Signed-off-by: KaiGai Kohei -- audit_logging.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ libaudit.h | 3 ++ 2 files changed, 60 insertions(+) Index: audit/lib/libaudit.h =================================================================== --- audit/lib/libaudit.h (revision 267) +++ audit/lib/libaudit.h (working copy) @@ -562,6 +562,9 @@ const char *old_seuser, const char *old_role, const char *old_range, const char *host, const char *addr, const char *tty, int result); +extern int audit_log_database_message(int audit_fd, int type, + const char *message, const char *hostname, const char *addr, + const char *dbuser); extern int audit_log_user_command(int audit_fd, int type, const char *command, const char *tty, int result); Index: audit/lib/audit_logging.c =================================================================== --- audit/lib/audit_logging.c (revision 267) +++ audit/lib/audit_logging.c (working copy) @@ -623,6 +623,63 @@ /* * This function will log a message to the audit system using a predefined + * message format. This function should be used by database management system + * as a SELinux object managers. + * + * audit_fd - The fd returned by audit_open + * type - type of message, ex: AUDIT_USER_AVC + * message - the message being sent + * hostname - the hostname if known + * addr - The network address of the client + * dbuser - The name of database user + * + * It returns the sequence number which is > 0 on success or <= 0 on error. + */ +int audit_log_database_message(int audit_fd, int type, const char *message, + const char *hostname, const char *addr, const char *dbuser) +{ + char buf[MAX_AUDIT_MESSAGE_LENGTH]; + char addrbuf[INET6_ADDRSTRLEN]; + int retval; + + if (audit_fd < 0) + return 0; + + if (hostname && *hostname == '\0') + hostname = NULL; + addrbuf[0] = '\0'; + + if (addr == NULL || strlen(addr) == 0) + _resolve_addr(addrbuf, hostname); + else + strncat(addrbuf, addr, sizeof(addrbuf)-1); + + if (dbuser && *dbuser == '\0') + dbuser = NULL; + + snprintf(buf, sizeof(buf), + "%s: (dbuser=%s, hostname=%s, addr=%s)", + message, + dbuser ? dbuser : "?", + hostname ? hostname : "?", + addr ? addr : "?"); + + errno = 0; + retval = audit_send_user_message(audit_fd, type, REAL_ERR, buf); + if (retval == -EPERM && getuid != 0) { + syslog(LOG_ERR, "Can't send to audit system: %s %s", + audit_msg_type_to_name(type), buf); + return 0; + } + + if ((retval < 1) && errno == 0) + errno = retval; + + return retval; +} + +/* + * This function will log a message to the audit system using a predefined * message format. This function should be used by all console apps that do * not manipulate accounts or groups. *