aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/audit.h19
-rw-r--r--kernel/audit.c2
-rw-r--r--security/selinux/nlmsgtab.c6
3 files changed, 21 insertions, 6 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 2408cb77899c..fd65078e794a 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -33,11 +33,20 @@
33 * 1200 - 1299 messages internal to the audit daemon 33 * 1200 - 1299 messages internal to the audit daemon
34 * 1300 - 1399 audit event messages 34 * 1300 - 1399 audit event messages
35 * 1400 - 1499 SE Linux use 35 * 1400 - 1499 SE Linux use
36 * 1500 - 1999 future use 36 * 1500 - 1599 kernel LSPP events
37 * 2000 is for otherwise unclassified kernel audit messages 37 * 1600 - 1699 kernel crypto events
38 * 1700 - 1999 future kernel use (maybe integrity labels and related events)
39 * 2000 is for otherwise unclassified kernel audit messages (legacy)
40 * 2001 - 2099 unused (kernel)
41 * 2100 - 2199 user space anomaly records
42 * 2200 - 2299 user space actions taken in response to anomalies
43 * 2300 - 2399 user space generated LSPP events
44 * 2400 - 2499 user space crypto events
45 * 2500 - 2999 future user space (maybe integrity labels and related events)
38 * 46 *
39 * Messages from 1000-1199 are bi-directional. 1200-1299 are exclusively user 47 * Messages from 1000-1199 are bi-directional. 1200-1299 & 2100 - 2999 are
40 * space. Anything over that is kernel --> user space communication. 48 * exclusively user space. 1300-2099 is kernel --> user space
49 * communication.
41 */ 50 */
42#define AUDIT_GET 1000 /* Get status */ 51#define AUDIT_GET 1000 /* Get status */
43#define AUDIT_SET 1001 /* Set status (enable/disable/auditd) */ 52#define AUDIT_SET 1001 /* Set status (enable/disable/auditd) */
@@ -54,6 +63,8 @@
54#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */ 63#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */
55#define AUDIT_USER_AVC 1107 /* We filter this differently */ 64#define AUDIT_USER_AVC 1107 /* We filter this differently */
56#define AUDIT_LAST_USER_MSG 1199 65#define AUDIT_LAST_USER_MSG 1199
66#define AUDIT_FIRST_USER_MSG2 2100 /* More user space messages */
67#define AUDIT_LAST_USER_MSG2 2999
57 68
58#define AUDIT_DAEMON_START 1200 /* Daemon startup record */ 69#define AUDIT_DAEMON_START 1200 /* Daemon startup record */
59#define AUDIT_DAEMON_END 1201 /* Daemon normal stop record */ 70#define AUDIT_DAEMON_END 1201 /* Daemon normal stop record */
diff --git a/kernel/audit.c b/kernel/audit.c
index 973ca5a9e0d6..6d61dd79a605 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -369,6 +369,7 @@ static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type)
369 break; 369 break;
370 case AUDIT_USER: 370 case AUDIT_USER:
371 case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: 371 case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
372 case AUDIT_FIRST_USER_MSG2...AUDIT_LAST_USER_MSG2:
372 if (!cap_raised(eff_cap, CAP_AUDIT_WRITE)) 373 if (!cap_raised(eff_cap, CAP_AUDIT_WRITE))
373 err = -EPERM; 374 err = -EPERM;
374 break; 375 break;
@@ -449,6 +450,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
449 break; 450 break;
450 case AUDIT_USER: 451 case AUDIT_USER:
451 case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: 452 case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
453 case AUDIT_FIRST_USER_MSG2...AUDIT_LAST_USER_MSG2:
452 if (!audit_enabled && msg_type != AUDIT_USER_AVC) 454 if (!audit_enabled && msg_type != AUDIT_USER_AVC)
453 return 0; 455 return 0;
454 456
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 69b9329b2054..d7c0e912c5f3 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -145,8 +145,10 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
145 break; 145 break;
146 146
147 case SECCLASS_NETLINK_AUDIT_SOCKET: 147 case SECCLASS_NETLINK_AUDIT_SOCKET:
148 if (nlmsg_type >= AUDIT_FIRST_USER_MSG && 148 if ((nlmsg_type >= AUDIT_FIRST_USER_MSG &&
149 nlmsg_type <= AUDIT_LAST_USER_MSG) { 149 nlmsg_type <= AUDIT_LAST_USER_MSG) ||
150 (nlmsg_type >= AUDIT_FIRST_USER_MSG2 &&
151 nlmsg_type <= AUDIT_LAST_USER_MSG2)) {
150 *perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY; 152 *perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY;
151 } else { 153 } else {
152 err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms, 154 err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,