X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=security%2Fselinux%2Fss%2Fmls.c;fp=security%2Fselinux%2Fss%2Fmls.c;h=84047f69f9c1b4d0bdfbbfe511457d6a62c18dad;hb=64ba3f394c830ec48a1c31b53dcae312c56f1604;hp=df2540cc310abbfced7157d825b17ce4d7ddf933;hpb=be1e6109ac94a859551f8e1774eb9a8469fe055c;p=linux-2.6.git

diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index df2540cc3..84047f69f 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -8,7 +8,7 @@
  *
  *	Support for enhanced MLS infrastructure.
  *
- * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
+ * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc.
  */
 
 #include <linux/kernel.h>
@@ -384,34 +384,6 @@ out:
 	return rc;
 }
 
-/*
- * Set the MLS fields in the security context structure
- * `context' based on the string representation in
- * the string `str'.  This function will allocate temporary memory with the
- * given constraints of gfp_mask.
- */
-int mls_from_string(char *str, struct context *context, gfp_t gfp_mask)
-{
-	char *tmpstr, *freestr;
-	int rc;
-
-	if (!selinux_mls_enabled)
-		return -EINVAL;
-
-	/* we need freestr because mls_context_to_sid will change
-	   the value of tmpstr */
-	tmpstr = freestr = kstrdup(str, gfp_mask);
-	if (!tmpstr) {
-		rc = -ENOMEM;
-	} else {
-		rc = mls_context_to_sid(':', &tmpstr, context,
-		                        NULL, SECSID_NULL);
-		kfree(freestr);
-	}
-
-	return rc;
-}
-
 /*
  * Copies the effective MLS range from `src' into `dst'.
  */
@@ -543,21 +515,22 @@ int mls_compute_sid(struct context *scontext,
 		    u32 specified,
 		    struct context *newcontext)
 {
-	struct range_trans *rtr;
-
 	if (!selinux_mls_enabled)
 		return 0;
 
 	switch (specified) {
 	case AVTAB_TRANSITION:
-		/* Look for a range transition rule. */
-		for (rtr = policydb.range_tr; rtr; rtr = rtr->next) {
-			if (rtr->source_type == scontext->type &&
-			    rtr->target_type == tcontext->type &&
-			    rtr->target_class == tclass) {
-				/* Set the range from the rule */
-				return mls_range_set(newcontext,
-				                     &rtr->target_range);
+		if (tclass == SECCLASS_PROCESS) {
+			struct range_trans *rangetr;
+			/* Look for a range transition rule. */
+			for (rangetr = policydb.range_tr; rangetr;
+			     rangetr = rangetr->next) {
+				if (rangetr->dom == scontext->type &&
+				    rangetr->type == tcontext->type) {
+					/* Set the range from the rule */
+					return mls_range_set(newcontext,
+					                     &rangetr->range);
+				}
 			}
 		}
 		/* Fallthrough */