[XFRM]: xfrm audit calls

This patch modifies the current ipsec audit layer
by breaking it up into purpose driven audit calls.

So far, the only audit calls made are when add/delete
an SA/policy. It had been discussed to give each
key manager it's own calls to do this, but I found
there to be much redundnacy since they did the exact
same things, except for how they got auid and sid, so I
combined them. The below audit calls can be made by any
key manager. Hopefully, this is ok.

Signed-off-by: Joy Latten <latten@austin.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 5 insertions, 4 deletions

diff --git a/include/linux/audit.h b/include/linux/audit.h
index d6579df8dadf..9ae740936a65 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -108,10 +108,11 @@
 #define AUDIT_MAC_CIPSOV4_DEL   1408    /* NetLabel: del CIPSOv4 DOI entry */
 #define AUDIT_MAC_MAP_ADD       1409    /* NetLabel: add LSM domain mapping */
 #define AUDIT_MAC_MAP_DEL       1410    /* NetLabel: del LSM domain mapping */
-#define AUDIT_MAC_IPSEC_ADDSA   1411    /* Add a XFRM state */
-#define AUDIT_MAC_IPSEC_DELSA   1412    /* Delete a XFRM state */
-#define AUDIT_MAC_IPSEC_ADDSPD  1413    /* Add a XFRM policy */
-#define AUDIT_MAC_IPSEC_DELSPD  1414    /* Delete a XFRM policy */
+#define AUDIT_MAC_IPSEC_ADDSA   1411    /* Not used */
+#define AUDIT_MAC_IPSEC_DELSA   1412    /* Not used  */
+#define AUDIT_MAC_IPSEC_ADDSPD  1413    /* Not used */
+#define AUDIT_MAC_IPSEC_DELSPD  1414    /* Not used */
+#define AUDIT_MAC_IPSEC_EVENT   1415    /* Audit an IPSec event */
 
 #define AUDIT_FIRST_KERN_ANOM_MSG   1700
 #define AUDIT_LAST_KERN_ANOM_MSG    1799