diff options
| author | Linus Torvalds <torvalds@g5.osdl.org> | 2006-09-28 23:03:42 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-09-28 23:03:42 -0700 |
| commit | 3dcbbcda7c5b77c400791b26facd6593c5b176e0 (patch) | |
| tree | 2e7b844c4d450cf43810a6ed0ddd5c702c245a88 /net/netlabel/netlabel_user.c | |
| parent | c972398b7871d9fb58c6a317786065a7cc6ca4be (diff) | |
| parent | 6fbe59b9569b2c8d5522d182263935c6c86fc40a (diff) | |
| download | linux-3dcbbcda7c5b77c400791b26facd6593c5b176e0.tar.gz linux-3dcbbcda7c5b77c400791b26facd6593c5b176e0.tar.bz2 linux-3dcbbcda7c5b77c400791b26facd6593c5b176e0.zip | |
Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (160 commits)
[ETHTOOL]: Remove some entries from non-root command list.
[Bluetooth]: Fix section mismatch of bt_sysfs_cleanup()
[Bluetooth]: Don't update disconnect timer for incoming connections
[ETHTOOL]: let mortals use ethtool
[NetLabel]: add audit support for configuration changes
[TCP]: Fix and simplify microsecond rtt sampling
[TCP] tcp-lp: prevent chance for oops
[SUNRPC]: Remove unnecessary check in net/sunrpc/svcsock.c
[IPVS] bug: endianness breakage in ip_vs_ftp
[IPVS]: ipvs annotations
[NETFILTER]: h323 annotations
[NETFILTER]: ipt annotations
[NETFILTER]: NAT annotations
[NETFILTER]: conntrack annotations
[NETFILTER]: netfilter misc annotations
[NET]: Annotate dst_ops protocol
[NET]: is it Andy or Andi ??
[IPVS]: Make sure ip_vs_ftp ports are valid: module_param_array approach
[IPVS]: Reverse valid ip_vs_ftp ports fix: port check approach
[IrDA] stir4200: removing undocumented bits handling
...
Diffstat (limited to 'net/netlabel/netlabel_user.c')
| -rw-r--r-- | net/netlabel/netlabel_user.c | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index eeb7d768d2bb..c2343af584cb 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -32,6 +32,9 @@ #include <linux/types.h> #include <linux/list.h> #include <linux/socket.h> +#include <linux/audit.h> +#include <linux/tty.h> +#include <linux/security.h> #include <net/sock.h> #include <net/netlink.h> #include <net/genetlink.h> @@ -74,3 +77,91 @@ int netlbl_netlink_init(void) return 0; } + +/* + * NetLabel Audit Functions + */ + +/** + * netlbl_audit_start_common - Start an audit message + * @type: audit message type + * @secid: LSM context ID + * + * Description: + * Start an audit message using the type specified in @type and fill the audit + * message with some fields common to all NetLabel audit messages. Returns + * a pointer to the audit buffer on success, NULL on failure. + * + */ +struct audit_buffer *netlbl_audit_start_common(int type, u32 secid) +{ + struct audit_context *audit_ctx = current->audit_context; + struct audit_buffer *audit_buf; + uid_t audit_loginuid; + const char *audit_tty; + char audit_comm[sizeof(current->comm)]; + struct vm_area_struct *vma; + char *secctx; + u32 secctx_len; + + audit_buf = audit_log_start(audit_ctx, GFP_ATOMIC, type); + if (audit_buf == NULL) + return NULL; + + audit_loginuid = audit_get_loginuid(audit_ctx); + if (current->signal && + current->signal->tty && + current->signal->tty->name) + audit_tty = current->signal->tty->name; + else + audit_tty = "(none)"; + get_task_comm(audit_comm, current); + + audit_log_format(audit_buf, + "netlabel: auid=%u uid=%u tty=%s pid=%d", + audit_loginuid, + current->uid, + audit_tty, + current->pid); + audit_log_format(audit_buf, " comm="); + audit_log_untrustedstring(audit_buf, audit_comm); + if (current->mm) { + down_read(¤t->mm->mmap_sem); + vma = current->mm->mmap; + while (vma) { + if ((vma->vm_flags & VM_EXECUTABLE) && + vma->vm_file) { + audit_log_d_path(audit_buf, + " exe=", + vma->vm_file->f_dentry, + vma->vm_file->f_vfsmnt); + break; + } + vma = vma->vm_next; + } + up_read(¤t->mm->mmap_sem); + } + + if (secid != 0 && + security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) + audit_log_format(audit_buf, " subj=%s", secctx); + + return audit_buf; +} + +/** + * netlbl_audit_nomsg - Send an audit message without additional text + * @type: audit message type + * @secid: LSM context ID + * + * Description: + * Send an audit message with only the common NetLabel audit fields. + * + */ +void netlbl_audit_nomsg(int type, u32 secid) +{ + struct audit_buffer *audit_buf; + + audit_buf = netlbl_audit_start_common(type, secid); + audit_log_end(audit_buf); +} |