Commit 03d37d25 authored by Ahmed S. Darwish's avatar Ahmed S. Darwish Committed by James Morris

LSM/Audit: Introduce generic Audit LSM hooks

Introduce a generic Audit interface for security modules
by adding the following new LSM hooks:

audit_rule_init(field, op, rulestr, lsmrule)
audit_rule_known(krule)
audit_rule_match(secid, field, op, rule, actx)
audit_rule_free(rule)

Those hooks are only available if CONFIG_AUDIT is enabled.
Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
Signed-off-by: default avatarAhmed S. Darwish <darwish.07@gmail.com>
Acked-by: default avatarJames Morris <jmorris@namei.org>
Reviewed-by: default avatarPaul Moore <paul.moore@hp.com>
parent 6b89a74b
......@@ -37,6 +37,7 @@
extern unsigned securebits;
struct ctl_table;
struct audit_krule;
/*
* These functions are in security/capability.c and are used
......@@ -1235,6 +1236,37 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
* @secdata contains the security context.
* @seclen contains the length of the security context.
*
* Security hooks for Audit
*
* @audit_rule_init:
* Allocate and initialize an LSM audit rule structure.
* @field contains the required Audit action. Fields flags are defined in include/linux/audit.h
* @op contains the operator the rule uses.
* @rulestr contains the context where the rule will be applied to.
* @lsmrule contains a pointer to receive the result.
* Return 0 if @lsmrule has been successfully set,
* -EINVAL in case of an invalid rule.
*
* @audit_rule_known:
* Specifies whether given @rule contains any fields related to current LSM.
* @rule contains the audit rule of interest.
* Return 1 in case of relation found, 0 otherwise.
*
* @audit_rule_match:
* Determine if given @secid matches a rule previously approved
* by @audit_rule_known.
* @secid contains the security id in question.
* @field contains the field which relates to current LSM.
* @op contains the operator that will be used for matching.
* @rule points to the audit rule that will be checked against.
* @actx points to the audit context associated with the check.
* Return 1 if secid matches the rule, 0 if it does not, -ERRNO on failure.
*
* @audit_rule_free:
* Deallocate the LSM audit rule structure previously allocated by
* audit_rule_init.
* @rule contains the allocated rule
*
* This is the main security structure.
*/
struct security_operations {
......@@ -1494,6 +1526,13 @@ struct security_operations {
#endif /* CONFIG_KEYS */
#ifdef CONFIG_AUDIT
int (*audit_rule_init)(u32 field, u32 op, char *rulestr, void **lsmrule);
int (*audit_rule_known)(struct audit_krule *krule);
int (*audit_rule_match)(u32 secid, u32 field, u32 op, void *lsmrule,
struct audit_context *actx);
void (*audit_rule_free)(void *lsmrule);
#endif /* CONFIG_AUDIT */
};
/* prototypes */
......@@ -2700,5 +2739,38 @@ static inline int security_key_permission(key_ref_t key_ref,
#endif
#endif /* CONFIG_KEYS */
#ifdef CONFIG_AUDIT
#ifdef CONFIG_SECURITY
int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
int security_audit_rule_known(struct audit_krule *krule);
int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
struct audit_context *actx);
void security_audit_rule_free(void *lsmrule);
#else
static inline int security_audit_rule_init(u32 field, u32 op, char *rulestr,
void **lsmrule)
{
return 0;
}
static inline int security_audit_rule_known(struct audit_krule *krule)
{
return 0;
}
static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
void *lsmrule, struct audit_context *actx)
{
return 0;
}
static inline void security_audit_rule_free(void *lsmrule)
{ }
#endif /* CONFIG_SECURITY */
#endif /* CONFIG_AUDIT */
#endif /* ! __LINUX_SECURITY_H */
......@@ -993,6 +993,30 @@ static inline int dummy_key_permission(key_ref_t key_ref,
}
#endif /* CONFIG_KEYS */
#ifdef CONFIG_AUDIT
static inline int dummy_audit_rule_init(u32 field, u32 op, char *rulestr,
void **lsmrule)
{
return 0;
}
static inline int dummy_audit_rule_known(struct audit_krule *krule)
{
return 0;
}
static inline int dummy_audit_rule_match(u32 secid, u32 field, u32 op,
void *lsmrule,
struct audit_context *actx)
{
return 0;
}
static inline void dummy_audit_rule_free(void *lsmrule)
{ }
#endif /* CONFIG_AUDIT */
struct security_operations dummy_security_ops;
#define set_to_dummy_if_null(ops, function) \
......@@ -1182,6 +1206,11 @@ void security_fixup_ops (struct security_operations *ops)
set_to_dummy_if_null(ops, key_free);
set_to_dummy_if_null(ops, key_permission);
#endif /* CONFIG_KEYS */
#ifdef CONFIG_AUDIT
set_to_dummy_if_null(ops, audit_rule_init);
set_to_dummy_if_null(ops, audit_rule_known);
set_to_dummy_if_null(ops, audit_rule_match);
set_to_dummy_if_null(ops, audit_rule_free);
#endif
}
......@@ -1120,3 +1120,28 @@ int security_key_permission(key_ref_t key_ref,
}
#endif /* CONFIG_KEYS */
#ifdef CONFIG_AUDIT
int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
{
return security_ops->audit_rule_init(field, op, rulestr, lsmrule);
}
int security_audit_rule_known(struct audit_krule *krule)
{
return security_ops->audit_rule_known(krule);
}
void security_audit_rule_free(void *lsmrule)
{
security_ops->audit_rule_free(lsmrule);
}
int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
struct audit_context *actx)
{
return security_ops->audit_rule_match(secid, field, op, lsmrule, actx);
}
#endif /* CONFIG_AUDIT */
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment