[NetLabel]: add audit support for configuration changes

This patch adds audit support to NetLabel, including six new audit message types shown below. #define AUDIT_MAC_UNLBL_ACCEPT 1406 #define AUDIT_MAC_UNLBL_DENY 1407 #define AUDIT_MAC_CIPSOV4_ADD 1408 #define AUDIT_MAC_CIPSOV4_DEL 1409 #define AUDIT_MAC_MAP_ADD 1410 #define AUDIT_MAC_MAP_DEL 1411 Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: David S. Miller <davem@davemloft.net>
2006-09-28 14:51:47 -07:00
parent 8ea333eb5d
commit 32f50cdee6
11 changed files with 235 additions and 36 deletions
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -32,6 +32,9 @@
 #include <linux/types.h>
 #include <linux/list.h>
 #include <linux/socket.h>
+#include <linux/audit.h>
+#include <linux/tty.h>
+#include <linux/security.h>
 #include <net/sock.h>
 #include <net/netlink.h>
 #include <net/genetlink.h>
@@ -74,3 +77,91 @@ int netlbl_netlink_init(void)

 	return 0;
 }
+
+/*
+ * NetLabel Audit Functions
+ */
+
+/**
+ * netlbl_audit_start_common - Start an audit message
+ * @type: audit message type
+ * @secid: LSM context ID
+ *
+ * Description:
+ * Start an audit message using the type specified in @type and fill the audit
+ * message with some fields common to all NetLabel audit messages.  Returns
+ * a pointer to the audit buffer on success, NULL on failure.
+ *
+ */
+struct audit_buffer *netlbl_audit_start_common(int type, u32 secid)
+{
+	struct audit_context *audit_ctx = current->audit_context;
+	struct audit_buffer *audit_buf;
+	uid_t audit_loginuid;
+	const char *audit_tty;
+	char audit_comm[sizeof(current->comm)];
+	struct vm_area_struct *vma;
+	char *secctx;
+	u32 secctx_len;
+
+	audit_buf = audit_log_start(audit_ctx, GFP_ATOMIC, type);
+	if (audit_buf == NULL)
+		return NULL;
+
+	audit_loginuid = audit_get_loginuid(audit_ctx);
+	if (current->signal &&
+	    current->signal->tty &&
+	    current->signal->tty->name)
+		audit_tty = current->signal->tty->name;
+	else
+		audit_tty = "(none)";
+	get_task_comm(audit_comm, current);
+
+	audit_log_format(audit_buf,
+			 "netlabel: auid=%u uid=%u tty=%s pid=%d",
+			 audit_loginuid,
+			 current->uid,
+			 audit_tty,
+			 current->pid);
+	audit_log_format(audit_buf, " comm=");
+	audit_log_untrustedstring(audit_buf, audit_comm);
+	if (current->mm) {
+		down_read(&current->mm->mmap_sem);
+		vma = current->mm->mmap;
+		while (vma) {
+			if ((vma->vm_flags & VM_EXECUTABLE) &&
+			    vma->vm_file) {
+				audit_log_d_path(audit_buf,
+						 " exe=",
+						 vma->vm_file->f_dentry,
+						 vma->vm_file->f_vfsmnt);
+				break;
+			}
+			vma = vma->vm_next;
+		}
+		up_read(&current->mm->mmap_sem);
+	}
+
+	if (secid != 0 &&
+	    security_secid_to_secctx(secid, &secctx, &secctx_len) == 0)
+		audit_log_format(audit_buf, " subj=%s", secctx);
+
+	return audit_buf;
+}
+
+/**
+ * netlbl_audit_nomsg - Send an audit message without additional text
+ * @type: audit message type
+ * @secid: LSM context ID
+ *
+ * Description:
+ * Send an audit message with only the common NetLabel audit fields.
+ *
+ */
+void netlbl_audit_nomsg(int type, u32 secid)
+{
+	struct audit_buffer *audit_buf;
+
+	audit_buf = netlbl_audit_start_common(type, secid);
+	audit_log_end(audit_buf);
+}