From e517a0cd859ae0c4d9451107113fc2b076456f8f Mon Sep 17 00:00:00 2001 From: Stephen Smalley Date: Tue, 8 Nov 2005 21:34:32 -0800 Subject: [PATCH] selinux: MLS compatibility This patch enables files created on a MLS-enabled SELinux system to be accessible on a non-MLS SELinux system, by skipping the MLS component of the security context in the non-MLS case. Signed-off-by: Stephen Smalley Signed-off-by: James Morris Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- security/selinux/ss/mls.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index aaefac2921f1..640d0bfdbc68 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c @@ -262,8 +262,11 @@ int mls_context_to_sid(char oldc, struct cat_datum *catdatum, *rngdatum; int l, rc = -EINVAL; - if (!selinux_mls_enabled) + if (!selinux_mls_enabled) { + if (def_sid != SECSID_NULL && oldc) + *scontext += strlen(*scontext); return 0; + } /* * No MLS component to the security context, try and map to -- cgit v1.2.3