summaryrefslogtreecommitdiffstats
path: root/security/security.c
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2009-10-01 20:48:23 +0200
committerJames Morris <jmorris@namei.org>2009-10-07 12:56:46 +0200
commit941fc5b2bf8f7dd1d0a9c502e152fa719ff6578e (patch)
treec2f579e6fcc5bee6659527db7ccfb661acfe196c /security/security.c
parentselinux: generate flask headers during kernel build (diff)
downloadlinux-941fc5b2bf8f7dd1d0a9c502e152fa719ff6578e.tar.xz
linux-941fc5b2bf8f7dd1d0a9c502e152fa719ff6578e.zip
selinux: drop remapping of netlink classes
Drop remapping of netlink classes and bypass of permission checking based on netlink message type for policy version < 18. This removes compatibility code introduced when the original single netlink security class used for all netlink sockets was split into finer-grained netlink classes based on netlink protocol and when permission checking was added based on netlink message type in Linux 2.6.8. The only known distribution that shipped with SELinux and policy < 18 was Fedora Core 2, which was EOL'd on 2005-04-11. Given that the remapping code was never updated to address the addition of newer netlink classes, that the corresponding userland support was dropped in 2005, and that the assumptions made by the remapping code about the fixed ordering among netlink classes in the policy may be violated in the future due to the dynamic class/perm discovery support, we should drop this compatibility code now. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions