From 2ef6fc99e0d922a54073e7b6d6465c62f4d3b62b Mon Sep 17 00:00:00 2001
From: Thiébaud Weksteen <tweek@google.com>
Date: Thu, 5 Dec 2024 12:21:00 +1100
Subject: selinux: add netlink nlmsg_type audit message
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add a new audit message type to capture nlmsg-related information. This
is similar to LSM_AUDIT_DATA_IOCTL_OP which was added for the other
SELinux extended permission (ioctl).

Adding a new type is preferred to adding to the existing
lsm_network_audit structure which contains irrelevant information for
the netlink sockets (i.e., dport, sport).

Signed-off-by: Thiébaud Weksteen <tweek@google.com>
[PM: change "nlnk-msgtype" to "nl-msgtype" as discussed]
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
 security/lsm_audit.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'security/lsm_audit.c')

diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 9a8352972086..b2f565c0990a 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -425,6 +425,9 @@ static void dump_common_audit_data(struct audit_buffer *ab,
 	case LSM_AUDIT_DATA_ANONINODE:
 		audit_log_format(ab, " anonclass=%s", a->u.anonclass);
 		break;
+	case LSM_AUDIT_DATA_NLMSGTYPE:
+		audit_log_format(ab, " nl-msgtype=%hu", a->u.nlmsg_type);
+		break;
 	} /* switch (a->type) */
 }
 
-- 
cgit v1.2.3