diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2011-06-26 10:18:58 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2011-06-28 19:31:20 -0400 |
| commit | eadd99cc85347b4f9eb10122ac90032eb4971b02 (patch) | |
| tree | fa6075ad4917422288222ee52bfcb66b7ed30a0e /security/tomoyo/file.c | |
| parent | d5ca1725ac9ba876c2dd614bb9826d0c4e13d818 (diff) | |
TOMOYO: Add auditing interface.
Add /sys/kernel/security/tomoyo/audit interface. This interface generates audit
logs in the form of domain policy so that /usr/sbin/tomoyo-auditd can reuse
audit logs for appending to /sys/kernel/security/tomoyo/domain_policy
interface.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/file.c')
| -rw-r--r-- | security/tomoyo/file.c | 49 |
1 files changed, 16 insertions, 33 deletions
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 0673a69b1320..4f8526af9069 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c | |||
| @@ -206,12 +206,9 @@ static bool tomoyo_get_realpath(struct tomoyo_path_info *buf, struct path *path) | |||
| 206 | */ | 206 | */ |
| 207 | static int tomoyo_audit_path_log(struct tomoyo_request_info *r) | 207 | static int tomoyo_audit_path_log(struct tomoyo_request_info *r) |
| 208 | { | 208 | { |
| 209 | const char *operation = tomoyo_path_keyword[r->param.path.operation]; | 209 | return tomoyo_supervisor(r, "file %s %s\n", tomoyo_path_keyword |
| 210 | const struct tomoyo_path_info *filename = r->param.path.filename; | 210 | [r->param.path.operation], |
| 211 | if (r->granted) | 211 | r->param.path.filename->name); |
| 212 | return 0; | ||
| 213 | tomoyo_warn_log(r, "%s %s", operation, filename->name); | ||
| 214 | return tomoyo_supervisor(r, "file %s %s\n", operation, filename->name); | ||
| 215 | } | 212 | } |
| 216 | 213 | ||
| 217 | /** | 214 | /** |
| @@ -223,15 +220,10 @@ static int tomoyo_audit_path_log(struct tomoyo_request_info *r) | |||
| 223 | */ | 220 | */ |
| 224 | static int tomoyo_audit_path2_log(struct tomoyo_request_info *r) | 221 | static int tomoyo_audit_path2_log(struct tomoyo_request_info *r) |
| 225 | { | 222 | { |
| 226 | const char *operation = tomoyo_path2_keyword[r->param.path2.operation]; | 223 | return tomoyo_supervisor(r, "file %s %s %s\n", tomoyo_path2_keyword |
| 227 | const struct tomoyo_path_info *filename1 = r->param.path2.filename1; | 224 | [r->param.path2.operation], |
| 228 | const struct tomoyo_path_info *filename2 = r->param.path2.filename2; | 225 | r->param.path2.filename1->name, |
| 229 | if (r->granted) | 226 | r->param.path2.filename2->name); |
| 230 | return 0; | ||
| 231 | tomoyo_warn_log(r, "%s %s %s", operation, filename1->name, | ||
| 232 | filename2->name); | ||
| 233 | return tomoyo_supervisor(r, "file %s %s %s\n", operation, | ||
| 234 | filename1->name, filename2->name); | ||
| 235 | } | 227 | } |
| 236 | 228 | ||
| 237 | /** | 229 | /** |
| @@ -243,17 +235,12 @@ static int tomoyo_audit_path2_log(struct tomoyo_request_info *r) | |||
| 243 | */ | 235 | */ |
| 244 | static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r) | 236 | static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r) |
| 245 | { | 237 | { |
| 246 | const char *operation = tomoyo_mkdev_keyword[r->param.mkdev.operation]; | 238 | return tomoyo_supervisor(r, "file %s %s 0%o %u %u\n", |
| 247 | const struct tomoyo_path_info *filename = r->param.mkdev.filename; | 239 | tomoyo_mkdev_keyword |
| 248 | const unsigned int major = r->param.mkdev.major; | 240 | [r->param.mkdev.operation], |
| 249 | const unsigned int minor = r->param.mkdev.minor; | 241 | r->param.mkdev.filename->name, |
| 250 | const unsigned int mode = r->param.mkdev.mode; | 242 | r->param.mkdev.mode, r->param.mkdev.major, |
| 251 | if (r->granted) | 243 | r->param.mkdev.minor); |
| 252 | return 0; | ||
| 253 | tomoyo_warn_log(r, "%s %s 0%o %u %u", operation, filename->name, mode, | ||
| 254 | major, minor); | ||
| 255 | return tomoyo_supervisor(r, "file %s %s 0%o %u %u\n", operation, | ||
| 256 | filename->name, mode, major, minor); | ||
| 257 | } | 244 | } |
| 258 | 245 | ||
| 259 | /** | 246 | /** |
| @@ -267,11 +254,7 @@ static int tomoyo_audit_path_number_log(struct tomoyo_request_info *r) | |||
| 267 | { | 254 | { |
| 268 | const u8 type = r->param.path_number.operation; | 255 | const u8 type = r->param.path_number.operation; |
| 269 | u8 radix; | 256 | u8 radix; |
| 270 | const struct tomoyo_path_info *filename = r->param.path_number.filename; | ||
| 271 | const char *operation = tomoyo_path_number_keyword[type]; | ||
| 272 | char buffer[64]; | 257 | char buffer[64]; |
| 273 | if (r->granted) | ||
| 274 | return 0; | ||
| 275 | switch (type) { | 258 | switch (type) { |
| 276 | case TOMOYO_TYPE_CREATE: | 259 | case TOMOYO_TYPE_CREATE: |
| 277 | case TOMOYO_TYPE_MKDIR: | 260 | case TOMOYO_TYPE_MKDIR: |
| @@ -289,9 +272,9 @@ static int tomoyo_audit_path_number_log(struct tomoyo_request_info *r) | |||
| 289 | } | 272 | } |
| 290 | tomoyo_print_ulong(buffer, sizeof(buffer), r->param.path_number.number, | 273 | tomoyo_print_ulong(buffer, sizeof(buffer), r->param.path_number.number, |
| 291 | radix); | 274 | radix); |
| 292 | tomoyo_warn_log(r, "%s %s %s", operation, filename->name, buffer); | 275 | return tomoyo_supervisor(r, "file %s %s %s\n", |
| 293 | return tomoyo_supervisor(r, "file %s %s %s\n", operation, | 276 | tomoyo_path_number_keyword[type], |
| 294 | filename->name, buffer); | 277 | r->param.path_number.filename->name, buffer); |
| 295 | } | 278 | } |
| 296 | 279 | ||
| 297 | /** | 280 | /** |