From 40de9fcf18930811dd5ae355c83275af887a9f83 Mon Sep 17 00:00:00 2001
From: Eamon Walsh <ewalsh@tycho.nsa.gov>
Date: Thu, 25 Oct 2007 12:35:01 -0400
Subject: [PATCH] xselinux: Label the default device directly with the process
 context.

---
 Xext/xselinux.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/Xext/xselinux.c b/Xext/xselinux.c
index cb62cb941..b78017090 100644
--- a/Xext/xselinux.c
+++ b/Xext/xselinux.c
@@ -486,13 +486,9 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)
     if (rec->access_mode & DixCreateAccess) {
 	sidput(obj->sid);
 
-	/* Perform a transition to obtain the final SID */
-	if (avc_compute_create(subj->sid, subj->sid, SECCLASS_X_DEVICE,
-			       &obj->sid) < 0) {
-	    ErrorF("XSELinux: a compute_create call failed!\n");
-	    rec->status = BadValue;
-	    return;
-	}
+	/* Label the device directly with the process SID */
+	sidget(subj->sid);
+	obj->sid = subj->sid;
     }
 
     rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_DEVICE,