[PATCH] selinux: change context_to_sid handling for no-policy case

From: Stephen Smalley <sds@epoch.ncsc.mil> This patch changes the behavior of security_context_to_sid in the no-policy case so that it simply accepts all contexts and maps them to the kernel SID rather than rejecting anything other than an initial SID. The change avoids error conditions when using SELinux in permissive/no-policy mode, so that any file contexts left on disk from prior use of SELinux with a policy will not cause an error when they are looked up and userspace attempts to set contexts can succeed.
author: Andrew Morton <akpm@osdl.org> 2004-04-20 17:43:42 -0700
committer: Linus Torvalds <torvalds@ppc970.osdl.org> 2004-04-20 17:43:42 -0700
commit: 77782961e520439fef9fa1506c9bdf901f6add37 (patch)
tree: 5829caff1d688ae178218a5dce42a875d1cc712d /security
parent: 014df416805b44b22d335e376ac30d6b6fc301b5 (diff)
1 files changed, 1 insertions, 3 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 7532053898a6..12e6777f5d23 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -456,9 +456,7 @@ int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid)
 				goto out;
 			}
 		}
-		printk(KERN_ERR "security_context_to_sid: called before "
-		       "initial load_policy on unknown context %s\n", scontext);
-		rc = -EINVAL;
+		*sid = SECINITSID_KERNEL;
 		goto out;
 	}
 	*sid = SECSID_NULL;
author	Andrew Morton <akpm@osdl.org>	2004-04-20 17:43:42 -0700
committer	Linus Torvalds <torvalds@ppc970.osdl.org>	2004-04-20 17:43:42 -0700
commit	77782961e520439fef9fa1506c9bdf901f6add37 (patch)
tree	5829caff1d688ae178218a5dce42a875d1cc712d /security
parent	014df416805b44b22d335e376ac30d6b6fc301b5 (diff)