integrity: audit update

Based on discussions on linux-audit, as per Steve Grubb's request
http://lkml.org/lkml/2009/2/6/269, the following changes were made:
- forced audit result to be either 0 or 1.
- made template names const
- Added new stand-alone message type: AUDIT_INTEGRITY_RULE

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>

1 files changed, 3 insertions, 1 deletions

diff --git a/include/linux/audit.h b/include/linux/audit.h
index 930939abfbc6..4fa2810b675e 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -36,7 +36,8 @@
  * 1500 - 1599 kernel LSPP events
  * 1600 - 1699 kernel crypto events
  * 1700 - 1799 kernel anomaly records
- * 1800 - 1999 future kernel use (maybe integrity labels and related events)
+ * 1800 - 1899 kernel integrity events
+ * 1900 - 1999 future kernel use
  * 2000 is for otherwise unclassified kernel audit messages (legacy)
  * 2001 - 2099 unused (kernel)
  * 2100 - 2199 user space anomaly records
@@ -130,6 +131,7 @@
 #define AUDIT_INTEGRITY_STATUS      1802 /* Integrity enable status */
 #define AUDIT_INTEGRITY_HASH        1803 /* Integrity HASH type */
 #define AUDIT_INTEGRITY_PCR         1804 /* PCR invalidation msgs */
+#define AUDIT_INTEGRITY_RULE        1805 /* policy rule */
 
 #define AUDIT_KERNEL            2000    /* Asynchronous audit record. NOT A REQUEST. */