selinux: nlmsgtab: add SOCK_DESTROY to the netlink mapping tables

Without this, using SOCK_DESTROY in enforcing mode results in: SELinux: unrecognized netlink message type=21 for sclass=32 Change-Id: I7862bb0fc83573567243ffa9549a2c7405b5986c
author: Lorenzo Colitti <lorenzo@google.com> 2016-02-04 00:52:15 +0900
committer: Lorenzo Colitti <lorenzo@google.com> 2016-02-04 11:39:22 +0900
commit: 47be4c1862a864662721a98b6fbc415c6bda29df (patch)
tree: 81965cc82661a58025213a7b2991a3d421fd1f79 /security
parent: 69649c8a83f8b5e61d631e8962f9169bbece6766 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 902b5e9cec7e..053210a559ad 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -77,9 +77,10 @@ static struct nlmsg_perm nlmsg_route_perms[] =
 
 static struct nlmsg_perm nlmsg_tcpdiag_perms[] =
 {
-	{ TCPDIAG_GETSOCK,	NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
-	{ DCCPDIAG_GETSOCK,	NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
-	{ SOCK_DIAG_BY_FAMILY,	NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
+	{ TCPDIAG_GETSOCK,		NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
+	{ DCCPDIAG_GETSOCK,		NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
+	{ SOCK_DIAG_BY_FAMILY,		NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
+	{ SOCK_DESTROY_BACKPORT,	NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE },
 };
 
 static struct nlmsg_perm nlmsg_xfrm_perms[] =
author	Lorenzo Colitti <lorenzo@google.com>	2016-02-04 00:52:15 +0900
committer	Lorenzo Colitti <lorenzo@google.com>	2016-02-04 11:39:22 +0900
commit	47be4c1862a864662721a98b6fbc415c6bda29df (patch)
tree	81965cc82661a58025213a7b2991a3d421fd1f79 /security
parent	69649c8a83f8b5e61d631e8962f9169bbece6766 (diff)