selinux: Assign proper class to PF_UNIX/SOCK_RAW sockets

For PF_UNIX, SOCK_RAW is synonymous with SOCK_DGRAM (cf. net/unix/af_unix.c). This is a tad obscure, but libpcap uses it. Signed-off-by: Luis Ressel <[email protected]> Acked-by: Stephen Smalley <[email protected]> Signed-off-by: Paul Moore <[email protected]>
laijs · Jul 25, 2017 · 2a764b5 · 2a764b5
1 parent 31368ce
commit 2a764b5
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
@@ -1303,6 +1303,7 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
 		case SOCK_SEQPACKET:
 			return SECCLASS_UNIX_STREAM_SOCKET;
 		case SOCK_DGRAM:
+		case SOCK_RAW:
 			return SECCLASS_UNIX_DGRAM_SOCKET;
 		}
 		break;