Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1154cfab authored by Srinivasarao P's avatar Srinivasarao P
Browse files

Merge android11-5.4.86+ (fe9e8630) into msm-5.4



* refs/heads/tmp-fe9e8630:
  FROMGIT: bpf: Do not change gso_size during bpf_skb_change_proto()
  ANDROID: selinux: modify RTM_GETNEIGH{TBL}

Change-Id: I02fcc7795c4380aafb293dd8f575cccdc8e86825
Signed-off-by: default avatarSrinivasarao P <spathi@codeaurora.org>
parents 0d384b92 fe9e8630
Loading
Loading
Loading
Loading
+1 −1
Original line number Diff line number Diff line
LTS_5.4.86_e399f16519fa
LTS_5.4.86_fe9e8630bfaf
+0 −4
Original line number Diff line number Diff line
@@ -2861,8 +2861,6 @@ static int bpf_skb_proto_4_to_6(struct sk_buff *skb)
			shinfo->gso_type |=  SKB_GSO_TCPV6;
		}

		/* Due to IPv6 header, MSS needs to be downgraded. */
		skb_decrease_gso_size(shinfo, len_diff);
		/* Header must be checked, and gso_segs recomputed. */
		shinfo->gso_type |= SKB_GSO_DODGY;
		shinfo->gso_segs = 0;
@@ -2902,8 +2900,6 @@ static int bpf_skb_proto_6_to_4(struct sk_buff *skb)
			shinfo->gso_type |=  SKB_GSO_TCPV4;
		}

		/* Due to IPv4 header, MSS can be upgraded. */
		skb_increase_gso_size(shinfo, len_diff);
		/* Header must be checked, and gso_segs recomputed. */
		shinfo->gso_type |= SKB_GSO_DODGY;
		shinfo->gso_segs = 0;
+2 −1
Original line number Diff line number Diff line
@@ -116,7 +116,8 @@ struct security_class_mapping secclass_map[] = {
	  { COMMON_IPC_PERMS, NULL } },
	{ "netlink_route_socket",
	  { COMMON_SOCK_PERMS,
	    "nlmsg_read", "nlmsg_write", "nlmsg_readpriv", NULL } },
	    "nlmsg_read", "nlmsg_write", "nlmsg_readpriv", "nlmsg_getneigh",
	    NULL } },
	{ "netlink_tcpdiag_socket",
	  { COMMON_SOCK_PERMS,
	    "nlmsg_read", "nlmsg_write", NULL } },
+9 −0
Original line number Diff line number Diff line
@@ -106,6 +106,8 @@ struct selinux_state {
	bool initialized;
	bool policycap[__POLICYDB_CAPABILITY_MAX];
	bool android_netlink_route;
	bool android_netlink_getneigh;

	struct selinux_avc *avc;
	struct selinux_ss *ss;
};
@@ -185,6 +187,13 @@ static inline bool selinux_android_nlroute_getlink(void)
	return state->android_netlink_route;
}

static inline bool selinux_android_nlroute_getneigh(void)
{
	struct selinux_state *state = &selinux_state;

	return state->android_netlink_getneigh;
}

int security_mls_enabled(struct selinux_state *state);
int security_load_policy(struct selinux_state *state,
			 void *data, size_t len);
+20 −4
Original line number Diff line number Diff line
@@ -207,12 +207,12 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
	return err;
}

static void nlmsg_set_getlink_perm(u32 perm)
static void nlmsg_set_perm_for_type(u32 perm, u16 type)
{
	int i;

	for (i = 0; i < ARRAY_SIZE(nlmsg_route_perms); i++) {
		if (nlmsg_route_perms[i].nlmsg_type == RTM_GETLINK) {
		if (nlmsg_route_perms[i].nlmsg_type == type) {
			nlmsg_route_perms[i].perm = perm;
			break;
		}
@@ -222,11 +222,27 @@ static void nlmsg_set_getlink_perm(u32 perm)
/**
 * Use nlmsg_readpriv as the permission for RTM_GETLINK messages if the
 * netlink_route_getlink policy capability is set. Otherwise use nlmsg_read.
 * Similarly, use nlmsg_getneigh for RTM_GETNEIGH and RTM_GETNEIGHTBL if the
 * netlink_route_getneigh policy capability is set. Otherwise use nlmsg_read.
 */
void selinux_nlmsg_init(void)
{
	if (selinux_android_nlroute_getlink())
		nlmsg_set_getlink_perm(NETLINK_ROUTE_SOCKET__NLMSG_READPRIV);
		nlmsg_set_perm_for_type(NETLINK_ROUTE_SOCKET__NLMSG_READPRIV,
					RTM_GETLINK);
	else
		nlmsg_set_getlink_perm(NETLINK_ROUTE_SOCKET__NLMSG_READ);
		nlmsg_set_perm_for_type(NETLINK_ROUTE_SOCKET__NLMSG_READ,
					RTM_GETLINK);

	if (selinux_android_nlroute_getneigh()) {
		nlmsg_set_perm_for_type(NETLINK_ROUTE_SOCKET__NLMSG_GETNEIGH,
					RTM_GETNEIGH);
		nlmsg_set_perm_for_type(NETLINK_ROUTE_SOCKET__NLMSG_GETNEIGH,
					RTM_GETNEIGHTBL);
	} else {
		nlmsg_set_perm_for_type(NETLINK_ROUTE_SOCKET__NLMSG_READ,
					RTM_GETNEIGH);
		nlmsg_set_perm_for_type(NETLINK_ROUTE_SOCKET__NLMSG_READ,
					RTM_GETNEIGHTBL);
	}
}
Loading