security: Extend SELinux to support CAN sockets

CAN socket SELinux support is required to be able to distinguish between generic socket and can_socket Change-Id: I9ec2099fc4c08ab6406e33ff9ad821ef18261763 Signed-off-by: Alex Yakavenka <ayakav@codeaurora.org>
author: Alex Yakavenka <ayakav@codeaurora.org> 2016-04-08 15:29:45 -0700
committer: Gerrit - the friendly Code Review server <code-review@localhost> 2017-10-24 22:08:44 -0700
commit: f5ada1fa7a011500cac199f550e0583208448e61 (patch)
tree: beef8855b27af43efb1da2361c6bb2c673ac2913
parent: 9551e129dd2625ea2ab4fa5620820849b069ce2f (diff)
2 files changed, 4 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index d0221769ba52..d2eff7173dab 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1246,6 +1246,8 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
 		return SECCLASS_KEY_SOCKET;
 	case PF_APPLETALK:
 		return SECCLASS_APPLETALK_SOCKET;
+	case PF_CAN:
+		return SECCLASS_CAN_SOCKET;
 	}
 
 	return SECCLASS_SOCKET;
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index b393d29ae857..d40631150045 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -157,5 +157,7 @@ struct security_class_mapping secclass_map[] = {
 	  { COMMON_SOCK_PERMS, "attach_queue", NULL } },
 	{ "binder", { "impersonate", "call", "set_context_mgr", "transfer",
 		      NULL } },
+	{ "can_socket",
+	  { COMMON_SOCK_PERMS, NULL } },
 	{ NULL }
   };
author	Alex Yakavenka <ayakav@codeaurora.org>	2016-04-08 15:29:45 -0700
committer	Gerrit - the friendly Code Review server <code-review@localhost>	2017-10-24 22:08:44 -0700
commit	f5ada1fa7a011500cac199f550e0583208448e61 (patch)
tree	beef8855b27af43efb1da2361c6bb2c673ac2913
parent	9551e129dd2625ea2ab4fa5620820849b069ce2f (diff)