diff options
author | Nathaniel Husted <nhusted@gmail.com> | 2012-01-03 14:23:09 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2012-01-17 16:17:01 -0500 |
commit | 29ef73b7a823b77a7cd0bdd7d7cded3fb6c2587b (patch) | |
tree | 4edfccf0b4d2b24c8e6069113eb69bb8c7a9b037 /init | |
parent | 4043cde8ecf7f7d880eb1133c201a3d392fd68c3 (diff) |
Kernel: Audit Support For The ARM Platform
This patch provides functionality to audit system call events on the
ARM platform. The implementation was based off the structure of the
MIPS platform and information in this
(http://lists.fedoraproject.org/pipermail/arm/2009-October/000382.html)
mailing list thread. The required audit_syscall_exit and
audit_syscall_entry checks were added to ptrace using the standard
registers for system call values (r0 through r3). A thread information
flag was added for auditing (TIF_SYSCALL_AUDIT) and a meta-flag was
added (_TIF_SYSCALL_WORK) to simplify modifications to the syscall
entry/exit. Now, if either the TRACE flag is set or the AUDIT flag is
set, the syscall_trace function will be executed. The prober changes
were made to Kconfig to allow CONFIG_AUDITSYSCALL to be enabled.
Due to platform availability limitations, this patch was only tested
on the Android platform running the modified "android-goldfish-2.6.29"
kernel. A test compile was performed using Code Sourcery's
cross-compilation toolset and the current linux-3.0 stable kernel. The
changes compile without error. I'm hoping, due to the simple modifications,
the patch is "obviously correct".
Signed-off-by: Nathaniel Husted <nhusted@gmail.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'init')
-rw-r--r-- | init/Kconfig | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/init/Kconfig b/init/Kconfig index 5ad8b775f2ac..fe25ffbe818b 100644 --- a/init/Kconfig +++ b/init/Kconfig | |||
@@ -355,7 +355,7 @@ config AUDIT | |||
355 | 355 | ||
356 | config AUDITSYSCALL | 356 | config AUDITSYSCALL |
357 | bool "Enable system-call auditing support" | 357 | bool "Enable system-call auditing support" |
358 | depends on AUDIT && (X86 || PPC || S390 || IA64 || UML || SPARC64 || SUPERH) | 358 | depends on AUDIT && (X86 || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || ARM) |
359 | default y if SECURITY_SELINUX | 359 | default y if SECURITY_SELINUX |
360 | help | 360 | help |
361 | Enable low-overhead system-call auditing infrastructure that | 361 | Enable low-overhead system-call auditing infrastructure that |