This patch makes access logs sent to auditing subsystem. Although TOMOYO Linux has /proc interface for access logs, we were advised to use auditing subsystem (after we introduced TOMOYO Linux 1.0 on December 2005, http://lkml.org/lkml/2005/12/21/63 ) and we did so in TOMOYO Linux 2.0.
Signed-off-by: Kentaro Takeda <[EMAIL PROTECTED]> Signed-off-by: Tetsuo Handa <[EMAIL PROTECTED]> --------------- security/tomoyo/audit.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff -ubBpErN linux-2.6.21.5/security/tomoyo/audit.c linux-2.6.21.5-tomoyo/security/tomoyo/audit.c --- linux-2.6.21.5/security/tomoyo/audit.c 1970-01-01 09:00:00.000000000 +0900 +++ linux-2.6.21.5-tomoyo/security/tomoyo/audit.c 2007-06-14 15:06:10.000000000 +0900 @@ -0,0 +1,52 @@ +/* + * security/tomoyo/audit.c + * + * Audit functions for TOMOYO Linux + * + * Copyright (C) 2005-2007 NTT DATA CORPORATION + * + * Version: 2.0 2007/06/05 + */ + +#include "tomoyo.h" +#include <linux/audit.h> + +/* move to include/linux/audit.h */ +#define AUDIT_TOMOYO 2001 + +char *tomoyo_init_audit_log(int *len) +{ + char *buf; + struct timeval tv; + struct task_struct *task = current; + const char *domainname = + ((struct tomoyo_security *) current->security)->domain_info->domainname->name; + do_gettimeofday(&tv); + *len += strlen(domainname) + 256; + if ((buf = tomoyo_alloc(*len)) != NULL) + snprintf(buf, + (*len) - 1, + "#timestamp=%lu pid=%d uid=%d gid=%d euid=%d egid=%d " + "suid=%d sgid=%d fsuid=%d fsgid=%d\n%s\n", + tv.tv_sec, task->pid, task->uid, task->gid, task->euid, task->egid, + task->suid, task->sgid, task->fsuid, task->fsgid, domainname); + return buf; +} + +/* + * Write audit log. + * Caller must allocate buf with tomoyo_init_audit_log(). + */ +int tomoyo_write_audit_log(char *buf, const int is_granted) +{ + struct audit_buffer *ab; + ab = audit_log_start(current->audit_context, GFP_KERNEL, AUDIT_TOMOYO); + if (ab) { + audit_log_format(ab, + "%s\n%s", + is_granted ? "TOMOYO_GRANT_LOG" : "TOMOYO_REJECT_LOG", buf); + audit_log_end(ab); + } + tomoyo_free(buf); + return ab ? 0 : -ENOMEM; +} --------------- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/