audit: kernel generated netlink traffic should have a portid of 0

We were setting the portid incorrectly in the netlink message headers, fix that to always be 0 (nlmsg_pid = 0). Signed-off-by: Paul Moore <paul@paul-moore.com> Reviewed-by: Richard Guy Briggs <rgb@redhat.com>
author: Paul Moore <paul@paul-moore.com> 2017-05-02 10:16:05 -0400
committer: Paul Moore <paul@paul-moore.com> 2017-05-02 10:16:05 -0400
commit: 45a0642b4d021a2f50d5db9c191b5bfe60bfa1c7 (patch)
tree: d63e9090ba3ebaa02cb6c94717b5c285c1fd93ec
parent: a9d1620877748375cf60b43ef3fa5f61ab6d9f24 (diff)
4 files changed, 14 insertions, 29 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 504e784b7ffa..cc0497c39472 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -163,8 +163,7 @@ extern void audit_log_task_info(struct audit_buffer *ab,
 extern int                  audit_update_lsm_rules(void);
                                /* Private API (for audit.c only) */
-extern int audit_rule_change(int type, __u32 portid, int seq,
+extern int audit_rule_change(int type, int seq, void *data, size_t datasz);
-                                void *data, size_t datasz);
 extern int audit_list_rules_send(struct sk_buff *request_skb, int seq);
 extern u32 audit_enabled;
diff --git a/kernel/audit.c b/kernel/audit.c
index eff602c1aa79..b40f3c4727e1 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -250,14 +250,6 @@ static struct sock *audit_get_sk(const struct net *net)
        return aunet->sk;
 }
-static void audit_set_portid(struct audit_buffer *ab, __u32 portid)
-{
-        if (ab) {
-                struct nlmsghdr *nlh = nlmsg_hdr(ab->skb);
-                nlh->nlmsg_pid = portid;
-        }
-}
 void audit_panic(const char *message)
 {
        switch (audit_failure) {
@@ -816,7 +808,7 @@ int audit_send_list(void *_dest)
        return 0;
 }
-struct sk_buff *audit_make_reply(__u32 portid, int seq, int type, int done,
+struct sk_buff *audit_make_reply(int seq, int type, int done,
                                 int multi, const void *payload, int size)
 {
        struct sk_buff  *skb;
@@ -829,7 +821,7 @@ struct sk_buff *audit_make_reply(__u32 portid, int seq, int type, int done,
        if (!skb)
                return NULL;
-        nlh     = nlmsg_put(skb, portid, seq, t, size, flags);
+        nlh     = nlmsg_put(skb, 0, seq, t, size, flags);
        if (!nlh)
                goto out_kfree_skb;
        data = nlmsg_data(nlh);
@@ -873,7 +865,6 @@ static int audit_send_reply_thread(void *arg)
 static void audit_send_reply(struct sk_buff *request_skb, int seq, int type, int done,
                             int multi, const void *payload, int size)
 {
-        u32 portid = NETLINK_CB(request_skb).portid;
        struct net *net = sock_net(NETLINK_CB(request_skb).sk);
        struct sk_buff *skb;
        struct task_struct *tsk;
@@ -883,12 +874,12 @@ static void audit_send_reply(struct sk_buff *request_skb, int seq, int type, int
        if (!reply)
                return;
-        skb = audit_make_reply(portid, seq, type, done, multi, payload, size);
+        skb = audit_make_reply(seq, type, done, multi, payload, size);
        if (!skb)
                goto out;
        reply->net = get_net(net);
-        reply->portid = portid;
+        reply->portid = NETLINK_CB(request_skb).portid;
        reply->skb = skb;
        tsk = kthread_run(audit_send_reply_thread, reply, "audit_send_reply");
@@ -1072,7 +1063,7 @@ static int audit_replace(pid_t pid)
 {
        struct sk_buff *skb;
-        skb = audit_make_reply(0, 0, AUDIT_REPLACE, 0, 0, &pid, sizeof(pid));
+        skb = audit_make_reply(0, AUDIT_REPLACE, 0, 0, &pid, sizeof(pid));
        if (!skb)
                return -ENOMEM;
        return auditd_send_unicast_skb(skb);
@@ -1242,7 +1233,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                                        size--;
                                audit_log_n_untrustedstring(ab, data, size);
                        }
-                        audit_set_portid(ab, NETLINK_CB(skb).portid);
