diff options
Diffstat (limited to 'include/linux/lsm_audit.h')
| -rw-r--r-- | include/linux/lsm_audit.h | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h index e461b2c3d711..190c37854870 100644 --- a/include/linux/lsm_audit.h +++ b/include/linux/lsm_audit.h | |||
| @@ -33,6 +33,7 @@ struct common_audit_data { | |||
| 33 | #define LSM_AUDIT_DATA_IPC 4 | 33 | #define LSM_AUDIT_DATA_IPC 4 |
| 34 | #define LSM_AUDIT_DATA_TASK 5 | 34 | #define LSM_AUDIT_DATA_TASK 5 |
| 35 | #define LSM_AUDIT_DATA_KEY 6 | 35 | #define LSM_AUDIT_DATA_KEY 6 |
| 36 | #define LSM_AUDIT_NO_AUDIT 7 | ||
| 36 | struct task_struct *tsk; | 37 | struct task_struct *tsk; |
| 37 | union { | 38 | union { |
| 38 | struct { | 39 | struct { |
| @@ -66,16 +67,19 @@ struct common_audit_data { | |||
| 66 | } key_struct; | 67 | } key_struct; |
| 67 | #endif | 68 | #endif |
| 68 | } u; | 69 | } u; |
| 69 | const char *function; | ||
| 70 | /* this union contains LSM specific data */ | 70 | /* this union contains LSM specific data */ |
| 71 | union { | 71 | union { |
| 72 | #ifdef CONFIG_SECURITY_SMACK | ||
| 72 | /* SMACK data */ | 73 | /* SMACK data */ |
| 73 | struct smack_audit_data { | 74 | struct smack_audit_data { |
| 75 | const char *function; | ||
| 74 | char *subject; | 76 | char *subject; |
| 75 | char *object; | 77 | char *object; |
| 76 | char *request; | 78 | char *request; |
| 77 | int result; | 79 | int result; |
| 78 | } smack_audit_data; | 80 | } smack_audit_data; |
| 81 | #endif | ||
| 82 | #ifdef CONFIG_SECURITY_SELINUX | ||
| 79 | /* SELinux data */ | 83 | /* SELinux data */ |
| 80 | struct { | 84 | struct { |
| 81 | u32 ssid; | 85 | u32 ssid; |
| @@ -83,10 +87,12 @@ struct common_audit_data { | |||
| 83 | u16 tclass; | 87 | u16 tclass; |
| 84 | u32 requested; | 88 | u32 requested; |
| 85 | u32 audited; | 89 | u32 audited; |
| 90 | u32 denied; | ||
| 86 | struct av_decision *avd; | 91 | struct av_decision *avd; |
| 87 | int result; | 92 | int result; |
| 88 | } selinux_audit_data; | 93 | } selinux_audit_data; |
| 89 | } lsm_priv; | 94 | #endif |
| 95 | }; | ||
| 90 | /* these callback will be implemented by a specific LSM */ | 96 | /* these callback will be implemented by a specific LSM */ |
| 91 | void (*lsm_pre_audit)(struct audit_buffer *, void *); | 97 | void (*lsm_pre_audit)(struct audit_buffer *, void *); |
| 92 | void (*lsm_post_audit)(struct audit_buffer *, void *); | 98 | void (*lsm_post_audit)(struct audit_buffer *, void *); |
| @@ -104,7 +110,7 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb, | |||
| 104 | /* Initialize an LSM audit data structure. */ | 110 | /* Initialize an LSM audit data structure. */ |
| 105 | #define COMMON_AUDIT_DATA_INIT(_d, _t) \ | 111 | #define COMMON_AUDIT_DATA_INIT(_d, _t) \ |
| 106 | { memset((_d), 0, sizeof(struct common_audit_data)); \ | 112 | { memset((_d), 0, sizeof(struct common_audit_data)); \ |
| 107 | (_d)->type = LSM_AUDIT_DATA_##_t; (_d)->function = __func__; } | 113 | (_d)->type = LSM_AUDIT_DATA_##_t; } |
| 108 | 114 | ||
| 109 | void common_lsm_audit(struct common_audit_data *a); | 115 | void common_lsm_audit(struct common_audit_data *a); |
| 110 | 116 | ||