From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch removes a hardcoded policy assumption from the get_user_sids logic
in the SELinux module that was preventing it from returning contexts that had
the same type as the caller even if the policy allowed such a transition.  The
assumption is not valid for all policies, and can be handled via policy
configuration and userspace rather than hardcoding it in the module logic.


---

 25-akpm/security/selinux/ss/services.c |    2 --
 1 files changed, 2 deletions(-)

diff -puN security/selinux/ss/services.c~selinux-remove-hardcoded-policy-assumption-from-get_user_sids-logic security/selinux/ss/services.c
--- 25/security/selinux/ss/services.c~selinux-remove-hardcoded-policy-assumption-from-get_user_sids-logic	Tue Apr 20 13:07:05 2004
+++ 25-akpm/security/selinux/ss/services.c	Tue Apr 20 13:07:05 2004
@@ -1341,8 +1341,6 @@ int security_get_user_sids(u32 fromsid,
 			if (!ebitmap_get_bit(&role->types, j))
 				continue;
 			usercon.type = j+1;
-			if (usercon.type == fromcon->type)
-				continue;
 			mls_for_user_ranges(user,usercon) {
 				rc = context_struct_compute_av(fromcon, &usercon,
 							       SECCLASS_PROCESS,

_