AUDIT: Treat all user messages identically.

It's silly to have to add explicit entries for new userspace messages
as we invent them. Just treat all messages in the user range the same.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/include/linux/audit.h b/include/linux/audit.h
index 2f5dc60f8bbd96317ba6fde8488ebd4053c7682e..17ea5d522d814d0f4957ea755d317ada78b4c644 100644 (file)
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -51,14 +51,8 @@
 #define AUDIT_WATCH_LIST       1009    /* List all file/dir watches */
 #define AUDIT_SIGNAL_INFO      1010    /* Get info about sender of signal to auditd */
 
-#define AUDIT_USER_AUTH                1100    /* User space authentication */
-#define AUDIT_USER_ACCT                1101    /* User space acct change */
-#define AUDIT_USER_MGMT                1102    /* User space acct management */
-#define AUDIT_CRED_ACQ         1103    /* User space credential acquired */
-#define AUDIT_CRED_DISP                1104    /* User space credential disposed */
-#define AUDIT_USER_START       1105    /* User space session start */ 
-#define AUDIT_USER_END         1106    /* User space session end */
-#define AUDIT_USER_AVC         1107    /* User space avc message */
+#define AUDIT_FIRST_USER_MSG   1100    /* Userspace messages uninteresting to kernel */
+#define AUDIT_LAST_USER_MSG    1199
  
 #define AUDIT_DAEMON_START      1200    /* Daemon startup record */
 #define AUDIT_DAEMON_END        1201    /* Daemon normal stop record */
@@ -173,13 +167,6 @@
 #define AUDIT_ARCH_V850                (EM_V850|__AUDIT_ARCH_LE)
 #define AUDIT_ARCH_X86_64      (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
 
-#ifndef __KERNEL__
-struct audit_message {
-       struct nlmsghdr nlh;
-       char            data[1200];
-};
-#endif
-
 struct audit_status {
        __u32           mask;           /* Bit mask for valid entries */
        __u32           enabled;        /* 1 = enabled, 0 = disabled */

diff --git a/kernel/audit.c b/kernel/audit.c
index a0e33b6897d718933a6661a688272eb9a2471a0f..e6d88635032c3d298fc30d5e1a55903491ca189b 100644 (file)
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -325,15 +325,7 @@ static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type)
                if (!cap_raised(eff_cap, CAP_AUDIT_CONTROL))
                        err = -EPERM;
                break;
-       case AUDIT_USER:
-       case AUDIT_USER_AUTH:
-       case AUDIT_USER_ACCT:
-       case AUDIT_USER_MGMT:
-       case AUDIT_CRED_ACQ:
-       case AUDIT_CRED_DISP:
-       case AUDIT_USER_START:
-       case AUDIT_USER_END:
-       case AUDIT_USER_AVC:
+       case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
                if (!cap_raised(eff_cap, CAP_AUDIT_WRITE))
                        err = -EPERM;
                break;
@@ -402,15 +394,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                        audit_set_backlog_limit(status_get->backlog_limit,
                                                        loginuid);
                break;
-       case AUDIT_USER:
-       case AUDIT_USER_AUTH:
-       case AUDIT_USER_ACCT:
-       case AUDIT_USER_MGMT:
-       case AUDIT_CRED_ACQ:
-       case AUDIT_CRED_DISP:
-       case AUDIT_USER_START:
-       case AUDIT_USER_END:
-       case AUDIT_USER_AVC:
+       case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
                ab = audit_log_start(NULL, msg_type);
                if (!ab)
                        break;  /* audit_panic has been called */

diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 67e77acc4795832ae4b6a12175adc3614e1aae8a..f0fb6d76f7c5edc32e7184b0bb4b76dcf67f5428 100644 (file)
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -98,14 +98,6 @@ static struct nlmsg_perm nlmsg_audit_perms[] =
        { AUDIT_DEL,            NETLINK_AUDIT_SOCKET__NLMSG_WRITE    },
        { AUDIT_USER,           NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
        { AUDIT_SIGNAL_INFO,    NETLINK_AUDIT_SOCKET__NLMSG_READ     },
-       { AUDIT_USER_AUTH,      NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-       { AUDIT_USER_ACCT,      NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-       { AUDIT_USER_MGMT,      NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-       { AUDIT_CRED_ACQ,       NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-       { AUDIT_CRED_DISP,      NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-       { AUDIT_USER_START,     NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-       { AUDIT_USER_END,       NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-       { AUDIT_USER_AVC,       NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
 };
 
 
@@ -150,8 +142,13 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
                break;
 
        case SECCLASS_NETLINK_AUDIT_SOCKET:
-               err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,
-                                sizeof(nlmsg_audit_perms));
+               if (nlmsg_type >= AUDIT_FIRST_USER_MSG &&
+                   nlmsg_type <= AUDIT_LAST_USER_MSG) {
+                       *perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY;
+               } else {
+                       err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,
+                                        sizeof(nlmsg_audit_perms));
+               }
                break;
 
        /* No messaging from userspace, or class unknown/unhandled */