                        audit_log_end(ab);
                }
                break;
@@ -1256,8 +1246,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                        audit_log_end(ab);
                        return -EPERM;
                }
-                err = audit_rule_change(msg_type, NETLINK_CB(skb).portid,
+                err = audit_rule_change(msg_type, seq, data, nlmsg_len(nlh));
-                                           seq, data, nlmsg_len(nlh));
                break;
        case AUDIT_LIST_RULES:
                err = audit_list_rules_send(skb, seq);
diff --git a/kernel/audit.h b/kernel/audit.h
index 0d87f8ab8778..18f3c2deeccf 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -237,8 +237,7 @@ extern int audit_uid_comparator(kuid_t left, u32 op, kuid_t right);
 extern int audit_gid_comparator(kgid_t left, u32 op, kgid_t right);
 extern int parent_len(const char *path);
 extern int audit_compare_dname_path(const char *dname, const char *path, int plen);
-extern struct sk_buff *audit_make_reply(__u32 portid, int seq, int type,
+extern struct sk_buff *audit_make_reply(int seq, int type, int done, int multi,
-                                        int done, int multi,
                                        const void *payload, int size);
 extern void                 audit_panic(const char *message);
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 239d11c3122c..0b0aa5854dac 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1033,7 +1033,7 @@ out:
 }
 /* List rules using struct audit_rule_data. */
-static void audit_list_rules(__u32 portid, int seq, struct sk_buff_head *q)
+static void audit_list_rules(int seq, struct sk_buff_head *q)
 {
        struct sk_buff *skb;
        struct audit_krule *r;
@@ -1048,15 +1048,15 @@ static void audit_list_rules(__u32 portid, int seq, struct sk_buff_head *q)
                        data = audit_krule_to_data(r);
                        if (unlikely(!data))
                                break;
-                        skb = audit_make_reply(portid, seq, AUDIT_LIST_RULES,
+                        skb = audit_make_reply(seq, AUDIT_LIST_RULES, 0, 1,
-                                               0, 1, data,
+                                               data,
                                               sizeof(*data) + data->buflen);
                        if (skb)
                                skb_queue_tail(q, skb);
                        kfree(data);
                }
        }
-        skb = audit_make_reply(portid, seq, AUDIT_LIST_RULES, 1, 1, NULL, 0);
+        skb = audit_make_reply(seq, AUDIT_LIST_RULES, 1, 1, NULL, 0);
        if (skb)
                skb_queue_tail(q, skb);
 }
@@ -1085,13 +1085,11 @@ static void audit_log_rule_change(char *action, struct audit_krule *rule, int re
 /**
 * audit_rule_change - apply all rules to the specified message type
 * @type: audit message type
- * @portid: target port id for netlink audit messages
 * @seq: netlink audit message sequence (serial) number
 * @data: payload data
 * @datasz: size of payload data
 */
-int audit_rule_change(int type, __u32 portid, int seq, void *data,
+int audit_rule_change(int type, int seq, void *data, size_t datasz)
-                        size_t datasz)
 {
        int err = 0;
        struct audit_entry *entry;
@@ -1150,7 +1148,7 @@ int audit_list_rules_send(struct sk_buff *request_skb, int seq)
        skb_queue_head_init(&dest->q);
        mutex_lock(&audit_filter_mutex);
-        audit_list_rules(portid, seq, &dest->q);
+        audit_list_rules(seq, &dest->q);
        mutex_unlock(&audit_filter_mutex);
        tsk = kthread_run(audit_send_list, dest, "audit_send_list");
author	Paul Moore <paul@paul-moore.com>	2017-05-02 10:16:05 -0400
committer	Paul Moore <paul@paul-moore.com>	2017-05-02 10:16:05 -0400
commit	45a0642b4d021a2f50d5db9c191b5bfe60bfa1c7 (patch)
tree	d63e9090ba3ebaa02cb6c94717b5c285c1fd93ec
parent	a9d1620877748375cf60b43ef3fa5f61ab6d9f24 (diff)