LSM/Audit: Introduce generic Audit LSM hooks

Introduce a generic Audit interface for security modules by adding the following new LSM hooks: audit_rule_init(field, op, rulestr, lsmrule) audit_rule_known(krule) audit_rule_match(secid, field, op, rule, actx) audit_rule_free(rule) Those hooks are only available if CONFIG_AUDIT is enabled. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com> Acked-by: James Morris <jmorris@namei.org> Reviewed-by: Paul Moore <paul.moore@hp.com>
author: Ahmed S. Darwish <darwish.07@gmail.com> 2008-03-01 15:00:05 -0500
committer: James Morris <jmorris@namei.org> 2008-04-18 19:52:36 -0400
commit: 03d37d25e0f91b28c4b6d002be6221f1af4b19d8 (patch)
tree: de56538f7b6e7623d7cee2b0fcdc8f9764957252 /security
parent: 6b89a74be0fbbc6cc639d5cf7dcf8e6ee0f120a7 (diff)
2 files changed, 55 insertions, 1 deletions
diff --git a/security/dummy.c b/security/dummy.c
index fb2e942efbb6..1ac9f8e66aa2 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -993,6 +993,30 @@ static inline int dummy_key_permission(key_ref_t key_ref,
 }
 #endif /* CONFIG_KEYS */
+#ifdef CONFIG_AUDIT
+static inline int dummy_audit_rule_init(u32 field, u32 op, char *rulestr,
+                                        void **lsmrule)
+{
+        return 0;
+}
+static inline int dummy_audit_rule_known(struct audit_krule *krule)
+{
+        return 0;
+}
+static inline int dummy_audit_rule_match(u32 secid, u32 field, u32 op,
+                                         void *lsmrule,
+                                         struct audit_context *actx)
+{
+        return 0;
+}
+static inline void dummy_audit_rule_free(void *lsmrule)
+{ }
+#endif /* CONFIG_AUDIT */
 struct security_operations dummy_security_ops;
 #define set_to_dummy_if_null(ops, function)                             \
@@ -1182,6 +1206,11 @@ void security_fixup_ops (struct security_operations *ops)
        set_to_dummy_if_null(ops, key_free);
        set_to_dummy_if_null(ops, key_permission);
 #endif  /* CONFIG_KEYS */
+#ifdef CONFIG_AUDIT
+        set_to_dummy_if_null(ops, audit_rule_init);
+        set_to_dummy_if_null(ops, audit_rule_known);
+        set_to_dummy_if_null(ops, audit_rule_match);
+        set_to_dummy_if_null(ops, audit_rule_free);
+#endif
 }
diff --git a/security/security.c b/security/security.c
index 290482bdbbb0..2ef593ec70f3 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1120,3 +1120,28 @@ int security_key_permission(key_ref_t key_ref,
 }
 #endif  /* CONFIG_KEYS */
+#ifdef CONFIG_AUDIT
+int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
+{
+        return security_ops->audit_rule_init(field, op, rulestr, lsmrule);
+}
+int security_audit_rule_known(struct audit_krule *krule)
+{
+        return security_ops->audit_rule_known(krule);
+}
+void security_audit_rule_free(void *lsmrule)
+{
+        security_ops->audit_rule_free(lsmrule);
+}
+int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
+                              struct audit_context *actx)
+{
+        return security_ops->audit_rule_match(secid, field, op, lsmrule, actx);
+}
+#endif /* CONFIG_AUDIT */
author	Ahmed S. Darwish <darwish.07@gmail.com>	2008-03-01 15:00:05 -0500
committer	James Morris <jmorris@namei.org>	2008-04-18 19:52:36 -0400
commit	03d37d25e0f91b28c4b6d002be6221f1af4b19d8 (patch)
tree	de56538f7b6e7623d7cee2b0fcdc8f9764957252 /security
parent	6b89a74be0fbbc6cc639d5cf7dcf8e6ee0f120a7 (diff)

diff --git a/security/dummy.c b/security/dummy.c index fb2e942efbb6..1ac9f8e66aa2 100644 --- a/security/dummy.c +++ b/security/dummy.c
@@ -993,6 +993,30 @@ static inline int dummy_key_permission(key_ref_t key_ref,
993	}	993	}
994	#endif /* CONFIG_KEYS */	994	#endif /* CONFIG_KEYS */
995		995
		996	#ifdef CONFIG_AUDIT
		997	static inline int dummy_audit_rule_init(u32 field, u32 op, char *rulestr,
		998	void **lsmrule)
		999	{
		1000	return 0;
		1001	}
		1002
		1003	static inline int dummy_audit_rule_known(struct audit_krule *krule)
		1004	{
		1005	return 0;
		1006	}
		1007
		1008	static inline int dummy_audit_rule_match(u32 secid, u32 field, u32 op,
		1009	void *lsmrule,
		1010	struct audit_context *actx)
		1011	{
		1012	return 0;
		1013	}
		1014
		1015	static inline void dummy_audit_rule_free(void *lsmrule)
		1016	{ }
		1017
		1018	#endif /* CONFIG_AUDIT */
		1019
996	struct security_operations dummy_security_ops;	1020	struct security_operations dummy_security_ops;
997		1021
998	#define set_to_dummy_if_null(ops, function) \	1022	#define set_to_dummy_if_null(ops, function) \
@@ -1182,6 +1206,11 @@ void security_fixup_ops (struct security_operations *ops)
1182	set_to_dummy_if_null(ops, key_free);	1206	set_to_dummy_if_null(ops, key_free);
1183	set_to_dummy_if_null(ops, key_permission);	1207	set_to_dummy_if_null(ops, key_permission);
1184	#endif /* CONFIG_KEYS */	1208	#endif /* CONFIG_KEYS */
1185		1209	#ifdef CONFIG_AUDIT
		1210	set_to_dummy_if_null(ops, audit_rule_init);
		1211	set_to_dummy_if_null(ops, audit_rule_known);
		1212	set_to_dummy_if_null(ops, audit_rule_match);
		1213	set_to_dummy_if_null(ops, audit_rule_free);
		1214	#endif
1186	}	1215	}
1187		1216


diff --git a/security/security.c b/security/security.c index 290482bdbbb0..2ef593ec70f3 100644 --- a/security/security.c +++ b/security/security.c
@@ -1120,3 +1120,28 @@ int security_key_permission(key_ref_t key_ref,
1120	}	1120	}
1121		1121
1122	#endif /* CONFIG_KEYS */	1122	#endif /* CONFIG_KEYS */
		1123
		1124	#ifdef CONFIG_AUDIT
		1125
		1126	int security_audit_rule_init(u32 field, u32 op, char rulestr, void *lsmrule)
		1127	{
		1128	return security_ops->audit_rule_init(field, op, rulestr, lsmrule);
		1129	}
		1130
		1131	int security_audit_rule_known(struct audit_krule *krule)
		1132	{
		1133	return security_ops->audit_rule_known(krule);
		1134	}
		1135
		1136	void security_audit_rule_free(void *lsmrule)
		1137	{
		1138	security_ops->audit_rule_free(lsmrule);
		1139	}
		1140
		1141	int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
		1142	struct audit_context *actx)
		1143	{
		1144	return security_ops->audit_rule_match(secid, field, op, lsmrule, actx);
		1145	}
		1146
		1147	#endif /* CONFIG_AUDIT */