selinux: nlmsgtab: add SOCK_DESTROY to the netlink mapping tables

Without this, using SOCK_DESTROY in enforcing mode results in: SELinux: unrecognized netlink message type=21 for sclass=32 Change-Id: I7862bb0fc83573567243ffa9549a2c7405b5986c
author: Lorenzo Colitti <lorenzo@google.com> 2016-02-04 00:52:15 +0900
committer: Moyster <oysterized@gmail.com> 2016-09-10 16:51:12 +0200
commit: fb9d96e62a68703f1861f14c68caa8a641b68978 (patch)
tree: f33e326efe6cc34243a981a235833d268ecc0418 /security
parent: 48e1aa52d436f2fb469abf1987accc058cc0516a (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 4c29bcc7f..dd28eb2af 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -77,9 +77,10 @@ static struct nlmsg_perm nlmsg_route_perms[] =
 
 static struct nlmsg_perm nlmsg_tcpdiag_perms[] =
 {
-	{ TCPDIAG_GETSOCK,	NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
-	{ DCCPDIAG_GETSOCK,	NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
-	{ SOCK_DIAG_BY_FAMILY,	NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
+	{ TCPDIAG_GETSOCK,		NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
+	{ DCCPDIAG_GETSOCK,		NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
+	{ SOCK_DIAG_BY_FAMILY,		NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
+	{ SOCK_DESTROY_BACKPORT,	NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE },
 };
 
 static struct nlmsg_perm nlmsg_xfrm_perms[] =
author	Lorenzo Colitti <lorenzo@google.com>	2016-02-04 00:52:15 +0900
committer	Moyster <oysterized@gmail.com>	2016-09-10 16:51:12 +0200
commit	fb9d96e62a68703f1861f14c68caa8a641b68978 (patch)
tree	f33e326efe6cc34243a981a235833d268ecc0418 /security
parent	48e1aa52d436f2fb469abf1987accc058cc0516a (diff)