selinux: properly handle multiple messages in selinux_netlink_send()
commit
fb73974172ffaaf57a7c42f35424d9aece1a5af6 upstream.
Fix the SELinux netlink_send hook to properly handle multiple netlink
messages in a single sk_buff; each message is parsed and subject to
SELinux access control. Prior to this patch, SELinux only inspected
the first message in the sk_buff.
Mot-CRs-fixed: (CR)
CVE-Fixed: CVE-2020-0255
Bug:
155485360
Cc: stable@vger.kernel.org
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Reviewed-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Jignesh Patel <jignesh@motorola.com>
Change-Id: I3e5aac38dc183e27d7549a35ae624f334da7d687
Reviewed-on: https://gerrit.mot.com/
1671554
SME-Granted: SME Approvals Granted
SLTApproved: Slta Waiver
Tested-by: Jira Key
Reviewed-by: Xiangpo Zhao <zhaoxp3@motorola.com>
Submit-Approved: Jira Key
(cherry picked from commit
8e9bd11baf8e7c89d9d6fa724fff35c31dd1977e)
projects / GitHub / LineageOS / android_kernel_motorola_exynos9610.git / commit