netlink: add decoding of NETLINK_AUDIT message types

* xlat/nl_audit_types.in: New file.
* netlink.c: Include <linux/audit.h> and "xlat/nl_audit_types.h".
(nlmsg_types): Add NETLINK_AUDIT.

Co-authored-by: Fabien Siron <fabien.siron@epita.fr>

diff --git a/netlink.c b/netlink.c
index c2da66b97a845a0ebe65af463165edc88413c840..40b33933ade786d6d7d8ca46b81f4b43e52feaca 100644 (file)
--- a/netlink.c
+++ b/netlink.c
@@ -29,10 +29,12 @@
 
 #include "defs.h"
 #include <sys/socket.h>
+#include <linux/audit.h>
 #include <linux/netlink.h>
 #include "xlat/netlink_flags.h"
 #include "xlat/netlink_protocols.h"
 #include "xlat/netlink_types.h"
+#include "xlat/nl_audit_types.h"
 #include "xlat/nl_sock_diag_types.h"
 
 #undef NLMSG_HDRLEN
@@ -93,6 +95,7 @@ static const struct {
        const struct xlat *const xlat;
        const char *const dflt;
 } nlmsg_types[] = {
+       [NETLINK_AUDIT] = { nl_audit_types, "AUDIT_???" },
        [NETLINK_SOCK_DIAG] = { nl_sock_diag_types, "SOCK_DIAG_???" }
 };
 

diff --git a/xlat/nl_audit_types.in b/xlat/nl_audit_types.in
new file mode 100644 (file)
index 0000000..8b52010
--- /dev/null
+++ b/xlat/nl_audit_types.in
@@ -0,0 +1,98 @@
+AUDIT_GET      1000
+AUDIT_SET      1001
+AUDIT_LIST     1002
+AUDIT_ADD      1003
+AUDIT_DEL      1004
+AUDIT_USER     1005
+AUDIT_LOGIN    1006
+AUDIT_WATCH_INS        1007
+AUDIT_WATCH_REM        1008
+AUDIT_WATCH_LIST       1009
+AUDIT_SIGNAL_INFO      1010
+AUDIT_ADD_RULE 1011
+AUDIT_DEL_RULE 1012
+AUDIT_LIST_RULES       1013
+AUDIT_TRIM     1014
+AUDIT_MAKE_EQUIV       1015
+AUDIT_TTY_GET  1016
+AUDIT_TTY_SET  1017
+AUDIT_SET_FEATURE      1018
+AUDIT_GET_FEATURE      1019
+
+AUDIT_FIRST_USER_MSG   1100
+AUDIT_USER_AVC 1107
+AUDIT_USER_TTY 1124
+AUDIT_LAST_USER_MSG    1199
+
+AUDIT_DAEMON_START     1200
+AUDIT_DAEMON_END       1201
+AUDIT_DAEMON_ABORT     1202
+AUDIT_DAEMON_CONFIG    1203
+
+AUDIT_SYSCALL  1300
+AUDIT_FS_WATCH 1301
+AUDIT_PATH     1302
+AUDIT_IPC      1303
+AUDIT_SOCKETCALL       1304
+AUDIT_CONFIG_CHANGE    1305
+AUDIT_SOCKADDR 1306
+AUDIT_CWD      1307
+AUDIT_EXECVE   1309
+AUDIT_IPC_SET_PERM     1311
+AUDIT_MQ_OPEN  1312
+AUDIT_MQ_SENDRECV      1313
+AUDIT_MQ_NOTIFY        1314
+AUDIT_MQ_GETSETATTR    1315
+AUDIT_KERNEL_OTHER     1316
+AUDIT_FD_PAIR  1317
+AUDIT_OBJ_PID  1318
+AUDIT_TTY      1319
+AUDIT_EOE      1320
+AUDIT_BPRM_FCAPS       1321
+AUDIT_CAPSET   1322
+AUDIT_MMAP     1323
+AUDIT_NETFILTER_PKT    1324
+AUDIT_NETFILTER_CFG    1325
+AUDIT_SECCOMP  1326
+AUDIT_PROCTITLE        1327
+AUDIT_FEATURE_CHANGE   1328
+AUDIT_REPLACE  1329
+AUDIT_KERN_MODULE      1330
+
+AUDIT_AVC      1400
+AUDIT_SELINUX_ERR      1401
+AUDIT_AVC_PATH 1402
+AUDIT_MAC_POLICY_LOAD  1403
+AUDIT_MAC_STATUS       1404
+AUDIT_MAC_CONFIG_CHANGE        1405
+AUDIT_MAC_UNLBL_ALLOW  1406
+AUDIT_MAC_CIPSOV4_ADD  1407
+AUDIT_MAC_CIPSOV4_DEL  1408
+AUDIT_MAC_MAP_ADD      1409
+AUDIT_MAC_MAP_DEL      1410
+AUDIT_MAC_IPSEC_ADDSA  1411
+AUDIT_MAC_IPSEC_DELSA  1412
+AUDIT_MAC_IPSEC_ADDSPD 1413
+AUDIT_MAC_IPSEC_DELSPD 1414
+AUDIT_MAC_IPSEC_EVENT  1415
+AUDIT_MAC_UNLBL_STCADD 1416
+AUDIT_MAC_UNLBL_STCDEL 1417
+AUDIT_MAC_CALIPSO_ADD  1418
+AUDIT_MAC_CALIPSO_DEL  1419
+
+AUDIT_ANOM_PROMISCUOUS 1700
+AUDIT_ANOM_ABEND       1701
+AUDIT_ANOM_LINK        1702
+AUDIT_LAST_KERN_ANOM_MSG       1799
+
+AUDIT_INTEGRITY_DATA   1800
+AUDIT_INTEGRITY_METADATA       1801
+AUDIT_INTEGRITY_STATUS 1802
+AUDIT_INTEGRITY_HASH   1803
+AUDIT_INTEGRITY_PCR    1804
+AUDIT_INTEGRITY_RULE   1805
+
+AUDIT_KERNEL   2000
+
+AUDIT_FIRST_USER_MSG2  2100
+AUDIT_LAST_USER_MSG2   2999