diff options
author | Amy Griffis <amy.griffis@hp.com> | 2006-02-07 12:05:27 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-03-20 14:08:54 -0500 |
commit | 93315ed6dd12dacfc941f9eb8ca0293aadf99793 (patch) | |
tree | 4fc070c92a1de21d3befe4ce48c733c65d044bb3 /include/linux | |
parent | af601e4623d0303bfafa54ec728b7ae8493a8e1b (diff) |
[PATCH] audit string fields interface + consumer
Updated patch to dynamically allocate audit rule fields in kernel's
internal representation. Added unlikely() calls for testing memory
allocation result.
Amy Griffis wrote: [Wed Jan 11 2006, 02:02:31PM EST]
> Modify audit's kernel-userspace interface to allow the specification
> of string fields in audit rules.
>
> Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
(cherry picked from 5ffc4a863f92351b720fe3e9c5cd647accff9e03 commit)
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/audit.h | 31 |
1 files changed, 27 insertions, 4 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 8868c96ca8a2..8a3b98175c25 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -50,15 +50,18 @@ | |||
50 | */ | 50 | */ |
51 | #define AUDIT_GET 1000 /* Get status */ | 51 | #define AUDIT_GET 1000 /* Get status */ |
52 | #define AUDIT_SET 1001 /* Set status (enable/disable/auditd) */ | 52 | #define AUDIT_SET 1001 /* Set status (enable/disable/auditd) */ |
53 | #define AUDIT_LIST 1002 /* List syscall filtering rules */ | 53 | #define AUDIT_LIST 1002 /* List syscall rules -- deprecated */ |
54 | #define AUDIT_ADD 1003 /* Add syscall filtering rule */ | 54 | #define AUDIT_ADD 1003 /* Add syscall rule -- deprecated */ |
55 | #define AUDIT_DEL 1004 /* Delete syscall filtering rule */ | 55 | #define AUDIT_DEL 1004 /* Delete syscall rule -- deprecated */ |
56 | #define AUDIT_USER 1005 /* Message from userspace -- deprecated */ | 56 | #define AUDIT_USER 1005 /* Message from userspace -- deprecated */ |
57 | #define AUDIT_LOGIN 1006 /* Define the login id and information */ | 57 | #define AUDIT_LOGIN 1006 /* Define the login id and information */ |
58 | #define AUDIT_WATCH_INS 1007 /* Insert file/dir watch entry */ | 58 | #define AUDIT_WATCH_INS 1007 /* Insert file/dir watch entry */ |
59 | #define AUDIT_WATCH_REM 1008 /* Remove file/dir watch entry */ | 59 | #define AUDIT_WATCH_REM 1008 /* Remove file/dir watch entry */ |
60 | #define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */ | 60 | #define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */ |
61 | #define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */ | 61 | #define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */ |
62 | #define AUDIT_ADD_RULE 1011 /* Add syscall filtering rule */ | ||
63 | #define AUDIT_DEL_RULE 1012 /* Delete syscall filtering rule */ | ||
64 | #define AUDIT_LIST_RULES 1013 /* List syscall filtering rules */ | ||
62 | 65 | ||
63 | #define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */ | 66 | #define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */ |
64 | #define AUDIT_USER_AVC 1107 /* We filter this differently */ | 67 | #define AUDIT_USER_AVC 1107 /* We filter this differently */ |
@@ -229,6 +232,26 @@ struct audit_status { | |||
229 | __u32 backlog; /* messages waiting in queue */ | 232 | __u32 backlog; /* messages waiting in queue */ |
230 | }; | 233 | }; |
231 | 234 | ||
235 | /* audit_rule_data supports filter rules with both integer and string | ||
236 | * fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and | ||
237 | * AUDIT_LIST_RULES requests. | ||
238 | */ | ||
239 | struct audit_rule_data { | ||
240 | __u32 flags; /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */ | ||
241 | __u32 action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */ | ||
242 | __u32 field_count; | ||
243 | __u32 mask[AUDIT_BITMASK_SIZE]; | ||
244 | __u32 fields[AUDIT_MAX_FIELDS]; | ||
245 | __u32 values[AUDIT_MAX_FIELDS]; | ||
246 | __u32 fieldflags[AUDIT_MAX_FIELDS]; | ||
247 | __u32 buflen; /* total length of string fields */ | ||
248 | char buf[0]; /* string fields buffer */ | ||
249 | }; | ||
250 | |||
251 | /* audit_rule is supported to maintain backward compatibility with | ||
252 | * userspace. It supports integer fields only and corresponds to | ||
253 | * AUDIT_ADD, AUDIT_DEL and AUDIT_LIST requests. | ||
254 | */ | ||
232 | struct audit_rule { /* for AUDIT_LIST, AUDIT_ADD, and AUDIT_DEL */ | 255 | struct audit_rule { /* for AUDIT_LIST, AUDIT_ADD, and AUDIT_DEL */ |
233 | __u32 flags; /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */ | 256 | __u32 flags; /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */ |
234 | __u32 action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */ | 257 | __u32 action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */ |
@@ -338,7 +361,7 @@ extern void audit_log_d_path(struct audit_buffer *ab, | |||
338 | extern int audit_filter_user(struct netlink_skb_parms *cb, int type); | 361 | extern int audit_filter_user(struct netlink_skb_parms *cb, int type); |
339 | extern int audit_filter_type(int type); | 362 | extern int audit_filter_type(int type); |
340 | extern int audit_receive_filter(int type, int pid, int uid, int seq, | 363 | extern int audit_receive_filter(int type, int pid, int uid, int seq, |
341 | void *data, uid_t loginuid); | 364 | void *data, size_t datasz, uid_t loginuid); |
342 | #else | 365 | #else |
343 | #define audit_log(c,g,t,f,...) do { ; } while (0) | 366 | #define audit_log(c,g,t,f,...) do { ; } while (0) |
344 | #define audit_log_start(c,g,t) ({ NULL; }) | 367 | #define audit_log_start(c,g,t) ({ NULL; }) |