aboutsummaryrefslogtreecommitdiffstats
path: root/init
diff options
context:
space:
mode:
authorNathaniel Husted <nhusted@gmail.com>2012-01-03 14:23:09 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2012-01-17 16:17:01 -0500
commit29ef73b7a823b77a7cd0bdd7d7cded3fb6c2587b (patch)
tree4edfccf0b4d2b24c8e6069113eb69bb8c7a9b037 /init
parent4043cde8ecf7f7d880eb1133c201a3d392fd68c3 (diff)
Kernel: Audit Support For The ARM Platform
This patch provides functionality to audit system call events on the ARM platform. The implementation was based off the structure of the MIPS platform and information in this (http://lists.fedoraproject.org/pipermail/arm/2009-October/000382.html) mailing list thread. The required audit_syscall_exit and audit_syscall_entry checks were added to ptrace using the standard registers for system call values (r0 through r3). A thread information flag was added for auditing (TIF_SYSCALL_AUDIT) and a meta-flag was added (_TIF_SYSCALL_WORK) to simplify modifications to the syscall entry/exit. Now, if either the TRACE flag is set or the AUDIT flag is set, the syscall_trace function will be executed. The prober changes were made to Kconfig to allow CONFIG_AUDITSYSCALL to be enabled. Due to platform availability limitations, this patch was only tested on the Android platform running the modified "android-goldfish-2.6.29" kernel. A test compile was performed using Code Sourcery's cross-compilation toolset and the current linux-3.0 stable kernel. The changes compile without error. I'm hoping, due to the simple modifications, the patch is "obviously correct". Signed-off-by: Nathaniel Husted <nhusted@gmail.com> Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'init')
-rw-r--r--init/Kconfig2
1 files changed, 1 insertions, 1 deletions
diff --git a/init/Kconfig b/init/Kconfig
index 5ad8b775f2ac..fe25ffbe818b 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -355,7 +355,7 @@ config AUDIT
355 355
356config AUDITSYSCALL 356config AUDITSYSCALL
357 bool "Enable system-call auditing support" 357 bool "Enable system-call auditing support"
358 depends on AUDIT && (X86 || PPC || S390 || IA64 || UML || SPARC64 || SUPERH) 358 depends on AUDIT && (X86 || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || ARM)
359 default y if SECURITY_SELINUX 359 default y if SECURITY_SELINUX
360 help 360 help
361 Enable low-overhead system-call auditing infrastructure that 361 Enable low-overhead system-call auditing infrastructure that