[PATCH] SE Linux audit events
Attached is a patch that hardwires important SE Linux events to the audit system. Please Apply. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
This commit is contained in:
parent
d884596f44
commit
af601e4623
3 changed files with 23 additions and 6 deletions
|
@ -83,6 +83,9 @@
|
|||
#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
|
||||
#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
|
||||
#define AUDIT_AVC_PATH 1402 /* dentry, vfsmount pair from avc */
|
||||
#define AUDIT_MAC_POLICY_LOAD 1403 /* Policy file load */
|
||||
#define AUDIT_MAC_STATUS 1404 /* Changed enforcing,permissive,off */
|
||||
#define AUDIT_MAC_CONFIG_CHANGE 1405 /* Changes to booleans */
|
||||
|
||||
#define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */
|
||||
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
#include <linux/major.h>
|
||||
#include <linux/seq_file.h>
|
||||
#include <linux/percpu.h>
|
||||
#include <linux/audit.h>
|
||||
#include <asm/uaccess.h>
|
||||
#include <asm/semaphore.h>
|
||||
|
||||
|
@ -126,6 +127,10 @@ static ssize_t sel_write_enforce(struct file * file, const char __user * buf,
|
|||
length = task_has_security(current, SECURITY__SETENFORCE);
|
||||
if (length)
|
||||
goto out;
|
||||
audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
|
||||
"enforcing=%d old_enforcing=%d auid=%u", new_value,
|
||||
selinux_enforcing,
|
||||
audit_get_loginuid(current->audit_context));
|
||||
selinux_enforcing = new_value;
|
||||
if (selinux_enforcing)
|
||||
avc_ss_reset(0);
|
||||
|
@ -176,6 +181,9 @@ static ssize_t sel_write_disable(struct file * file, const char __user * buf,
|
|||
length = selinux_disable();
|
||||
if (length < 0)
|
||||
goto out;
|
||||
audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
|
||||
"selinux=0 auid=%u",
|
||||
audit_get_loginuid(current->audit_context));
|
||||
}
|
||||
|
||||
length = count;
|
||||
|
@ -261,6 +269,9 @@ static ssize_t sel_write_load(struct file * file, const char __user * buf,
|
|||
length = ret;
|
||||
else
|
||||
length = count;
|
||||
audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
|
||||
"policy loaded auid=%u",
|
||||
audit_get_loginuid(current->audit_context));
|
||||
out:
|
||||
up(&sel_sem);
|
||||
vfree(data);
|
||||
|
|
|
@ -1758,19 +1758,22 @@ int security_set_bools(int len, int *values)
|
|||
goto out;
|
||||
}
|
||||
|
||||
printk(KERN_INFO "security: committed booleans { ");
|
||||
for (i = 0; i < len; i++) {
|
||||
if (!!values[i] != policydb.bool_val_to_struct[i]->state) {
|
||||
audit_log(current->audit_context, GFP_ATOMIC,
|
||||
AUDIT_MAC_CONFIG_CHANGE,
|
||||
"bool=%s val=%d old_val=%d auid=%u",
|
||||
policydb.p_bool_val_to_name[i],
|
||||
!!values[i],
|
||||
policydb.bool_val_to_struct[i]->state,
|
||||
audit_get_loginuid(current->audit_context));
|
||||
}
|
||||
if (values[i]) {
|
||||
policydb.bool_val_to_struct[i]->state = 1;
|
||||
} else {
|
||||
policydb.bool_val_to_struct[i]->state = 0;
|
||||
}
|
||||
if (i != 0)
|
||||
printk(", ");
|
||||
printk("%s:%d", policydb.p_bool_val_to_name[i],
|
||||
policydb.bool_val_to_struct[i]->state);
|
||||
}
|
||||
printk(" }\n");
|
||||
|
||||
for (cur = policydb.cond_list; cur != NULL; cur = cur->next) {
|
||||
rc = evaluate_cond_node(&policydb, cur);
|
||||
|
|
Loading…
Reference in a new issue