diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2017-01-09 16:07:31 +0100 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2017-01-09 16:07:31 +0100 |
commit | ef37979a2cfa3905adbf0c2a681ce16c0aaea92d (patch) | |
tree | 0616c8df6684b739648d9b4e38eab11ec7b1c1fd /security | |
parent | selinux: add security in-core xattr support for tracefs (diff) | |
download | linux-ef37979a2cfa3905adbf0c2a681ce16c0aaea92d.tar.xz linux-ef37979a2cfa3905adbf0c2a681ce16c0aaea92d.zip |
selinux: handle ICMPv6 consistently with ICMP
commit 79c8b348f215 ("selinux: support distinctions among all network
address families") mapped datagram ICMP sockets to the new icmp_socket
security class, but left ICMPv6 sockets unchanged. This change fixes
that oversight to handle both kinds of sockets consistently.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/hooks.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 5ce633aabce6..e4b953f760dd 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1295,7 +1295,8 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc case SOCK_DGRAM: if (default_protocol_dgram(protocol)) return SECCLASS_UDP_SOCKET; - else if (extsockclass && protocol == IPPROTO_ICMP) + else if (extsockclass && (protocol == IPPROTO_ICMP || + protocol == IPPROTO_ICMPV6)) return SECCLASS_ICMP_SOCKET; else return SECCLASS_RAWIP_SOCKET; |