summaryrefslogtreecommitdiffstats
path: root/include/linux/audit.h
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2005-05-21 00:15:52 +0100
committerDavid Woodhouse <dwmw2@shinybook.infradead.org>2005-05-21 00:15:52 +0100
commit011161051bbc25f7f8b7df059dbd934c534443f0 (patch)
treef1ca3727e4130cacad86dfdae65e7533fcb67784 /include/linux/audit.h
parentfb19b4c6aa024837a0071f07baa07dbf49d07151 (diff)
downloadkernel-crypto-011161051bbc25f7f8b7df059dbd934c534443f0.tar.gz
kernel-crypto-011161051bbc25f7f8b7df059dbd934c534443f0.tar.xz
kernel-crypto-011161051bbc25f7f8b7df059dbd934c534443f0.zip
AUDIT: Avoid sleeping function in SElinux AVC audit.
This patch changes the SELinux AVC to defer logging of paths to the audit framework upon syscall exit, by saving a reference to the (dentry,vfsmount) pair in an auxiliary audit item on the current audit context for processing by audit_log_exit. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'include/linux/audit.h')
-rw-r--r--include/linux/audit.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 17ea5d522d8..4b7caf0c6e1 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -69,6 +69,7 @@
#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
+#define AUDIT_AVC_PATH 1402 /* dentry, vfsmount pair from avc */
#define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */
@@ -225,6 +226,7 @@ extern uid_t audit_get_loginuid(struct audit_context *ctx);
extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode);
extern int audit_socketcall(int nargs, unsigned long *args);
extern int audit_sockaddr(int len, void *addr);
+extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt);
extern void audit_signal_info(int sig, struct task_struct *t);
#else
#define audit_alloc(t) ({ 0; })
@@ -240,6 +242,7 @@ extern void audit_signal_info(int sig, struct task_struct *t);
#define audit_ipc_perms(q,u,g,m) ({ 0; })
#define audit_socketcall(n,a) ({ 0; })
#define audit_sockaddr(len, addr) ({ 0; })
+#define audit_avc_path(dentry, mnt) ({ 0; })
#define audit_signal_info(s,t) do { ; } while (0)
#endif