aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2006-09-29 20:05:05 -0400
committerDavid S. Miller <davem@davemloft.net>2006-09-29 20:05:05 -0400
commit95d4e6be25a68cd9fbe8c0d356b585504d8db1c7 (patch)
tree2133c970e6786bdf82004ace225b6bca19b9ddba /include
parentd6c641026dec68acfb4b0baa98aad960e963ed97 (diff)
[NetLabel]: audit fixups due to delayed feedback
Fix some issues Steve Grubb had with the way NetLabel was using the audit subsystem. This should make NetLabel more consistent with other kernel generated audit messages specifying configuration changes. Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r--include/linux/audit.h11
-rw-r--r--include/net/cipso_ipv4.h4
-rw-r--r--include/net/netlabel.h8
3 files changed, 14 insertions, 9 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 42719d07612a..c3aa09751814 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -95,12 +95,11 @@
95#define AUDIT_MAC_POLICY_LOAD 1403 /* Policy file load */ 95#define AUDIT_MAC_POLICY_LOAD 1403 /* Policy file load */
96#define AUDIT_MAC_STATUS 1404 /* Changed enforcing,permissive,off */ 96#define AUDIT_MAC_STATUS 1404 /* Changed enforcing,permissive,off */
97#define AUDIT_MAC_CONFIG_CHANGE 1405 /* Changes to booleans */ 97#define AUDIT_MAC_CONFIG_CHANGE 1405 /* Changes to booleans */
98#define AUDIT_MAC_UNLBL_ACCEPT 1406 /* NetLabel: allow unlabeled traffic */ 98#define AUDIT_MAC_UNLBL_ALLOW 1406 /* NetLabel: allow unlabeled traffic */
99#define AUDIT_MAC_UNLBL_DENY 1407 /* NetLabel: deny unlabeled traffic */ 99#define AUDIT_MAC_CIPSOV4_ADD 1407 /* NetLabel: add CIPSOv4 DOI entry */
100#define AUDIT_MAC_CIPSOV4_ADD 1408 /* NetLabel: add CIPSOv4 DOI entry */ 100#define AUDIT_MAC_CIPSOV4_DEL 1408 /* NetLabel: del CIPSOv4 DOI entry */
101#define AUDIT_MAC_CIPSOV4_DEL 1409 /* NetLabel: del CIPSOv4 DOI entry */ 101#define AUDIT_MAC_MAP_ADD 1409 /* NetLabel: add LSM domain mapping */
102#define AUDIT_MAC_MAP_ADD 1410 /* NetLabel: add LSM domain mapping */ 102#define AUDIT_MAC_MAP_DEL 1410 /* NetLabel: del LSM domain mapping */
103#define AUDIT_MAC_MAP_DEL 1411 /* NetLabel: del LSM domain mapping */
104 103
105#define AUDIT_FIRST_KERN_ANOM_MSG 1700 104#define AUDIT_FIRST_KERN_ANOM_MSG 1700
106#define AUDIT_LAST_KERN_ANOM_MSG 1799 105#define AUDIT_LAST_KERN_ANOM_MSG 1799
diff --git a/include/net/cipso_ipv4.h b/include/net/cipso_ipv4.h
index 5d6ae1b2b196..718b4d9c891f 100644
--- a/include/net/cipso_ipv4.h
+++ b/include/net/cipso_ipv4.h
@@ -129,7 +129,7 @@ extern int cipso_v4_rbm_strictvalid;
129#ifdef CONFIG_NETLABEL 129#ifdef CONFIG_NETLABEL
130int cipso_v4_doi_add(struct cipso_v4_doi *doi_def); 130int cipso_v4_doi_add(struct cipso_v4_doi *doi_def);
131int cipso_v4_doi_remove(u32 doi, 131int cipso_v4_doi_remove(u32 doi,
132 u32 audit_secid, 132 struct netlbl_audit *audit_info,
133 void (*callback) (struct rcu_head * head)); 133 void (*callback) (struct rcu_head * head));
134struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi); 134struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi);
135int cipso_v4_doi_walk(u32 *skip_cnt, 135int cipso_v4_doi_walk(u32 *skip_cnt,
@@ -145,7 +145,7 @@ static inline int cipso_v4_doi_add(struct cipso_v4_doi *doi_def)
145} 145}
146 146
147static inline int cipso_v4_doi_remove(u32 doi, 147static inline int cipso_v4_doi_remove(u32 doi,
148 u32 audit_secid, 148 struct netlbl_audit *audit_info,
149 void (*callback) (struct rcu_head * head)) 149 void (*callback) (struct rcu_head * head))
150{ 150{
151 return 0; 151 return 0;
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 190bfdbbdba6..c63a58058e21 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -92,11 +92,17 @@
92 * 92 *
93 */ 93 */
94 94
95/* NetLabel audit information */
96struct netlbl_audit {
97 u32 secid;
98 uid_t loginuid;
99};
100
95/* Domain mapping definition struct */ 101/* Domain mapping definition struct */
96struct netlbl_dom_map; 102struct netlbl_dom_map;
97 103
98/* Domain mapping operations */ 104/* Domain mapping operations */
99int netlbl_domhsh_remove(const char *domain, u32 audit_secid); 105int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info);
100 106
101/* LSM security attributes */ 107/* LSM security attributes */
102struct netlbl_lsm_cache { 108struct netlbl_lsm_cache {