Merge "security: Extend SELinux to support CAN sockets"

author: Linux Build Service Account <lnxbuild@quicinc.com> 2017-10-29 20:59:53 -0700
committer: Gerrit - the friendly Code Review server <code-review@localhost> 2017-10-29 20:59:53 -0700
commit: d2c583756f87f031e16c4886984569c42dc917fe (patch)
tree: 79248b3da53917e4e71a7c4e34a25fac4e14b9f4 /security
parent: 31c9729a258a6495a344e2ec692e43fab9a0db87 (diff)
parent: f5ada1fa7a011500cac199f550e0583208448e61 (diff)
2 files changed, 4 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index d0221769ba52..d2eff7173dab 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1246,6 +1246,8 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
 		return SECCLASS_KEY_SOCKET;
 	case PF_APPLETALK:
 		return SECCLASS_APPLETALK_SOCKET;
+	case PF_CAN:
+		return SECCLASS_CAN_SOCKET;
 	}
 
 	return SECCLASS_SOCKET;
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index b393d29ae857..d40631150045 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -157,5 +157,7 @@ struct security_class_mapping secclass_map[] = {
 	  { COMMON_SOCK_PERMS, "attach_queue", NULL } },
 	{ "binder", { "impersonate", "call", "set_context_mgr", "transfer",
 		      NULL } },
+	{ "can_socket",
+	  { COMMON_SOCK_PERMS, NULL } },
 	{ NULL }
   };
author	Linux Build Service Account <lnxbuild@quicinc.com>	2017-10-29 20:59:53 -0700
committer	Gerrit - the friendly Code Review server <code-review@localhost>	2017-10-29 20:59:53 -0700
commit	d2c583756f87f031e16c4886984569c42dc917fe (patch)
tree	79248b3da53917e4e71a7c4e34a25fac4e14b9f4 /security
parent	31c9729a258a6495a344e2ec692e43fab9a0db87 (diff)
parent	f5ada1fa7a011500cac199f550e0583208448e61 (diff)