 
@@ -395,7 +396,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask)
 		rc = -ENOMEM;
 	} else {
 		rc = mls_context_to_sid(':', &tmpstr, context,
-		                        NULL, SECSID_NULL);
+					NULL, SECSID_NULL);
 		kfree(freestr);
 	}
 
@@ -406,7 +407,7 @@ int mls_from_string(char *str, struct context *context, gfp_t gfp_mask)
  * Copies the MLS range `range' into `context'.
  */
 static inline int mls_range_set(struct context *context,
-                                struct mls_range *range)
+				struct mls_range *range)
 {
 	int l, rc = 0;
 
@@ -423,7 +424,7 @@ static inline int mls_range_set(struct context *context,
 }
 
 int mls_setup_user_range(struct context *fromcon, struct user_datum *user,
-                         struct context *usercon)
+			 struct context *usercon)
 {
 	if (selinux_mls_enabled) {
 		struct mls_level *fromcon_sen = &(fromcon->range.level[0]);
@@ -449,11 +450,11 @@ int mls_setup_user_range(struct context *fromcon, struct user_datum *user,
 		   that of the user's default clearance (but
 		   only if the "fromcon" clearance dominates
 		   the user's computed sensitivity level) */
-		if (mls_level_dom(user_clr, fromcon_clr)) {
+		if (mls_level_dom(user_clr, fromcon_clr))
 			*usercon_clr = *fromcon_clr;
-		} else if (mls_level_dom(fromcon_clr, user_clr)) {
+		else if (mls_level_dom(fromcon_clr, user_clr))
 			*usercon_clr = *user_clr;
-		} else
+		else
 			return -EINVAL;
 	}
 
@@ -525,7 +526,7 @@ int mls_compute_sid(struct context *scontext,
 			    rtr->target_class == tclass) {
 				/* Set the range from the rule */
 				return mls_range_set(newcontext,
-				                     &rtr->target_range);
+						     &rtr->target_range);
 			}
 		}
 		/* Fallthrough */
@@ -537,15 +538,8 @@ int mls_compute_sid(struct context *scontext,
 			/* Use the process effective MLS attributes. */
 			return mls_context_cpy_low(newcontext, scontext);
 	case AVTAB_MEMBER:
-		/* Only polyinstantiate the MLS attributes if
-		   the type is being polyinstantiated */
-		if (newcontext->type != tcontext->type) {
-			/* Use the process effective MLS attributes. */
-			return mls_context_cpy_low(newcontext, scontext);
-		} else {
-			/* Use the related object MLS attributes. */
-			return mls_context_cpy(newcontext, tcontext);
-		}
+		/* Use the process effective MLS attributes. */
+		return mls_context_cpy_low(newcontext, scontext);
 	default:
 		return -EINVAL;
 	}
@@ -569,7 +563,7 @@ void mls_export_netlbl_lvl(struct context *context,
 	if (!selinux_mls_enabled)
 		return;
 
-	secattr->mls_lvl = context->range.level[0].sens - 1;
+	secattr->attr.mls.lvl = context->range.level[0].sens - 1;
 	secattr->flags |= NETLBL_SECATTR_MLS_LVL;
 }
 
@@ -589,7 +583,7 @@ void mls_import_netlbl_lvl(struct context *context,
 	if (!selinux_mls_enabled)
 		return;
 
-	context->range.level[0].sens = secattr->mls_lvl + 1;
+	context->range.level[0].sens = secattr->attr.mls.lvl + 1;
 	context->range.level[1].sens = context->range.level[0].sens;
 }
 
@@ -612,8 +606,8 @@ int mls_export_netlbl_cat(struct context *context,
 		return 0;
 
 	rc = ebitmap_netlbl_export(&context->range.level[0].cat,
-				   &secattr->mls_cat);
-	if (rc == 0 && secattr->mls_cat != NULL)
+				   &secattr->attr.mls.cat);
+	if (rc == 0 && secattr->attr.mls.cat != NULL)
 		secattr->flags |= NETLBL_SECATTR_MLS_CAT;
 
 	return rc;
@@ -640,7 +634,7 @@ int mls_import_netlbl_cat(struct context *context,
 		return 0;
 
 	rc = ebitmap_netlbl_import(&context->range.level[0].cat,
-				   secattr->mls_cat);
+				   secattr->attr.mls.cat);
 	if (rc != 0)
 		goto import_netlbl_cat_failure;