From: Stephen Smalley <sds@tycho.nsa.gov>

This patch changes SELinux to audit any unrecognized netlink messages in
controlled classes rather than silently rejecting them, and to allow them
if in permissive mode.  Please apply.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 25-akpm/security/selinux/hooks.c |   10 ++++++++++
 1 files changed, 10 insertions(+)

diff -puN security/selinux/hooks.c~selinux-audit-unrecognized-netlink-messages security/selinux/hooks.c
--- 25/security/selinux/hooks.c~selinux-audit-unrecognized-netlink-messages	2005-03-23 12:51:44.000000000 -0800
+++ 25-akpm/security/selinux/hooks.c	2005-03-23 12:51:44.000000000 -0800
@@ -67,6 +67,7 @@
 #include <linux/hugetlb.h>
 #include <linux/personality.h>
 #include <linux/sysctl.h>
+#include <linux/audit.h>
 
 #include "avc.h"
 #include "objsec.h"
@@ -3385,6 +3386,15 @@ static int selinux_nlmsg_perm(struct soc
 	
 	err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
 	if (err) {
+		if (err == -EINVAL) {
+			audit_log(current->audit_context,
+				  "SELinux:  unrecognized netlink message"
+				  " type=%hu for sclass=%hu\n",
+				  nlh->nlmsg_type, isec->sclass);
+			if (!selinux_enforcing)
+				err = 0;
+		}
+
 		/* Ignore */
 		if (err == -ENOENT)
 			err = 0;
_