提交 · 6e65f92ff0d6f18580737321718d09035085a3fb · openeuler / Kernel

17 8月, 2009 1 次提交

SELinux: Convert avc_audit to use lsm_audit.h · 2bf49690

由 Thomas Liu 提交于 7月 14, 2009

Convert avc_audit in security/selinux/avc.c to use lsm_audit.h,
for better maintainability.

 - changed selinux to use common_audit_data instead of
    avc_audit_data
 - eliminated code in avc.c and used code from lsm_audit.h instead.

Had to add a LSM_AUDIT_NO_AUDIT to lsm_audit.h so that avc_audit
can call common_lsm_audit and do the pre and post callbacks without
doing the actual dump.  This makes it so that the patched version
behaves the same way as the unpatched version.

Also added a denied field to the selinux_audit_data private space,
once again to make it so that the patched version behaves like the
unpatched.

I've tested and confirmed that AVCs look the same before and after
this patch.
Signed-off-by: NThomas Liu <tliu@redhat.com>
Acked-by: NStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: NJames Morris <jmorris@namei.org>

2bf49690

10 7月, 2009 3 次提交

security: Wrap SMACK and SELINUX audit data structs in ifdefs · 65c3f0a2

由 Thomas Liu 提交于 7月 09, 2009

Wrapped the smack_audit_data and selinux_audit_data
structs in include/linux/lsm_audit.h in ifdefs so that the
union will always be the correct size.
Signed-off-by: NThomas Liu <tliu@redhat.com>
Acked-by: NEric Paris <eparis@redhat.com>
Signed-off-by: NJames Morris <jmorris@namei.org>

65c3f0a2

security: Make lsm_priv union in lsm_audit.h anonymous · d4131ded

由 Thomas Liu 提交于 7月 09, 2009

Made the lsm_priv union in include/linux/lsm_audit.h
anonymous.
Signed-off-by: NThomas Liu <tliu@redhat.com>
Acked-by: NEric Paris <eparis@redhat.com>
Signed-off-by: NJames Morris <jmorris@namei.org>

d4131ded

Move variable function in lsm_audit.h into SMACK private space · ed5215a2

由 Thomas Liu 提交于 7月 09, 2009

Moved variable function in include/linux/lsm_audit.h into the
smack_audit_data struct since it is never used outside of it.

Also removed setting of function in the COMMON_AUDIT_DATA_INIT
macro because that variable is now private to SMACK.
Signed-off-by: NThomas Liu <tliu@redhat.com>
Acked-by: NEric Paris <eparis@redhat.com>
I-dont-see-any-problems-with-it: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: NJames Morris <jmorris@namei.org>

ed5215a2

14 4月, 2009 1 次提交

smack: implement logging V3 · 6e837fb1

由 Etienne Basset 提交于 4月 08, 2009

This patch creates auditing functions usable by LSM to audit security
events. It provides standard dumping of FS, NET, task etc ... events
(code borrowed from SELinux)
and provides 2 callbacks to define LSM specific auditing, which should be
flexible enough to convert SELinux too.
Signed-off-by: NEtienne Basset <etienne.basset@numericable.fr>
Acked-by: NCasey Schaufler <casey@schaufler-ca.com>
cked-by: NEric Paris <eparis@redhat.com>
Signed-off-by: NJames Morris <jmorris@namei.org>

6e837fb1

openeuler / Kernel 1 年多 前同步成功

openeuler / Kernel
1 年多前同步成功