Commit e74974d7 authored by James Morris's avatar James Morris Committed by David S. Miller

[SELINUX]: Fine-grained Netlink support - move security_netlink_send() hook.

This patch moves the security_netlink_send() LSM hook after the user copy,
so that LSM modules can safely examine skb payload content.  For SELinux,
we need to look at the Netlink message type.
Signed-off-by: default avatarJames Morris <jmorris@redhat.com>
Signed-off-by: default avatarDavid S. Miller <davem@redhat.com>
parent 76716cb2
...@@ -728,14 +728,14 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock, ...@@ -728,14 +728,14 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
to corresponding kernel module. --ANK (980802) to corresponding kernel module. --ANK (980802)
*/ */
err = security_netlink_send(skb); err = -EFAULT;
if (err) { if (memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len)) {
kfree_skb(skb); kfree_skb(skb);
goto out; goto out;
} }
err = -EFAULT; err = security_netlink_send(skb);
if (memcpy_fromiovec(skb_put(skb,len), msg->msg_iov, len)) { if (err) {
kfree_skb(skb); kfree_skb(skb);
goto out; goto out;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment