[PATCH] audit syscall classes

Allow to tie upper bits of syscall bitmap in audit rules to kernel-defined sets of syscalls. Infrastructure, a couple of classes (with 32bit counterparts for biarch targets) and actual tie-in on i386, amd64 and ia64. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Al Viro <viro@zeniv.linux.org.uk> 2006-07-01 03:56:16 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> 2006-07-01 07:44:10 -0400
commit: b915543b46a2aa599fdd2169e51bcfd88812a12b (patch)
tree: 8025e6654829d4c245b5b6b6f47a84543ebffb7b /include
parent: 6e5a2d1d32596850a0ebf7fb3e54c0d69901dabd (diff)
3 files changed, 39 insertions, 0 deletions
diff --git a/include/asm-generic/audit_change_attr.h b/include/asm-generic/audit_change_attr.h
new file mode 100644
index 000000000000..cb05bf69745a
--- /dev/null
+++ b/include/asm-generic/audit_change_attr.h
@@ -0,0 +1,18 @@
+__NR_chmod,
+__NR_fchmod,
+__NR_chown,
+__NR_fchown,
+__NR_lchown,
+__NR_setxattr,
+__NR_lsetxattr,
+__NR_fsetxattr,
+__NR_removexattr,
+__NR_lremovexattr,
+__NR_fremovexattr,
+__NR_fchownat,
+__NR_fchmodat,
+#ifdef __NR_chown32
+__NR_chown32,
+__NR_fchown32,
+__NR_lchown32,
+#endif
diff --git a/include/asm-generic/audit_dir_write.h b/include/asm-generic/audit_dir_write.h
new file mode 100644
index 000000000000..161a7a58fbab
--- /dev/null
+++ b/include/asm-generic/audit_dir_write.h
@@ -0,0 +1,14 @@
+__NR_rename,
+__NR_mkdir,
+__NR_rmdir,
+__NR_creat,
+__NR_link,
+__NR_unlink,
+__NR_symlink,
+__NR_mknod,
+__NR_mkdirat,
+__NR_mknodat,
+__NR_unlinkat,
+__NR_renameat,
+__NR_linkat,
+__NR_symlinkat,
diff --git a/include/linux/audit.h b/include/linux/audit.h
index c211f0a2abb4..b27d7debc5a1 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -127,6 +127,12 @@
 #define AUDIT_WORD(nr) ((__u32)((nr)/32))
 #define AUDIT_BIT(nr)  (1 << ((nr) - AUDIT_WORD(nr)*32))
+#define AUDIT_SYSCALL_CLASSES 16
+#define AUDIT_CLASS_DIR_WRITE 0
+#define AUDIT_CLASS_DIR_WRITE_32 1
+#define AUDIT_CLASS_CHATTR 2
+#define AUDIT_CLASS_CHATTR_32 3
 /* This bitmask is used to validate user input.  It represents all bits that
 * are currently used in an audit field constant understood by the kernel.
 * If you are adding a new #define AUDIT_<whatever>, please ensure that
@@ -307,6 +313,7 @@ struct mqstat;
 #define AUDITSC_SUCCESS 1
 #define AUDITSC_FAILURE 2
 #define AUDITSC_RESULT(x) ( ((long)(x))<0?AUDITSC_FAILURE:AUDITSC_SUCCESS )
+extern int __init audit_register_class(int class, unsigned *list);
 #ifdef CONFIG_AUDITSYSCALL
 /* These are defined in auditsc.c */
                                /* Public API */
author	Al Viro <viro@zeniv.linux.org.uk>	2006-07-01 03:56:16 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	2006-07-01 07:44:10 -0400
commit	b915543b46a2aa599fdd2169e51bcfd88812a12b (patch)
tree	8025e6654829d4c245b5b6b6f47a84543ebffb7b /include
parent	6e5a2d1d32596850a0ebf7fb3e54c0d69901dabd (diff)

diff --git a/include/asm-generic/audit_change_attr.h b/include/asm-generic/audit_change_attr.h new file mode 100644 index 000000000000..cb05bf69745a --- /dev/null +++ b/include/asm-generic/audit_change_attr.h
@@ -0,0 +1,18 @@
		1	__NR_chmod,
		2	__NR_fchmod,
		3	__NR_chown,
		4	__NR_fchown,
		5	__NR_lchown,
		6	__NR_setxattr,
		7	__NR_lsetxattr,
		8	__NR_fsetxattr,
		9	__NR_removexattr,
		10	__NR_lremovexattr,
		11	__NR_fremovexattr,
		12	__NR_fchownat,
		13	__NR_fchmodat,
		14	#ifdef __NR_chown32
		15	__NR_chown32,
		16	__NR_fchown32,
		17	__NR_lchown32,
		18	#endif


diff --git a/include/asm-generic/audit_dir_write.h b/include/asm-generic/audit_dir_write.h new file mode 100644 index 000000000000..161a7a58fbab --- /dev/null +++ b/include/asm-generic/audit_dir_write.h
@@ -0,0 +1,14 @@
		1	__NR_rename,
		2	__NR_mkdir,
		3	__NR_rmdir,
		4	__NR_creat,
		5	__NR_link,
		6	__NR_unlink,
		7	__NR_symlink,
		8	__NR_mknod,
		9	__NR_mkdirat,
		10	__NR_mknodat,
		11	__NR_unlinkat,
		12	__NR_renameat,
		13	__NR_linkat,
		14	__NR_symlinkat,


diff --git a/include/linux/audit.h b/include/linux/audit.h index c211f0a2abb4..b27d7debc5a1 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h
@@ -127,6 +127,12 @@
127	#define AUDIT_WORD(nr) ((__u32)((nr)/32))	127	#define AUDIT_WORD(nr) ((__u32)((nr)/32))
128	#define AUDIT_BIT(nr) (1 << ((nr) - AUDIT_WORD(nr)*32))	128	#define AUDIT_BIT(nr) (1 << ((nr) - AUDIT_WORD(nr)*32))
129		129
		130	#define AUDIT_SYSCALL_CLASSES 16
		131	#define AUDIT_CLASS_DIR_WRITE 0
		132	#define AUDIT_CLASS_DIR_WRITE_32 1
		133	#define AUDIT_CLASS_CHATTR 2
		134	#define AUDIT_CLASS_CHATTR_32 3
		135
130	/* This bitmask is used to validate user input. It represents all bits that	136	/* This bitmask is used to validate user input. It represents all bits that
131	* are currently used in an audit field constant understood by the kernel.	137	* are currently used in an audit field constant understood by the kernel.
132	* If you are adding a new #define AUDIT_<whatever>, please ensure that	138	* If you are adding a new #define AUDIT_<whatever>, please ensure that
@@ -307,6 +313,7 @@ struct mqstat;
307	#define AUDITSC_SUCCESS 1	313	#define AUDITSC_SUCCESS 1
308	#define AUDITSC_FAILURE 2	314	#define AUDITSC_FAILURE 2
309	#define AUDITSC_RESULT(x) ( ((long)(x))<0?AUDITSC_FAILURE:AUDITSC_SUCCESS )	315	#define AUDITSC_RESULT(x) ( ((long)(x))<0?AUDITSC_FAILURE:AUDITSC_SUCCESS )
		316	extern int __init audit_register_class(int class, unsigned *list);
310	#ifdef CONFIG_AUDITSYSCALL	317	#ifdef CONFIG_AUDITSYSCALL
311	/* These are defined in auditsc.c */	318	/* These are defined in auditsc.c */
312	/* Public API */	319	/* Public API */