Merge branch 'audit' into integration

1 files changed, 55 insertions, 0 deletions

diff --git a/include/linux/audit.h b/include/linux/audit.h
index 3c7a358241a..cfb33639566 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -122,6 +122,11 @@
 #define AUDIT_MAC_UNLBL_STCADD	1416	/* NetLabel: add a static label */
 #define AUDIT_MAC_UNLBL_STCDEL	1417	/* NetLabel: del a static label */
 
+#define AUDIT_CRYPTO_STORAGE_KEY    1600 /* Key storage key configured */
+#define AUDIT_CRYPTO_USERSPACE_OP   1601 /* User-space crypto operation */
+#define AUDIT_CRYPTO_KEY_VALUE      1602 /* Public values of a key, immediatelly
+					    follows USERSPACE_OP. */
+
 #define AUDIT_FIRST_KERN_ANOM_MSG   1700
 #define AUDIT_LAST_KERN_ANOM_MSG    1799
 #define AUDIT_ANOM_PROMISCUOUS      1700 /* Device changed promiscuous mode */
@@ -207,6 +212,7 @@
 #define AUDIT_OBJ_TYPE	21
 #define AUDIT_OBJ_LEV_LOW	22
 #define AUDIT_OBJ_LEV_HIGH	23
+#define AUDIT_CRYPTO_OP	24
 
 				/* These are ONLY useful when checking
 				 * at syscall exit time (AUDIT_AT_EXIT). */
@@ -314,6 +320,20 @@ enum {
 #define AUDIT_PERM_READ		4
 #define AUDIT_PERM_ATTR		8
 
+#define AUDIT_CRYPTO_OP_CONTEXT_NEW	1
+#define AUDIT_CRYPTO_OP_CONTEXT_DEL	2
+#define AUDIT_CRYPTO_OP_SESSION_INIT	3
+#define AUDIT_CRYPTO_OP_SESSION_OP	4
+#define AUDIT_CRYPTO_OP_SESSION_FINAL	5
+#define AUDIT_CRYPTO_OP_KEY_IMPORT	6
+#define AUDIT_CRYPTO_OP_KEY_EXPORT	7
+#define AUDIT_CRYPTO_OP_KEY_WRAP	8
+#define AUDIT_CRYPTO_OP_KEY_UNWRAP	9
+#define AUDIT_CRYPTO_OP_KEY_GEN		10
+#define AUDIT_CRYPTO_OP_KEY_DERIVE	11
+#define AUDIT_CRYPTO_OP_KEY_ZEROIZE	12
+#define AUDIT_CRYPTO_OP_KEY_GET_INFO	13
+
 struct audit_status {
 	__u32		mask;		/* Bit mask for valid entries */
 	__u32		enabled;	/* 1 = enabled, 0 = disabled */
@@ -404,6 +424,12 @@ struct audit_field {
 	void				*lsm_rule;
 };
 
+struct audit_crypto_value {
+	char name;
+	void *value;
+	size_t value_size;
+};
+
 #define AUDITSC_INVALID 0
 #define AUDITSC_SUCCESS 1
 #define AUDITSC_FAILURE 2
@@ -479,6 +505,12 @@ extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
 				  const struct cred *new,
 				  const struct cred *old);
 extern void __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old);
+extern int __audit_log_crypto_op(int op, int context, int session,
+				 const char *operation, const char *algorithm,
+				 int key1, void *key1_id, size_t key1_id_size,
+				 int key2, void *key2_id, size_t key2_id_size);
+extern void __audit_log_crypto_values(const struct audit_crypto_value *values,
+				      size_t num_values);
 
 static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
 {
@@ -532,6 +564,27 @@ static inline void audit_log_capset(pid_t pid, const struct cred *new,
 		__audit_log_capset(pid, new, old);
 }
 
+static inline int audit_log_crypto_op(int op, int context, int session,
+				      const char *operation,
+				      const char *algorithm, int key1,
+				      void *key1_id, size_t key1_id_size,
+				      int key2, void *key2_id,
+				      size_t key2_id_size)
+{
+	if (likely(audit_dummy_context()))
+		return 0;
+	return __audit_log_crypto_op(op, context, session, operation, algorithm,
+				     key1, key1_id, key1_id_size, key2, key2_id,
+				     key2_id_size);
+}
+
+static inline void audit_log_crypto_values(const struct audit_crypto_value *a,
+					   size_t num_values)
+{
+	if (unlikely(!audit_dummy_context()))
+		__audit_log_crypto_values(a, num_values);
+}
+
 extern int audit_n_rules;
 extern int audit_signals;
 #else
@@ -565,6 +618,8 @@ extern int audit_signals;
 #define audit_mq_getsetattr(d,s) ((void)0)
 #define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; })
 #define audit_log_capset(pid, ncr, ocr) ((void)0)
+#define audit_log_crypto_op(op, ctx, sess, k1, id1, size1, k2, id2, size2) (0)
+#define audit_log_crypto_values(a, values, num_values) ((void)0)
 #define audit_ptrace(t) ((void)0)
 #define audit_n_rules 0
 #define audit_signals 0