diff options
Diffstat (limited to 'security/selinux/netlink.c')
| -rw-r--r-- | security/selinux/netlink.c | 48 |
1 files changed, 28 insertions, 20 deletions
diff --git a/security/selinux/netlink.c b/security/selinux/netlink.c index b59871d74da..828fb6a4e94 100644 --- a/security/selinux/netlink.c +++ b/security/selinux/netlink.c @@ -11,29 +11,32 @@ */ #include <linux/init.h> #include <linux/types.h> +#include <linux/slab.h> #include <linux/stddef.h> #include <linux/kernel.h> -#include <linux/list.h> +#include <linux/export.h> #include <linux/skbuff.h> -#include <linux/netlink.h> #include <linux/selinux_netlink.h> #include <net/net_namespace.h> +#include <net/netlink.h> + +#include "security.h" static struct sock *selnl; static int selnl_msglen(int msgtype) { int ret = 0; - + switch (msgtype) { case SELNL_MSG_SETENFORCE: ret = sizeof(struct selnl_msg_setenforce); break; - + case SELNL_MSG_POLICYLOAD: ret = sizeof(struct selnl_msg_policyload); break; - + default: BUG(); } @@ -44,16 +47,16 @@ static void selnl_add_payload(struct nlmsghdr *nlh, int len, int msgtype, void * { switch (msgtype) { case SELNL_MSG_SETENFORCE: { - struct selnl_msg_setenforce *msg = NLMSG_DATA(nlh); - + struct selnl_msg_setenforce *msg = nlmsg_data(nlh); + memset(msg, 0, len); msg->val = *((int *)data); break; } - + case SELNL_MSG_POLICYLOAD: { - struct selnl_msg_policyload *msg = NLMSG_DATA(nlh); - + struct selnl_msg_policyload *msg = nlmsg_data(nlh); + memset(msg, 0, len); msg->seqno = *((u32 *)data); break; @@ -70,26 +73,28 @@ static void selnl_notify(int msgtype, void *data) sk_buff_data_t tmp; struct sk_buff *skb; struct nlmsghdr *nlh; - + len = selnl_msglen(msgtype); - - skb = alloc_skb(NLMSG_SPACE(len), GFP_USER); + + skb = nlmsg_new(len, GFP_USER); if (!skb) goto oom; tmp = skb->tail; - nlh = NLMSG_PUT(skb, 0, 0, msgtype, len); + nlh = nlmsg_put(skb, 0, 0, msgtype, len, 0); + if (!nlh) + goto out_kfree_skb; selnl_add_payload(nlh, len, msgtype, data); nlh->nlmsg_len = skb->tail - tmp; NETLINK_CB(skb).dst_group = SELNLGRP_AVC; netlink_broadcast(selnl, skb, 0, SELNLGRP_AVC, GFP_USER); out: return; - -nlmsg_failure: + +out_kfree_skb: kfree_skb(skb); oom: - printk(KERN_ERR "SELinux: OOM in %s\n", __FUNCTION__); + printk(KERN_ERR "SELinux: OOM in %s\n", __func__); goto out; } @@ -105,11 +110,14 @@ void selnl_notify_policyload(u32 seqno) static int __init selnl_init(void) { - selnl = netlink_kernel_create(&init_net, NETLINK_SELINUX, - SELNLGRP_MAX, NULL, NULL, THIS_MODULE); + struct netlink_kernel_cfg cfg = { + .groups = SELNLGRP_MAX, + .flags = NL_CFG_F_NONROOT_RECV, + }; + + selnl = netlink_kernel_create(&init_net, NETLINK_SELINUX, &cfg); if (selnl == NULL) panic("SELinux: Cannot create netlink socket."); - netlink_set_nonroot(NETLINK_SELINUX, NL_NONROOT_RECV); return 0; } |