audit: allow checking the type of audit message in the user filter (62062cf8) · Commits · e / devices / android_kernel_xiaomi_nabu

include/linux/audit.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -438,7 +438,7 @@ static inline void audit_log_secctx(struct audit_buffer *ab, u32 secid)
		extern int audit_update_lsm_rules(void);

		/* Private API (for audit.c only) */
		extern int audit_filter_user(void);
		extern int audit_filter_user(int type);
		extern int audit_filter_type(int type);
		extern int audit_receive_filter(int type, int pid, int seq,
		void *data, size_t datasz, kuid_t loginuid,

kernel/audit.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -737,7 +737,7 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
		if (!audit_enabled && msg_type != AUDIT_USER_AVC)
		return 0;

		err = audit_filter_user();
		err = audit_filter_user(msg_type);
		if (err == 1) {
		err = 0;
		if (msg_type == AUDIT_USER_TTY) {

kernel/auditfilter.c

+25 −3

Original line number	Diff line number	Diff line
		@@ -310,6 +310,18 @@ static u32 audit_to_op(u32 op)
		return n;
		}

		/* check if a field is valid for a given list */
		static int audit_field_valid(struct audit_entry entry, struct audit_field f)
		{
		switch(f->type) {
		case AUDIT_MSGTYPE:
		if (entry->rule.listnr != AUDIT_FILTER_TYPE &&
		entry->rule.listnr != AUDIT_FILTER_USER)
		return -EINVAL;
		break;
		};
		return 0;
		}

		/* Translate struct audit_rule to kernel's rule respresentation.
		* Exists for backward compatibility with userspace. */
		@@ -459,6 +471,13 @@ static struct audit_entry audit_data_to_entry(struct audit_rule_data data,
		f->gid = INVALID_GID;
		f->lsm_str = NULL;
		f->lsm_rule = NULL;

		err = audit_field_valid(entry, f);
		if (err)
		goto exit_free;

		err = -EINVAL;

		switch(f->type) {
		case AUDIT_UID:
		case AUDIT_EUID:
		@@ -1354,7 +1373,7 @@ int audit_compare_dname_path(const char dname, const char path, int parentlen)
		return strncmp(p, dname, dlen);
		}

		static int audit_filter_user_rules(struct audit_krule *rule,
		static int audit_filter_user_rules(struct audit_krule *rule, int type,
		enum audit_state *state)
		{
		int i;
		@@ -1378,6 +1397,9 @@ static int audit_filter_user_rules(struct audit_krule *rule,
		result = audit_uid_comparator(audit_get_loginuid(current),
		f->op, f->uid);
		break;
		case AUDIT_MSGTYPE:
		result = audit_comparator(type, f->op, f->val);
		break;
		case AUDIT_SUBJ_USER:
		case AUDIT_SUBJ_ROLE:
		case AUDIT_SUBJ_TYPE:
		@@ -1404,7 +1426,7 @@ static int audit_filter_user_rules(struct audit_krule *rule,
		return 1;
		}

		int audit_filter_user(void)
		int audit_filter_user(int type)
		{
		enum audit_state state = AUDIT_DISABLED;
		struct audit_entry *e;
		@@ -1412,7 +1434,7 @@ int audit_filter_user(void)

		rcu_read_lock();
		list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) {
		if (audit_filter_user_rules(&e->rule, &state)) {
		if (audit_filter_user_rules(&e->rule, type, &state)) {
		if (state == AUDIT_DISABLED)
		ret = 0;
		break;