diff options
| author | Amy Griffis <amy.griffis@hp.com> | 2007-03-29 18:01:04 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2007-05-11 05:38:25 -0400 |
| commit | e54dc2431d740a79a6bd013babade99d71b1714f (patch) | |
| tree | 16b0990d5c16946239a17b332f54b5918fb03305 /kernel/audit.h | |
| parent | 7f13da40e36c84d0d046b7adbd060af7d3717250 (diff) | |
[PATCH] audit signal recipients
When auditing syscalls that send signals, log the pid and security
context for each target process. Optimize the data collection by
adding a counter for signal-related rules, and avoiding allocating an
aux struct unless we have more than one target process. For process
groups, collect pid/context data in blocks of 16. Move the
audit_signal_info() hook up in check_kill_permission() so we audit
attempts where permission is denied.
Signed-off-by: Amy Griffis <amy.griffis@hp.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel/audit.h')
| -rw-r--r-- | kernel/audit.h | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/kernel/audit.h b/kernel/audit.h index a3370232a390..815d6f5c04ee 100644 --- a/kernel/audit.h +++ b/kernel/audit.h | |||
| @@ -83,6 +83,7 @@ struct audit_krule { | |||
| 83 | u32 field_count; | 83 | u32 field_count; |
| 84 | char *filterkey; /* ties events to rules */ | 84 | char *filterkey; /* ties events to rules */ |
| 85 | struct audit_field *fields; | 85 | struct audit_field *fields; |
| 86 | struct audit_field *arch_f; /* quick access to arch field */ | ||
| 86 | struct audit_field *inode_f; /* quick access to an inode field */ | 87 | struct audit_field *inode_f; /* quick access to an inode field */ |
| 87 | struct audit_watch *watch; /* associated watch */ | 88 | struct audit_watch *watch; /* associated watch */ |
| 88 | struct list_head rlist; /* entry in audit_watch.rules list */ | 89 | struct list_head rlist; /* entry in audit_watch.rules list */ |
| @@ -131,17 +132,19 @@ extern void audit_handle_ievent(struct inotify_watch *, u32, u32, u32, | |||
| 131 | extern int selinux_audit_rule_update(void); | 132 | extern int selinux_audit_rule_update(void); |
| 132 | 133 | ||
| 133 | #ifdef CONFIG_AUDITSYSCALL | 134 | #ifdef CONFIG_AUDITSYSCALL |
| 134 | extern void __audit_signal_info(int sig, struct task_struct *t); | 135 | extern int __audit_signal_info(int sig, struct task_struct *t); |
| 135 | static inline void audit_signal_info(int sig, struct task_struct *t) | 136 | static inline int audit_signal_info(int sig, struct task_struct *t) |
| 136 | { | 137 | { |
| 137 | if (unlikely(audit_pid && t->tgid == audit_pid)) | 138 | if (unlikely((audit_pid && t->tgid == audit_pid) || |
| 138 | __audit_signal_info(sig, t); | 139 | (audit_signals && !audit_dummy_context()))) |
| 140 | return __audit_signal_info(sig, t); | ||
| 141 | return 0; | ||
| 139 | } | 142 | } |
| 140 | extern enum audit_state audit_filter_inodes(struct task_struct *, | 143 | extern enum audit_state audit_filter_inodes(struct task_struct *, |
| 141 | struct audit_context *); | 144 | struct audit_context *); |
| 142 | extern void audit_set_auditable(struct audit_context *); | 145 | extern void audit_set_auditable(struct audit_context *); |
| 143 | #else | 146 | #else |
| 144 | #define audit_signal_info(s,t) | 147 | #define audit_signal_info(s,t) AUDIT_DISABLED |
| 145 | #define audit_filter_inodes(t,c) AUDIT_DISABLED | 148 | #define audit_filter_inodes(t,c) AUDIT_DISABLED |
| 146 | #define audit_set_auditable(c) | 149 | #define audit_set_auditable(c) |
| 147 | #endif | 150 | #endif |