From: Eric Paris Date: Wed, 5 Nov 2008 14:34:42 +0000 (-0500) Subject: SELinux: Use unknown perm handling to handle unknown netlink msg types X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=39c9aede2b4a252bd296c0a86be832c3d3d0a273;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git SELinux: Use unknown perm handling to handle unknown netlink msg types Currently when SELinux has not been updated to handle a netlink message type the operation is denied with EINVAL. This patch will leave the audit/warning message so things get fixed but if policy chose to allow unknowns this will allow the netlink operation. Signed-off-by: Eric Paris Acked-by: Stephen Smalley Signed-off-by: James Morris --- diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index f71de5a64d0c..7fd4de46b2a9 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4395,7 +4395,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) "SELinux: unrecognized netlink message" " type=%hu for sclass=%hu\n", nlh->nlmsg_type, isec->sclass); - if (!selinux_enforcing) + if (!selinux_enforcing || security_get_allow_unknown()) err = 0; }