lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

LSM/Audit: Introduce generic Audit LSM hooks

Browse Source 
Introduce a generic Audit interface for security modules
by adding the following new LSM hooks:

audit_rule_init(field, op, rulestr, lsmrule)
audit_rule_known(krule)
audit_rule_match(secid, field, op, rule, actx)
audit_rule_free(rule)

Those hooks are only available if CONFIG_AUDIT is enabled.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: James Morris <jmorris@namei.org>
Reviewed-by: Paul Moore <paul.moore@hp.com>
This commit is contained in:
Ahmed S. Darwish
2008-03-01 22:00:05 +02:00
committed by James Morris
parent 6b89a74be0
commit 03d37d25e0
3 changed files with 127 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
security/security.c
View File

@ -1120,3 +1120,28 @@ int security_key_permission(key_ref_t key_ref,
}
#endif /* CONFIG_KEYS */
#ifdef CONFIG_AUDIT
int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
{
return security_ops->audit_rule_init(field, op, rulestr, lsmrule);
}
int security_audit_rule_known(struct audit_krule *krule)
{
return security_ops->audit_rule_known(krule);
}
void security_audit_rule_free(void *lsmrule)
{
security_ops->audit_rule_free(lsmrule);
}
int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
struct audit_context *actx)
{
return security_ops->audit_rule_match(secid, field, op, lsmrule, actx);
}
#endif /* CONFIG_AUDIT */