1 files changed, 128 insertions, 32 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index c8ccbd09048f..df57b493e1cb 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -55,6 +55,9 @@
 #include <net/netlink.h>
 #include <linux/skbuff.h>
 #include <linux/netlink.h>
+#include <linux/selinux.h>
+#include "audit.h"
 /* No auditing will take place until audit_initialized != 0.
 * (Initialization happens after skb_init is called.) */
@@ -227,49 +230,103 @@ void audit_log_lost(const char *message)
        }
 }
-static int audit_set_rate_limit(int limit, uid_t loginuid)
+static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sid)
 {
-        int old          = audit_rate_limit;
+        int old = audit_rate_limit;
-        audit_rate_limit = limit;
-        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, 
+        if (sid) {
+                char *ctx = NULL;
+                u32 len;
+                int rc;
+                if ((rc = selinux_ctxid_to_string(sid, &ctx, &len)))
+                        return rc;
+                else
+                        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                                "audit_rate_limit=%d old=%d by auid=%u subj=%s",
+                                limit, old, loginuid, ctx);
+                kfree(ctx);
+        } else
+                audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
                        "audit_rate_limit=%d old=%d by auid=%u",
-                        audit_rate_limit, old, loginuid);
+                        limit, old, loginuid);
+        audit_rate_limit = limit;
        return old;
 }
-static int audit_set_backlog_limit(int limit, uid_t loginuid)
+static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid)
 {
-        int old          = audit_backlog_limit;
+        int old = audit_backlog_limit;
-        audit_backlog_limit = limit;
-        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+        if (sid) {
+                char *ctx = NULL;
+                u32 len;
+                int rc;
+                if ((rc = selinux_ctxid_to_string(sid, &ctx, &len)))
+                        return rc;
+                else
+                        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                            "audit_backlog_limit=%d old=%d by auid=%u subj=%s",
+                                limit, old, loginuid, ctx);
+                kfree(ctx);
+        } else
+                audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
                        "audit_backlog_limit=%d old=%d by auid=%u",
-                        audit_backlog_limit, old, loginuid);
+                        limit, old, loginuid);
+        audit_backlog_limit = limit;
        return old;
 }
-static int audit_set_enabled(int state, uid_t loginuid)
+static int audit_set_enabled(int state, uid_t loginuid, u32 sid)
 {
-        int old          = audit_enabled;
+        int old = audit_enabled;
        if (state != 0 && state != 1)
                return -EINVAL;
-        audit_enabled = state;
-        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+        if (sid) {
+                char *ctx = NULL;
+                u32 len;
+                int rc;
+                if ((rc = selinux_ctxid_to_string(sid, &ctx, &len)))
+                        return rc;
+                else
+                        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                                "audit_enabled=%d old=%d by auid=%u subj=%s",
+                                state, old, loginuid, ctx);
+                kfree(ctx);
+        } else
+                audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
                        "audit_enabled=%d old=%d by auid=%u",
-                        audit_enabled, old, loginuid);
+                        state, old, loginuid);
+        audit_enabled = state;
        return old;
 }
-static int audit_set_failure(int state, uid_t loginuid)
+static int audit_set_failure(int state, uid_t loginuid, u32 sid)
 {
-        int old          = audit_failure;
+        int old = audit_failure;
        if (state != AUDIT_FAIL_SILENT
            && state != AUDIT_FAIL_PRINTK
            && state != AUDIT_FAIL_PANIC)
                return -EINVAL;
-        audit_failure = state;
-        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+        if (sid) {
+                char *ctx = NULL;
+                u32 len;
+                int rc;
+                if ((rc = selinux_ctxid_to_string(sid, &ctx, &len)))
+                        return rc;
+                else
+                        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                                "audit_failure=%d old=%d by auid=%u subj=%s",
+                                state, old, loginuid, ctx);
+                kfree(ctx);
+        } else
+                audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
                        "audit_failure=%d old=%d by auid=%u",
-                        audit_failure, old, loginuid);
+                        state, old, loginuid);
+        audit_failure = state;
        return old;
 }
@@ -387,7 +444,7 @@ static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type)
 static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 {
-        u32                     uid, pid, seq;
+        u32                     uid, pid, seq, sid;
        void                    *data;
        struct audit_status     *status_get, status_set;
        int                     err;
@@ -413,6 +470,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
        pid  = NETLINK_CREDS(skb)->pid;
        uid  = NETLINK_CREDS(skb)->uid;
        loginuid = NETLINK_CB(skb).loginuid;
+        sid  = NETLINK_CB(skb).sid;
        seq  = nlh->nlmsg_seq;
        data = NLMSG_DATA(nlh);
@@ -433,25 +491,43 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                        return -EINVAL;
                status_get   = (struct audit_status *)data;
                if (status_get->mask & AUDIT_STATUS_ENABLED) {
-                        err = audit_set_enabled(status_get->enabled, loginuid);
+                        err = audit_set_enabled(status_get->enabled,
+                                                        loginuid, sid);
                        if (err < 0) return err;
                }
                if (status_get->mask & AUDIT_STATUS_FAILURE) {
-                        err = audit_set_failure(status_get->failure, loginuid);
+                        err = audit_set_failure(status_get->failure,
+                                                         loginuid, sid);
                        if (err < 0) return err;
                }
                if (status_get->mask & AUDIT_STATUS_PID) {
                        int old   = audit_pid;
+                        if (sid) {
+                                char *ctx = NULL;
+                                u32 len;
+                                int rc;
+                                if ((rc = selinux_ctxid_to_string(
+                                                sid, &ctx, &len)))
+                                        return rc;
+                                else
+                                        audit_log(NULL, GFP_KERNEL,
+                                                AUDIT_CONFIG_CHANGE,
+                                                "audit_pid=%d old=%d by auid=%u subj=%s",
+                                                status_get->pid, old,
+                                                loginuid, ctx);
+                                kfree(ctx);
+                        } else
+                                audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                                        "audit_pid=%d old=%d by auid=%u",
+                                          status_get->pid, old, loginuid);
                        audit_pid = status_get->pid;
-                        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
-                                "audit_pid=%d old=%d by auid=%u",
-                                  audit_pid, old, loginuid);
                }
                if (status_get->mask & AUDIT_STATUS_RATE_LIMIT)
-                        audit_set_rate_limit(status_get->rate_limit, loginuid);
+                        audit_set_rate_limit(status_get->rate_limit,
+                                                         loginuid, sid);
                if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT)
                        audit_set_backlog_limit(status_get->backlog_limit,
-                                                        loginuid);
+                                                        loginuid, sid);
                break;
        case AUDIT_USER:
        case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
@@ -465,8 +541,23 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                        ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
                        if (ab) {
                                audit_log_format(ab,
-                                                 "user pid=%d uid=%u auid=%u msg='%.1024s'",
+                                                 "user pid=%d uid=%u auid=%u",
-                                                 pid, uid, loginuid, (char *)data);
+                                                 pid, uid, loginuid);
+                                if (sid) {
+                                        char *ctx = NULL;
+                                        u32 len;
+                                        if (selinux_ctxid_to_string(
+                                                        sid, &ctx, &len)) {
+                                                audit_log_format(ab, 
+                                                        " ssid=%u", sid);
+                                                /* Maybe call audit_panic? */
+                                        } else
+                                                audit_log_format(ab, 
+                                                        " subj=%s", ctx);
+                                        kfree(ctx);
+                                }
+                                audit_log_format(ab, " msg='%.1024s'",
+                                         (char *)data);
                                audit_set_pid(ab, pid);
                                audit_log_end(ab);
                        }
@@ -480,7 +571,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
        case AUDIT_LIST:
                err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
                                           uid, seq, data, nlmsg_len(nlh),
-                                           loginuid);
+                                           loginuid, sid);
                break;
        case AUDIT_ADD_RULE:
        case AUDIT_DEL_RULE:
@@ -490,7 +581,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
        case AUDIT_LIST_RULES:
                err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
                                           uid, seq, data, nlmsg_len(nlh),
-                                           loginuid);
+                                           loginuid, sid);
                break;
        case AUDIT_SIGNAL_INFO:
                sig_data.uid = audit_sig_uid;
@@ -564,6 +655,11 @@ static int __init audit_init(void)
        skb_queue_head_init(&audit_skb_queue);
        audit_initialized = 1;
        audit_enabled = audit_default;
+        /* Register the callback with selinux.  This callback will be invoked
+         * when a new policy is loaded. */
+        selinux_audit_set_callback(&selinux_audit_rule_update);
        audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized");
        return 0;
 }

diff --git a/kernel/audit.c b/kernel/audit.c index c8ccbd09048f..df57b493e1cb 100644 --- a/kernel/audit.c +++ b/kernel/audit.c
@@ -55,6 +55,9 @@
55	#include <net/netlink.h>	55	#include <net/netlink.h>
56	#include <linux/skbuff.h>	56	#include <linux/skbuff.h>
57	#include <linux/netlink.h>	57	#include <linux/netlink.h>
		58	#include <linux/selinux.h>
		59
		60	#include "audit.h"
58		61
59	/* No auditing will take place until audit_initialized != 0.	62	/* No auditing will take place until audit_initialized != 0.
60	* (Initialization happens after skb_init is called.) */	63	* (Initialization happens after skb_init is called.) */
@@ -227,49 +230,103 @@ void audit_log_lost(const char *message)
227	}	230	}
228	}	231	}
229		232
230	static int audit_set_rate_limit(int limit, uid_t loginuid)	233	static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sid)
231	{	234	{
232	int old = audit_rate_limit;	235	int old = audit_rate_limit;
233	audit_rate_limit = limit;	236
234	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,	237	if (sid) {
		238	char *ctx = NULL;
		239	u32 len;
		240	int rc;
		241	if ((rc = selinux_ctxid_to_string(sid, &ctx, &len)))
		242	return rc;
		243	else
		244	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
		245	"audit_rate_limit=%d old=%d by auid=%u subj=%s",
		246	limit, old, loginuid, ctx);
		247	kfree(ctx);
		248	} else
		249	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
235	"audit_rate_limit=%d old=%d by auid=%u",	250	"audit_rate_limit=%d old=%d by auid=%u",
236	audit_rate_limit, old, loginuid);	251	limit, old, loginuid);
		252	audit_rate_limit = limit;
237	return old;	253	return old;
238	}	254	}
239		255
240	static int audit_set_backlog_limit(int limit, uid_t loginuid)	256	static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid)
241	{	257	{
242	int old = audit_backlog_limit;	258	int old = audit_backlog_limit;
243	audit_backlog_limit = limit;	259
244	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,	260	if (sid) {
		261	char *ctx = NULL;
		262	u32 len;
		263	int rc;
		264	if ((rc = selinux_ctxid_to_string(sid, &ctx, &len)))
		265	return rc;
		266	else
		267	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
		268	"audit_backlog_limit=%d old=%d by auid=%u subj=%s",
		269	limit, old, loginuid, ctx);
		270	kfree(ctx);
		271	} else
		272	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
245	"audit_backlog_limit=%d old=%d by auid=%u",	273	"audit_backlog_limit=%d old=%d by auid=%u",
246	audit_backlog_limit, old, loginuid);	274	limit, old, loginuid);
		275	audit_backlog_limit = limit;
247	return old;	276	return old;
248	}	277	}
249		278
250	static int audit_set_enabled(int state, uid_t loginuid)	279	static int audit_set_enabled(int state, uid_t loginuid, u32 sid)
251	{	280	{
252	int old = audit_enabled;	281	int old = audit_enabled;
		282
253	if (state != 0 && state != 1)	283	if (state != 0 && state != 1)
254	return -EINVAL;	284	return -EINVAL;
255	audit_enabled = state;	285
256	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,	286	if (sid) {
		287	char *ctx = NULL;
		288	u32 len;
		289	int rc;
		290	if ((rc = selinux_ctxid_to_string(sid, &ctx, &len)))
		291	return rc;
		292	else
		293	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
		294	"audit_enabled=%d old=%d by auid=%u subj=%s",
		295	state, old, loginuid, ctx);
		296	kfree(ctx);
		297	} else
		298	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
257	"audit_enabled=%d old=%d by auid=%u",	299	"audit_enabled=%d old=%d by auid=%u",
258	audit_enabled, old, loginuid);	300	state, old, loginuid);
		301	audit_enabled = state;
259	return old;	302	return old;
260	}	303	}
261		304
262	static int audit_set_failure(int state, uid_t loginuid)	305	static int audit_set_failure(int state, uid_t loginuid, u32 sid)
263	{	306	{
264	int old = audit_failure;	307	int old = audit_failure;
		308
265	if (state != AUDIT_FAIL_SILENT	309	if (state != AUDIT_FAIL_SILENT
266	&& state != AUDIT_FAIL_PRINTK	310	&& state != AUDIT_FAIL_PRINTK
267	&& state != AUDIT_FAIL_PANIC)	311	&& state != AUDIT_FAIL_PANIC)
268	return -EINVAL;	312	return -EINVAL;
269	audit_failure = state;	313
270	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,	314	if (sid) {
		315	char *ctx = NULL;
		316	u32 len;
		317	int rc;
		318	if ((rc = selinux_ctxid_to_string(sid, &ctx, &len)))
		319	return rc;
		320	else
		321	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
		322	"audit_failure=%d old=%d by auid=%u subj=%s",
		323	state, old, loginuid, ctx);
		324	kfree(ctx);
		325	} else
		326	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
271	"audit_failure=%d old=%d by auid=%u",	327	"audit_failure=%d old=%d by auid=%u",
272	audit_failure, old, loginuid);	328	state, old, loginuid);
		329	audit_failure = state;
273	return old;	330	return old;
274	}	331	}
275		332
@@ -387,7 +444,7 @@ static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type)
387		444
388	static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)	445	static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
389	{	446	{
390	u32 uid, pid, seq;	447	u32 uid, pid, seq, sid;
391	void *data;	448	void *data;
392	struct audit_status *status_get, status_set;	449	struct audit_status *status_get, status_set;
393	int err;	450	int err;
@@ -413,6 +470,7 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
413	pid = NETLINK_CREDS(skb)->pid;	470	pid = NETLINK_CREDS(skb)->pid;
414	uid = NETLINK_CREDS(skb)->uid;	471	uid = NETLINK_CREDS(skb)->uid;
415	loginuid = NETLINK_CB(skb).loginuid;	472	loginuid = NETLINK_CB(skb).loginuid;
		473	sid = NETLINK_CB(skb).sid;
416	seq = nlh->nlmsg_seq;	474	seq = nlh->nlmsg_seq;
417	data = NLMSG_DATA(nlh);	475	data = NLMSG_DATA(nlh);
418		476
@@ -433,25 +491,43 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
433	return -EINVAL;	491	return -EINVAL;
434	status_get = (struct audit_status *)data;	492	status_get = (struct audit_status *)data;
435	if (status_get->mask & AUDIT_STATUS_ENABLED) {	493	if (status_get->mask & AUDIT_STATUS_ENABLED) {
436	err = audit_set_enabled(status_get->enabled, loginuid);	494	err = audit_set_enabled(status_get->enabled,
		495	loginuid, sid);
437	if (err < 0) return err;	496	if (err < 0) return err;
438	}	497	}
439	if (status_get->mask & AUDIT_STATUS_FAILURE) {	498	if (status_get->mask & AUDIT_STATUS_FAILURE) {
440	err = audit_set_failure(status_get->failure, loginuid);	499	err = audit_set_failure(status_get->failure,
		500	loginuid, sid);
441	if (err < 0) return err;	501	if (err < 0) return err;
442	}	502	}
443	if (status_get->mask & AUDIT_STATUS_PID) {	503	if (status_get->mask & AUDIT_STATUS_PID) {
444	int old = audit_pid;	504	int old = audit_pid;
		505	if (sid) {
		506	char *ctx = NULL;
		507	u32 len;
		508	int rc;
		509	if ((rc = selinux_ctxid_to_string(
		510	sid, &ctx, &len)))
		511	return rc;
		512	else
		513	audit_log(NULL, GFP_KERNEL,
		514	AUDIT_CONFIG_CHANGE,
		515	"audit_pid=%d old=%d by auid=%u subj=%s",
		516	status_get->pid, old,
		517	loginuid, ctx);
		518	kfree(ctx);
		519	} else
		520	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
		521	"audit_pid=%d old=%d by auid=%u",
		522	status_get->pid, old, loginuid);
445	audit_pid = status_get->pid;	523	audit_pid = status_get->pid;
446	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
447	"audit_pid=%d old=%d by auid=%u",
448	audit_pid, old, loginuid);
449	}	524	}
450	if (status_get->mask & AUDIT_STATUS_RATE_LIMIT)	525	if (status_get->mask & AUDIT_STATUS_RATE_LIMIT)
451	audit_set_rate_limit(status_get->rate_limit, loginuid);	526	audit_set_rate_limit(status_get->rate_limit,
		527	loginuid, sid);
452	if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT)	528	if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT)
453	audit_set_backlog_limit(status_get->backlog_limit,	529	audit_set_backlog_limit(status_get->backlog_limit,
454	loginuid);	530	loginuid, sid);
455	break;	531	break;
456	case AUDIT_USER:	532	case AUDIT_USER:
457	case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:	533	case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
@@ -465,8 +541,23 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
465	ab = audit_log_start(NULL, GFP_KERNEL, msg_type);	541	ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
466	if (ab) {	542	if (ab) {
467	audit_log_format(ab,	543	audit_log_format(ab,
468	"user pid=%d uid=%u auid=%u msg='%.1024s'",	544	"user pid=%d uid=%u auid=%u",
469	pid, uid, loginuid, (char *)data);	545	pid, uid, loginuid);
		546	if (sid) {
		547	char *ctx = NULL;
		548	u32 len;
		549	if (selinux_ctxid_to_string(
		550	sid, &ctx, &len)) {
		551	audit_log_format(ab,
		552	" ssid=%u", sid);
		553	/* Maybe call audit_panic? */
		554	} else
		555	audit_log_format(ab,
		556	" subj=%s", ctx);
		557	kfree(ctx);
		558	}
		559	audit_log_format(ab, " msg='%.1024s'",
		560	(char *)data);
470	audit_set_pid(ab, pid);	561	audit_set_pid(ab, pid);
471	audit_log_end(ab);	562	audit_log_end(ab);
472	}	563	}
@@ -480,7 +571,7 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
480	case AUDIT_LIST:	571	case AUDIT_LIST:
481	err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,	572	err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
482	uid, seq, data, nlmsg_len(nlh),	573	uid, seq, data, nlmsg_len(nlh),
483	loginuid);	574	loginuid, sid);
484	break;	575	break;
485	case AUDIT_ADD_RULE:	576	case AUDIT_ADD_RULE:
486	case AUDIT_DEL_RULE:	577	case AUDIT_DEL_RULE:
@@ -490,7 +581,7 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
490	case AUDIT_LIST_RULES:	581	case AUDIT_LIST_RULES:
491	err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,	582	err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
492	uid, seq, data, nlmsg_len(nlh),	583	uid, seq, data, nlmsg_len(nlh),
493	loginuid);	584	loginuid, sid);
494	break;	585	break;
495	case AUDIT_SIGNAL_INFO:	586	case AUDIT_SIGNAL_INFO:
496	sig_data.uid = audit_sig_uid;	587	sig_data.uid = audit_sig_uid;
@@ -564,6 +655,11 @@ static int __init audit_init(void)
564	skb_queue_head_init(&audit_skb_queue);	655	skb_queue_head_init(&audit_skb_queue);
565	audit_initialized = 1;	656	audit_initialized = 1;
566	audit_enabled = audit_default;	657	audit_enabled = audit_default;
		658
		659	/* Register the callback with selinux. This callback will be invoked
		660	* when a new policy is loaded. */
		661	selinux_audit_set_callback(&selinux_audit_rule_update);
		662
567	audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized");	663	audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized");
568	return 0;	664	return 0;
569	}	665	}