integrity: audit update

Based on discussions on linux-audit, as per Steve Grubb's request http://lkml.org/lkml/2009/2/6/269, the following changes were made: - forced audit result to be either 0 or 1. - made template names const - Added new stand-alone message type: AUDIT_INTEGRITY_RULE Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Acked-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
author: Mimi Zohar <zohar@linux.vnet.ibm.com> 2009-02-11 11:12:28 -0500
committer: James Morris <jmorris@namei.org> 2009-02-11 17:40:14 -0500
commit: 523979adfa0b79d4e3aa053220c37a9233294206 (patch)
tree: 15ff42f935f9d443220edb118f3980432f924360 /security/integrity/ima/ima_policy.c
parent: ed850a52af971528b048812c4215cef298af0d3b (diff)
1 files changed, 9 insertions, 8 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 23810e0bfc68..b5291ad5ef56 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -12,7 +12,6 @@
 */
 #include <linux/module.h>
 #include <linux/list.h>
-#include <linux/audit.h>
 #include <linux/security.h>
 #include <linux/magic.h>
 #include <linux/parser.h>
@@ -239,8 +238,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
        char *p;
        int result = 0;
-        ab = audit_log_start(current->audit_context, GFP_KERNEL,
+        ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE);
-                             AUDIT_INTEGRITY_STATUS);
        entry->action = -1;
        while ((p = strsep(&rule, " \n")) != NULL) {
@@ -345,15 +343,14 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
                                                   AUDIT_SUBJ_TYPE);
                        break;
                case Opt_err:
-                        printk(KERN_INFO "%s: unknown token: %s\n",
+                        audit_log_format(ab, "UNKNOWN=%s ", p);
-                               __FUNCTION__, p);
                        break;
                }
        }
        if (entry->action == UNKNOWN)
                result = -EINVAL;
-        audit_log_format(ab, "res=%d", result);
+        audit_log_format(ab, "res=%d", !result ? 0 : 1);
        audit_log_end(ab);
        return result;
 }
@@ -367,7 +364,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
 */
 int ima_parse_add_rule(char *rule)
 {
-        const char *op = "add_rule";
+        const char *op = "update_policy";
        struct ima_measure_rule_entry *entry;
        int result = 0;
        int audit_info = 0;
@@ -394,8 +391,12 @@ int ima_parse_add_rule(char *rule)
                mutex_lock(&ima_measure_mutex);
                list_add_tail(&entry->list, &measure_policy_rules);
                mutex_unlock(&ima_measure_mutex);
-        } else
+        } else {
                kfree(entry);
+                integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
+                                    NULL, op, "invalid policy", result,
+                                    audit_info);
+        }
        return result;
 }
author	Mimi Zohar <zohar@linux.vnet.ibm.com>	2009-02-11 11:12:28 -0500
committer	James Morris <jmorris@namei.org>	2009-02-11 17:40:14 -0500
commit	523979adfa0b79d4e3aa053220c37a9233294206 (patch)
tree	15ff42f935f9d443220edb118f3980432f924360 /security/integrity/ima/ima_policy.c
parent	ed850a52af971528b048812c4215cef298af0d3b (diff)