mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
72 lines
3 KiB
Diff
72 lines
3 KiB
Diff
From: Tony Jones <tonyj@suse.de>
|
|
Subject: Export audit subsystem for use by modules
|
|
|
|
Update kenel audit range comments to show AppArmor's registered range of
|
|
1500-1599. This range used to be reserved for LSPP but LSPP uses the
|
|
SE Linux range and the range was given to AppArmor.
|
|
Adds necessary export symbols for audit subsystem routines.
|
|
Changes audit_log_vformat to be externally visible (analagous to vprintf)
|
|
Patch is not in mainline -- pending AppArmor code submission to lkml
|
|
|
|
Signed-off-by: Andreas Gruenbacher <agruen@suse.de>
|
|
Signed-off-by: John Johansen <jjohansen@suse.de>
|
|
|
|
---
|
|
include/linux/audit.h | 12 +++++++++++-
|
|
kernel/audit.c | 6 ++++--
|
|
2 files changed, 15 insertions(+), 3 deletions(-)
|
|
|
|
--- a/include/linux/audit.h
|
|
+++ b/include/linux/audit.h
|
|
@@ -33,7 +33,7 @@
|
|
* 1200 - 1299 messages internal to the audit daemon
|
|
* 1300 - 1399 audit event messages
|
|
* 1400 - 1499 SE Linux use
|
|
- * 1500 - 1599 kernel LSPP events
|
|
+ * 1500 - 1599 AppArmor use
|
|
* 1600 - 1699 kernel crypto events
|
|
* 1700 - 1799 kernel anomaly records
|
|
* 1800 - 1999 future kernel use (maybe integrity labels and related events)
|
|
@@ -119,6 +119,13 @@
|
|
#define AUDIT_MAC_UNLBL_STCADD 1416 /* NetLabel: add a static label */
|
|
#define AUDIT_MAC_UNLBL_STCDEL 1417 /* NetLabel: del a static label */
|
|
|
|
+#define AUDIT_APPARMOR_AUDIT 1501 /* AppArmor audited grants */
|
|
+#define AUDIT_APPARMOR_ALLOWED 1502 /* Allowed Access for learning */
|
|
+#define AUDIT_APPARMOR_DENIED 1503
|
|
+#define AUDIT_APPARMOR_HINT 1504 /* Process Tracking information */
|
|
+#define AUDIT_APPARMOR_STATUS 1505 /* Changes in config */
|
|
+#define AUDIT_APPARMOR_ERROR 1506 /* Internal AppArmor Errors */
|
|
+
|
|
#define AUDIT_FIRST_KERN_ANOM_MSG 1700
|
|
#define AUDIT_LAST_KERN_ANOM_MSG 1799
|
|
#define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */
|
|
@@ -546,6 +553,9 @@ extern void audit_log(struct audit_
|
|
__attribute__((format(printf,4,5)));
|
|
|
|
extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);
|
|
+extern void audit_log_vformat(struct audit_buffer *ab,
|
|
+ const char *fmt, va_list args)
|
|
+ __attribute__((format(printf,2,0)));
|
|
extern void audit_log_format(struct audit_buffer *ab,
|
|
const char *fmt, ...)
|
|
__attribute__((format(printf,2,3)));
|
|
--- a/kernel/audit.c
|
|
+++ b/kernel/audit.c
|
|
@@ -1226,8 +1226,7 @@ static inline int audit_expand(struct au
|
|
* will be called a second time. Currently, we assume that a printk
|
|
* can't format message larger than 1024 bytes, so we don't either.
|
|
*/
|
|
-static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
|
|
- va_list args)
|
|
+void audit_log_vformat(struct audit_buffer *ab, const char *fmt, va_list args)
|
|
{
|
|
int len, avail;
|
|
struct sk_buff *skb;
|
|
@@ -1501,3 +1500,6 @@ EXPORT_SYMBOL(audit_log_start);
|
|
EXPORT_SYMBOL(audit_log_end);
|
|
EXPORT_SYMBOL(audit_log_format);
|
|
EXPORT_SYMBOL(audit_log);
|
|
+EXPORT_SYMBOL_GPL(audit_log_vformat);
|
|
+EXPORT_SYMBOL_GPL(audit_log_untrustedstring);
|
|
+EXPORT_SYMBOL_GPL(audit_log_d_path);
|