[NetLabel]: add audit support for configuration changes

This patch adds audit support to NetLabel, including six new audit message types shown below. #define AUDIT_MAC_UNLBL_ACCEPT 1406 #define AUDIT_MAC_UNLBL_DENY 1407 #define AUDIT_MAC_CIPSOV4_ADD 1408 #define AUDIT_MAC_CIPSOV4_DEL 1409 #define AUDIT_MAC_MAP_ADD 1410 #define AUDIT_MAC_MAP_DEL 1411 Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Paul Moore <paul.moore@hp.com> 2006-09-28 17:51:47 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2006-09-28 21:03:09 -0400
commit: 32f50cdee666333168b5203c7864bede159f789e (patch)
tree: c4989cc2521551714f656d60f6b895232ffdeda6 /include
parent: 8ea333eb5da3e3219f570220c56bca09f6f4d25a (diff)
3 files changed, 11 insertions, 2 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 40a6c26294ae..42719d07612a 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -95,6 +95,12 @@
 #define AUDIT_MAC_POLICY_LOAD   1403    /* Policy file load */
 #define AUDIT_MAC_STATUS        1404    /* Changed enforcing,permissive,off */
 #define AUDIT_MAC_CONFIG_CHANGE 1405    /* Changes to booleans */
+#define AUDIT_MAC_UNLBL_ACCEPT  1406    /* NetLabel: allow unlabeled traffic */
+#define AUDIT_MAC_UNLBL_DENY    1407    /* NetLabel: deny unlabeled traffic */
+#define AUDIT_MAC_CIPSOV4_ADD   1408    /* NetLabel: add CIPSOv4 DOI entry */
+#define AUDIT_MAC_CIPSOV4_DEL   1409    /* NetLabel: del CIPSOv4 DOI entry */
+#define AUDIT_MAC_MAP_ADD       1410    /* NetLabel: add LSM domain mapping */
+#define AUDIT_MAC_MAP_DEL       1411    /* NetLabel: del LSM domain mapping */
 #define AUDIT_FIRST_KERN_ANOM_MSG   1700
 #define AUDIT_LAST_KERN_ANOM_MSG    1799
diff --git a/include/net/cipso_ipv4.h b/include/net/cipso_ipv4.h
index 2d72496c2029..5d6ae1b2b196 100644
--- a/include/net/cipso_ipv4.h
+++ b/include/net/cipso_ipv4.h
@@ -128,7 +128,9 @@ extern int cipso_v4_rbm_strictvalid;
 #ifdef CONFIG_NETLABEL
 int cipso_v4_doi_add(struct cipso_v4_doi *doi_def);
-int cipso_v4_doi_remove(u32 doi, void (*callback) (struct rcu_head * head));
+int cipso_v4_doi_remove(u32 doi,
+                        u32 audit_secid,
+                        void (*callback) (struct rcu_head * head));
 struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi);
 int cipso_v4_doi_walk(u32 *skip_cnt,
                     int (*callback) (struct cipso_v4_doi *doi_def, void *arg),
@@ -143,6 +145,7 @@ static inline int cipso_v4_doi_add(struct cipso_v4_doi *doi_def)
 }
 static inline int cipso_v4_doi_remove(u32 doi,
+                                    u32 audit_secid,
                                    void (*callback) (struct rcu_head * head))
 {
        return 0;
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 6692430063fd..190bfdbbdba6 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -96,7 +96,7 @@
 struct netlbl_dom_map;
 /* Domain mapping operations */
-int netlbl_domhsh_remove(const char *domain);
+int netlbl_domhsh_remove(const char *domain, u32 audit_secid);
 /* LSM security attributes */
 struct netlbl_lsm_cache {
author	Paul Moore <paul.moore@hp.com>	2006-09-28 17:51:47 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2006-09-28 21:03:09 -0400
commit	32f50cdee666333168b5203c7864bede159f789e (patch)
tree	c4989cc2521551714f656d60f6b895232ffdeda6 /include
parent	8ea333eb5da3e3219f570220c56bca09f6f4d25a (diff)