|
|
@@ -80,6 +80,9 @@ static const struct nlmsg_perm nlmsg_route_perms[] =
|
|
|
{ RTM_NEWSTATS, NETLINK_ROUTE_SOCKET__NLMSG_READ },
|
|
|
{ RTM_GETSTATS, NETLINK_ROUTE_SOCKET__NLMSG_READ },
|
|
|
{ RTM_NEWCACHEREPORT, NETLINK_ROUTE_SOCKET__NLMSG_READ },
|
|
|
+ { RTM_NEWCHAIN, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
|
|
|
+ { RTM_DELCHAIN, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
|
|
|
+ { RTM_GETCHAIN, NETLINK_ROUTE_SOCKET__NLMSG_READ },
|
|
|
};
|
|
|
|
|
|
static const struct nlmsg_perm nlmsg_tcpdiag_perms[] =
|
|
|
@@ -158,7 +161,11 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
|
|
|
|
|
|
switch (sclass) {
|
|
|
case SECCLASS_NETLINK_ROUTE_SOCKET:
|
|
|
- /* RTM_MAX always point to RTM_SETxxxx, ie RTM_NEWxxx + 3 */
|
|
|
+ /* RTM_MAX always points to RTM_SETxxxx, ie RTM_NEWxxx + 3.
|
|
|
+ * If the BUILD_BUG_ON() below fails you must update the
|
|
|
+ * structures at the top of this file with the new mappings
|
|
|
+ * before updating the BUILD_BUG_ON() macro!
|
|
|
+ */
|
|
|
BUILD_BUG_ON(RTM_MAX != (RTM_NEWCHAIN + 3));
|
|
|
err = nlmsg_perm(nlmsg_type, perm, nlmsg_route_perms,
|
|
|
sizeof(nlmsg_route_perms));
|
|
|
@@ -170,6 +177,10 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
|
|
|
break;
|
|
|
|
|
|
case SECCLASS_NETLINK_XFRM_SOCKET:
|
|
|
+ /* If the BUILD_BUG_ON() below fails you must update the
|
|
|
+ * structures at the top of this file with the new mappings
|
|
|
+ * before updating the BUILD_BUG_ON() macro!
|
|
|
+ */
|
|
|
BUILD_BUG_ON(XFRM_MSG_MAX != XFRM_MSG_MAPPING);
|
|
|
err = nlmsg_perm(nlmsg_type, perm, nlmsg_xfrm_perms,
|
|
|
sizeof(nlmsg_xfrm_perms));
|
Paul Moore