[PATCH] SELinux: add support for NETLINK_KOBJECT_UEVENT This patch adds SELinux support for the KOBJECT_UEVENT Netlink family, so that SELinux can apply finer grained controls to it. For example, security policy for hald can be locked down to the KOBJECT_UEVENT Netlink family only. Currently, this family simply defaults to the default Netlink socket class. Note that some new permission definitions are added to sync with changes in the core userspace policy package, which auto-generates header files. Signed-off-by: James Morris <jmorris@redhat.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

commit: 0c9b79429c83a404a04908be65baa9d97836bbb6 [log] [tgz]
author: James Morris <jmorris@redhat.com> Sat Apr 16 15:24:13 2005 -0700
committer: Linus Torvalds <torvalds@ppc970.osdl.org> Sat Apr 16 15:24:13 2005 -0700
tree: 66cdf9fc4cf40867ed8c9dc060661615941cd95f
parent: 7e5c6bc0a600c49e5922591ad41ff41987f54eb4 [diff] [blame]
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 8a2cc75..2ae7d3c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c

@@ -672,6 +672,8 @@
 			return SECCLASS_NETLINK_IP6FW_SOCKET;
 		case NETLINK_DNRTMSG:
 			return SECCLASS_NETLINK_DNRT_SOCKET;
+		case NETLINK_KOBJECT_UEVENT:
+			return SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET;
 		default:
 			return SECCLASS_NETLINK_SOCKET;
 		}
commit	0c9b79429c83a404a04908be65baa9d97836bbb6	[log] [tgz]
author	James Morris <jmorris@redhat.com>	Sat Apr 16 15:24:13 2005 -0700
committer	Linus Torvalds <torvalds@ppc970.osdl.org>	Sat Apr 16 15:24:13 2005 -0700
tree	66cdf9fc4cf40867ed8c9dc060661615941cd95f
parent	7e5c6bc0a600c49e5922591ad41ff41987f54eb4 [diff] [blame]