Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cd63204c authored Feb 09, 2014 by Linus Torvalds

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull SELinux fixes from James Morris.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  SELinux:  Fix kernel BUG on empty security contexts.
  selinux: add SOCK_DIAG_BY_FAMILY to the list of netlink message types

parents f94aa7c7 f743166d

security/selinux/nlmsgtab.c

+2 −0

Original line number	Original line	Diff line number	Diff line
	@@ -17,6 +17,7 @@
	#include <linux/inet_diag.h>		#include <linux/inet_diag.h>
	#include <linux/xfrm.h>		#include <linux/xfrm.h>
	#include <linux/audit.h>		#include <linux/audit.h>
			#include <linux/sock_diag.h>

	#include "flask.h"		#include "flask.h"
	#include "av_permissions.h"		#include "av_permissions.h"
	@@ -78,6 +79,7 @@ static struct nlmsg_perm nlmsg_tcpdiag_perms[] =
	{		{
	{ TCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ },		{ TCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
	{ DCCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ },		{ DCCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
			{ SOCK_DIAG_BY_FAMILY, NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
	};		};

	static struct nlmsg_perm nlmsg_xfrm_perms[] =		static struct nlmsg_perm nlmsg_xfrm_perms[] =

security/selinux/ss/services.c

+4 −0

Original line number	Original line	Diff line number	Diff line
	@@ -1232,6 +1232,10 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
	struct context context;		struct context context;
	int rc = 0;		int rc = 0;

			/* An empty security context is never valid. */
			if (!scontext_len)
			return -EINVAL;

	if (!ss_initialized) {		if (!ss_initialized) {
	int i;		int i;