diff options
| author | Dustin Kirkland <dustin.kirkland@us.ibm.com> | 2005-11-03 12:15:16 -0500 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-03-20 14:08:54 -0500 |
| commit | 8c8570fb8feef2bc166bee75a85748b25cda22d9 (patch) | |
| tree | ed783d405ea9d5f3d3ccc57fb56c7b7cb2cdfb82 /include/linux/audit.h | |
| parent | c8edc80c8b8c397c53f4f659a05b9ea6208029bf (diff) | |
[PATCH] Capture selinux subject/object context information.
This patch extends existing audit records with subject/object context
information. Audit records associated with filesystem inodes, ipc, and
tasks now contain SELinux label information in the field "subj" if the
item is performing the action, or in "obj" if the item is the receiver
of an action.
These labels are collected via hooks in SELinux and appended to the
appropriate record in the audit code.
This additional information is required for Common Criteria Labeled
Security Protection Profile (LSPP).
[AV: fixed kmalloc flags use]
[folded leak fixes]
[folded cleanup from akpm (kfree(NULL)]
[folded audit_inode_context() leak fix]
[folded akpm's fix for audit_ipc_perm() definition in case of !CONFIG_AUDIT]
Signed-off-by: Dustin Kirkland <dustin.kirkland@us.ibm.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'include/linux/audit.h')
| -rw-r--r-- | include/linux/audit.h | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 8fa1a8fbc04d..1912d8e8ae90 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
| @@ -285,13 +285,14 @@ extern void auditsc_get_stamp(struct audit_context *ctx, | |||
| 285 | struct timespec *t, unsigned int *serial); | 285 | struct timespec *t, unsigned int *serial); |
| 286 | extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); | 286 | extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); |
| 287 | extern uid_t audit_get_loginuid(struct audit_context *ctx); | 287 | extern uid_t audit_get_loginuid(struct audit_context *ctx); |
| 288 | extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); | 288 | extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode, struct kern_ipc_perm *ipcp); |
| 289 | extern int audit_socketcall(int nargs, unsigned long *args); | 289 | extern int audit_socketcall(int nargs, unsigned long *args); |
| 290 | extern int audit_sockaddr(int len, void *addr); | 290 | extern int audit_sockaddr(int len, void *addr); |
| 291 | extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); | 291 | extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); |
| 292 | extern void audit_signal_info(int sig, struct task_struct *t); | 292 | extern void audit_signal_info(int sig, struct task_struct *t); |
| 293 | extern int audit_filter_user(struct netlink_skb_parms *cb, int type); | 293 | extern int audit_filter_user(struct netlink_skb_parms *cb, int type); |
| 294 | extern int audit_filter_type(int type); | 294 | extern int audit_filter_type(int type); |
| 295 | extern int audit_set_macxattr(const char *name); | ||
| 295 | #else | 296 | #else |
| 296 | #define audit_alloc(t) ({ 0; }) | 297 | #define audit_alloc(t) ({ 0; }) |
| 297 | #define audit_free(t) do { ; } while (0) | 298 | #define audit_free(t) do { ; } while (0) |
| @@ -306,12 +307,13 @@ extern int audit_filter_type(int type); | |||
| 306 | #define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; }) | 307 | #define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; }) |
| 307 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) | 308 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) |
| 308 | #define audit_get_loginuid(c) ({ -1; }) | 309 | #define audit_get_loginuid(c) ({ -1; }) |
| 309 | #define audit_ipc_perms(q,u,g,m) ({ 0; }) | 310 | #define audit_ipc_perms(q,u,g,m,i) ({ 0; }) |
| 310 | #define audit_socketcall(n,a) ({ 0; }) | 311 | #define audit_socketcall(n,a) ({ 0; }) |
| 311 | #define audit_sockaddr(len, addr) ({ 0; }) | 312 | #define audit_sockaddr(len, addr) ({ 0; }) |
| 312 | #define audit_avc_path(dentry, mnt) ({ 0; }) | 313 | #define audit_avc_path(dentry, mnt) ({ 0; }) |
| 313 | #define audit_signal_info(s,t) do { ; } while (0) | 314 | #define audit_signal_info(s,t) do { ; } while (0) |
| 314 | #define audit_filter_user(cb,t) ({ 1; }) | 315 | #define audit_filter_user(cb,t) ({ 1; }) |
| 316 | #define audit_set_macxattr(n) do { ; } while (0) | ||
| 315 | #endif | 317 | #endif |
| 316 | 318 | ||
| 317 | #ifdef CONFIG_AUDIT | 319 | #ifdef CONFIG_AUDIT |
| @@ -340,6 +342,7 @@ extern void audit_send_reply(int pid, int seq, int type, | |||
| 340 | int done, int multi, | 342 | int done, int multi, |
| 341 | void *payload, int size); | 343 | void *payload, int size); |
| 342 | extern void audit_log_lost(const char *message); | 344 | extern void audit_log_lost(const char *message); |
| 345 | extern void audit_panic(const char *message); | ||
| 343 | extern struct semaphore audit_netlink_sem; | 346 | extern struct semaphore audit_netlink_sem; |
| 344 | #else | 347 | #else |
| 345 | #define audit_log(c,g,t,f,...) do { ; } while (0) | 348 | #define audit_log(c,g,t,f,...) do { ; } while (0) |
| @@ -350,6 +353,7 @@ extern struct semaphore audit_netlink_sem; | |||
| 350 | #define audit_log_hex(a,b,l) do { ; } while (0) | 353 | #define audit_log_hex(a,b,l) do { ; } while (0) |
| 351 | #define audit_log_untrustedstring(a,s) do { ; } while (0) | 354 | #define audit_log_untrustedstring(a,s) do { ; } while (0) |
| 352 | #define audit_log_d_path(b,p,d,v) do { ; } while (0) | 355 | #define audit_log_d_path(b,p,d,v) do { ; } while (0) |
| 356 | #define audit_panic(m) do { ; } while (0) | ||
| 353 | #endif | 357 | #endif |
| 354 | #endif | 358 | #endif |
| 355 | #endif | 359 | #endif |