8b114a3bf25b7b818910cca77528de80cdb953f8 - fp2-dev/platform/external/selinux

commit	8b114a3bf25b7b818910cca77528de80cdb953f8	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Mon Oct 28 16:52:50 2013 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	Mon Oct 28 16:52:50 2013 -0400
tree	697ffbe93827a739976c28d0e47db02317f335eb
parent	0ddd534a11227d0397c5f36fdc3dfbf4e54b864e [diff]

Fix avc_has_perm() returns -1 even when SELinux is in permissive mode.

If we get an EINVAL from security_compute_av* (indicates an invalid
source or target security context, likely due to a policy reload that
removed one or the other) and we are in permissive mode, then handle it
like any other permission denial, i.e. log but do not deny it.

Reported-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

libselinux/src/avc.c[diff]

1 file changed

tree: 697ffbe93827a739976c28d0e47db02317f335eb

checkpolicy/
libselinux/
libsemanage/
libsepol/
policycoreutils/
scripts/
sepolgen/
.gitignore
Makefile
README