Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dd34b5d7 authored Mar 05, 2009 by Eric Paris Committed by James Morris Mar 06, 2009

SELinux: new permission between tty audit and audit socket



New selinux permission to separate the ability to turn on tty auditing from
the ability to set audit rules.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: James Morris <jmorris@namei.org>

parent 6a25b27d

security/selinux/include/av_perm_to_string.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -153,6 +153,7 @@
		S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write")
		S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_RELAY, "nlmsg_relay")
		S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv")
		S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT, "nlmsg_tty_audit")
		S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read")
		S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write")
		S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto")

security/selinux/include/av_permissions.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -708,6 +708,7 @@
		#define NETLINK_AUDIT_SOCKET__NLMSG_WRITE 0x00800000UL
		#define NETLINK_AUDIT_SOCKET__NLMSG_RELAY 0x01000000UL
		#define NETLINK_AUDIT_SOCKET__NLMSG_READPRIV 0x02000000UL
		#define NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT 0x04000000UL
		#define NETLINK_IP6FW_SOCKET__IOCTL 0x00000001UL
		#define NETLINK_IP6FW_SOCKET__READ 0x00000002UL
		#define NETLINK_IP6FW_SOCKET__WRITE 0x00000004UL

security/selinux/nlmsgtab.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -113,7 +113,7 @@ static struct nlmsg_perm nlmsg_audit_perms[] =
		{ AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
		{ AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ },
		{ AUDIT_TTY_GET, NETLINK_AUDIT_SOCKET__NLMSG_READ },
		{ AUDIT_TTY_SET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
		{ AUDIT_TTY_SET, NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT },
		};