Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 90d526c0 authored by Steve Grubb's avatar Steve Grubb Committed by Al Viro
Browse files

[PATCH] Define new range of userspace messages. 



The attached patch updates various items for the new user space
messages. Please apply.

Signed-off-by: default avatarSteve Grubb <sgrubb@redhat.com>
Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
parent b63862f4

include/linux/audit.h

+15 −4
Original line number Diff line number Diff line
@@ -33,11 +33,20 @@ 
 * 1200 - 1299 messages internal to the audit daemon

 * 1300 - 1399 audit event messages

 * 1400 - 1499 SE Linux use

 * 1500 - 1999 future use

 * 2000 is for otherwise unclassified kernel audit messages

 * 1500 - 1599 kernel LSPP events

 * 1600 - 1699 kernel crypto events

 * 1700 - 1999 future kernel use (maybe integrity labels and related events)

 * 2000 is for otherwise unclassified kernel audit messages (legacy)

 * 2001 - 2099 unused (kernel)

 * 2100 - 2199 user space anomaly records

 * 2200 - 2299 user space actions taken in response to anomalies

 * 2300 - 2399 user space generated LSPP events

 * 2400 - 2499 user space crypto events

 * 2500 - 2999 future user space (maybe integrity labels and related events)

 *

 * Messages from 1000-1199 are bi-directional. 1200-1299 are exclusively user

 * space. Anything over that is kernel --> user space communication.

 * Messages from 1000-1199 are bi-directional. 1200-1299 & 2100 - 2999 are

 * exclusively user space. 1300-2099 is kernel --> user space 

 * communication.

 */

#define AUDIT_GET		1000	/* Get status */

#define AUDIT_SET		1001	/* Set status (enable/disable/auditd) */
@@ -54,6 +63,8 @@ 
#define AUDIT_FIRST_USER_MSG	1100	/* Userspace messages mostly uninteresting to kernel */

#define AUDIT_USER_AVC		1107	/* We filter this differently */

#define AUDIT_LAST_USER_MSG	1199

#define AUDIT_FIRST_USER_MSG2	2100	/* More user space messages */

#define AUDIT_LAST_USER_MSG2	2999

 

#define AUDIT_DAEMON_START      1200    /* Daemon startup record */

#define AUDIT_DAEMON_END        1201    /* Daemon normal stop record */

kernel/audit.c

+2 −0
Original line number Diff line number Diff line
@@ -369,6 +369,7 @@ static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type) 
		break;

	case AUDIT_USER:

	case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:

	case AUDIT_FIRST_USER_MSG2...AUDIT_LAST_USER_MSG2:

		if (!cap_raised(eff_cap, CAP_AUDIT_WRITE))

			err = -EPERM;

		break;
@@ -449,6 +450,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 
		break;

	case AUDIT_USER:

	case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:

	case AUDIT_FIRST_USER_MSG2...AUDIT_LAST_USER_MSG2:

		if (!audit_enabled && msg_type != AUDIT_USER_AVC)

			return 0;

security/selinux/nlmsgtab.c

+4 −2
Original line number Diff line number Diff line
@@ -145,8 +145,10 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm) 
		break;



	case SECCLASS_NETLINK_AUDIT_SOCKET:

		if (nlmsg_type >= AUDIT_FIRST_USER_MSG &&

		    nlmsg_type <= AUDIT_LAST_USER_MSG) {

		if ((nlmsg_type >= AUDIT_FIRST_USER_MSG &&

		     nlmsg_type <= AUDIT_LAST_USER_MSG) ||

		    (nlmsg_type >= AUDIT_FIRST_USER_MSG2 &&

                     nlmsg_type <= AUDIT_LAST_USER_MSG2)) {

			*perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY;

		} else {

			err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,