aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Woodhouse <dwmw2@shinybook.infradead.org>2005-05-18 05:21:07 -0400
committerDavid Woodhouse <dwmw2@shinybook.infradead.org>2005-05-18 05:21:07 -0400
commit209aba03243ee42a22f8df8d08aa9963f62aec64 (patch)
treee45ee43e7af31f847377e8bb3a0a61581732b653
parent3ec3b2fba526ead2fa3f3d7c91924f39a0733749 (diff)
AUDIT: Treat all user messages identically.
It's silly to have to add explicit entries for new userspace messages as we invent them. Just treat all messages in the user range the same. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
-rw-r--r--include/linux/audit.h17
-rw-r--r--kernel/audit.c20
-rw-r--r--security/selinux/nlmsgtab.c17
3 files changed, 11 insertions, 43 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 2f5dc60f8bb..17ea5d522d8 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -51,14 +51,8 @@
51#define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */ 51#define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */
52#define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */ 52#define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */
53 53
54#define AUDIT_USER_AUTH 1100 /* User space authentication */ 54#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages uninteresting to kernel */
55#define AUDIT_USER_ACCT 1101 /* User space acct change */ 55#define AUDIT_LAST_USER_MSG 1199
56#define AUDIT_USER_MGMT 1102 /* User space acct management */
57#define AUDIT_CRED_ACQ 1103 /* User space credential acquired */
58#define AUDIT_CRED_DISP 1104 /* User space credential disposed */
59#define AUDIT_USER_START 1105 /* User space session start */
60#define AUDIT_USER_END 1106 /* User space session end */
61#define AUDIT_USER_AVC 1107 /* User space avc message */
62 56
63#define AUDIT_DAEMON_START 1200 /* Daemon startup record */ 57#define AUDIT_DAEMON_START 1200 /* Daemon startup record */
64#define AUDIT_DAEMON_END 1201 /* Daemon normal stop record */ 58#define AUDIT_DAEMON_END 1201 /* Daemon normal stop record */
@@ -173,13 +167,6 @@
173#define AUDIT_ARCH_V850 (EM_V850|__AUDIT_ARCH_LE) 167#define AUDIT_ARCH_V850 (EM_V850|__AUDIT_ARCH_LE)
174#define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) 168#define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
175 169
176#ifndef __KERNEL__
177struct audit_message {
178 struct nlmsghdr nlh;
179 char data[1200];
180};
181#endif
182
183struct audit_status { 170struct audit_status {
184 __u32 mask; /* Bit mask for valid entries */ 171 __u32 mask; /* Bit mask for valid entries */
185 __u32 enabled; /* 1 = enabled, 0 = disabled */ 172 __u32 enabled; /* 1 = enabled, 0 = disabled */
diff --git a/kernel/audit.c b/kernel/audit.c
index a0e33b6897d..e6d88635032 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -325,15 +325,7 @@ static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type)
325 if (!cap_raised(eff_cap, CAP_AUDIT_CONTROL)) 325 if (!cap_raised(eff_cap, CAP_AUDIT_CONTROL))
326 err = -EPERM; 326 err = -EPERM;
327 break; 327 break;
328 case AUDIT_USER: 328 case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
329 case AUDIT_USER_AUTH:
330 case AUDIT_USER_ACCT:
331 case AUDIT_USER_MGMT:
332 case AUDIT_CRED_ACQ:
333 case AUDIT_CRED_DISP:
334 case AUDIT_USER_START:
335 case AUDIT_USER_END:
336 case AUDIT_USER_AVC:
337 if (!cap_raised(eff_cap, CAP_AUDIT_WRITE)) 329 if (!cap_raised(eff_cap, CAP_AUDIT_WRITE))
338 err = -EPERM; 330 err = -EPERM;
339 break; 331 break;
@@ -402,15 +394,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
402 audit_set_backlog_limit(status_get->backlog_limit, 394 audit_set_backlog_limit(status_get->backlog_limit,
403 loginuid); 395 loginuid);
404 break; 396 break;
405 case AUDIT_USER: 397 case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
406 case AUDIT_USER_AUTH:
407 case AUDIT_USER_ACCT:
408 case AUDIT_USER_MGMT:
409 case AUDIT_CRED_ACQ:
410 case AUDIT_CRED_DISP:
411 case AUDIT_USER_START:
412 case AUDIT_USER_END:
413 case AUDIT_USER_AVC:
414 ab = audit_log_start(NULL, msg_type); 398 ab = audit_log_start(NULL, msg_type);
415 if (!ab) 399 if (!ab)
416 break; /* audit_panic has been called */ 400 break; /* audit_panic has been called */
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 67e77acc479..f0fb6d76f7c 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -98,14 +98,6 @@ static struct nlmsg_perm nlmsg_audit_perms[] =
98 { AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, 98 { AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
99 { AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, 99 { AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
100 { AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ }, 100 { AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ },
101 { AUDIT_USER_AUTH, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
102 { AUDIT_USER_ACCT, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
103 { AUDIT_USER_MGMT, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
104 { AUDIT_CRED_ACQ, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
105 { AUDIT_CRED_DISP, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
106 { AUDIT_USER_START, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
107 { AUDIT_USER_END, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
108 { AUDIT_USER_AVC, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
109}; 101};
110 102
111 103
@@ -150,8 +142,13 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
150 break; 142 break;
151 143
152 case SECCLASS_NETLINK_AUDIT_SOCKET: 144 case SECCLASS_NETLINK_AUDIT_SOCKET:
153 err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms, 145 if (nlmsg_type >= AUDIT_FIRST_USER_MSG &&
154 sizeof(nlmsg_audit_perms)); 146 nlmsg_type <= AUDIT_LAST_USER_MSG) {
147 *perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY;
148 } else {
149 err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,
150 sizeof(nlmsg_audit_perms));
151 }
155 break; 152 break;
156 153
157 /* No messaging from userspace, or class unknown/unhandled */ 154 /* No messaging from userspace, or class unknown/unhandled */