From: Kentaro Takeda <takedakn@nttdata.co.jp>
To: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org
Subject: [TOMOYO 7/9] Auditing interface.
Date: Thu, 14 Jun 2007 16:38:04 +0900 [thread overview]
Message-ID: <4670F05C.4070509@nttdata.co.jp> (raw)
In-Reply-To: <5fb14edc0706140030x4a906178ofd35df06dfa5c192@mail.gmail.com>
This patch makes access logs sent to auditing subsystem.
Although TOMOYO Linux has /proc interface for access logs,
we were advised to use auditing subsystem (after we introduced
TOMOYO Linux 1.0 on December 2005, http://lkml.org/lkml/2005/12/21/63 )
and we did so in TOMOYO Linux 2.0.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---------------
security/tomoyo/audit.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 52 insertions(+)
diff -ubBpErN linux-2.6.21.5/security/tomoyo/audit.c linux-2.6.21.5-tomoyo/security/tomoyo/audit.c
--- linux-2.6.21.5/security/tomoyo/audit.c 1970-01-01 09:00:00.000000000 +0900
+++ linux-2.6.21.5-tomoyo/security/tomoyo/audit.c 2007-06-14 15:06:10.000000000 +0900
@@ -0,0 +1,52 @@
+/*
+ * security/tomoyo/audit.c
+ *
+ * Audit functions for TOMOYO Linux
+ *
+ * Copyright (C) 2005-2007 NTT DATA CORPORATION
+ *
+ * Version: 2.0 2007/06/05
+ */
+
+#include "tomoyo.h"
+#include <linux/audit.h>
+
+/* move to include/linux/audit.h */
+#define AUDIT_TOMOYO 2001
+
+char *tomoyo_init_audit_log(int *len)
+{
+ char *buf;
+ struct timeval tv;
+ struct task_struct *task = current;
+ const char *domainname =
+ ((struct tomoyo_security *) current->security)->domain_info->domainname->name;
+ do_gettimeofday(&tv);
+ *len += strlen(domainname) + 256;
+ if ((buf = tomoyo_alloc(*len)) != NULL)
+ snprintf(buf,
+ (*len) - 1,
+ "#timestamp=%lu pid=%d uid=%d gid=%d euid=%d egid=%d "
+ "suid=%d sgid=%d fsuid=%d fsgid=%d\n%s\n",
+ tv.tv_sec, task->pid, task->uid, task->gid, task->euid, task->egid,
+ task->suid, task->sgid, task->fsuid, task->fsgid, domainname);
+ return buf;
+}
+
+/*
+ * Write audit log.
+ * Caller must allocate buf with tomoyo_init_audit_log().
+ */
+int tomoyo_write_audit_log(char *buf, const int is_granted)
+{
+ struct audit_buffer *ab;
+ ab = audit_log_start(current->audit_context, GFP_KERNEL, AUDIT_TOMOYO);
+ if (ab) {
+ audit_log_format(ab,
+ "%s\n%s",
+ is_granted ? "TOMOYO_GRANT_LOG" : "TOMOYO_REJECT_LOG", buf);
+ audit_log_end(ab);
+ }
+ tomoyo_free(buf);
+ return ab ? 0 : -ENOMEM;
+}
---------------
next prev parent reply other threads:[~2007-06-14 7:38 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-14 7:30 [TOMOYO 0/9] TOMOYO Linux security module Kentaro Takeda
2007-06-14 7:32 ` [TOMOYO 1/9] Allow use of namespace_sem from LSM module Kentaro Takeda
2007-06-14 16:13 ` Pavel Machek
2007-06-15 2:53 ` Kentaro Takeda
2007-06-14 7:33 ` [TOMOYO 2/9] Kconfig and Makefile for TOMOYO Linux Kentaro Takeda
2007-06-14 7:34 ` [TOMOYO 3/9] Data structures and prototypes definition Kentaro Takeda
2007-06-14 7:34 ` [TOMOYO 4/9] LSM adapter for TOMOYO Kentaro Takeda
2007-06-14 7:36 ` [TOMOYO 5/9] Memory and pathname management functions Kentaro Takeda
2007-06-14 17:34 ` Christoph Hellwig
2007-06-15 1:19 ` Toshiharu Harada
2007-06-14 7:37 ` [TOMOYO 6/9] Utility functions and /proc interface for policy manipulation Kentaro Takeda
2007-06-14 7:38 ` Kentaro Takeda [this message]
2007-06-14 7:38 ` [TOMOYO 8/9] File access control functions Kentaro Takeda
2007-06-14 7:39 ` [TOMOYO 9/9] Domain transition handler functions Kentaro Takeda
2007-06-14 16:15 ` [TOMOYO 0/9] TOMOYO Linux security module Pavel Machek
2007-06-15 1:27 ` Kentaro Takeda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4670F05C.4070509@nttdata.co.jp \
--to=takedakn@nttdata.co.jp \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox