AUDIT: Treat all user messages identically. (209aba03) · Commits · EulixOS / Software / Kernel

include/linux/audit.h

+2 −15

Original line number	Diff line number	Diff line
		@@ -51,14 +51,8 @@
		#define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */
		#define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */

		#define AUDIT_USER_AUTH 1100 /* User space authentication */
		#define AUDIT_USER_ACCT 1101 /* User space acct change */
		#define AUDIT_USER_MGMT 1102 /* User space acct management */
		#define AUDIT_CRED_ACQ 1103 /* User space credential acquired */
		#define AUDIT_CRED_DISP 1104 /* User space credential disposed */
		#define AUDIT_USER_START 1105 /* User space session start */
		#define AUDIT_USER_END 1106 /* User space session end */
		#define AUDIT_USER_AVC 1107 /* User space avc message */
		#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages uninteresting to kernel */
		#define AUDIT_LAST_USER_MSG 1199

		#define AUDIT_DAEMON_START 1200 /* Daemon startup record */
		#define AUDIT_DAEMON_END 1201 /* Daemon normal stop record */
		@@ -173,13 +167,6 @@
		#define AUDIT_ARCH_V850 (EM_V850\|__AUDIT_ARCH_LE)
		#define AUDIT_ARCH_X86_64 (EM_X86_64\|__AUDIT_ARCH_64BIT\|__AUDIT_ARCH_LE)

		#ifndef __KERNEL__
		struct audit_message {
		struct nlmsghdr nlh;
		char data[1200];
		};
		#endif

		struct audit_status {
		__u32 mask; /* Bit mask for valid entries */
		__u32 enabled; /* 1 = enabled, 0 = disabled */

+2 −18

Original line number	Diff line number	Diff line
		@@ -325,15 +325,7 @@ static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type)
		if (!cap_raised(eff_cap, CAP_AUDIT_CONTROL))
		err = -EPERM;
		break;
		case AUDIT_USER:
		case AUDIT_USER_AUTH:
		case AUDIT_USER_ACCT:
		case AUDIT_USER_MGMT:
		case AUDIT_CRED_ACQ:
		case AUDIT_CRED_DISP:
		case AUDIT_USER_START:
		case AUDIT_USER_END:
		case AUDIT_USER_AVC:
		case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
		if (!cap_raised(eff_cap, CAP_AUDIT_WRITE))
		err = -EPERM;
		break;
		@@ -402,15 +394,7 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
		audit_set_backlog_limit(status_get->backlog_limit,
		loginuid);
		break;
		case AUDIT_USER:
		case AUDIT_USER_AUTH:
		case AUDIT_USER_ACCT:
		case AUDIT_USER_MGMT:
		case AUDIT_CRED_ACQ:
		case AUDIT_CRED_DISP:
		case AUDIT_USER_START:
		case AUDIT_USER_END:
		case AUDIT_USER_AVC:
		case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
		ab = audit_log_start(NULL, msg_type);
		if (!ab)
		break; /* audit_panic has been called */

+7 −10

Original line number	Diff line number	Diff line
		@@ -98,14 +98,6 @@ static struct nlmsg_perm nlmsg_audit_perms[] =
		{ AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
		{ AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
		{ AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ },
		{ AUDIT_USER_AUTH, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
		{ AUDIT_USER_ACCT, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
		{ AUDIT_USER_MGMT, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
		{ AUDIT_CRED_ACQ, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
		{ AUDIT_CRED_DISP, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
		{ AUDIT_USER_START, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
		{ AUDIT_USER_END, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
		{ AUDIT_USER_AVC, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
		};


		@@ -150,8 +142,13 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
		break;

		case SECCLASS_NETLINK_AUDIT_SOCKET:
		if (nlmsg_type >= AUDIT_FIRST_USER_MSG &&
		nlmsg_type <= AUDIT_LAST_USER_MSG) {
		*perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY;
		} else {
		err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,
		sizeof(nlmsg_audit_perms));
		}
		break;

		/* No messaging from userspace, or class unknown/unhandled */