diff options
| author | James Morris <jmorris@redhat.com> | 2005-04-16 18:24:13 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-04-16 18:24:13 -0400 |
| commit | 0c9b79429c83a404a04908be65baa9d97836bbb6 (patch) | |
| tree | 66cdf9fc4cf40867ed8c9dc060661615941cd95f /security/selinux/hooks.c | |
| parent | 7e5c6bc0a600c49e5922591ad41ff41987f54eb4 (diff) | |
[PATCH] SELinux: add support for NETLINK_KOBJECT_UEVENT
This patch adds SELinux support for the KOBJECT_UEVENT Netlink family, so
that SELinux can apply finer grained controls to it. For example, security
policy for hald can be locked down to the KOBJECT_UEVENT Netlink family
only. Currently, this family simply defaults to the default Netlink socket
class.
Note that some new permission definitions are added to sync with changes in
the core userspace policy package, which auto-generates header files.
Signed-off-by: James Morris <jmorris@redhat.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 8a2cc75b3948..2ae7d3cb8df4 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -672,6 +672,8 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc | |||
| 672 | return SECCLASS_NETLINK_IP6FW_SOCKET; | 672 | return SECCLASS_NETLINK_IP6FW_SOCKET; |
| 673 | case NETLINK_DNRTMSG: | 673 | case NETLINK_DNRTMSG: |
| 674 | return SECCLASS_NETLINK_DNRT_SOCKET; | 674 | return SECCLASS_NETLINK_DNRT_SOCKET; |
| 675 | case NETLINK_KOBJECT_UEVENT: | ||
| 676 | return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET; | ||
| 675 | default: | 677 | default: |
| 676 | return SECCLASS_NETLINK_SOCKET; | 678 | return SECCLASS_NETLINK_SOCKET; |
| 677 | } | 679 | } |