1 files changed, 26 insertions, 0 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 8f0672d13eb1..26c4f6f65a46 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -99,6 +99,8 @@
 #define AUDIT_OBJ_PID           1318    /* ptrace target */
 #define AUDIT_TTY               1319    /* Input on an administrative TTY */
 #define AUDIT_EOE               1320    /* End of multi-record event */
+#define AUDIT_BPRM_FCAPS        1321    /* Information about fcaps increasing perms */
+#define AUDIT_CAPSET            1322    /* Record showing argument to sys_capset */
 #define AUDIT_AVC               1400    /* SE Linux avc denial or grant */
 #define AUDIT_SELINUX_ERR       1401    /* Internal SE Linux Errors */
@@ -453,6 +455,10 @@ extern int __audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_pr
 extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout);
 extern int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification);
 extern int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat);
+extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
+                                  const struct cred *new,
+                                  const struct cred *old);
+extern int __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old);
 static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp)
 {
@@ -502,6 +508,24 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
                return __audit_mq_getsetattr(mqdes, mqstat);
        return 0;
 }
+static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm,
+                                       const struct cred *new,
+                                       const struct cred *old)
+{
+        if (unlikely(!audit_dummy_context()))
+                return __audit_log_bprm_fcaps(bprm, new, old);
+        return 0;
+}
+static inline int audit_log_capset(pid_t pid, const struct cred *new,
+                                   const struct cred *old)
+{
+        if (unlikely(!audit_dummy_context()))
+                return __audit_log_capset(pid, new, old);
+        return 0;
+}
 extern int audit_n_rules;
 extern int audit_signals;
 #else
@@ -534,6 +558,8 @@ extern int audit_signals;
 #define audit_mq_timedreceive(d,l,p,t) ({ 0; })
 #define audit_mq_notify(d,n) ({ 0; })
 #define audit_mq_getsetattr(d,s) ({ 0; })
+#define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; })
+#define audit_log_capset(pid, ncr, ocr) ({ 0; })
 #define audit_ptrace(t) ((void)0)
 #define audit_n_rules 0
 #define audit_signals 0

diff --git a/include/linux/audit.h b/include/linux/audit.h index 8f0672d13eb1..26c4f6f65a46 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h
@@ -99,6 +99,8 @@
99	#define AUDIT_OBJ_PID 1318 /* ptrace target */	99	#define AUDIT_OBJ_PID 1318 /* ptrace target */
100	#define AUDIT_TTY 1319 /* Input on an administrative TTY */	100	#define AUDIT_TTY 1319 /* Input on an administrative TTY */
101	#define AUDIT_EOE 1320 /* End of multi-record event */	101	#define AUDIT_EOE 1320 /* End of multi-record event */
		102	#define AUDIT_BPRM_FCAPS 1321 /* Information about fcaps increasing perms */
		103	#define AUDIT_CAPSET 1322 /* Record showing argument to sys_capset */
102		104
103	#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */	105	#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
104	#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */	106	#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
@@ -453,6 +455,10 @@ extern int __audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_pr
453	extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user u_msg_prio, const struct timespec __user u_abs_timeout);	455	extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user u_msg_prio, const struct timespec __user u_abs_timeout);
454	extern int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification);	456	extern int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification);
455	extern int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat);	457	extern int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat);
		458	extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
		459	const struct cred *new,
		460	const struct cred *old);
		461	extern int __audit_log_capset(pid_t pid, const struct cred new, const struct cred old);
456		462
457	static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp)	463	static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp)
458	{	464	{
@@ -502,6 +508,24 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
502	return __audit_mq_getsetattr(mqdes, mqstat);	508	return __audit_mq_getsetattr(mqdes, mqstat);
503	return 0;	509	return 0;
504	}	510	}
		511
		512	static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm,
		513	const struct cred *new,
		514	const struct cred *old)
		515	{
		516	if (unlikely(!audit_dummy_context()))
		517	return __audit_log_bprm_fcaps(bprm, new, old);
		518	return 0;
		519	}
		520
		521	static inline int audit_log_capset(pid_t pid, const struct cred *new,
		522	const struct cred *old)
		523	{
		524	if (unlikely(!audit_dummy_context()))
		525	return __audit_log_capset(pid, new, old);
		526	return 0;
		527	}
		528
505	extern int audit_n_rules;	529	extern int audit_n_rules;
506	extern int audit_signals;	530	extern int audit_signals;
507	#else	531	#else
@@ -534,6 +558,8 @@ extern int audit_signals;
534	#define audit_mq_timedreceive(d,l,p,t) ({ 0; })	558	#define audit_mq_timedreceive(d,l,p,t) ({ 0; })
535	#define audit_mq_notify(d,n) ({ 0; })	559	#define audit_mq_notify(d,n) ({ 0; })
536	#define audit_mq_getsetattr(d,s) ({ 0; })	560	#define audit_mq_getsetattr(d,s) ({ 0; })
		561	#define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; })
		562	#define audit_log_capset(pid, ncr, ocr) ({ 0; })
537	#define audit_ptrace(t) ((void)0)	563	#define audit_ptrace(t) ((void)0)
538	#define audit_n_rules 0	564	#define audit_n_rules 0
539	#define audit_signals 0	565	#define audit_signals 0