integrity: move integrity_audit_msg()
This patch moves the integrity_audit_msg() function and defintion to security/integrity/, the parent directory, renames the 'ima_audit' boot command line option to 'integrity_audit', and fixes the Kconfig help text to reflect the actual code. Changelog: - Fixed ifdef inclusion of integrity_audit_msg() (Fengguang Wu) Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
Mimi Zohar
64
security/integrity/integrity_audit.c
Normal file
64
security/integrity/integrity_audit.c
Normal file
@@ -0,0 +1,64 @@
|
||||
/*
|
||||
* Copyright (C) 2008 IBM Corporation
|
||||
* Author: Mimi Zohar <zohar@us.ibm.com>
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation, version 2 of the License.
|
||||
*
|
||||
* File: integrity_audit.c
|
||||
* Audit calls for the integrity subsystem
|
||||
*/
|
||||
|
||||
#include <linux/fs.h>
|
||||
#include <linux/gfp.h>
|
||||
#include <linux/audit.h>
|
||||
#include "integrity.h"
|
||||
|
||||
static int integrity_audit_info;
|
||||
|
||||
/* ima_audit_setup - enable informational auditing messages */
|
||||
static int __init integrity_audit_setup(char *str)
|
||||
{
|
||||
unsigned long audit;
|
||||
|
||||
if (!strict_strtoul(str, 0, &audit))
|
||||
integrity_audit_info = audit ? 1 : 0;
|
||||
return 1;
|
||||
}
|
||||
__setup("integrity_audit=", integrity_audit_setup);
|
||||
|
||||
void integrity_audit_msg(int audit_msgno, struct inode *inode,
|
||||
const unsigned char *fname, const char *op,
|
||||
const char *cause, int result, int audit_info)
|
||||
{
|
||||
struct audit_buffer *ab;
|
||||
|
||||
if (!integrity_audit_info && audit_info == 1) /* Skip info messages */
|
||||
return;
|
||||
|
||||
ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno);
|
||||
audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u",
|
||||
current->pid,
|
||||
from_kuid(&init_user_ns, current_cred()->uid),
|
||||
from_kuid(&init_user_ns, audit_get_loginuid(current)),
|
||||
audit_get_sessionid(current));
|
||||
audit_log_task_context(ab);
|
||||
audit_log_format(ab, " op=");
|
||||
audit_log_string(ab, op);
|
||||
audit_log_format(ab, " cause=");
|
||||
audit_log_string(ab, cause);
|
||||
audit_log_format(ab, " comm=");
|
||||
audit_log_untrustedstring(ab, current->comm);
|
||||
if (fname) {
|
||||
audit_log_format(ab, " name=");
|
||||
audit_log_untrustedstring(ab, fname);
|
||||
}
|
||||
if (inode) {
|
||||
audit_log_format(ab, " dev=");
|
||||
audit_log_untrustedstring(ab, inode->i_sb->s_id);
|
||||
audit_log_format(ab, " ino=%lu", inode->i_ino);
|
||||
}
|
||||
audit_log_format(ab, " res=%d", !result);
|
||||
audit_log_end(ab);
|
||||
}
|
||||
Reference in New Issue
Block a user