AUDIT: Treat all user messages identically.

It's silly to have to add explicit entries for new userspace messages as we invent them. Just treat all messages in the user range the same. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2026-05-01 15:00:59 -07:00 · 2005-05-18 10:21:07 +01:00
parent 3ec3b2fba5
commit 209aba0324
3 changed files with 11 additions and 43 deletions
@@ -98,14 +98,6 @@ static struct nlmsg_perm nlmsg_audit_perms[] =
 	{ AUDIT_DEL,		NETLINK_AUDIT_SOCKET__NLMSG_WRITE    },
 	{ AUDIT_USER,		NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
 	{ AUDIT_SIGNAL_INFO,	NETLINK_AUDIT_SOCKET__NLMSG_READ     },
-	{ AUDIT_USER_AUTH,	NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-	{ AUDIT_USER_ACCT,	NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-	{ AUDIT_USER_MGMT,	NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-	{ AUDIT_CRED_ACQ,	NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-	{ AUDIT_CRED_DISP,	NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-	{ AUDIT_USER_START,	NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-	{ AUDIT_USER_END,	NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-	{ AUDIT_USER_AVC,	NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
 };


@@ -150,8 +142,13 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
 		break;

 	case SECCLASS_NETLINK_AUDIT_SOCKET:
-		err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,
-				 sizeof(nlmsg_audit_perms));
+		if (nlmsg_type >= AUDIT_FIRST_USER_MSG &&
+		    nlmsg_type <= AUDIT_LAST_USER_MSG) {
+			*perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY;
+		} else {
+			err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,
+					 sizeof(nlmsg_audit_perms));
+		}
 		break;

 	/* No messaging from userspace, or class unknown/unhandled */