tmakin/tegra-linux-noble
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[NetLabel]: add audit support for configuration changes

Browse Source 
This patch adds audit support to NetLabel, including six new audit message
types shown below.

 #define AUDIT_MAC_UNLBL_ACCEPT 1406
 #define AUDIT_MAC_UNLBL_DENY   1407
 #define AUDIT_MAC_CIPSOV4_ADD  1408
 #define AUDIT_MAC_CIPSOV4_DEL  1409
 #define AUDIT_MAC_MAP_ADD      1410
 #define AUDIT_MAC_MAP_DEL      1411

Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Paul Moore
2006-09-28 14:51:47 -07:00
committed by David S. Miller
parent 8ea333eb5d
commit 32f50cdee6
11 changed files with 235 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/linux/audit.h
+6
View File
@@ -95,6 +95,12 @@
#define AUDIT_MAC_POLICY_LOAD 1403 /* Policy file load */
#define AUDIT_MAC_STATUS 1404 /* Changed enforcing,permissive,off */
#define AUDIT_MAC_CONFIG_CHANGE 1405 /* Changes to booleans */
#define AUDIT_MAC_UNLBL_ACCEPT 1406 /* NetLabel: allow unlabeled traffic */
#define AUDIT_MAC_UNLBL_DENY 1407 /* NetLabel: deny unlabeled traffic */
#define AUDIT_MAC_CIPSOV4_ADD 1408 /* NetLabel: add CIPSOv4 DOI entry */
#define AUDIT_MAC_CIPSOV4_DEL 1409 /* NetLabel: del CIPSOv4 DOI entry */
#define AUDIT_MAC_MAP_ADD 1410 /* NetLabel: add LSM domain mapping */
#define AUDIT_MAC_MAP_DEL 1411 /* NetLabel: del LSM domain mapping */
#define AUDIT_FIRST_KERN_ANOM_MSG 1700
#define AUDIT_LAST_KERN_ANOM_MSG 1799
include/net/cipso_ipv4.h
+4 -1
View File
@@ -128,7 +128,9 @@ extern int cipso_v4_rbm_strictvalid;
#ifdef CONFIG_NETLABEL
int cipso_v4_doi_add(struct cipso_v4_doi *doi_def);
int cipso_v4_doi_remove(u32 doi, void (*callback) (struct rcu_head * head));
int cipso_v4_doi_remove(u32 doi,
u32 audit_secid,
void (*callback) (struct rcu_head * head));
struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi);
int cipso_v4_doi_walk(u32 *skip_cnt,
int (*callback) (struct cipso_v4_doi *doi_def, void *arg),
@@ -143,6 +145,7 @@ static inline int cipso_v4_doi_add(struct cipso_v4_doi *doi_def)
}
static inline int cipso_v4_doi_remove(u32 doi,
u32 audit_secid,
void (*callback) (struct rcu_head * head))
{
return 0;
include/net/netlabel.h
+1 -1
View File
@@ -96,7 +96,7 @@
struct netlbl_dom_map;
/* Domain mapping operations */
int netlbl_domhsh_remove(const char *domain);
int netlbl_domhsh_remove(const char *domain, u32 audit_secid);
/* LSM security attributes */
struct netlbl_lsm_cache {