]> err.no Git - linux-2.6/commit
selinux: make mls_compute_sid always polyinstantiate
authorEamon Walsh <ewalsh@tycho.nsa.gov>
Thu, 24 Jan 2008 20:30:52 +0000 (15:30 -0500)
committerJames Morris <jmorris@namei.org>
Fri, 25 Jan 2008 00:29:56 +0000 (11:29 +1100)
commit2e08c0c1c3977a5ddc88887dd3af1b26c433e9d0
tree2487c7d7bf54a5a26c53416ee4f1f14886121e15
parent1996a10948e50e546dc2b64276723c0b64d3173b
selinux: make mls_compute_sid always polyinstantiate

This patch removes the requirement that the new and related object types
differ in order to polyinstantiate by MLS level.  This allows MLS
polyinstantiation to occur in the absence of explicit type_member rules or
when the type has not changed.

Potential users of this support include pam_namespace.so (directory
polyinstantiation) and the SELinux X support (property polyinstantiation).

Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
security/selinux/ss/mls.c