aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux/ss
diff options
context:
space:
mode:
authorSteve Grubb <sgrubb@redhat.com>2006-01-04 09:08:39 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2006-03-20 14:08:54 -0500
commitaf601e4623d0303bfafa54ec728b7ae8493a8e1b (patch)
tree5f79d5ae42eeccfc1ffaf8e82a1999e4d3af793e /security/selinux/ss
parentd884596f44ef5a0bcd8a66405dc04902aeaa6fc7 (diff)
[PATCH] SE Linux audit events
Attached is a patch that hardwires important SE Linux events to the audit system. Please Apply. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'security/selinux/ss')
-rw-r--r--security/selinux/ss/services.c15
1 files changed, 9 insertions, 6 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 8a764928ff4b..d877cd16a813 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1758,19 +1758,22 @@ int security_set_bools(int len, int *values)
1758 goto out; 1758 goto out;
1759 } 1759 }
1760 1760
1761 printk(KERN_INFO "security: committed booleans { ");
1762 for (i = 0; i < len; i++) { 1761 for (i = 0; i < len; i++) {
1762 if (!!values[i] != policydb.bool_val_to_struct[i]->state) {
1763 audit_log(current->audit_context, GFP_ATOMIC,
1764 AUDIT_MAC_CONFIG_CHANGE,
1765 "bool=%s val=%d old_val=%d auid=%u",
1766 policydb.p_bool_val_to_name[i],
1767 !!values[i],
1768 policydb.bool_val_to_struct[i]->state,
1769 audit_get_loginuid(current->audit_context));
1770 }
1763 if (values[i]) { 1771 if (values[i]) {
1764 policydb.bool_val_to_struct[i]->state = 1; 1772 policydb.bool_val_to_struct[i]->state = 1;
1765 } else { 1773 } else {
1766 policydb.bool_val_to_struct[i]->state = 0; 1774 policydb.bool_val_to_struct[i]->state = 0;
1767 } 1775 }
1768 if (i != 0)
1769 printk(", ");
1770 printk("%s:%d", policydb.p_bool_val_to_name[i],
1771 policydb.bool_val_to_struct[i]->state);
1772 } 1776 }
1773 printk(" }\n");
1774 1777
1775 for (cur = policydb.cond_list; cur != NULL; cur = cur->next) { 1778 for (cur = policydb.cond_list; cur != NULL; cur = cur->next) {
1776 rc = evaluate_cond_node(&policydb, cur); 1779 rc = evaluate_cond_node(&policydb, cur);