diff options
author | Steve Grubb <sgrubb@redhat.com> | 2005-05-13 13:17:42 -0400 |
---|---|---|
committer | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-05-13 13:17:42 -0400 |
commit | c04049939f88b29e235d2da217bce6e8ead44f32 (patch) | |
tree | 9bf3ab72b9939c529e7c96f8768bc8b7e1d768c9 /security | |
parent | 9ea74f0655412d0fbd12bf9adb6c14c8fe707a42 (diff) |
AUDIT: Add message types to audit records
This patch adds more messages types to the audit subsystem so that audit
analysis is quicker, intuitive, and more useful.
Signed-off-by: Steve Grubb <sgrubb@redhat.com>
---
I forgot one type in the big patch. I need to add one for user space
originating SE Linux avc messages. This is used by dbus and nscd.
-Steve
---
Updated to 2.6.12-rc4-mm1.
-dwmw2
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/avc.c | 4 | ||||
-rw-r--r-- | security/selinux/hooks.c | 2 | ||||
-rw-r--r-- | security/selinux/nlmsgtab.c | 8 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 4 |
4 files changed, 13 insertions, 5 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 9e71a1bbe01..042f91e9f9d 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
@@ -242,7 +242,7 @@ void __init avc_init(void) | |||
242 | avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node), | 242 | avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node), |
243 | 0, SLAB_PANIC, NULL, NULL); | 243 | 0, SLAB_PANIC, NULL, NULL); |
244 | 244 | ||
245 | audit_log(current->audit_context, "AVC INITIALIZED\n"); | 245 | audit_log(current->audit_context, AUDIT_KERNEL, "AVC INITIALIZED\n"); |
246 | } | 246 | } |
247 | 247 | ||
248 | int avc_get_hash_stats(char *page) | 248 | int avc_get_hash_stats(char *page) |
@@ -549,7 +549,7 @@ void avc_audit(u32 ssid, u32 tsid, | |||
549 | return; | 549 | return; |
550 | } | 550 | } |
551 | 551 | ||
552 | ab = audit_log_start(current->audit_context, AUDIT_KERNEL, 0); | 552 | ab = audit_log_start(current->audit_context, AUDIT_AVC); |
553 | if (!ab) | 553 | if (!ab) |
554 | return; /* audit_panic has been called */ | 554 | return; /* audit_panic has been called */ |
555 | audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted"); | 555 | audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted"); |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index aae1e794fe4..db845cbd584 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -3419,7 +3419,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) | |||
3419 | err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm); | 3419 | err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm); |
3420 | if (err) { | 3420 | if (err) { |
3421 | if (err == -EINVAL) { | 3421 | if (err == -EINVAL) { |
3422 | audit_log(current->audit_context, | 3422 | audit_log(current->audit_context, AUDIT_SELINUX_ERR, |
3423 | "SELinux: unrecognized netlink message" | 3423 | "SELinux: unrecognized netlink message" |
3424 | " type=%hu for sclass=%hu\n", | 3424 | " type=%hu for sclass=%hu\n", |
3425 | nlh->nlmsg_type, isec->sclass); | 3425 | nlh->nlmsg_type, isec->sclass); |
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index deac14367d4..67e77acc479 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c | |||
@@ -98,6 +98,14 @@ static struct nlmsg_perm nlmsg_audit_perms[] = | |||
98 | { AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, | 98 | { AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, |
99 | { AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, | 99 | { AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, |
100 | { AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ }, | 100 | { AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ }, |
101 | { AUDIT_USER_AUTH, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, | ||
102 | { AUDIT_USER_ACCT, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, | ||
103 | { AUDIT_USER_MGMT, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, | ||
104 | { AUDIT_CRED_ACQ, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, | ||
105 | { AUDIT_CRED_DISP, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, | ||
106 | { AUDIT_USER_START, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, | ||
107 | { AUDIT_USER_END, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, | ||
108 | { AUDIT_USER_AVC, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, | ||
101 | }; | 109 | }; |
102 | 110 | ||
103 | 111 | ||
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 5a820cf88c9..07fdf6ee614 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -365,7 +365,7 @@ static int security_validtrans_handle_fail(struct context *ocontext, | |||
365 | goto out; | 365 | goto out; |
366 | if (context_struct_to_string(tcontext, &t, &tlen) < 0) | 366 | if (context_struct_to_string(tcontext, &t, &tlen) < 0) |
367 | goto out; | 367 | goto out; |
368 | audit_log(current->audit_context, | 368 | audit_log(current->audit_context, AUDIT_SELINUX_ERR, |
369 | "security_validate_transition: denied for" | 369 | "security_validate_transition: denied for" |
370 | " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s", | 370 | " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s", |
371 | o, n, t, policydb.p_class_val_to_name[tclass-1]); | 371 | o, n, t, policydb.p_class_val_to_name[tclass-1]); |
@@ -742,7 +742,7 @@ static int compute_sid_handle_invalid_context( | |||
742 | goto out; | 742 | goto out; |
743 | if (context_struct_to_string(newcontext, &n, &nlen) < 0) | 743 | if (context_struct_to_string(newcontext, &n, &nlen) < 0) |
744 | goto out; | 744 | goto out; |
745 | audit_log(current->audit_context, | 745 | audit_log(current->audit_context, AUDIT_SELINUX_ERR, |
746 | "security_compute_sid: invalid context %s" | 746 | "security_compute_sid: invalid context %s" |
747 | " for scontext=%s" | 747 | " for scontext=%s" |
748 | " tcontext=%s" | 748 | " tcontext=%s" |