LSM/Audit: Introduce generic Audit LSM hooks

Introduce a generic Audit interface for security modules
by adding the following new LSM hooks:

audit_rule_init(field, op, rulestr, lsmrule)
audit_rule_known(krule)
audit_rule_match(secid, field, op, rule, actx)
audit_rule_free(rule)

Those hooks are only available if CONFIG_AUDIT is enabled.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: James Morris <jmorris@namei.org>
Reviewed-by: Paul Moore <paul.moore@hp.com>

1 files changed, 30 insertions, 1 deletions

diff --git a/security/dummy.c b/security/dummy.c
index fb2e942efbb6..1ac9f8e66aa2 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -993,6 +993,30 @@ static inline int dummy_key_permission(key_ref_t key_ref,
 }
 #endif /* CONFIG_KEYS */
 
+#ifdef CONFIG_AUDIT
+static inline int dummy_audit_rule_init(u32 field, u32 op, char *rulestr,
+                                        void **lsmrule)
+{
+        return 0;
+}
+
+static inline int dummy_audit_rule_known(struct audit_krule *krule)
+{
+        return 0;
+}
+
+static inline int dummy_audit_rule_match(u32 secid, u32 field, u32 op,
+                                         void *lsmrule,
+                                         struct audit_context *actx)
+{
+        return 0;
+}
+
+static inline void dummy_audit_rule_free(void *lsmrule)
+{ }
+
+#endif /* CONFIG_AUDIT */
+
 struct security_operations dummy_security_ops;
 
 #define set_to_dummy_if_null(ops, function)                             \
@@ -1182,6 +1206,11 @@ void security_fixup_ops (struct security_operations *ops)
         set_to_dummy_if_null(ops, key_free);
         set_to_dummy_if_null(ops, key_permission);
 #endif  /* CONFIG_KEYS */
-
+#ifdef CONFIG_AUDIT
+        set_to_dummy_if_null(ops, audit_rule_init);
+        set_to_dummy_if_null(ops, audit_rule_known);
+        set_to_dummy_if_null(ops, audit_rule_match);
+        set_to_dummy_if_null(ops, audit_rule_free);
+#endif
 }