Commit af601e46 authored by Steve Grubb's avatar Steve Grubb Committed by Al Viro
Browse files

[PATCH] SE Linux audit events 



Attached is a patch that hardwires important SE Linux events to the audit
system. Please Apply.

Signed-off-by: default avatarSteve Grubb <sgrubb@redhat.com>
Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: default avatarDavid Woodhouse <dwmw2@infradead.org>
parent d884596f

include/linux/audit.h

+3 −0
Original line number Diff line number Diff line
@@ -83,6 +83,9 @@ 
#define AUDIT_AVC		1400	/* SE Linux avc denial or grant */

#define AUDIT_SELINUX_ERR	1401	/* Internal SE Linux Errors */

#define AUDIT_AVC_PATH		1402	/* dentry, vfsmount pair from avc */

#define AUDIT_MAC_POLICY_LOAD	1403	/* Policy file load */

#define AUDIT_MAC_STATUS	1404	/* Changed enforcing,permissive,off */

#define AUDIT_MAC_CONFIG_CHANGE	1405	/* Changes to booleans */



#define AUDIT_KERNEL		2000	/* Asynchronous audit record. NOT A REQUEST. */

security/selinux/selinuxfs.c

+11 −0
Original line number Diff line number Diff line
@@ -21,6 +21,7 @@ 
#include <linux/major.h>

#include <linux/seq_file.h>

#include <linux/percpu.h>

#include <linux/audit.h>

#include <asm/uaccess.h>

#include <asm/semaphore.h>
@@ -126,6 +127,10 @@ static ssize_t sel_write_enforce(struct file * file, const char __user * buf, 
		length = task_has_security(current, SECURITY__SETENFORCE);

		if (length)

			goto out;

		audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,

			"enforcing=%d old_enforcing=%d auid=%u", new_value, 

			selinux_enforcing,

			audit_get_loginuid(current->audit_context));

		selinux_enforcing = new_value;

		if (selinux_enforcing)

			avc_ss_reset(0);
@@ -176,6 +181,9 @@ static ssize_t sel_write_disable(struct file * file, const char __user * buf, 
		length = selinux_disable();

		if (length < 0)

			goto out;

		audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,

			"selinux=0 auid=%u",

			audit_get_loginuid(current->audit_context));

	}



	length = count;
@@ -261,6 +269,9 @@ static ssize_t sel_write_load(struct file * file, const char __user * buf, 
		length = ret;

	else

		length = count;

	audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,

		"policy loaded auid=%u",

		audit_get_loginuid(current->audit_context));

out:

	up(&sel_sem);

	vfree(data);

security/selinux/ss/services.c

+9 −6
Original line number Diff line number Diff line
@@ -1758,19 +1758,22 @@ int security_set_bools(int len, int *values) 
		goto out;

	}



	printk(KERN_INFO "security: committed booleans { ");

	for (i = 0; i < len; i++) {

		if (!!values[i] != policydb.bool_val_to_struct[i]->state) {

			audit_log(current->audit_context, GFP_ATOMIC,

				AUDIT_MAC_CONFIG_CHANGE,

				"bool=%s val=%d old_val=%d auid=%u",

				policydb.p_bool_val_to_name[i],

				!!values[i],

				policydb.bool_val_to_struct[i]->state,

				audit_get_loginuid(current->audit_context));

		}

		if (values[i]) {

			policydb.bool_val_to_struct[i]->state = 1;

		} else {

			policydb.bool_val_to_struct[i]->state = 0;

		}

		if (i != 0)

			printk(", ");

		printk("%s:%d", policydb.p_bool_val_to_name[i],

		       policydb.bool_val_to_struct[i]->state);

	}

	printk(" }\n");



	for (cur = policydb.cond_list; cur != NULL; cur = cur->next) {

		rc = evaluate_cond_node(&policydb, cur);

CRA Git | Maintained and supported by SUSTech CRA and CCSE