4 files changed, 19 insertions, 22 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 2ae7d3cb8df4..aae1e794fe48 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2855,8 +2855,7 @@ static int selinux_parse_skb_ipv6(struct sk_buff *skb, struct avc_audit_data *ad
        nexthdr = ip6->nexthdr;
        offset += sizeof(_ipv6h);
-        offset = ipv6_skip_exthdr(skb, offset, &nexthdr,
+        offset = ipv6_skip_exthdr(skb, offset, &nexthdr);
-                                  skb->tail - skb->head - offset);
        if (offset < 0)
                goto out;
@@ -3668,7 +3667,7 @@ static void msg_msg_free_security(struct msg_msg *msg)
 }
 static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
-                        u16 sclass, u32 perms)
+                        u32 perms)
 {
        struct task_security_struct *tsec;
        struct ipc_security_struct *isec;
@@ -3680,7 +3679,7 @@ static int ipc_has_perm(struct kern_ipc_perm *ipc_perms,
        AVC_AUDIT_DATA_INIT(&ad, IPC);
        ad.u.ipc_id = ipc_perms->key;
-        return avc_has_perm(tsec->sid, isec->sid, sclass, perms, &ad);
+        return avc_has_perm(tsec->sid, isec->sid, isec->sclass, perms, &ad);
 }
 static int selinux_msg_msg_alloc_security(struct msg_msg *msg)
@@ -3765,7 +3764,7 @@ static int selinux_msg_queue_msgctl(struct msg_queue *msq, int cmd)
                return 0;
        }
-        err = ipc_has_perm(&msq->q_perm, SECCLASS_MSGQ, perms);
+        err = ipc_has_perm(&msq->q_perm, perms);
        return err;
 }
@@ -3917,7 +3916,7 @@ static int selinux_shm_shmctl(struct shmid_kernel *shp, int cmd)
                return 0;
        }
-        err = ipc_has_perm(&shp->shm_perm, SECCLASS_SHM, perms);
+        err = ipc_has_perm(&shp->shm_perm, perms);
        return err;
 }
@@ -3936,7 +3935,7 @@ static int selinux_shm_shmat(struct shmid_kernel *shp,
        else
                perms = SHM__READ | SHM__WRITE;
-        return ipc_has_perm(&shp->shm_perm, SECCLASS_SHM, perms);
+        return ipc_has_perm(&shp->shm_perm, perms);
 }
 /* Semaphore security operations */
@@ -4025,7 +4024,7 @@ static int selinux_sem_semctl(struct sem_array *sma, int cmd)
                return 0;
        }
-        err = ipc_has_perm(&sma->sem_perm, SECCLASS_SEM, perms);
+        err = ipc_has_perm(&sma->sem_perm, perms);
        return err;
 }
@@ -4039,18 +4038,13 @@ static int selinux_sem_semop(struct sem_array *sma,
        else
                perms = SEM__READ;
-        return ipc_has_perm(&sma->sem_perm, SECCLASS_SEM, perms);
+        return ipc_has_perm(&sma->sem_perm, perms);
 }
 static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
 {
-        struct ipc_security_struct *isec = ipcp->security;
-        u16 sclass = SECCLASS_IPC;
        u32 av = 0;
-        if (isec && isec->magic == SELINUX_MAGIC)
-                sclass = isec->sclass;
        av = 0;
        if (flag & S_IRUGO)
                av |= IPC__UNIX_READ;
@@ -4060,7 +4054,7 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
        if (av == 0)
                return 0;
-        return ipc_has_perm(ipcp, sclass, av);
+        return ipc_has_perm(ipcp, av);
 }
 /* module stacking operations */
diff --git a/security/selinux/include/av_perm_to_string.h b/security/selinux/include/av_perm_to_string.h
index eb340b45bc6f..8928bb4d3c53 100644
--- a/security/selinux/include/av_perm_to_string.h
+++ b/security/selinux/include/av_perm_to_string.h
@@ -220,6 +220,8 @@
   S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_WRITE, "nlmsg_write")
   S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READ, "nlmsg_read")
   S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write")
+   S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_RELAY, "nlmsg_relay")
+   S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv")
   S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read")
   S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write")
   S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc")
diff --git a/security/selinux/include/av_permissions.h b/security/selinux/include/av_permissions.h
index f9de0f966559..bdfce4ca8f8e 100644
--- a/security/selinux/include/av_permissions.h
+++ b/security/selinux/include/av_permissions.h
@@ -840,6 +840,8 @@
 #define NETLINK_AUDIT_SOCKET__NLMSG_READ          0x00400000UL
 #define NETLINK_AUDIT_SOCKET__NLMSG_WRITE         0x00800000UL
+#define NETLINK_AUDIT_SOCKET__NLMSG_RELAY         0x01000000UL
+#define NETLINK_AUDIT_SOCKET__NLMSG_READPRIV      0x02000000UL
 #define NETLINK_IP6FW_SOCKET__IOCTL               0x00000001UL
 #define NETLINK_IP6FW_SOCKET__READ                0x00000002UL
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index f79408252730..b3adb481bc25 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -91,13 +91,12 @@ static struct nlmsg_perm nlmsg_xfrm_perms[] =
 static struct nlmsg_perm nlmsg_audit_perms[] =
 {
-        { AUDIT_GET,            NETLINK_AUDIT_SOCKET__NLMSG_READ  },
+        { AUDIT_GET,            NETLINK_AUDIT_SOCKET__NLMSG_READ     },
-        { AUDIT_SET,            NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
+        { AUDIT_SET,            NETLINK_AUDIT_SOCKET__NLMSG_WRITE    },
-        { AUDIT_LIST,           NETLINK_AUDIT_SOCKET__NLMSG_READ  },
+        { AUDIT_LIST,           NETLINK_AUDIT_SOCKET__NLMSG_READPRIV },
-        { AUDIT_ADD,            NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
+        { AUDIT_ADD,            NETLINK_AUDIT_SOCKET__NLMSG_WRITE    },
-        { AUDIT_DEL,            NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
+        { AUDIT_DEL,            NETLINK_AUDIT_SOCKET__NLMSG_WRITE    },
-        { AUDIT_USER,           NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
+        { AUDIT_USER,           NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-        { AUDIT_LOGIN,          NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
 };