Commit a79fa1df authored by Stephen D. Smalley's avatar Stephen D. Smalley Committed by Linus Torvalds

[PATCH] SELinux: map Unix seqpacket sockets to appropriate security class

This patch for SELinux fixes a bug in the mapping of socket types to
security classes and ensures that Unix seqpacket sockets are mapped to an
appropriate security class.  The Unix stream security class is re-used in
this case as it has the same permission checking applied as for seqpacket. 
Signed-off-by: default avatarStephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: default avatarJames Morris <jmorris@redhat.com>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 8c2bfc5b
...@@ -631,10 +631,12 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc ...@@ -631,10 +631,12 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
case PF_UNIX: case PF_UNIX:
switch (type) { switch (type) {
case SOCK_STREAM: case SOCK_STREAM:
case SOCK_SEQPACKET:
return SECCLASS_UNIX_STREAM_SOCKET; return SECCLASS_UNIX_STREAM_SOCKET;
case SOCK_DGRAM: case SOCK_DGRAM:
return SECCLASS_UNIX_DGRAM_SOCKET; return SECCLASS_UNIX_DGRAM_SOCKET;
} }
break;
case PF_INET: case PF_INET:
case PF_INET6: case PF_INET6:
switch (type) { switch (type) {
...@@ -645,6 +647,7 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc ...@@ -645,6 +647,7 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
case SOCK_RAW: case SOCK_RAW:
return SECCLASS_RAWIP_SOCKET; return SECCLASS_RAWIP_SOCKET;
} }
break;
case PF_NETLINK: case PF_NETLINK:
switch (protocol) { switch (protocol) {
case NETLINK_ROUTE: case NETLINK_ROUTE:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment