Merge git://git.infradead.org/users/eparis/selinux

[linux-2.6-block.git] / security / selinux / ss / policydb.c

diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 3fc8969b499c5e3f6f4898c8c1f7583df8b11e9c..f6195ebde3c94eef0cdf1cf92933246069b25059 100644 (file)
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -2168,7 +2168,10 @@ static int ocontext_read(struct policydb *p, struct policydb_compat_info *info,
 
                                rc = -EINVAL;
                                c->v.behavior = le32_to_cpu(buf[0]);
-                               if (c->v.behavior > SECURITY_FS_USE_NONE)
+                               /* Determined at runtime, not in policy DB. */
+                               if (c->v.behavior == SECURITY_FS_USE_MNTPOINT)
+                                       goto out;
+                               if (c->v.behavior > SECURITY_FS_USE_MAX)
                                        goto out;
 
                                rc = -ENOMEM;