Sorry, I missed a permission check on invocation of trusted procedures.
When client's label getting switched to Y from X, we needed to check
process:transition permission between label X and label Y.
It is same manner when OS launches a program with a special label to
cause domain transition.
The attached patch adds checks this permission when user tries to
invoke a trusted procedure and switch security label of the client.
In addition, it also adds a case of regression test of this problem.
Thanks,
--
NEC Europe Ltd, SAP Global Competence Center
KaiGai Kohei <kohei.kaigai@eu.nec.com>