[RFC][PATCH 3/3] Introduce audit_security LSM hook - UM

From: Adrian Drzewiecki (z@private)
Date: Fri Dec 03 2004 - 11:02:28 PST

Previous message: Adrian Drzewiecki: "[RFC][PATCH 0/3] Introduce audit_syscall LSM hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Patch 3/3: Make UM arch use security_audit_syscall.
===================================================

diff -ru linux-2.6.9-security_audit_syscall-x86/arch/um/kernel/ptrace.c 
linux-2.6.9-security_audit_syscall-um/arch/um/kernel/ptrace.c
--- linux-2.6.9-security_audit_syscall-x86/arch/um/kernel/ptrace.c	
2004-10-18 14:55:36.000000000 -0700
+++ linux-2.6.9-security_audit_syscall-um/arch/um/kernel/ptrace.c	
2004-12-02 21:35:52.000000000 -0800
@@ -297,9 +297,10 @@
 	return ret;
 }
 
-void syscall_trace(union uml_pt_regs *regs, int entryexit)
+void audit_syscall(struct task_struct *p, void *_regs, int entryexit)
 {
 	if (unlikely(current->audit_context)) {
+		union uml_pt_regs __attribute__((__unused__)) *regs = 
_regs;
 		if (!entryexit)
 			audit_syscall_entry(current, regs->orig_eax,
 					    regs->ebx, regs->ecx,
@@ -307,6 +308,12 @@
 		else
 			audit_syscall_exit(current, regs->eax);
 	}
+}
+
+void syscall_trace(union uml_pt_regs *regs, int entryexit)
+{
+	if (unlikely(test_thread_flag(TIF_SYSCALL_AUDIT)))
+		security_audit_syscall(current, regs, entryexit);
 
 	if (!test_thread_flag(TIF_SYSCALL_TRACE))
 		return;
 in linux-2.6.9-security_audit_syscall-um/arch/um/kernel/tt: ksyms.o
diff -ru 
linux-2.6.9-security_audit_syscall-x86/include/asm-um/ptrace-generic.h 
linux-2.6.9-security_audit_syscall-um/include/asm-um/ptrace-generic.h
--- linux-2.6.9-security_audit_syscall-x86/include/asm-um/ptrace-generic.h	
2004-10-18 14:54:40.000000000 -0700
+++ linux-2.6.9-security_audit_syscall-um/include/asm-um/ptrace-generic.h	
2004-12-02 21:39:29.000000000 -0800
@@ -60,6 +60,11 @@
 
 #endif
 
+#ifndef ARCH_HAVE_AUDIT_SYSCALL
+#define ARCH_HAVE_AUDIT_SYSCALL
+void audit_syscall(struct task_struct *p, void *regs, int entryexit);
+#endif
+
 #endif
 
 /*
diff -ru 
linux-2.6.9-security_audit_syscall-x86/include/asm-um/thread_info.h 
linux-2.6.9-security_audit_syscall-um/include/asm-um/thread_info.h
--- linux-2.6.9-security_audit_syscall-x86/include/asm-um/thread_info.h	
2004-10-18 14:53:46.000000000 -0700
+++ linux-2.6.9-security_audit_syscall-um/include/asm-um/thread_info.h	
2004-12-02 21:45:01.000000000 -0800
@@ -70,12 +70,14 @@
 					 * TIF_NEED_RESCHED 
 					 */
 #define TIF_RESTART_BLOCK 	4
+#define TIF_SYSCALL_AUDIT	5
 
 #define _TIF_SYSCALL_TRACE	(1 << TIF_SYSCALL_TRACE)
 #define _TIF_SIGPENDING		(1 << TIF_SIGPENDING)
 #define _TIF_NEED_RESCHED	(1 << TIF_NEED_RESCHED)
 #define _TIF_POLLING_NRFLAG     (1 << TIF_POLLING_NRFLAG)
 #define _TIF_RESTART_BLOCK	(1 << TIF_RESTART_BLOCK)
+#define _TIF_SYSCALL_AUDIT	(1 << TIF_SYSCALL_AUDIT)
 
 #endif

Previous message: Adrian Drzewiecki: "[RFC][PATCH 0/3] Introduce audit_syscall LSM hook"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Dec 06 2004 - 16:16:39 PST