Revert to Fedora kernel-2.6.17-1.2187_FC5 patched with vs2.0.2.1; there are too many...

[linux-2.6.git] / security / selinux / ss / mls.c

diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index df2540c..7bc5b64 100644 (file)
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -543,21 +543,22 @@ int mls_compute_sid(struct context *scontext,
                    u32 specified,
                    struct context *newcontext)
 {
-       struct range_trans *rtr;
-
        if (!selinux_mls_enabled)
                return 0;
 
        switch (specified) {
        case AVTAB_TRANSITION:
-               /* Look for a range transition rule. */
-               for (rtr = policydb.range_tr; rtr; rtr = rtr->next) {
-                       if (rtr->source_type == scontext->type &&
-                           rtr->target_type == tcontext->type &&
-                           rtr->target_class == tclass) {
-                               /* Set the range from the rule */
-                               return mls_range_set(newcontext,
-                                                    &rtr->target_range);
+               if (tclass == SECCLASS_PROCESS) {
+                       struct range_trans *rangetr;
+                       /* Look for a range transition rule. */
+                       for (rangetr = policydb.range_tr; rangetr;
+                            rangetr = rangetr->next) {
+                               if (rangetr->dom == scontext->type &&
+                                   rangetr->type == tcontext->type) {
+                                       /* Set the range from the rule */
+                                       return mls_range_set(newcontext,
+                                                            &rangetr->range);
+                               }
                        }
                }
                /* Fallthrough */