l1 domby l2 for contains MLS constraint

As identified by Stephan Smalley, the current MLS constraint for the
contains permission of the context class should consider the current
level of a user along with the clearance level so that mls_systemlow
is no longer considered contained in mls_systemhigh.

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
This commit is contained in:
Harry Ciao 2011-02-15 10:16:32 +08:00 committed by Chris PeBenito
parent 6c00b1eea3
commit 4c365f4a6a
1 changed files with 1 additions and 1 deletions

View File

@ -720,7 +720,7 @@ mlsconstrain context translate
(( h1 dom h2 ) or ( t1 == mlstranslate )); (( h1 dom h2 ) or ( t1 == mlstranslate ));
mlsconstrain context contains mlsconstrain context contains
( h1 dom h2 ); (( h1 dom h2 ) and ( l1 domby l2));
# #
# MLS policy for database classes # MLS policy for database classes