selinux: introduce permissive types

[linux-2.6-omap-h63xx.git] / security / selinux / avc.c

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index cb3f0ce0b00a374eddebada7539eebdf8e8747c0..a4fc6e6d038a0afe5bfc5044df2f8be42cbefc15 100644 (file)
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -893,12 +893,13 @@ int avc_has_perm_noaudit(u32 ssid, u32 tsid,
        denied = requested & ~(p_ae->avd.allowed);
 
        if (denied) {
-               if (selinux_enforcing || (flags & AVC_STRICT))
+               if (flags & AVC_STRICT)
                        rc = -EACCES;
+               else if (!selinux_enforcing || security_permissive_sid(ssid))
+                       avc_update_node(AVC_CALLBACK_GRANT, requested, ssid,
+                                       tsid, tclass);
                else
-                       if (node)
-                               avc_update_node(AVC_CALLBACK_GRANT,requested,
-                                               ssid,tsid,tclass);
+                       rc = -EACCES;
        }
 
        rcu_read_unlock();