diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2009-10-01 20:48:23 +0200 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-10-07 12:56:46 +0200 |
commit | 941fc5b2bf8f7dd1d0a9c502e152fa719ff6578e (patch) | |
tree | c2f579e6fcc5bee6659527db7ccfb661acfe196c /security/security.c | |
parent | selinux: generate flask headers during kernel build (diff) | |
download | linux-941fc5b2bf8f7dd1d0a9c502e152fa719ff6578e.tar.xz linux-941fc5b2bf8f7dd1d0a9c502e152fa719ff6578e.zip |
selinux: drop remapping of netlink classes
Drop remapping of netlink classes and bypass of permission checking
based on netlink message type for policy version < 18. This removes
compatibility code introduced when the original single netlink
security class used for all netlink sockets was split into
finer-grained netlink classes based on netlink protocol and when
permission checking was added based on netlink message type in Linux
2.6.8. The only known distribution that shipped with SELinux and
policy < 18 was Fedora Core 2, which was EOL'd on 2005-04-11.
Given that the remapping code was never updated to address the
addition of newer netlink classes, that the corresponding userland
support was dropped in 2005, and that the assumptions made by the
remapping code about the fixed ordering among netlink classes in the
policy may be violated in the future due to the dynamic class/perm
discovery support, we should drop this compatibility code now.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions