1 files changed, 78 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima/ima_audit.c
new file mode 100644
index 000000000000..8a0f1e23ccf1
--- /dev/null
+++ b/security/integrity/ima/ima_audit.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright (C) 2008 IBM Corporation
+ * Author: Mimi Zohar <zohar@us.ibm.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, version 2 of the License.
+ *
+ * File: integrity_audit.c
+ *      Audit calls for the integrity subsystem
+ */
+#include <linux/fs.h>
+#include <linux/audit.h>
+#include "ima.h"
+static int ima_audit;
+#ifdef CONFIG_IMA_AUDIT
+/* ima_audit_setup - enable informational auditing messages */
+static int __init ima_audit_setup(char *str)
+{
+        unsigned long audit;
+        int rc;
+        char *op;
+        rc = strict_strtoul(str, 0, &audit);
+        if (rc || audit > 1)
+                printk(KERN_INFO "ima: invalid ima_audit value\n");
+        else
+                ima_audit = audit;
+        op = ima_audit ? "ima_audit_enabled" : "ima_audit_not_enabled";
+        integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, NULL, NULL, op, 0, 0);
+        return 1;
+}
+__setup("ima_audit=", ima_audit_setup);
+#endif
+void integrity_audit_msg(int audit_msgno, struct inode *inode,
+                         const unsigned char *fname, const char *op,
+                         const char *cause, int result, int audit_info)
+{
+        struct audit_buffer *ab;
+        if (!ima_audit && audit_info == 1) /* Skip informational messages */
+                return;
+        ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno);
+        audit_log_format(ab, "integrity: pid=%d uid=%u auid=%u",
+                         current->pid, current->cred->uid,
+                         audit_get_loginuid(current));
+        audit_log_task_context(ab);
+        switch (audit_msgno) {
+        case AUDIT_INTEGRITY_DATA:
+        case AUDIT_INTEGRITY_METADATA:
+        case AUDIT_INTEGRITY_PCR:
+                audit_log_format(ab, " op=%s cause=%s", op, cause);
+                break;
+        case AUDIT_INTEGRITY_HASH:
+                audit_log_format(ab, " op=%s hash=%s", op, cause);
+                break;
+        case AUDIT_INTEGRITY_STATUS:
+        default:
+                audit_log_format(ab, " op=%s", op);
+        }
+        audit_log_format(ab, " comm=");
+        audit_log_untrustedstring(ab, current->comm);
+        if (fname) {
+                audit_log_format(ab, " name=");
+                audit_log_untrustedstring(ab, fname);
+        }
+        if (inode)
+                audit_log_format(ab, " dev=%s ino=%lu",
+                                 inode->i_sb->s_id, inode->i_ino);
+        audit_log_format(ab, " res=%d", result);
+        audit_log_end(ab);
+}

diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima/ima_audit.c new file mode 100644 index 000000000000..8a0f1e23ccf1 --- /dev/null +++ b/security/integrity/ima/ima_audit.c
@@ -0,0 +1,78 @@
	1	/*
	2	* Copyright (C) 2008 IBM Corporation
	3	* Author: Mimi Zohar <zohar@us.ibm.com>
	4	*
	5	* This program is free software; you can redistribute it and/or modify
	6	* it under the terms of the GNU General Public License as published by
	7	* the Free Software Foundation, version 2 of the License.
	8	*
	9	* File: integrity_audit.c
	10	* Audit calls for the integrity subsystem
	11	*/
	12
	13	#include <linux/fs.h>
	14	#include <linux/audit.h>
	15	#include "ima.h"
	16
	17	static int ima_audit;
	18
	19	#ifdef CONFIG_IMA_AUDIT
	20
	21	/* ima_audit_setup - enable informational auditing messages */
	22	static int __init ima_audit_setup(char *str)
	23	{
	24	unsigned long audit;
	25	int rc;
	26	char *op;
	27
	28	rc = strict_strtoul(str, 0, &audit);
	29	if (rc \|\| audit > 1)
	30	printk(KERN_INFO "ima: invalid ima_audit value\n");
	31	else
	32	ima_audit = audit;
	33	op = ima_audit ? "ima_audit_enabled" : "ima_audit_not_enabled";
	34	integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, NULL, NULL, op, 0, 0);
	35	return 1;
	36	}
	37	__setup("ima_audit=", ima_audit_setup);
	38	#endif
	39
	40	void integrity_audit_msg(int audit_msgno, struct inode *inode,
	41	const unsigned char fname, const char op,
	42	const char *cause, int result, int audit_info)
	43	{
	44	struct audit_buffer *ab;
	45
	46	if (!ima_audit && audit_info == 1) /* Skip informational messages */
	47	return;
	48
	49	ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno);
	50	audit_log_format(ab, "integrity: pid=%d uid=%u auid=%u",
	51	current->pid, current->cred->uid,
	52	audit_get_loginuid(current));
	53	audit_log_task_context(ab);
	54	switch (audit_msgno) {
	55	case AUDIT_INTEGRITY_DATA:
	56	case AUDIT_INTEGRITY_METADATA:
	57	case AUDIT_INTEGRITY_PCR:
	58	audit_log_format(ab, " op=%s cause=%s", op, cause);
	59	break;
	60	case AUDIT_INTEGRITY_HASH:
	61	audit_log_format(ab, " op=%s hash=%s", op, cause);
	62	break;
	63	case AUDIT_INTEGRITY_STATUS:
	64	default:
	65	audit_log_format(ab, " op=%s", op);
	66	}
	67	audit_log_format(ab, " comm=");
	68	audit_log_untrustedstring(ab, current->comm);
	69	if (fname) {
	70	audit_log_format(ab, " name=");
	71	audit_log_untrustedstring(ab, fname);
	72	}
	73	if (inode)
	74	audit_log_format(ab, " dev=%s ino=%lu",
	75	inode->i_sb->s_id, inode->i_ino);
	76	audit_log_format(ab, " res=%d", result);
	77	audit_log_end(ab);
	78	}