aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorDarrel Goeddel <dgoeddel@trustedcs.com>2006-06-29 17:57:08 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2006-07-01 05:44:19 -0400
commit6e5a2d1d32596850a0ebf7fb3e54c0d69901dabd (patch)
tree27718d7df96c9b9f08a2ba333aa36c8e9ebbadfe /kernel
parent3a6b9f85c641a3b89420b0c8150ed377526a1fe1 (diff)
[PATCH] audit: support for object context filters
This patch introduces object audit filters based on the elements of the SELinux context. Signed-off-by: Darrel Goeddel <dgoeddel@trustedcs.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> kernel/auditfilter.c | 25 +++++++++++++++++++++++++ kernel/auditsc.c | 40 ++++++++++++++++++++++++++++++++++++++++ security/selinux/ss/services.c | 18 +++++++++++++++++- 3 files changed, 82 insertions(+), 1 deletion(-) Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/auditfilter.c25
-rw-r--r--kernel/auditsc.c40
2 files changed, 65 insertions, 0 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 40a9931a13e2..7f2ea8b84a27 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -475,6 +475,11 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
475 case AUDIT_SUBJ_TYPE: 475 case AUDIT_SUBJ_TYPE:
476 case AUDIT_SUBJ_SEN: 476 case AUDIT_SUBJ_SEN:
477 case AUDIT_SUBJ_CLR: 477 case AUDIT_SUBJ_CLR:
478 case AUDIT_OBJ_USER:
479 case AUDIT_OBJ_ROLE:
480 case AUDIT_OBJ_TYPE:
481 case AUDIT_OBJ_LEV_LOW:
482 case AUDIT_OBJ_LEV_HIGH:
478 str = audit_unpack_string(&bufp, &remain, f->val); 483 str = audit_unpack_string(&bufp, &remain, f->val);
479 if (IS_ERR(str)) 484 if (IS_ERR(str))
480 goto exit_free; 485 goto exit_free;
@@ -616,6 +621,11 @@ static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule)
616 case AUDIT_SUBJ_TYPE: 621 case AUDIT_SUBJ_TYPE:
617 case AUDIT_SUBJ_SEN: 622 case AUDIT_SUBJ_SEN:
618 case AUDIT_SUBJ_CLR: 623 case AUDIT_SUBJ_CLR:
624 case AUDIT_OBJ_USER:
625 case AUDIT_OBJ_ROLE:
626 case AUDIT_OBJ_TYPE:
627 case AUDIT_OBJ_LEV_LOW:
628 case AUDIT_OBJ_LEV_HIGH:
619 data->buflen += data->values[i] = 629 data->buflen += data->values[i] =
620 audit_pack_string(&bufp, f->se_str); 630 audit_pack_string(&bufp, f->se_str);
621 break; 631 break;
@@ -659,6 +669,11 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b)
659 case AUDIT_SUBJ_TYPE: 669 case AUDIT_SUBJ_TYPE:
660 case AUDIT_SUBJ_SEN: 670 case AUDIT_SUBJ_SEN:
661 case AUDIT_SUBJ_CLR: 671 case AUDIT_SUBJ_CLR:
672 case AUDIT_OBJ_USER:
673 case AUDIT_OBJ_ROLE:
674 case AUDIT_OBJ_TYPE:
675 case AUDIT_OBJ_LEV_LOW:
676 case AUDIT_OBJ_LEV_HIGH:
662 if (strcmp(a->fields[i].se_str, b->fields[i].se_str)) 677 if (strcmp(a->fields[i].se_str, b->fields[i].se_str))
663 return 1; 678 return 1;
664 break; 679 break;
@@ -779,6 +794,11 @@ static struct audit_entry *audit_dupe_rule(struct audit_krule *old,
779 case AUDIT_SUBJ_TYPE: 794 case AUDIT_SUBJ_TYPE:
780 case AUDIT_SUBJ_SEN: 795 case AUDIT_SUBJ_SEN:
781 case AUDIT_SUBJ_CLR: 796 case AUDIT_SUBJ_CLR:
797 case AUDIT_OBJ_USER:
798 case AUDIT_OBJ_ROLE:
799 case AUDIT_OBJ_TYPE:
800 case AUDIT_OBJ_LEV_LOW:
801 case AUDIT_OBJ_LEV_HIGH:
782 err = audit_dupe_selinux_field(&new->fields[i], 802 err = audit_dupe_selinux_field(&new->fields[i],
783 &old->fields[i]); 803 &old->fields[i]);
784 break; 804 break;
@@ -1542,6 +1562,11 @@ static inline int audit_rule_has_selinux(struct audit_krule *rule)
1542 case AUDIT_SUBJ_TYPE: 1562 case AUDIT_SUBJ_TYPE:
1543 case AUDIT_SUBJ_SEN: 1563 case AUDIT_SUBJ_SEN:
1544 case AUDIT_SUBJ_CLR: 1564 case AUDIT_SUBJ_CLR:
1565 case AUDIT_OBJ_USER:
1566 case AUDIT_OBJ_ROLE:
1567 case AUDIT_OBJ_TYPE:
1568 case AUDIT_OBJ_LEV_LOW:
1569 case AUDIT_OBJ_LEV_HIGH:
1545 return 1; 1570 return 1;
1546 } 1571 }
1547 } 1572 }
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 1d24fade17e6..ae40ac8c39e7 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -342,6 +342,46 @@ static int audit_filter_rules(struct task_struct *tsk,
342 ctx); 342 ctx);
343 } 343 }
344 break; 344 break;
345 case AUDIT_OBJ_USER:
346 case AUDIT_OBJ_ROLE:
347 case AUDIT_OBJ_TYPE:
348 case AUDIT_OBJ_LEV_LOW:
349 case AUDIT_OBJ_LEV_HIGH:
350 /* The above note for AUDIT_SUBJ_USER...AUDIT_SUBJ_CLR
351 also applies here */
352 if (f->se_rule) {
353 /* Find files that match */
354 if (name) {
355 result = selinux_audit_rule_match(
356 name->osid, f->type, f->op,
357 f->se_rule, ctx);
358 } else if (ctx) {
359 for (j = 0; j < ctx->name_count; j++) {
360 if (selinux_audit_rule_match(
361 ctx->names[j].osid,
362 f->type, f->op,
363 f->se_rule, ctx)) {
364 ++result;
365 break;
366 }
367 }
368 }
369 /* Find ipc objects that match */
370 if (ctx) {
371 struct audit_aux_data *aux;
372 for (aux = ctx->aux; aux;
373 aux = aux->next) {
374 if (aux->type == AUDIT_IPC) {
375 struct audit_aux_data_ipcctl *axi = (void *)aux;
376 if (selinux_audit_rule_match(axi->osid, f->type, f->op, f->se_rule, ctx)) {
377 ++result;
378 break;
379 }
380 }
381 }
382 }
383 }
384 break;
345 case AUDIT_ARG0: 385 case AUDIT_ARG0:
346 case AUDIT_ARG1: 386 case AUDIT_ARG1:
347 case AUDIT_ARG2: 387 case AUDIT_ARG2: