linux-pinenote/arch/x86/kernel/audit_64.c

#include <linux/init.h>
#include <linux/types.h>
#include <linux/audit.h>
#include <asm/unistd.h>

static unsigned dir_class[] = {
#include <asm-generic/audit_dir_write.h>
~0U
};

static unsigned read_class[] = {
#include <asm-generic/audit_read.h>
~0U
};

static unsigned write_class[] = {
#include <asm-generic/audit_write.h>
~0U
};

static unsigned chattr_class[] = {
#include <asm-generic/audit_change_attr.h>
~0U
};

static unsigned signal_class[] = {
#include <asm-generic/audit_signal.h>
~0U
};

int audit_classify_arch(int arch)
{
#ifdef CONFIG_IA32_EMULATION
	if (arch == AUDIT_ARCH_I386)
		return 1;
#endif
	return 0;
}

int audit_classify_syscall(int abi, unsigned syscall)
{
#ifdef CONFIG_IA32_EMULATION
	extern int ia32_classify_syscall(unsigned);
	if (abi == AUDIT_ARCH_I386)
		return ia32_classify_syscall(syscall);
#endif
	switch(syscall) {
	case __NR_open:
		return 2;
	case __NR_openat:
		return 3;
	case __NR_execve:
		return 5;
	default:
		return 0;
	}
}

static int __init audit_classes_init(void)
{
#ifdef CONFIG_IA32_EMULATION
	extern __u32 ia32_dir_class[];
	extern __u32 ia32_write_class[];
	extern __u32 ia32_read_class[];
	extern __u32 ia32_chattr_class[];
	extern __u32 ia32_signal_class[];
	audit_register_class(AUDIT_CLASS_WRITE_32, ia32_write_class);
	audit_register_class(AUDIT_CLASS_READ_32, ia32_read_class);
	audit_register_class(AUDIT_CLASS_DIR_WRITE_32, ia32_dir_class);
	audit_register_class(AUDIT_CLASS_CHATTR_32, ia32_chattr_class);
	audit_register_class(AUDIT_CLASS_SIGNAL_32, ia32_signal_class);
#endif
	audit_register_class(AUDIT_CLASS_WRITE, write_class);
	audit_register_class(AUDIT_CLASS_READ, read_class);
	audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class);
	audit_register_class(AUDIT_CLASS_CHATTR, chattr_class);
	audit_register_class(AUDIT_CLASS_SIGNAL, signal_class);
	return 0;
}

__initcall(audit_classes_init);
[PATCH] audit syscall classes Allow to tie upper bits of syscall bitmap in audit rules to kernel-defined sets of syscalls. Infrastructure, a couple of classes (with 32bit counterparts for biarch targets) and actual tie-in on i386, amd64 and ia64. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2006-07-01 03:56:16 -04:00			`#include <linux/init.h>`
			`#include <linux/types.h>`
			`#include <linux/audit.h>`
			`#include <asm/unistd.h>`

			`static unsigned dir_class[] = {`
			`#include <asm-generic/audit_dir_write.h>`
			`~0U`
			`};`

[PATCH] audit: more syscall classes added Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2006-08-31 19:05:56 -04:00			`static unsigned read_class[] = {`
			`#include <asm-generic/audit_read.h>`
			`~0U`
			`};`

			`static unsigned write_class[] = {`
			`#include <asm-generic/audit_write.h>`
			`~0U`
			`};`

[PATCH] audit syscall classes Allow to tie upper bits of syscall bitmap in audit rules to kernel-defined sets of syscalls. Infrastructure, a couple of classes (with 32bit counterparts for biarch targets) and actual tie-in on i386, amd64 and ia64. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2006-07-01 03:56:16 -04:00			`static unsigned chattr_class[] = {`
			`#include <asm-generic/audit_change_attr.h>`
			`~0U`
			`};`

[PATCH] add SIGNAL syscall class (v3) Add a syscall class for sending signals. Signed-off-by: Amy Griffis <amy.griffis@hp.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2007-03-29 18:00:37 -04:00			`static unsigned signal_class[] = {`
			`#include <asm-generic/audit_signal.h>`
			`~0U`
			`};`

[PATCH] audit signal recipients When auditing syscalls that send signals, log the pid and security context for each target process. Optimize the data collection by adding a counter for signal-related rules, and avoiding allocating an aux struct unless we have more than one target process. For process groups, collect pid/context data in blocks of 16. Move the audit_signal_info() hook up in check_kill_permission() so we audit attempts where permission is denied. Signed-off-by: Amy Griffis <amy.griffis@hp.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2007-03-29 18:01:04 -04:00			`int audit_classify_arch(int arch)`
			`{`
			`#ifdef CONFIG_IA32_EMULATION`
			`if (arch == AUDIT_ARCH_I386)`
			`return 1;`
			`#endif`
			`return 0;`
			`}`

[PATCH] audit: AUDIT_PERM support add support for AUDIT_PERM predicate Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2006-08-31 19:26:40 -04:00			`int audit_classify_syscall(int abi, unsigned syscall)`
			`{`
			`#ifdef CONFIG_IA32_EMULATION`
			`extern int ia32_classify_syscall(unsigned);`
			`if (abi == AUDIT_ARCH_I386)`
			`return ia32_classify_syscall(syscall);`
			`#endif`
			`switch(syscall) {`
			`case __NR_open:`
			`return 2;`
			`case __NR_openat:`
			`return 3;`
			`case __NR_execve:`
			`return 5;`
			`default:`
			`return 0;`
			`}`
			`}`

[PATCH] audit syscall classes Allow to tie upper bits of syscall bitmap in audit rules to kernel-defined sets of syscalls. Infrastructure, a couple of classes (with 32bit counterparts for biarch targets) and actual tie-in on i386, amd64 and ia64. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2006-07-01 03:56:16 -04:00			`static int __init audit_classes_init(void)`
			`{`
			`#ifdef CONFIG_IA32_EMULATION`
			`extern __u32 ia32_dir_class[];`
[PATCH] audit: more syscall classes added Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2006-08-31 19:05:56 -04:00			`extern __u32 ia32_write_class[];`
			`extern __u32 ia32_read_class[];`
[PATCH] audit syscall classes Allow to tie upper bits of syscall bitmap in audit rules to kernel-defined sets of syscalls. Infrastructure, a couple of classes (with 32bit counterparts for biarch targets) and actual tie-in on i386, amd64 and ia64. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2006-07-01 03:56:16 -04:00			`extern __u32 ia32_chattr_class[];`
[PATCH] add SIGNAL syscall class (v3) Add a syscall class for sending signals. Signed-off-by: Amy Griffis <amy.griffis@hp.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2007-03-29 18:00:37 -04:00			`extern __u32 ia32_signal_class[];`
[PATCH] audit: more syscall classes added Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2006-08-31 19:05:56 -04:00			`audit_register_class(AUDIT_CLASS_WRITE_32, ia32_write_class);`
			`audit_register_class(AUDIT_CLASS_READ_32, ia32_read_class);`
[PATCH] audit syscall classes Allow to tie upper bits of syscall bitmap in audit rules to kernel-defined sets of syscalls. Infrastructure, a couple of classes (with 32bit counterparts for biarch targets) and actual tie-in on i386, amd64 and ia64. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2006-07-01 03:56:16 -04:00			`audit_register_class(AUDIT_CLASS_DIR_WRITE_32, ia32_dir_class);`
			`audit_register_class(AUDIT_CLASS_CHATTR_32, ia32_chattr_class);`
[PATCH] add SIGNAL syscall class (v3) Add a syscall class for sending signals. Signed-off-by: Amy Griffis <amy.griffis@hp.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2007-03-29 18:00:37 -04:00			`audit_register_class(AUDIT_CLASS_SIGNAL_32, ia32_signal_class);`
[PATCH] audit syscall classes Allow to tie upper bits of syscall bitmap in audit rules to kernel-defined sets of syscalls. Infrastructure, a couple of classes (with 32bit counterparts for biarch targets) and actual tie-in on i386, amd64 and ia64. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2006-07-01 03:56:16 -04:00			`#endif`
[PATCH] audit: more syscall classes added Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2006-08-31 19:05:56 -04:00			`audit_register_class(AUDIT_CLASS_WRITE, write_class);`
			`audit_register_class(AUDIT_CLASS_READ, read_class);`
[PATCH] audit syscall classes Allow to tie upper bits of syscall bitmap in audit rules to kernel-defined sets of syscalls. Infrastructure, a couple of classes (with 32bit counterparts for biarch targets) and actual tie-in on i386, amd64 and ia64. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2006-07-01 03:56:16 -04:00			`audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class);`
			`audit_register_class(AUDIT_CLASS_CHATTR, chattr_class);`
[PATCH] add SIGNAL syscall class (v3) Add a syscall class for sending signals. Signed-off-by: Amy Griffis <amy.griffis@hp.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2007-03-29 18:00:37 -04:00			`audit_register_class(AUDIT_CLASS_SIGNAL, signal_class);`
[PATCH] audit syscall classes Allow to tie upper bits of syscall bitmap in audit rules to kernel-defined sets of syscalls. Infrastructure, a couple of classes (with 32bit counterparts for biarch targets) and actual tie-in on i386, amd64 and ia64. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 2006-07-01 03:56:16 -04:00			`return 0;`
			`}`

			`__initcall(audit_classes_init);`