diff options
Diffstat (limited to 'security/selinux/nlmsgtab.c')
| -rw-r--r-- | security/selinux/nlmsgtab.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index b3adb481bc25..f0fb6d76f7c5 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c | |||
| @@ -97,6 +97,7 @@ static struct nlmsg_perm nlmsg_audit_perms[] = | |||
| 97 | { AUDIT_ADD, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, | 97 | { AUDIT_ADD, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, |
| 98 | { AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, | 98 | { AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, |
| 99 | { AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, | 99 | { AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, |
| 100 | { AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ }, | ||
| 100 | }; | 101 | }; |
| 101 | 102 | ||
| 102 | 103 | ||
| @@ -141,8 +142,13 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm) | |||
| 141 | break; | 142 | break; |
| 142 | 143 | ||
| 143 | case SECCLASS_NETLINK_AUDIT_SOCKET: | 144 | case SECCLASS_NETLINK_AUDIT_SOCKET: |
| 144 | err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms, | 145 | if (nlmsg_type >= AUDIT_FIRST_USER_MSG && |
| 145 | sizeof(nlmsg_audit_perms)); | 146 | nlmsg_type <= AUDIT_LAST_USER_MSG) { |
| 147 | *perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY; | ||
| 148 | } else { | ||
| 149 | err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms, | ||
| 150 | sizeof(nlmsg_audit_perms)); | ||
| 151 | } | ||
| 146 | break; | 152 | break; |
| 147 | 153 | ||
| 148 | /* No messaging from userspace, or class unknown/unhandled */ | 154 | /* No messaging from userspace, or class unknown/unhandled */ |