diff options
author | Miloslav Trmač <mitr@redhat.com> | 2010-09-07 00:06:02 +0200 |
---|---|---|
committer | Miloslav Trmač <mitr@redhat.com> | 2010-09-07 00:06:02 +0200 |
commit | cf4244a8063ca5a0062f3f065574b61b4faddf59 (patch) | |
tree | 4f66b07f3e56787d4d44c0ba536259e94914e434 /include | |
parent | 361ac15b28aed748245f8fe7a8ea349f17d4fe86 (diff) | |
parent | 9cf934e1a057a8dc4f36a1ad8d2822fb116374dd (diff) | |
download | kernel-crypto-cf4244a8063ca5a0062f3f065574b61b4faddf59.tar.gz kernel-crypto-cf4244a8063ca5a0062f3f065574b61b4faddf59.tar.xz kernel-crypto-cf4244a8063ca5a0062f3f065574b61b4faddf59.zip |
Merge branch 'audit' into integration
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/audit.h | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 3c7a358241a..cfb33639566 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -122,6 +122,11 @@ #define AUDIT_MAC_UNLBL_STCADD 1416 /* NetLabel: add a static label */ #define AUDIT_MAC_UNLBL_STCDEL 1417 /* NetLabel: del a static label */ +#define AUDIT_CRYPTO_STORAGE_KEY 1600 /* Key storage key configured */ +#define AUDIT_CRYPTO_USERSPACE_OP 1601 /* User-space crypto operation */ +#define AUDIT_CRYPTO_KEY_VALUE 1602 /* Public values of a key, immediatelly + follows USERSPACE_OP. */ + #define AUDIT_FIRST_KERN_ANOM_MSG 1700 #define AUDIT_LAST_KERN_ANOM_MSG 1799 #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */ @@ -207,6 +212,7 @@ #define AUDIT_OBJ_TYPE 21 #define AUDIT_OBJ_LEV_LOW 22 #define AUDIT_OBJ_LEV_HIGH 23 +#define AUDIT_CRYPTO_OP 24 /* These are ONLY useful when checking * at syscall exit time (AUDIT_AT_EXIT). */ @@ -314,6 +320,20 @@ enum { #define AUDIT_PERM_READ 4 #define AUDIT_PERM_ATTR 8 +#define AUDIT_CRYPTO_OP_CONTEXT_NEW 1 +#define AUDIT_CRYPTO_OP_CONTEXT_DEL 2 +#define AUDIT_CRYPTO_OP_SESSION_INIT 3 +#define AUDIT_CRYPTO_OP_SESSION_OP 4 +#define AUDIT_CRYPTO_OP_SESSION_FINAL 5 +#define AUDIT_CRYPTO_OP_KEY_IMPORT 6 +#define AUDIT_CRYPTO_OP_KEY_EXPORT 7 +#define AUDIT_CRYPTO_OP_KEY_WRAP 8 +#define AUDIT_CRYPTO_OP_KEY_UNWRAP 9 +#define AUDIT_CRYPTO_OP_KEY_GEN 10 +#define AUDIT_CRYPTO_OP_KEY_DERIVE 11 +#define AUDIT_CRYPTO_OP_KEY_ZEROIZE 12 +#define AUDIT_CRYPTO_OP_KEY_GET_INFO 13 + struct audit_status { __u32 mask; /* Bit mask for valid entries */ __u32 enabled; /* 1 = enabled, 0 = disabled */ @@ -404,6 +424,12 @@ struct audit_field { void *lsm_rule; }; +struct audit_crypto_value { + char name; + void *value; + size_t value_size; +}; + #define AUDITSC_INVALID 0 #define AUDITSC_SUCCESS 1 #define AUDITSC_FAILURE 2 @@ -479,6 +505,12 @@ extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, const struct cred *new, const struct cred *old); extern void __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old); +extern int __audit_log_crypto_op(int op, int context, int session, + const char *operation, const char *algorithm, + int key1, void *key1_id, size_t key1_id_size, + int key2, void *key2_id, size_t key2_id_size); +extern void __audit_log_crypto_values(const struct audit_crypto_value *values, + size_t num_values); static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) { @@ -532,6 +564,27 @@ static inline void audit_log_capset(pid_t pid, const struct cred *new, __audit_log_capset(pid, new, old); } +static inline int audit_log_crypto_op(int op, int context, int session, + const char *operation, + const char *algorithm, int key1, + void *key1_id, size_t key1_id_size, + int key2, void *key2_id, + size_t key2_id_size) +{ + if (likely(audit_dummy_context())) + return 0; + return __audit_log_crypto_op(op, context, session, operation, algorithm, + key1, key1_id, key1_id_size, key2, key2_id, + key2_id_size); +} + +static inline void audit_log_crypto_values(const struct audit_crypto_value *a, + size_t num_values) +{ + if (unlikely(!audit_dummy_context())) + __audit_log_crypto_values(a, num_values); +} + extern int audit_n_rules; extern int audit_signals; #else @@ -565,6 +618,8 @@ extern int audit_signals; #define audit_mq_getsetattr(d,s) ((void)0) #define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; }) #define audit_log_capset(pid, ncr, ocr) ((void)0) +#define audit_log_crypto_op(op, ctx, sess, k1, id1, size1, k2, id2, size2) (0) +#define audit_log_crypto_values(a, values, num_values) ((void)0) #define audit_ptrace(t) ((void)0) #define audit_n_rules 0 #define audit_signals 0 |