From: Kentaro Takeda <takedakn@nttdata.co.jp>
To: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org
Subject: [TOMOYO 7/9] Auditing interface.
Date: Thu, 14 Jun 2007 16:38:04 +0900 [thread overview]
Message-ID: <4670F05C.4070509@nttdata.co.jp> (raw)
In-Reply-To: <5fb14edc0706140030x4a906178ofd35df06dfa5c192@mail.gmail.com>
This patch makes access logs sent to auditing subsystem.
Although TOMOYO Linux has /proc interface for access logs,
we were advised to use auditing subsystem (after we introduced
TOMOYO Linux 1.0 on December 2005, http://lkml.org/lkml/2005/12/21/63 )
and we did so in TOMOYO Linux 2.0.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---------------
security/tomoyo/audit.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 52 insertions(+)
diff -ubBpErN linux-2.6.21.5/security/tomoyo/audit.c linux-2.6.21.5-tomoyo/security/tomoyo/audit.c
--- linux-2.6.21.5/security/tomoyo/audit.c 1970-01-01 09:00:00.000000000 +0900
+++ linux-2.6.21.5-tomoyo/security/tomoyo/audit.c 2007-06-14 15:06:10.000000000 +0900
@@ -0,0 +1,52 @@
+/*
+ * security/tomoyo/audit.c
+ *
+ * Audit functions for TOMOYO Linux
+ *
+ * Copyright (C) 2005-2007 NTT DATA CORPORATION
+ *
+ * Version: 2.0 2007/06/05
+ */
+
+#include "tomoyo.h"
+#include <linux/audit.h>
+
+/* move to include/linux/audit.h */
+#define AUDIT_TOMOYO 2001
+
+char *tomoyo_init_audit_log(int *len)
+{
+ char *buf;
+ struct timeval tv;
+ struct task_struct *task = current;
+ const char *domainname =
+ ((struct tomoyo_security *) current->security)->domain_info->domainname->name;
+ do_gettimeofday(&tv);
+ *len += strlen(domainname) + 256;
+ if ((buf = tomoyo_alloc(*len)) != NULL)
+ snprintf(buf,
+ (*len) - 1,
+ "#timestamp=%lu pid=%d uid=%d gid=%d euid=%d egid=%d "
+ "suid=%d sgid=%d fsuid=%d fsgid=%d\n%s\n",
+ tv.tv_sec, task->pid, task->uid, task->gid, task->euid, task->egid,
+ task->suid, task->sgid, task->fsuid, task->fsgid, domainname);
+ return buf;
+}
+
+/*
+ * Write audit log.
+ * Caller must allocate buf with tomoyo_init_audit_log().
+ */
+int tomoyo_write_audit_log(char *buf, const int is_granted)
+{
+ struct audit_buffer *ab;
+ ab = audit_log_start(current->audit_context, GFP_KERNEL, AUDIT_TOMOYO);
+ if (ab) {
+ audit_log_format(ab,
+ "%s\n%s",
+ is_granted ? "TOMOYO_GRANT_LOG" : "TOMOYO_REJECT_LOG", buf);
+ audit_log_end(ab);
+ }
+ tomoyo_free(buf);
+ return ab ? 0 : -ENOMEM;
+}
---------------
next prev parent reply other threads:[~2007-06-14 7:38 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-14 7:30 [TOMOYO 0/9] TOMOYO Linux security module Kentaro Takeda
2007-06-14 7:32 ` [TOMOYO 1/9] Allow use of namespace_sem from LSM module Kentaro Takeda
2007-06-14 16:13 ` Pavel Machek
2007-06-15 2:53 ` Kentaro Takeda
2007-06-14 7:33 ` [TOMOYO 2/9] Kconfig and Makefile for TOMOYO Linux Kentaro Takeda
2007-06-14 7:34 ` [TOMOYO 3/9] Data structures and prototypes definition Kentaro Takeda
2007-06-14 7:34 ` [TOMOYO 4/9] LSM adapter for TOMOYO Kentaro Takeda
2007-06-14 7:36 ` [TOMOYO 5/9] Memory and pathname management functions Kentaro Takeda
2007-06-14 17:34 ` Christoph Hellwig
2007-06-15 1:19 ` Toshiharu Harada
2007-06-14 7:37 ` [TOMOYO 6/9] Utility functions and /proc interface for policy manipulation Kentaro Takeda
2007-06-14 7:38 ` Kentaro Takeda [this message]
2007-06-14 7:38 ` [TOMOYO 8/9] File access control functions Kentaro Takeda
2007-06-14 7:39 ` [TOMOYO 9/9] Domain transition handler functions Kentaro Takeda
2007-06-14 16:15 ` [TOMOYO 0/9] TOMOYO Linux security module Pavel Machek
2007-06-15 1:27 ` Kentaro Takeda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4670F05C.4070509@nttdata.co.jp \
--to=takedakn@nttdata.co.jp \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.