Commit 209aba03 authored by David Woodhouse's avatar David Woodhouse

AUDIT: Treat all user messages identically.

It's silly to have to add explicit entries for new userspace messages
as we invent them. Just treat all messages in the user range the same.
Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
parent 3ec3b2fb
...@@ -51,14 +51,8 @@ ...@@ -51,14 +51,8 @@
#define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */ #define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */
#define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */ #define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */
#define AUDIT_USER_AUTH 1100 /* User space authentication */ #define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages uninteresting to kernel */
#define AUDIT_USER_ACCT 1101 /* User space acct change */ #define AUDIT_LAST_USER_MSG 1199
#define AUDIT_USER_MGMT 1102 /* User space acct management */
#define AUDIT_CRED_ACQ 1103 /* User space credential acquired */
#define AUDIT_CRED_DISP 1104 /* User space credential disposed */
#define AUDIT_USER_START 1105 /* User space session start */
#define AUDIT_USER_END 1106 /* User space session end */
#define AUDIT_USER_AVC 1107 /* User space avc message */
#define AUDIT_DAEMON_START 1200 /* Daemon startup record */ #define AUDIT_DAEMON_START 1200 /* Daemon startup record */
#define AUDIT_DAEMON_END 1201 /* Daemon normal stop record */ #define AUDIT_DAEMON_END 1201 /* Daemon normal stop record */
...@@ -173,13 +167,6 @@ ...@@ -173,13 +167,6 @@
#define AUDIT_ARCH_V850 (EM_V850|__AUDIT_ARCH_LE) #define AUDIT_ARCH_V850 (EM_V850|__AUDIT_ARCH_LE)
#define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) #define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
#ifndef __KERNEL__
struct audit_message {
struct nlmsghdr nlh;
char data[1200];
};
#endif
struct audit_status { struct audit_status {
__u32 mask; /* Bit mask for valid entries */ __u32 mask; /* Bit mask for valid entries */
__u32 enabled; /* 1 = enabled, 0 = disabled */ __u32 enabled; /* 1 = enabled, 0 = disabled */
......
...@@ -325,15 +325,7 @@ static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type) ...@@ -325,15 +325,7 @@ static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type)
if (!cap_raised(eff_cap, CAP_AUDIT_CONTROL)) if (!cap_raised(eff_cap, CAP_AUDIT_CONTROL))
err = -EPERM; err = -EPERM;
break; break;
case AUDIT_USER: case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
case AUDIT_USER_AUTH:
case AUDIT_USER_ACCT:
case AUDIT_USER_MGMT:
case AUDIT_CRED_ACQ:
case AUDIT_CRED_DISP:
case AUDIT_USER_START:
case AUDIT_USER_END:
case AUDIT_USER_AVC:
if (!cap_raised(eff_cap, CAP_AUDIT_WRITE)) if (!cap_raised(eff_cap, CAP_AUDIT_WRITE))
err = -EPERM; err = -EPERM;
break; break;
...@@ -402,15 +394,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) ...@@ -402,15 +394,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
audit_set_backlog_limit(status_get->backlog_limit, audit_set_backlog_limit(status_get->backlog_limit,
loginuid); loginuid);
break; break;
case AUDIT_USER: case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
case AUDIT_USER_AUTH:
case AUDIT_USER_ACCT:
case AUDIT_USER_MGMT:
case AUDIT_CRED_ACQ:
case AUDIT_CRED_DISP:
case AUDIT_USER_START:
case AUDIT_USER_END:
case AUDIT_USER_AVC:
ab = audit_log_start(NULL, msg_type); ab = audit_log_start(NULL, msg_type);
if (!ab) if (!ab)
break; /* audit_panic has been called */ break; /* audit_panic has been called */
......
...@@ -98,14 +98,6 @@ static struct nlmsg_perm nlmsg_audit_perms[] = ...@@ -98,14 +98,6 @@ static struct nlmsg_perm nlmsg_audit_perms[] =
{ AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, { AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
{ AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, { AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
{ AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ }, { AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ },
{ AUDIT_USER_AUTH, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
{ AUDIT_USER_ACCT, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
{ AUDIT_USER_MGMT, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
{ AUDIT_CRED_ACQ, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
{ AUDIT_CRED_DISP, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
{ AUDIT_USER_START, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
{ AUDIT_USER_END, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
{ AUDIT_USER_AVC, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
}; };
...@@ -150,8 +142,13 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm) ...@@ -150,8 +142,13 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
break; break;
case SECCLASS_NETLINK_AUDIT_SOCKET: case SECCLASS_NETLINK_AUDIT_SOCKET:
err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms, if (nlmsg_type >= AUDIT_FIRST_USER_MSG &&
sizeof(nlmsg_audit_perms)); nlmsg_type <= AUDIT_LAST_USER_MSG) {
*perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY;
} else {
err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,
sizeof(nlmsg_audit_perms));
}
break; break;
/* No messaging from userspace, or class unknown/unhandled */ /* No messaging from userspace, or class unknown/unhandled */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment