[PATCH] SELinux: Fine-grained Netlink support - move security_netlink_send() hook

This patch moves the security_netlink_send() LSM hook after the user copy, so that LSM modules can safely examine skb payload content. For SELinux, we need to look at the Netlink message type. Cc: David S. Miller <davem@redhat.com> Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] SELinux: Fine-grained Netlink support - move security_netlink_send() hook
This patch moves the security_netlink_send() LSM hook after the user copy, so that LSM modules can safely examine skb payload content. For SELinux, we need to look at the Netlink message type. Cc: David S. Miller <davem@redhat.com> Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
ed54f747 · James Morris · Linus Torvalds · 0e9e3ce4 · ed54f747
Commit ed54f747 authored Jun 17, 2004 by James Morris Committed by Linus Torvalds Jun 17, 2004
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 4 deletions

net/netlink/af_netlink.c net/netlink/af_netlink.c +4 -4

No files found.
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -728,14 +728,14 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
 	   to corresponding kernel module.   --ANK (980802)
 	 */

-	err = security_netlink_send(skb);
-	if (err) {
+	err = -EFAULT;
+	if (memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len)) {
 		kfree_skb(skb);
 		goto out;
 	}

-	err = -EFAULT;
-	if (memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len)) {
+	err = security_netlink_send(skb);
+	if (err) {
 		kfree_skb(skb);
 		goto out;
 	}