[PATCH] audit syscall classes

Allow to tie upper bits of syscall bitmap in audit rules to kernel-defined sets of syscalls. Infrastructure, a couple of classes (with 32bit counterparts for biarch targets) and actual tie-in on i386, amd64 and ia64. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Al Viro <viro@zeniv.linux.org.uk> 2006-07-01 03:56:16 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> 2006-07-01 07:44:10 -0400
commit: b915543b46a2aa599fdd2169e51bcfd88812a12b (patch)
tree: 8025e6654829d4c245b5b6b6f47a84543ebffb7b /include/linux
parent: 6e5a2d1d32596850a0ebf7fb3e54c0d69901dabd (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index c211f0a2abb4..b27d7debc5a1 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -127,6 +127,12 @@
 #define AUDIT_WORD(nr) ((__u32)((nr)/32))
 #define AUDIT_BIT(nr)  (1 << ((nr) - AUDIT_WORD(nr)*32))
+#define AUDIT_SYSCALL_CLASSES 16
+#define AUDIT_CLASS_DIR_WRITE 0
+#define AUDIT_CLASS_DIR_WRITE_32 1
+#define AUDIT_CLASS_CHATTR 2
+#define AUDIT_CLASS_CHATTR_32 3
 /* This bitmask is used to validate user input.  It represents all bits that
 * are currently used in an audit field constant understood by the kernel.
 * If you are adding a new #define AUDIT_<whatever>, please ensure that
@@ -307,6 +313,7 @@ struct mqstat;
 #define AUDITSC_SUCCESS 1
 #define AUDITSC_FAILURE 2
 #define AUDITSC_RESULT(x) ( ((long)(x))<0?AUDITSC_FAILURE:AUDITSC_SUCCESS )
+extern int __init audit_register_class(int class, unsigned *list);
 #ifdef CONFIG_AUDITSYSCALL
 /* These are defined in auditsc.c */
                                /* Public API */
author	Al Viro <viro@zeniv.linux.org.uk>	2006-07-01 03:56:16 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	2006-07-01 07:44:10 -0400
commit	b915543b46a2aa599fdd2169e51bcfd88812a12b (patch)
tree	8025e6654829d4c245b5b6b6f47a84543ebffb7b /include/linux
parent	6e5a2d1d32596850a0ebf7fb3e54c0d69901dabd (diff)