summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2010-10-30 08:35:35 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2010-10-30 08:35:35 -0700
commit847f877600313e65c5659476b30d74a6f66e388e (patch)
treeb4390fb56dc3c9a47cb51f3a086515a376cffc0c /include
parent79346507ad48895f41b438fa562b1965721f36b9 (diff)
parent120a795da07c9a02221ca23464c28a7c6ad7de1d (diff)
Merge branch 'audit.b64' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b64' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: audit mmap audit: make link()/linkat() match "attribute change" predicate audit: Use rcu for task lookup protection audit: Do not send uninitialized data for AUDIT_TTY_GET audit: Call tty_audit_push_task() outside preempt disabled in untag_chunk() we need to do alloc_chunk() a bit earlier audit: make functions static Audit: add support to match lsm labels on user audit messages
Diffstat (limited to 'include')
-rw-r--r--include/asm-generic/audit_change_attr.h4
-rw-r--r--include/linux/audit.h9
-rw-r--r--include/linux/tty.h9
3 files changed, 18 insertions, 4 deletions
diff --git a/include/asm-generic/audit_change_attr.h b/include/asm-generic/audit_change_attr.h
index 50764550a60c..bcbab3e4a3be 100644
--- a/include/asm-generic/audit_change_attr.h
+++ b/include/asm-generic/audit_change_attr.h
@@ -20,3 +20,7 @@ __NR_chown32,
__NR_fchown32,
__NR_lchown32,
#endif
+__NR_link,
+#ifdef __NR_linkat
+__NR_linkat,
+#endif
diff --git a/include/linux/audit.h b/include/linux/audit.h
index e24afabc548f..8b5c0620abf9 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -102,6 +102,7 @@
#define AUDIT_EOE 1320 /* End of multi-record event */
#define AUDIT_BPRM_FCAPS 1321 /* Information about fcaps increasing perms */
#define AUDIT_CAPSET 1322 /* Record showing argument to sys_capset */
+#define AUDIT_MMAP 1323 /* Record showing descriptor and flags in mmap */
#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
@@ -478,6 +479,7 @@ extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
const struct cred *new,
const struct cred *old);
extern void __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old);
+extern void __audit_mmap_fd(int fd, int flags);
static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
{
@@ -531,6 +533,12 @@ static inline void audit_log_capset(pid_t pid, const struct cred *new,
__audit_log_capset(pid, new, old);
}
+static inline void audit_mmap_fd(int fd, int flags)
+{
+ if (unlikely(!audit_dummy_context()))
+ __audit_mmap_fd(fd, flags);
+}
+
extern int audit_n_rules;
extern int audit_signals;
#else
@@ -564,6 +572,7 @@ extern int audit_signals;
#define audit_mq_getsetattr(d,s) ((void)0)
#define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; })
#define audit_log_capset(pid, ncr, ocr) ((void)0)
+#define audit_mmap_fd(fd, flags) ((void)0)
#define audit_ptrace(t) ((void)0)
#define audit_n_rules 0
#define audit_signals 0
diff --git a/include/linux/tty.h b/include/linux/tty.h
index e500171c745f..2a754748dd5f 100644
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -541,8 +541,8 @@ extern void tty_audit_exit(void);
extern void tty_audit_fork(struct signal_struct *sig);
extern void tty_audit_tiocsti(struct tty_struct *tty, char ch);
extern void tty_audit_push(struct tty_struct *tty);
-extern void tty_audit_push_task(struct task_struct *tsk,
- uid_t loginuid, u32 sessionid);
+extern int tty_audit_push_task(struct task_struct *tsk,
+ uid_t loginuid, u32 sessionid);
#else
static inline void tty_audit_add_data(struct tty_struct *tty,
unsigned char *data, size_t size)
@@ -560,9 +560,10 @@ static inline void tty_audit_fork(struct signal_struct *sig)
static inline void tty_audit_push(struct tty_struct *tty)
{
}
-static inline void tty_audit_push_task(struct task_struct *tsk,
- uid_t loginuid, u32 sessionid)
+static inline int tty_audit_push_task(struct task_struct *tsk,
+ uid_t loginuid, u32 sessionid)
{
+ return 0;
}
#endif