---

yaml
---
r: 2203
b: refs/heads/master
c: 209aba0
h: refs/heads/master
i:
  2201: 88b164d
  2199: 65692f6
v: v3

[refs]

@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 3ec3b2fba526ead2fa3f3d7c91924f39a0733749
+refs/heads/master: 209aba03243ee42a22f8df8d08aa9963f62aec64

trunk/include/linux/audit.h

@@ -51,14 +51,8 @@
 #define AUDIT_WATCH_LIST	1009	/* List all file/dir watches */
 #define AUDIT_SIGNAL_INFO	1010	/* Get info about sender of signal to auditd */
 
-#define AUDIT_USER_AUTH		1100	/* User space authentication */
-#define AUDIT_USER_ACCT		1101	/* User space acct change */
-#define AUDIT_USER_MGMT		1102	/* User space acct management */
-#define AUDIT_CRED_ACQ		1103	/* User space credential acquired */
-#define AUDIT_CRED_DISP		1104	/* User space credential disposed */
-#define AUDIT_USER_START	1105	/* User space session start */ 
-#define AUDIT_USER_END		1106	/* User space session end */
-#define AUDIT_USER_AVC		1107	/* User space avc message */
+#define AUDIT_FIRST_USER_MSG	1100	/* Userspace messages uninteresting to kernel */
+#define AUDIT_LAST_USER_MSG	1199
 
 #define AUDIT_DAEMON_START      1200    /* Daemon startup record */
 #define AUDIT_DAEMON_END        1201    /* Daemon normal stop record */
@@ -173,13 +167,6 @@
 #define AUDIT_ARCH_V850		(EM_V850|__AUDIT_ARCH_LE)
 #define AUDIT_ARCH_X86_64	(EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
 
-#ifndef __KERNEL__
-struct audit_message {
-	struct nlmsghdr nlh;
-	char		data[1200];
-};
-#endif
-
 struct audit_status {
 	__u32		mask;		/* Bit mask for valid entries */
 	__u32		enabled;	/* 1 = enabled, 0 = disabled */

trunk/kernel/audit.c

@@ -325,15 +325,7 @@ static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type)
 		if (!cap_raised(eff_cap, CAP_AUDIT_CONTROL))
 			err = -EPERM;
 		break;
-	case AUDIT_USER:
-	case AUDIT_USER_AUTH:
-	case AUDIT_USER_ACCT:
-	case AUDIT_USER_MGMT:
-	case AUDIT_CRED_ACQ:
-	case AUDIT_CRED_DISP:
-	case AUDIT_USER_START:
-	case AUDIT_USER_END:
-	case AUDIT_USER_AVC:
+	case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
 		if (!cap_raised(eff_cap, CAP_AUDIT_WRITE))
 			err = -EPERM;
 		break;
@@ -402,15 +394,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 			audit_set_backlog_limit(status_get->backlog_limit,
 							loginuid);
 		break;
-	case AUDIT_USER:
-	case AUDIT_USER_AUTH:
-	case AUDIT_USER_ACCT:
-	case AUDIT_USER_MGMT:
-	case AUDIT_CRED_ACQ:
-	case AUDIT_CRED_DISP:
-	case AUDIT_USER_START:
-	case AUDIT_USER_END:
-	case AUDIT_USER_AVC:
+	case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
 		ab = audit_log_start(NULL, msg_type);
 		if (!ab)
 			break;	/* audit_panic has been called */

trunk/security/selinux/nlmsgtab.c

@@ -98,14 +98,6 @@ static struct nlmsg_perm nlmsg_audit_perms[] =
 	{ AUDIT_DEL,		NETLINK_AUDIT_SOCKET__NLMSG_WRITE    },
 	{ AUDIT_USER,		NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
 	{ AUDIT_SIGNAL_INFO,	NETLINK_AUDIT_SOCKET__NLMSG_READ     },
-	{ AUDIT_USER_AUTH,	NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-	{ AUDIT_USER_ACCT,	NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-	{ AUDIT_USER_MGMT,	NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-	{ AUDIT_CRED_ACQ,	NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-	{ AUDIT_CRED_DISP,	NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-	{ AUDIT_USER_START,	NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-	{ AUDIT_USER_END,	NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
-	{ AUDIT_USER_AVC,	NETLINK_AUDIT_SOCKET__NLMSG_RELAY    },
 };
 
 
@@ -150,8 +142,13 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
 		break;
 
 	case SECCLASS_NETLINK_AUDIT_SOCKET:
-		err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,
-				 sizeof(nlmsg_audit_perms));
+		if (nlmsg_type >= AUDIT_FIRST_USER_MSG &&
+		    nlmsg_type <= AUDIT_LAST_USER_MSG) {
+			*perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY;
+		} else {
+			err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,
+					 sizeof(nlmsg_audit_perms));
+		}
 		break;
 
 	/* No messaging from userspace, or class unknown/unhandled */