aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/linux/audit.h17
-rw-r--r--kernel/audit.c20
-rw-r--r--security/selinux/nlmsgtab.c17
3 files changed, 11 insertions, 43 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 2f5dc60f8bbd..17ea5d522d81 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -51,14 +51,8 @@
51#define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */ 51#define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */
52#define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */ 52#define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */
53 53
54#define AUDIT_USER_AUTH 1100 /* User space authentication */ 54#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages uninteresting to kernel */
55#define AUDIT_USER_ACCT 1101 /* User space acct change */ 55#define AUDIT_LAST_USER_MSG 1199
56#define AUDIT_USER_MGMT 1102 /* User space acct management */
57#define AUDIT_CRED_ACQ 1103 /* User space credential acquired */
58#define AUDIT_CRED_DISP 1104 /* User space credential disposed */
59#define AUDIT_USER_START 1105 /* User space session start */
60#define AUDIT_USER_END 1106 /* User space session end */
61#define AUDIT_USER_AVC 1107 /* User space avc message */
62 56
63#define AUDIT_DAEMON_START 1200 /* Daemon startup record */ 57#define AUDIT_DAEMON_START 1200 /* Daemon startup record */
64#define AUDIT_DAEMON_END 1201 /* Daemon normal stop record */ 58#define AUDIT_DAEMON_END 1201 /* Daemon normal stop record */
@@ -173,13 +167,6 @@
173#define AUDIT_ARCH_V850 (EM_V850|__AUDIT_ARCH_LE) 167#define AUDIT_ARCH_V850 (EM_V850|__AUDIT_ARCH_LE)
174#define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) 168#define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
175 169
176#ifndef __KERNEL__
177struct audit_message {
178 struct nlmsghdr nlh;
179 char data[1200];
180};
181#endif
182
183struct audit_status { 170struct audit_status {
184 __u32 mask; /* Bit mask for valid entries */ 171 __u32 mask; /* Bit mask for valid entries */
185 __u32 enabled; /* 1 = enabled, 0 = disabled */ 172 __u32 enabled; /* 1 = enabled, 0 = disabled */
diff --git a/kernel/audit.c b/kernel/audit.c
index a0e33b6897d7..e6d88635032c 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -325,15 +325,7 @@ static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type)
325 if (!cap_raised(eff_cap, CAP_AUDIT_CONTROL)) 325 if (!cap_raised(eff_cap, CAP_AUDIT_CONTROL))
326 err = -EPERM; 326 err = -EPERM;
327 break; 327 break;
328 case AUDIT_USER: 328 case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
329 case AUDIT_USER_AUTH:
330 case AUDIT_USER_ACCT:
331 case AUDIT_USER_MGMT:
332 case AUDIT_CRED_ACQ:
333 case AUDIT_CRED_DISP:
334 case AUDIT_USER_START:
335 case AUDIT_USER_END:
336 case AUDIT_USER_AVC:
337 if (!cap_raised(eff_cap, CAP_AUDIT_WRITE)) 329 if (!cap_raised(eff_cap, CAP_AUDIT_WRITE))
338 err = -EPERM; 330 err = -EPERM;
339 break; 331 break;
@@ -402,15 +394,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
402 audit_set_backlog_limit(status_get->backlog_limit, 394 audit_set_backlog_limit(status_get->backlog_limit,
403 loginuid); 395 loginuid);
404 break; 396 break;
405 case AUDIT_USER: 397 case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
406 case AUDIT_USER_AUTH:
407 case AUDIT_USER_ACCT:
408 case AUDIT_USER_MGMT:
409 case AUDIT_CRED_ACQ:
410 case AUDIT_CRED_DISP:
411 case AUDIT_USER_START:
412 case AUDIT_USER_END:
413 case AUDIT_USER_AVC:
414 ab = audit_log_start(NULL, msg_type); 398 ab = audit_log_start(NULL, msg_type);
415 if (!ab) 399 if (!ab)
416 break; /* audit_panic has been called */ 400 break; /* audit_panic has been called */
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 67e77acc4795..f0fb6d76f7c5 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -98,14 +98,6 @@ static struct nlmsg_perm nlmsg_audit_perms[] =
98 { AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, 98 { AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
99 { AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, 99 { AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
100 { AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ }, 100 { AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ },
101 { AUDIT_USER_AUTH, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
102 { AUDIT_USER_ACCT, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
103 { AUDIT_USER_MGMT, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
104 { AUDIT_CRED_ACQ, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
105 { AUDIT_CRED_DISP, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
106 { AUDIT_USER_START, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
107 { AUDIT_USER_END, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
108 { AUDIT_USER_AVC, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
109}; 101};
110 102
111 103
@@ -150,8 +142,13 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
150 break; 142 break;
151 143
152 case SECCLASS_NETLINK_AUDIT_SOCKET: 144 case SECCLASS_NETLINK_AUDIT_SOCKET:
153 err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms, 145 if (nlmsg_type >= AUDIT_FIRST_USER_MSG &&
154 sizeof(nlmsg_audit_perms)); 146 nlmsg_type <= AUDIT_LAST_USER_MSG) {
147 *perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY;
148 } else {
149 err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,
150 sizeof(nlmsg_audit_perms));
151 }
155 break; 152 break;
156 153
157 /* No messaging from userspace, or class unknown/unhandled */ 154 /* No messaging from userspace, or class unknown/unhandled */
generated by cgit v1.2.2 (git 2.25.0) at 2025-12-21 18:10:01 -0500