[PATCH] Define new range of userspace messages.
The attached patch updates various items for the new user space messages. Please apply. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
This commit is contained in:
parent
b63862f465
commit
90d526c074
3 changed files with 21 additions and 6 deletions
|
@ -33,11 +33,20 @@
|
|||
* 1200 - 1299 messages internal to the audit daemon
|
||||
* 1300 - 1399 audit event messages
|
||||
* 1400 - 1499 SE Linux use
|
||||
* 1500 - 1999 future use
|
||||
* 2000 is for otherwise unclassified kernel audit messages
|
||||
* 1500 - 1599 kernel LSPP events
|
||||
* 1600 - 1699 kernel crypto events
|
||||
* 1700 - 1999 future kernel use (maybe integrity labels and related events)
|
||||
* 2000 is for otherwise unclassified kernel audit messages (legacy)
|
||||
* 2001 - 2099 unused (kernel)
|
||||
* 2100 - 2199 user space anomaly records
|
||||
* 2200 - 2299 user space actions taken in response to anomalies
|
||||
* 2300 - 2399 user space generated LSPP events
|
||||
* 2400 - 2499 user space crypto events
|
||||
* 2500 - 2999 future user space (maybe integrity labels and related events)
|
||||
*
|
||||
* Messages from 1000-1199 are bi-directional. 1200-1299 are exclusively user
|
||||
* space. Anything over that is kernel --> user space communication.
|
||||
* Messages from 1000-1199 are bi-directional. 1200-1299 & 2100 - 2999 are
|
||||
* exclusively user space. 1300-2099 is kernel --> user space
|
||||
* communication.
|
||||
*/
|
||||
#define AUDIT_GET 1000 /* Get status */
|
||||
#define AUDIT_SET 1001 /* Set status (enable/disable/auditd) */
|
||||
|
@ -54,6 +63,8 @@
|
|||
#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */
|
||||
#define AUDIT_USER_AVC 1107 /* We filter this differently */
|
||||
#define AUDIT_LAST_USER_MSG 1199
|
||||
#define AUDIT_FIRST_USER_MSG2 2100 /* More user space messages */
|
||||
#define AUDIT_LAST_USER_MSG2 2999
|
||||
|
||||
#define AUDIT_DAEMON_START 1200 /* Daemon startup record */
|
||||
#define AUDIT_DAEMON_END 1201 /* Daemon normal stop record */
|
||||
|
|
|
@ -369,6 +369,7 @@ static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type)
|
|||
break;
|
||||
case AUDIT_USER:
|
||||
case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
|
||||
case AUDIT_FIRST_USER_MSG2...AUDIT_LAST_USER_MSG2:
|
||||
if (!cap_raised(eff_cap, CAP_AUDIT_WRITE))
|
||||
err = -EPERM;
|
||||
break;
|
||||
|
@ -449,6 +450,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
|
|||
break;
|
||||
case AUDIT_USER:
|
||||
case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
|
||||
case AUDIT_FIRST_USER_MSG2...AUDIT_LAST_USER_MSG2:
|
||||
if (!audit_enabled && msg_type != AUDIT_USER_AVC)
|
||||
return 0;
|
||||
|
||||
|
|
|
@ -145,8 +145,10 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
|
|||
break;
|
||||
|
||||
case SECCLASS_NETLINK_AUDIT_SOCKET:
|
||||
if (nlmsg_type >= AUDIT_FIRST_USER_MSG &&
|
||||
nlmsg_type <= AUDIT_LAST_USER_MSG) {
|
||||
if ((nlmsg_type >= AUDIT_FIRST_USER_MSG &&
|
||||
nlmsg_type <= AUDIT_LAST_USER_MSG) ||
|
||||
(nlmsg_type >= AUDIT_FIRST_USER_MSG2 &&
|
||||
nlmsg_type <= AUDIT_LAST_USER_MSG2)) {
|
||||
*perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY;
|
||||
} else {
|
||||
err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,
|
||||
|
|
Loading…
Reference in a new issue