SELinux: add default_type statements

[~andy/linux] / security / selinux / ss / services.c

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 2ea108c2c04893d8b1f42a486b244baed3642416..1ded0ec7e8c27a9b8b902a6d367d0db2d6d94f14 100644 (file)
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1472,12 +1472,18 @@ static int security_compute_sid(u32 ssid,
        }
 
        /* Set the type to default values. */
-       if ((tclass == policydb.process_class) || (sock == true)) {
-               /* Use the type of process. */
+       if (cladatum && cladatum->default_type == DEFAULT_SOURCE) {
                newcontext.type = scontext->type;
-       } else {
-               /* Use the type of the related object. */
+       } else if (cladatum && cladatum->default_type == DEFAULT_TARGET) {
                newcontext.type = tcontext->type;
+       } else {
+               if ((tclass == policydb.process_class) || (sock == true)) {
+                       /* Use the type of process. */
+                       newcontext.type = scontext->type;
+               } else {
+                       /* Use the type of the related object. */
+                       newcontext.type = tcontext->type;
+               }
        }
 
        /* Look for a type transition/member/change rule. */