integrity: audit update

Based on discussions on linux-audit, as per Steve Grubb's request
http://lkml.org/lkml/2009/2/6/269, the following changes were made:
- forced audit result to be either 0 or 1.
- made template names const
- Added new stand-alone message type: AUDIT_INTEGRITY_RULE

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Steve Grubb <sgrubb@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Mimi Zohar
2009-02-11 11:12:28 -05:00
committed by James Morris
parent ed850a52af
commit 523979adfa
7 changed files with 28 additions and 22 deletions

View File

@ -12,7 +12,6 @@
*/
#include <linux/module.h>
#include <linux/list.h>
#include <linux/audit.h>
#include <linux/security.h>
#include <linux/magic.h>
#include <linux/parser.h>
@ -239,8 +238,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
char *p;
int result = 0;
ab = audit_log_start(current->audit_context, GFP_KERNEL,
AUDIT_INTEGRITY_STATUS);
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE);
entry->action = -1;
while ((p = strsep(&rule, " \n")) != NULL) {
@ -345,15 +343,14 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
AUDIT_SUBJ_TYPE);
break;
case Opt_err:
printk(KERN_INFO "%s: unknown token: %s\n",
__FUNCTION__, p);
audit_log_format(ab, "UNKNOWN=%s ", p);
break;
}
}
if (entry->action == UNKNOWN)
result = -EINVAL;
audit_log_format(ab, "res=%d", result);
audit_log_format(ab, "res=%d", !result ? 0 : 1);
audit_log_end(ab);
return result;
}
@ -367,7 +364,7 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
*/
int ima_parse_add_rule(char *rule)
{
const char *op = "add_rule";
const char *op = "update_policy";
struct ima_measure_rule_entry *entry;
int result = 0;
int audit_info = 0;
@ -394,8 +391,12 @@ int ima_parse_add_rule(char *rule)
mutex_lock(&ima_measure_mutex);
list_add_tail(&entry->list, &measure_policy_rules);
mutex_unlock(&ima_measure_mutex);
} else
} else {
kfree(entry);
integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
NULL, op, "invalid policy", result,
audit_info);
}
return result;
}