SELinux: add default_type statements

Because Fedora shipped userspace based on my development tree we now have policy version 27 in the wild defining only default user, role, and range. Thus to add default_type we need a policy.28. Signed-off-by: Eric Paris <eparis@redhat.com>
author: Eric Paris <eparis@redhat.com> 2012-03-20 14:35:12 -0400
committer: Eric Paris <eparis@redhat.com> 2012-04-09 12:22:48 -0400
commit: eed7795d0a2c9b2e934afc088e903fa2c17b7958 (patch)
tree: 8f402c793774abfea12fd86bec741f0056302324 /security/selinux/ss/services.c
parent: aa893269de6277b44be88e25dcd5331c934c29c4 (diff)
1 files changed, 10 insertions, 4 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 2ea108c2c04..1ded0ec7e8c 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1472,12 +1472,18 @@ static int security_compute_sid(u32 ssid,
 	}
 
 	/* Set the type to default values. */
-	if ((tclass == policydb.process_class) || (sock == true)) {
-		/* Use the type of process. */
+	if (cladatum && cladatum->default_type == DEFAULT_SOURCE) {
 		newcontext.type = scontext->type;
-	} else {
-		/* Use the type of the related object. */
+	} else if (cladatum && cladatum->default_type == DEFAULT_TARGET) {
 		newcontext.type = tcontext->type;
+	} else {
+		if ((tclass == policydb.process_class) || (sock == true)) {
+			/* Use the type of process. */
+			newcontext.type = scontext->type;
+		} else {
+			/* Use the type of the related object. */
+			newcontext.type = tcontext->type;
+		}
 	}
 
 	/* Look for a type transition/member/change rule. */
author	Eric Paris <eparis@redhat.com>	2012-03-20 14:35:12 -0400
committer	Eric Paris <eparis@redhat.com>	2012-04-09 12:22:48 -0400
commit	eed7795d0a2c9b2e934afc088e903fa2c17b7958 (patch)
tree	8f402c793774abfea12fd86bec741f0056302324 /security/selinux/ss/services.c
parent	aa893269de6277b44be88e25dcd5331c934c29c4 (diff)