frederik
/
xserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xselinux: Label the default device directly with the process context.

This commit is contained in:
Eamon Walsh 2007-10-25 12:35:01 -04:00 committed by Eamon Walsh
parent b633d54b94
commit 40de9fcf18
1 changed files with 3 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Xext/xselinux.c
View File

@ -486,13 +486,9 @@ SELinuxDevice(CallbackListPtr *pcbl, pointer unused, pointer calldata)
if (rec->access_mode & DixCreateAccess) { if (rec->access_mode & DixCreateAccess) {
sidput(obj->sid); sidput(obj->sid);
/* Perform a transition to obtain the final SID */ /* Label the device directly with the process SID */
if (avc_compute_create(subj->sid, subj->sid, SECCLASS_X_DEVICE, sidget(subj->sid);
&obj->sid) < 0) { obj->sid = subj->sid;
ErrorF("XSELinux: a compute_create call failed!\n");
rec->status = BadValue;
return;
}
} }
rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_DEVICE, rc = SELinuxDoCheck(rec->client->index, subj, obj, SECCLASS_X_DEVICE,