diff options
| author | Steve Grubb <sgrubb@redhat.com> | 2005-05-13 13:17:42 -0400 |
|---|---|---|
| committer | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-05-13 13:17:42 -0400 |
| commit | c04049939f88b29e235d2da217bce6e8ead44f32 (patch) | |
| tree | 9bf3ab72b9939c529e7c96f8768bc8b7e1d768c9 /security | |
| parent | 9ea74f0655412d0fbd12bf9adb6c14c8fe707a42 (diff) | |
AUDIT: Add message types to audit records
This patch adds more messages types to the audit subsystem so that audit
analysis is quicker, intuitive, and more useful.
Signed-off-by: Steve Grubb <sgrubb@redhat.com>
---
I forgot one type in the big patch. I need to add one for user space
originating SE Linux avc messages. This is used by dbus and nscd.
-Steve
---
Updated to 2.6.12-rc4-mm1.
-dwmw2
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/avc.c | 4 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 2 | ||||
| -rw-r--r-- | security/selinux/nlmsgtab.c | 8 | ||||
| -rw-r--r-- | security/selinux/ss/services.c | 4 |
4 files changed, 13 insertions, 5 deletions
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 9e71a1bbe011..042f91e9f9d2 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
| @@ -242,7 +242,7 @@ void __init avc_init(void) | |||
| 242 | avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node), | 242 | avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node), |
| 243 | 0, SLAB_PANIC, NULL, NULL); | 243 | 0, SLAB_PANIC, NULL, NULL); |
| 244 | 244 | ||
| 245 | audit_log(current->audit_context, "AVC INITIALIZED\n"); | 245 | audit_log(current->audit_context, AUDIT_KERNEL, "AVC INITIALIZED\n"); |
| 246 | } | 246 | } |
| 247 | 247 | ||
| 248 | int avc_get_hash_stats(char *page) | 248 | int avc_get_hash_stats(char *page) |
| @@ -549,7 +549,7 @@ void avc_audit(u32 ssid, u32 tsid, | |||
| 549 | return; | 549 | return; |
| 550 | } | 550 | } |
| 551 | 551 | ||
| 552 | ab = audit_log_start(current->audit_context, AUDIT_KERNEL, 0); | 552 | ab = audit_log_start(current->audit_context, AUDIT_AVC); |
| 553 | if (!ab) | 553 | if (!ab) |
| 554 | return; /* audit_panic has been called */ | 554 | return; /* audit_panic has been called */ |
| 555 | audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted"); | 555 | audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted"); |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index aae1e794fe48..db845cbd5841 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -3419,7 +3419,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) | |||
| 3419 | err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm); | 3419 | err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm); |
| 3420 | if (err) { | 3420 | if (err) { |
| 3421 | if (err == -EINVAL) { | 3421 | if (err == -EINVAL) { |
| 3422 | audit_log(current->audit_context, | 3422 | audit_log(current->audit_context, AUDIT_SELINUX_ERR, |
| 3423 | "SELinux: unrecognized netlink message" | 3423 | "SELinux: unrecognized netlink message" |
| 3424 | " type=%hu for sclass=%hu\n", | 3424 | " type=%hu for sclass=%hu\n", |
| 3425 | nlh->nlmsg_type, isec->sclass); | 3425 | nlh->nlmsg_type, isec->sclass); |
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index deac14367d43..67e77acc4795 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c | |||
| @@ -98,6 +98,14 @@ static struct nlmsg_perm nlmsg_audit_perms[] = | |||
| 98 | { AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, | 98 | { AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, |
| 99 | { AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, | 99 | { AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, |
| 100 | { AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ }, | 100 | { AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ }, |
| 101 | { AUDIT_USER_AUTH, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, | ||
| 102 | { AUDIT_USER_ACCT, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, | ||
| 103 | { AUDIT_USER_MGMT, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, | ||
| 104 | { AUDIT_CRED_ACQ, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, | ||
| 105 | { AUDIT_CRED_DISP, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, | ||
| 106 | { AUDIT_USER_START, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, | ||
| 107 | { AUDIT_USER_END, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, | ||
| 108 | { AUDIT_USER_AVC, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, | ||
| 101 | }; | 109 | }; |
| 102 | 110 | ||
| 103 | 111 | ||
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 5a820cf88c9c..07fdf6ee6148 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
| @@ -365,7 +365,7 @@ static int security_validtrans_handle_fail(struct context *ocontext, | |||
| 365 | goto out; | 365 | goto out; |
| 366 | if (context_struct_to_string(tcontext, &t, &tlen) < 0) | 366 | if (context_struct_to_string(tcontext, &t, &tlen) < 0) |
| 367 | goto out; | 367 | goto out; |
| 368 | audit_log(current->audit_context, | 368 | audit_log(current->audit_context, AUDIT_SELINUX_ERR, |
| 369 | "security_validate_transition: denied for" | 369 | "security_validate_transition: denied for" |
| 370 | " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s", | 370 | " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s", |
| 371 | o, n, t, policydb.p_class_val_to_name[tclass-1]); | 371 | o, n, t, policydb.p_class_val_to_name[tclass-1]); |
| @@ -742,7 +742,7 @@ static int compute_sid_handle_invalid_context( | |||
| 742 | goto out; | 742 | goto out; |
| 743 | if (context_struct_to_string(newcontext, &n, &nlen) < 0) | 743 | if (context_struct_to_string(newcontext, &n, &nlen) < 0) |
| 744 | goto out; | 744 | goto out; |
| 745 | audit_log(current->audit_context, | 745 | audit_log(current->audit_context, AUDIT_SELINUX_ERR, |
| 746 | "security_compute_sid: invalid context %s" | 746 | "security_compute_sid: invalid context %s" |
| 747 | " for scontext=%s" | 747 | " for scontext=%s" |
| 748 | " tcontext=%s" | 748 | " tcontext=%s" |