From 2532386f480eefbdd67b48be55fb4fb3e5a6081c Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 18 Apr 2008 10:09:25 -0400 Subject: Audit: collect sessionid in netlink messages Previously I added sessionid output to all audit messages where it was available but we still didn't know the sessionid of the sender of netlink messages. This patch adds that information to netlink messages so we can audit who sent netlink messages. Signed-off-by: Eric Paris Signed-off-by: Al Viro --- security/smack/smackfs.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'security') diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 6ba283783b7..5d1bee0fa51 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -324,6 +324,7 @@ void smk_cipso_doi(void) struct netlbl_audit audit_info; audit_info.loginuid = audit_get_loginuid(current); + audit_info.sessionid = audit_get_sessionid(current); audit_info.secid = smack_to_secid(current->security); rc = netlbl_cfg_map_del(NULL, &audit_info); @@ -356,6 +357,7 @@ void smk_unlbl_ambient(char *oldambient) struct netlbl_audit audit_info; audit_info.loginuid = audit_get_loginuid(current); + audit_info.sessionid = audit_get_sessionid(current); audit_info.secid = smack_to_secid(current->security); if (oldambient != NULL) { -- cgit v1.2.3-18-g5258 From b556f8ad58c6e9f8f485c8cef7546e3fc82c382a Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Fri, 18 Apr 2008 10:12:59 -0400 Subject: Audit: standardize string audit interfaces This patch standardized the string auditing interfaces. No userspace changes will be visible and this is all just cleanup and consistancy work. We have the following string audit interfaces to use: void audit_log_n_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len); void audit_log_n_string(struct audit_buffer *ab, const char *buf, size_t n); void audit_log_string(struct audit_buffer *ab, const char *buf); void audit_log_n_untrustedstring(struct audit_buffer *ab, const char *string, size_t n); void audit_log_untrustedstring(struct audit_buffer *ab, const char *string); This may be the first step to possibly fixing some of the issues that people have with the string output from the kernel audit system. But we still don't have an agreed upon solution to that problem. Signed-off-by: Eric Paris Signed-off-by: Al Viro --- security/selinux/avc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'security') diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 95a8ef4a507..114b4b4c97b 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -646,7 +646,7 @@ void avc_audit(u32 ssid, u32 tsid, if (*p) audit_log_untrustedstring(ab, p); else - audit_log_hex(ab, p, len); + audit_log_n_hex(ab, p, len); break; } } -- cgit v1.2.3-18-g5258