#include <linux/rtnetlink.h>
#include <linux/if.h>
#include <linux/netfilter_ipv4/ip_queue.h>
-#include <linux/tcp_diag.h>
+#include <linux/inet_diag.h>
#include <linux/xfrm.h>
#include <linux/audit.h>
{ RTM_GETPREFIX, NETLINK_ROUTE_SOCKET__NLMSG_READ },
{ RTM_GETMULTICAST, NETLINK_ROUTE_SOCKET__NLMSG_READ },
{ RTM_GETANYCAST, NETLINK_ROUTE_SOCKET__NLMSG_READ },
+ { RTM_GETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_READ },
+ { RTM_SETNEIGHTBL, NETLINK_ROUTE_SOCKET__NLMSG_WRITE },
};
static struct nlmsg_perm nlmsg_firewall_perms[] =
static struct nlmsg_perm nlmsg_tcpdiag_perms[] =
{
{ TCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
+ { DCCPDIAG_GETSOCK, NETLINK_TCPDIAG_SOCKET__NLMSG_READ },
};
static struct nlmsg_perm nlmsg_xfrm_perms[] =
{ AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
{ AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
{ AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ },
- { AUDIT_USER_AUTH, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
- { AUDIT_USER_ACCT, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
- { AUDIT_USER_MGMT, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
- { AUDIT_CRED_ACQ, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
- { AUDIT_CRED_DISP, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
- { AUDIT_USER_START, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
- { AUDIT_USER_END, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
- { AUDIT_USER_AVC, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
};
break;
case SECCLASS_NETLINK_AUDIT_SOCKET:
- err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,
- sizeof(nlmsg_audit_perms));
+ if (nlmsg_type >= AUDIT_FIRST_USER_MSG &&
+ nlmsg_type <= AUDIT_LAST_USER_MSG) {
+ *perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY;
+ } else {
+ err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,
+ sizeof(nlmsg_audit_perms));
+ }
break;
/* No messaging from userspace, or class unknown/unhandled */