aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorSteve Grubb <sgrubb@redhat.com>2005-05-13 13:17:42 -0400
committerDavid Woodhouse <dwmw2@shinybook.infradead.org>2005-05-13 13:17:42 -0400
commitc04049939f88b29e235d2da217bce6e8ead44f32 (patch)
tree9bf3ab72b9939c529e7c96f8768bc8b7e1d768c9 /security
parent9ea74f0655412d0fbd12bf9adb6c14c8fe707a42 (diff)
AUDIT: Add message types to audit records
This patch adds more messages types to the audit subsystem so that audit analysis is quicker, intuitive, and more useful. Signed-off-by: Steve Grubb <sgrubb@redhat.com> --- I forgot one type in the big patch. I need to add one for user space originating SE Linux avc messages. This is used by dbus and nscd. -Steve --- Updated to 2.6.12-rc4-mm1. -dwmw2 Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/avc.c4
-rw-r--r--security/selinux/hooks.c2
-rw-r--r--security/selinux/nlmsgtab.c8
-rw-r--r--security/selinux/ss/services.c4
4 files changed, 13 insertions, 5 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 9e71a1bbe01..042f91e9f9d 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -242,7 +242,7 @@ void __init avc_init(void)
242 avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node), 242 avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node),
243 0, SLAB_PANIC, NULL, NULL); 243 0, SLAB_PANIC, NULL, NULL);
244 244
245 audit_log(current->audit_context, "AVC INITIALIZED\n"); 245 audit_log(current->audit_context, AUDIT_KERNEL, "AVC INITIALIZED\n");
246} 246}
247 247
248int avc_get_hash_stats(char *page) 248int avc_get_hash_stats(char *page)
@@ -549,7 +549,7 @@ void avc_audit(u32 ssid, u32 tsid,
549 return; 549 return;
550 } 550 }
551 551
552 ab = audit_log_start(current->audit_context, AUDIT_KERNEL, 0); 552 ab = audit_log_start(current->audit_context, AUDIT_AVC);
553 if (!ab) 553 if (!ab)
554 return; /* audit_panic has been called */ 554 return; /* audit_panic has been called */
555 audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted"); 555 audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted");
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index aae1e794fe4..db845cbd584 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3419,7 +3419,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
3419 err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm); 3419 err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
3420 if (err) { 3420 if (err) {
3421 if (err == -EINVAL) { 3421 if (err == -EINVAL) {
3422 audit_log(current->audit_context, 3422 audit_log(current->audit_context, AUDIT_SELINUX_ERR,
3423 "SELinux: unrecognized netlink message" 3423 "SELinux: unrecognized netlink message"
3424 " type=%hu for sclass=%hu\n", 3424 " type=%hu for sclass=%hu\n",
3425 nlh->nlmsg_type, isec->sclass); 3425 nlh->nlmsg_type, isec->sclass);
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index deac14367d4..67e77acc479 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -98,6 +98,14 @@ static struct nlmsg_perm nlmsg_audit_perms[] =
98 { AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, 98 { AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
99 { AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, 99 { AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
100 { AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ }, 100 { AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ },
101 { AUDIT_USER_AUTH, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
102 { AUDIT_USER_ACCT, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
103 { AUDIT_USER_MGMT, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
104 { AUDIT_CRED_ACQ, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
105 { AUDIT_CRED_DISP, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
106 { AUDIT_USER_START, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
107 { AUDIT_USER_END, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
108 { AUDIT_USER_AVC, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
101}; 109};
102 110
103 111
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 5a820cf88c9..07fdf6ee614 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -365,7 +365,7 @@ static int security_validtrans_handle_fail(struct context *ocontext,
365 goto out; 365 goto out;
366 if (context_struct_to_string(tcontext, &t, &tlen) < 0) 366 if (context_struct_to_string(tcontext, &t, &tlen) < 0)
367 goto out; 367 goto out;
368 audit_log(current->audit_context, 368 audit_log(current->audit_context, AUDIT_SELINUX_ERR,
369 "security_validate_transition: denied for" 369 "security_validate_transition: denied for"
370 " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s", 370 " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
371 o, n, t, policydb.p_class_val_to_name[tclass-1]); 371 o, n, t, policydb.p_class_val_to_name[tclass-1]);
@@ -742,7 +742,7 @@ static int compute_sid_handle_invalid_context(
742 goto out; 742 goto out;
743 if (context_struct_to_string(newcontext, &n, &nlen) < 0) 743 if (context_struct_to_string(newcontext, &n, &nlen) < 0)
744 goto out; 744 goto out;
745 audit_log(current->audit_context, 745 audit_log(current->audit_context, AUDIT_SELINUX_ERR,
746 "security_compute_sid: invalid context %s" 746 "security_compute_sid: invalid context %s"
747 " for scontext=%s" 747 " for scontext=%s"
748 " tcontext=%s" 748 " tcontext=%s"