2007-04-03 13:26:33 +00:00
|
|
|
From: Tony Jones <tonyj@suse.de>
|
2007-01-10 06:33:09 +00:00
|
|
|
Subject: Export audit subsystem for use by modules
|
|
|
|
|
|
2007-05-23 16:39:31 +00:00
|
|
|
Update kenel audit range comments to show AppArmor's registered range of
|
|
|
|
|
1500-1599. This range used to be reserved for LSPP but LSPP uses the
|
|
|
|
|
SE Linux range and the range was given to AppArmor.
|
2007-01-10 06:33:09 +00:00
|
|
|
Adds necessary export symbols for audit subsystem routines.
|
|
|
|
|
Changes audit_log_vformat to be externally visible (analagous to vprintf)
|
|
|
|
|
Patch is not in mainline -- pending AppArmor code submission to lkml
|
|
|
|
|
|
2007-04-03 13:26:33 +00:00
|
|
|
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
|
|
|
|
|
Signed-off-by: John Johansen <jjohansen@suse.de>
|
2007-01-10 06:33:09 +00:00
|
|
|
|
2007-04-05 10:04:00 +00:00
|
|
|
---
|
2007-05-23 16:39:31 +00:00
|
|
|
include/linux/audit.h | 7 ++++++-
|
2007-04-05 10:04:00 +00:00
|
|
|
kernel/audit.c | 6 ++++--
|
2007-05-23 16:39:31 +00:00
|
|
|
2 files changed, 10 insertions(+), 3 deletions(-)
|
2007-04-05 10:04:00 +00:00
|
|
|
|
2007-02-15 11:55:00 +00:00
|
|
|
--- a/include/linux/audit.h
|
|
|
|
|
+++ b/include/linux/audit.h
|
2007-05-23 16:39:31 +00:00
|
|
|
@@ -33,7 +33,7 @@
|
|
|
|
|
* 1200 - 1299 messages internal to the audit daemon
|
|
|
|
|
* 1300 - 1399 audit event messages
|
|
|
|
|
* 1400 - 1499 SE Linux use
|
|
|
|
|
- * 1500 - 1599 kernel LSPP events
|
|
|
|
|
+ * 1500 - 1599 AppArmor use
|
|
|
|
|
* 1600 - 1699 kernel crypto events
|
|
|
|
|
* 1700 - 1799 kernel anomaly records
|
|
|
|
|
* 1800 - 1999 future kernel use (maybe integrity labels and related events)
|
2007-05-12 18:28:28 +00:00
|
|
|
@@ -114,6 +114,8 @@
|
2007-01-10 06:33:09 +00:00
|
|
|
#define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */
|
2007-05-12 18:28:28 +00:00
|
|
|
#define AUDIT_ANOM_ABEND 1701 /* Process ended abnormally */
|
2007-01-10 06:33:09 +00:00
|
|
|
|
2007-02-08 01:27:02 +00:00
|
|
|
+#define AUDIT_APPARMOR 1500 /* AppArmor audit */
|
2007-01-10 06:33:09 +00:00
|
|
|
+
|
|
|
|
|
#define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */
|
|
|
|
|
|
|
|
|
|
/* Rule flags */
|
2007-05-12 18:28:28 +00:00
|
|
|
@@ -499,6 +501,9 @@ extern void audit_log(struct audit_
|
2007-01-10 06:33:09 +00:00
|
|
|
__attribute__((format(printf,4,5)));
|
|
|
|
|
|
|
|
|
|
extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
|
|
|
|
|
+extern void audit_log_vformat(struct audit_buffer *ab,
|
|
|
|
|
+ const char *fmt, va_list args)
|
|
|
|
|
+ __attribute__((format(printf,2,0)));
|
|
|
|
|
extern void audit_log_format(struct audit_buffer *ab,
|
|
|
|
|
const char *fmt, ...)
|
|
|
|
|
__attribute__((format(printf,2,3)));
|
2007-02-15 11:55:00 +00:00
|
|
|
--- a/kernel/audit.c
|
|
|
|
|
+++ b/kernel/audit.c
|
2007-03-30 21:25:45 +00:00
|
|
|
@@ -1054,8 +1054,7 @@ static inline int audit_expand(struct au
|
2007-01-10 06:33:09 +00:00
|
|
|
* will be called a second time. Currently, we assume that a printk
|
|
|
|
|
* can't format message larger than 1024 bytes, so we don't either.
|
|
|
|
|
*/
|
|
|
|
|
-static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
|
|
|
|
|
- va_list args)
|
|
|
|
|
+void audit_log_vformat(struct audit_buffer *ab, const char *fmt, va_list args)
|
|
|
|
|
{
|
|
|
|
|
int len, avail;
|
|
|
|
|
struct sk_buff *skb;
|
2007-03-30 21:25:45 +00:00
|
|
|
@@ -1311,3 +1310,6 @@ EXPORT_SYMBOL(audit_log_start);
|
2007-01-10 06:33:09 +00:00
|
|
|
EXPORT_SYMBOL(audit_log_end);
|
|
|
|
|
EXPORT_SYMBOL(audit_log_format);
|
|
|
|
|
EXPORT_SYMBOL(audit_log);
|
|
|
|
|
+EXPORT_SYMBOL_GPL(audit_log_vformat);
|
|
|
|
|
+EXPORT_SYMBOL_GPL(audit_log_untrustedstring);
|
|
|
|
|
+EXPORT_SYMBOL_GPL(audit_log_d_path);
|
