selinux: apply selinux checks on new audit message types We use the read check to get the feature set (like AUDIT_GET) and the write check to set the features (like AUDIT_SET). Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>

commit: b805b198dc74b73aabb6969a3db734c71c05c88c [log] [tgz]
author: Eric Paris <eparis@redhat.com> Fri May 24 12:09:50 2013 -0400
committer: Eric Paris <eparis@redhat.com> Tue Nov 05 11:07:35 2013 -0500
tree: 7863f6b26836117ac4677554252376e3a8c014de
parent: b0fed40214ce79ef70d97584ebdf13f89786da0e [diff]
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 855e464..332ac8a 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c

@@ -116,6 +116,8 @@
 	{ AUDIT_MAKE_EQUIV,	NETLINK_AUDIT_SOCKET__NLMSG_WRITE    },
 	{ AUDIT_TTY_GET,	NETLINK_AUDIT_SOCKET__NLMSG_READ     },
 	{ AUDIT_TTY_SET,	NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT	},
+	{ AUDIT_GET_FEATURE,	NETLINK_AUDIT_SOCKET__NLMSG_READ     },
+	{ AUDIT_SET_FEATURE,	NETLINK_AUDIT_SOCKET__NLMSG_WRITE    },
 };
commit	b805b198dc74b73aabb6969a3db734c71c05c88c	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Fri May 24 12:09:50 2013 -0400
committer	Eric Paris <eparis@redhat.com>	Tue Nov 05 11:07:35 2013 -0500
tree	7863f6b26836117ac4677554252376e3a8c014de
parent	b0fed40214ce79ef70d97584ebdf13f89786da0e [diff]