projects / people / pmueller / ipfire-2.x.git / blame
| Commit | Line | Data |
|---|---|---|
| 4d1e5b62 AF |
1 | From: Tony Jones <tonyj@suse.de> |
| 2 | Subject: Export audit subsystem for use by modules | |
| 3 | ||
| 4 | Update kenel audit range comments to show AppArmor's registered range of | |
| 5 | 1500-1599. This range used to be reserved for LSPP but LSPP uses the | |
| 6 | SE Linux range and the range was given to AppArmor. | |
| 7 | Adds necessary export symbols for audit subsystem routines. | |
| 8 | Changes audit_log_vformat to be externally visible (analagous to vprintf) | |
| 9 | Patch is not in mainline -- pending AppArmor code submission to lkml | |
| 10 | ||
| 11 | Signed-off-by: Andreas Gruenbacher <agruen@suse.de> | |
| 12 | Signed-off-by: John Johansen <jjohansen@suse.de> | |
| 13 | ||
| 14 | --- | |
| 15 | include/linux/audit.h | 12 +++++++++++- | |
| 16 | kernel/audit.c | 6 ++++-- | |
| 17 | 2 files changed, 15 insertions(+), 3 deletions(-) | |
| 18 | ||
| 19 | --- a/include/linux/audit.h | |
| 20 | +++ b/include/linux/audit.h | |
| 21 | @@ -33,7 +33,7 @@ | |
| 22 | * 1200 - 1299 messages internal to the audit daemon | |
| 23 | * 1300 - 1399 audit event messages | |
| 24 | * 1400 - 1499 SE Linux use | |
| 25 | - * 1500 - 1599 kernel LSPP events | |
| 26 | + * 1500 - 1599 AppArmor use | |
| 27 | * 1600 - 1699 kernel crypto events | |
| 28 | * 1700 - 1799 kernel anomaly records | |
| 29 | * 1800 - 1999 future kernel use (maybe integrity labels and related events) | |
| 30 | @@ -119,6 +119,13 @@ | |
| 31 | #define AUDIT_MAC_UNLBL_STCADD 1416 /* NetLabel: add a static label */ | |
| 32 | #define AUDIT_MAC_UNLBL_STCDEL 1417 /* NetLabel: del a static label */ | |
| 33 | ||
| 34 | +#define AUDIT_APPARMOR_AUDIT 1501 /* AppArmor audited grants */ | |
| 35 | +#define AUDIT_APPARMOR_ALLOWED 1502 /* Allowed Access for learning */ | |
| 36 | +#define AUDIT_APPARMOR_DENIED 1503 | |
| 37 | +#define AUDIT_APPARMOR_HINT 1504 /* Process Tracking information */ | |
| 38 | +#define AUDIT_APPARMOR_STATUS 1505 /* Changes in config */ | |
| 39 | +#define AUDIT_APPARMOR_ERROR 1506 /* Internal AppArmor Errors */ | |
| 40 | + | |
| 41 | #define AUDIT_FIRST_KERN_ANOM_MSG 1700 | |
| 42 | #define AUDIT_LAST_KERN_ANOM_MSG 1799 | |
| 43 | #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */ | |
| 44 | @@ -545,6 +552,9 @@ extern void audit_log(struct audit_ | |
| 45 | __attribute__((format(printf,4,5))); | |
| 46 | ||
| 47 | extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type); | |
| 48 | +extern void audit_log_vformat(struct audit_buffer *ab, | |
| 49 | + const char *fmt, va_list args) | |
| 50 | + __attribute__((format(printf,2,0))); | |
| 51 | extern void audit_log_format(struct audit_buffer *ab, | |
| 52 | const char *fmt, ...) | |
| 53 | __attribute__((format(printf,2,3))); | |
| 54 | --- a/kernel/audit.c | |
| 55 | +++ b/kernel/audit.c | |
| 56 | @@ -1231,8 +1231,7 @@ static inline int audit_expand(struct au | |
| 57 | * will be called a second time. Currently, we assume that a printk | |
| 58 | * can't format message larger than 1024 bytes, so we don't either. | |
| 59 | */ | |
| 60 | -static void audit_log_vformat(struct audit_buffer *ab, const char *fmt, | |
| 61 | - va_list args) | |
| 62 | +void audit_log_vformat(struct audit_buffer *ab, const char *fmt, va_list args) | |
| 63 | { | |
| 64 | int len, avail; | |
| 65 | struct sk_buff *skb; | |
| 66 | @@ -1506,3 +1505,6 @@ EXPORT_SYMBOL(audit_log_start); | |
| 67 | EXPORT_SYMBOL(audit_log_end); | |
| 68 | EXPORT_SYMBOL(audit_log_format); | |
| 69 | EXPORT_SYMBOL(audit_log); | |
| 70 | +EXPORT_SYMBOL_GPL(audit_log_vformat); | |
| 71 | +EXPORT_SYMBOL_GPL(audit_log_untrustedstring); | |
| 72 | +EXPORT_SYMBOL_GPL(audit_log_d_path); |