diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index 0debbdc155a4..0bea6a8f8395 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h @@ -105,7 +105,7 @@ struct security_class_mapping secclass_map[] = { { COMMON_IPC_PERMS, NULL } }, { "netlink_route_socket", { COMMON_SOCK_PERMS, - "nlmsg_read", "nlmsg_write", "nlmsg_readpriv", NULL } }, + "nlmsg_read", "nlmsg_write", NULL } }, { "netlink_tcpdiag_socket", { COMMON_SOCK_PERMS, "nlmsg_read", "nlmsg_write", NULL } }, diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 576d5a8c9238..b8e98c111b2f 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -74,7 +74,6 @@ enum { }; #define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1) -extern int selinux_android_netlink_route; extern int selinux_policycap_netpeer; extern int selinux_policycap_openperm; extern int selinux_policycap_alwaysnetwork; @@ -263,7 +262,6 @@ extern struct vfsmount *selinuxfs_mount; extern void selnl_notify_setenforce(int val); extern void selnl_notify_policyload(u32 seqno); extern int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm); -extern void selinux_nlmsg_init(void); #endif /* _SELINUX_SECURITY_H_ */ diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index 697785cec7f6..2ca9cde939d4 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c @@ -193,27 +193,3 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm) return err; } - -static void nlmsg_set_getlink_perm(u32 perm) -{ - int i; - - for (i = 0; i < ARRAY_SIZE(nlmsg_route_perms); i++) { - if (nlmsg_route_perms[i].nlmsg_type == RTM_GETLINK) { - nlmsg_route_perms[i].perm = perm; - break; - } - } -} - -/** - * Use nlmsg_readpriv as the permission for RTM_GETLINK messages if the - * netlink_route_getlink policy capability is set. Otherwise use nlmsg_read. - */ -void selinux_nlmsg_init(void) -{ - if (selinux_android_netlink_route) - nlmsg_set_getlink_perm(NETLINK_ROUTE_SOCKET__NLMSG_READPRIV); - else - nlmsg_set_getlink_perm(NETLINK_ROUTE_SOCKET__NLMSG_READ); -} diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index 62518b031e5e..af9cc839856f 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -2332,10 +2332,6 @@ int policydb_read(struct policydb *p, void *fp) p->reject_unknown = !!(le32_to_cpu(buf[1]) & REJECT_UNKNOWN); p->allow_unknown = !!(le32_to_cpu(buf[1]) & ALLOW_UNKNOWN); - if ((le32_to_cpu(buf[1]) & POLICYDB_CONFIG_ANDROID_NETLINK_ROUTE)) { - p->android_netlink_route = 1; - } - if (p->policyvers >= POLICYDB_VERSION_POLCAP) { rc = ebitmap_read(&p->policycaps, fp); if (rc) diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h index 0d511cf3c1e9..725d5945a97e 100644 --- a/security/selinux/ss/policydb.h +++ b/security/selinux/ss/policydb.h @@ -227,7 +227,6 @@ struct genfs { /* The policy database */ struct policydb { int mls_enabled; - int android_netlink_route; /* symbol tables */ struct symtab symtab[SYM_NUM]; @@ -314,7 +313,6 @@ extern int policydb_write(struct policydb *p, void *fp); #define PERM_SYMTAB_SIZE 32 #define POLICYDB_CONFIG_MLS 1 -#define POLICYDB_CONFIG_ANDROID_NETLINK_ROUTE (1 << 31) /* the config flags related to unknown classes/perms are bits 2 and 3 */ #define REJECT_UNKNOWN 0x00000002 diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index f51ff4d28d8e..4e52759e3905 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -70,7 +70,6 @@ #include "ebitmap.h" #include "audit.h" -int selinux_android_netlink_route; int selinux_policycap_netpeer; int selinux_policycap_openperm; int selinux_policycap_alwaysnetwork; @@ -1991,9 +1990,6 @@ static void security_load_policycaps(void) POLICYDB_CAPABILITY_OPENPERM); selinux_policycap_alwaysnetwork = ebitmap_get_bit(&policydb.policycaps, POLICYDB_CAPABILITY_ALWAYSNETWORK); - - selinux_android_netlink_route = policydb.android_netlink_route; - selinux_nlmsg_init(); } static int security_preserve_bools(struct policydb *p);