src/patches/suse-2.6.27.31/patches.apparmor/apparmor-audit.diff

   1 From: Tony Jones <tonyj@suse.de>
   2 Subject: Export audit subsystem for use by modules
   3
   4 Update kenel audit range comments to show AppArmor's registered range of
   5 1500-1599.  This range used to be reserved for LSPP but LSPP uses the
   6 SE Linux range and the range was given to AppArmor.
   7 Adds necessary export symbols for audit subsystem routines.
   8 Changes audit_log_vformat to be externally visible (analagous to vprintf)
   9 Patch is not in mainline -- pending AppArmor code submission to lkml
  10
  11 Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
  12 Signed-off-by: John Johansen <jjohansen@suse.de>
  13
  14 ---
  15  include/linux/audit.h |   12 +++++++++++-
  16  kernel/audit.c        |    6 ++++--
  17  2 files changed, 15 insertions(+), 3 deletions(-)
  18
  19 --- a/include/linux/audit.h
  20 +++ b/include/linux/audit.h
  21 @@ -33,7 +33,7 @@
  22   * 1200 - 1299 messages internal to the audit daemon
  23   * 1300 - 1399 audit event messages
  24   * 1400 - 1499 SE Linux use
  25 - * 1500 - 1599 kernel LSPP events
  26 + * 1500 - 1599 AppArmor use
  27   * 1600 - 1699 kernel crypto events
  28   * 1700 - 1799 kernel anomaly records
  29   * 1800 - 1999 future kernel use (maybe integrity labels and related events)
  30 @@ -119,6 +119,13 @@
  31  #define AUDIT_MAC_UNLBL_STCADD 1416    /* NetLabel: add a static label */
  32  #define AUDIT_MAC_UNLBL_STCDEL 1417    /* NetLabel: del a static label */
  33
  34 +#define AUDIT_APPARMOR_AUDIT   1501    /* AppArmor audited grants */
  35 +#define AUDIT_APPARMOR_ALLOWED 1502    /* Allowed Access for learning */
  36 +#define AUDIT_APPARMOR_DENIED  1503
  37 +#define AUDIT_APPARMOR_HINT    1504    /* Process Tracking information */
  38 +#define AUDIT_APPARMOR_STATUS  1505    /* Changes in config */
  39 +#define AUDIT_APPARMOR_ERROR   1506    /* Internal AppArmor Errors */
  40 +
  41  #define AUDIT_FIRST_KERN_ANOM_MSG   1700
  42  #define AUDIT_LAST_KERN_ANOM_MSG    1799
  43  #define AUDIT_ANOM_PROMISCUOUS      1700 /* Device changed promiscuous mode */
  44 @@ -545,6 +552,9 @@ extern void             audit_log(struct audit_
  45                                       __attribute__((format(printf,4,5)));
  46
  47  extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
  48 +extern void                audit_log_vformat(struct audit_buffer *ab,
  49 +                                             const char *fmt, va_list args)
  50 +                           __attribute__((format(printf,2,0)));
  51  extern void                audit_log_format(struct audit_buffer *ab,
  52                                              const char *fmt, ...)
  53                             __attribute__((format(printf,2,3)));
  54 --- a/kernel/audit.c
  55 +++ b/kernel/audit.c
  56 @@ -1231,8 +1231,7 @@ static inline int audit_expand(struct au
  57   * will be called a second time.  Currently, we assume that a printk
  58   * can't format message larger than 1024 bytes, so we don't either.
  59   */
  60 -static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
  61 -                             va_list args)
  62 +void audit_log_vformat(struct audit_buffer *ab, const char *fmt, va_list args)
  63  {
  64         int len, avail;
  65         struct sk_buff *skb;
  66 @@ -1506,3 +1505,6 @@ EXPORT_SYMBOL(audit_log_start);
  67  EXPORT_SYMBOL(audit_log_end);
  68  EXPORT_SYMBOL(audit_log_format);
  69  EXPORT_SYMBOL(audit_log);
  70 +EXPORT_SYMBOL_GPL(audit_log_vformat);
  71 +EXPORT_SYMBOL_GPL(audit_log_untrustedstring);
  72 +EXPORT_SYMBOL_GPL(audit_log_d_path);