diff options
| author | Linus Torvalds <torvalds@g5.osdl.org> | 2006-09-28 23:03:42 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-09-28 23:03:42 -0700 |
| commit | 3dcbbcda7c5b77c400791b26facd6593c5b176e0 (patch) | |
| tree | 2e7b844c4d450cf43810a6ed0ddd5c702c245a88 /net/netlabel/netlabel_domainhash.c | |
| parent | c972398b7871d9fb58c6a317786065a7cc6ca4be (diff) | |
| parent | 6fbe59b9569b2c8d5522d182263935c6c86fc40a (diff) | |
| download | linux-3dcbbcda7c5b77c400791b26facd6593c5b176e0.tar.gz linux-3dcbbcda7c5b77c400791b26facd6593c5b176e0.tar.bz2 linux-3dcbbcda7c5b77c400791b26facd6593c5b176e0.zip | |
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (160 commits)
[ETHTOOL]: Remove some entries from non-root command list.
[Bluetooth]: Fix section mismatch of bt_sysfs_cleanup()
[Bluetooth]: Don't update disconnect timer for incoming connections
[ETHTOOL]: let mortals use ethtool
[NetLabel]: add audit support for configuration changes
[TCP]: Fix and simplify microsecond rtt sampling
[TCP] tcp-lp: prevent chance for oops
[SUNRPC]: Remove unnecessary check in net/sunrpc/svcsock.c
[IPVS] bug: endianness breakage in ip_vs_ftp
[IPVS]: ipvs annotations
[NETFILTER]: h323 annotations
[NETFILTER]: ipt annotations
[NETFILTER]: NAT annotations
[NETFILTER]: conntrack annotations
[NETFILTER]: netfilter misc annotations
[NET]: Annotate dst_ops protocol
[NET]: is it Andy or Andi ??
[IPVS]: Make sure ip_vs_ftp ports are valid: module_param_array approach
[IPVS]: Reverse valid ip_vs_ftp ports fix: port check approach
[IrDA] stir4200: removing undocumented bits handling
...
Diffstat (limited to 'net/netlabel/netlabel_domainhash.c')
| -rw-r--r-- | net/netlabel/netlabel_domainhash.c | 54 |
1 files changed, 47 insertions, 7 deletions
diff --git a/net/netlabel/netlabel_domainhash.c b/net/netlabel/netlabel_domainhash.c index f56d7a8ac7b7..d64e2ae3b129 100644 --- a/net/netlabel/netlabel_domainhash.c +++ b/net/netlabel/netlabel_domainhash.c @@ -35,12 +35,14 @@ #include <linux/skbuff.h> #include <linux/spinlock.h> #include <linux/string.h> +#include <linux/audit.h> #include <net/netlabel.h> #include <net/cipso_ipv4.h> #include <asm/bug.h> #include "netlabel_mgmt.h" #include "netlabel_domainhash.h" +#include "netlabel_user.h" struct netlbl_domhsh_tbl { struct list_head *tbl; @@ -186,6 +188,7 @@ int netlbl_domhsh_init(u32 size) /** * netlbl_domhsh_add - Adds a entry to the domain hash table * @entry: the entry to add + * @audit_secid: the LSM secid to use in the audit message * * Description: * Adds a new entry to the domain hash table and handles any updates to the @@ -193,10 +196,12 @@ int netlbl_domhsh_init(u32 size) * negative on failure. * */ -int netlbl_domhsh_add(struct netlbl_dom_map *entry) +int netlbl_domhsh_add(struct netlbl_dom_map *entry, u32 audit_secid) { int ret_val; u32 bkt; + struct audit_buffer *audit_buf; + char *audit_domain; switch (entry->type) { case NETLBL_NLTYPE_UNLABELED: @@ -236,6 +241,26 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry) spin_unlock(&netlbl_domhsh_def_lock); } else ret_val = -EINVAL; + if (ret_val == 0) { + if (entry->domain != NULL) + audit_domain = entry->domain; + else + audit_domain = "(default)"; + audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_ADD, + audit_secid); + audit_log_format(audit_buf, " domain=%s", audit_domain); + switch (entry->type) { + case NETLBL_NLTYPE_UNLABELED: + audit_log_format(audit_buf, " protocol=unlbl"); + break; + case NETLBL_NLTYPE_CIPSOV4: + audit_log_format(audit_buf, + " protocol=cipsov4 doi=%u", + entry->type_def.cipsov4->doi); + break; + } + audit_log_end(audit_buf); + } rcu_read_unlock(); if (ret_val != 0) { @@ -254,6 +279,7 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry) /** * netlbl_domhsh_add_default - Adds the default entry to the domain hash table * @entry: the entry to add + * @audit_secid: the LSM secid to use in the audit message * * Description: * Adds a new default entry to the domain hash table and handles any updates @@ -261,14 +287,15 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry) * negative on failure. * */ -int netlbl_domhsh_add_default(struct netlbl_dom_map *entry) +int netlbl_domhsh_add_default(struct netlbl_dom_map *entry, u32 audit_secid) { - return netlbl_domhsh_add(entry); + return netlbl_domhsh_add(entry, audit_secid); } /** * netlbl_domhsh_remove - Removes an entry from the domain hash table * @domain: the domain to remove + * @audit_secid: the LSM secid to use in the audit message * * Description: * Removes an entry from the domain hash table and handles any updates to the @@ -276,10 +303,12 @@ int netlbl_domhsh_add_default(struct netlbl_dom_map *entry) * negative on failure. * */ -int netlbl_domhsh_remove(const char *domain) +int netlbl_domhsh_remove(const char *domain, u32 audit_secid) { int ret_val = -ENOENT; struct netlbl_dom_map *entry; + struct audit_buffer *audit_buf; + char *audit_domain; rcu_read_lock(); if (domain != NULL) @@ -316,8 +345,18 @@ int netlbl_domhsh_remove(const char *domain) ret_val = -ENOENT; spin_unlock(&netlbl_domhsh_def_lock); } - if (ret_val == 0) + if (ret_val == 0) { + if (entry->domain != NULL) + audit_domain = entry->domain; + else + audit_domain = "(default)"; + audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_DEL, + audit_secid); + audit_log_format(audit_buf, " domain=%s", audit_domain); + audit_log_end(audit_buf); + call_rcu(&entry->rcu, netlbl_domhsh_free_entry); + } remove_return: rcu_read_unlock(); @@ -326,6 +365,7 @@ remove_return: /** * netlbl_domhsh_remove_default - Removes the default entry from the table + * @audit_secid: the LSM secid to use in the audit message * * Description: * Removes/resets the default entry for the domain hash table and handles any @@ -333,9 +373,9 @@ remove_return: * success, non-zero on failure. * */ -int netlbl_domhsh_remove_default(void) +int netlbl_domhsh_remove_default(u32 audit_secid) { - return netlbl_domhsh_remove(NULL); + return netlbl_domhsh_remove(NULL, audit_secid); } /** |