[RFC][PATCH 1/3] Introduce audit_syscall LSM hook

From: Adrian Drzewiecki (z@private)
Date: Fri Dec 03 2004 - 11:00:17 PST


Patch 1/3: Introduce audit_syscall LSM hook.
============================================

diff -ru linux-2.6.9/include/linux/security.h 
linux-2.6.9-security_audit_syscall/include/linux/security.h
--- linux-2.6.9/include/linux/security.h	2004-10-18 
14:54:40.000000000 -0700
+++ linux-2.6.9-security_audit_syscall/include/linux/security.h	2004-12-02 
21:23:38.000000000 -0800
@@ -1197,6 +1197,7 @@
 
  	int (*getprocattr)(struct task_struct *p, char *name, void *value, 
size_t size);
  	int (*setprocattr)(struct task_struct *p, char *name, void *value, 
size_t size);
+	void (*audit_syscall)(struct task_struct *p, void *regs, int 
entryexit);
 
 #ifdef CONFIG_SECURITY_NETWORK
 	int (*unix_stream_connect) (struct socket * sock,
@@ -1876,6 +1877,11 @@
 	return security_ops->setprocattr(p, name, value, size);
 }
 
+static inline void security_audit_syscall(struct task_struct *p, void 
*regs, int entryexit)
+{
+	security_ops->audit_syscall(p, regs, entryexit);
+}
+
 static inline int security_netlink_send(struct sock *sk, struct sk_buff * 
skb)
 {
 	return security_ops->netlink_send(sk, skb);
@@ -2499,6 +2505,13 @@
 	return -EINVAL;
 }
 
+static inline void security_audit_syscall(struct task_struct *p, void 
*regs, int entryexit)
+{
+#ifdef HAVE_ARCH_AUDIT_SYSCALL
+	audit_syscall(p, regs, entryexit);
+#endif
+}
+
 /*
  * The netlink capability defaults need to be used inline by default
  * (rather than hooking into the capability module) to reduce overhead
diff -ru linux-2.6.9/security/dummy.c 
linux-2.6.9-security_audit_syscall/security/dummy.c
--- linux-2.6.9/security/dummy.c	2004-10-18 14:53:43.000000000 
-0700
+++ linux-2.6.9-security_audit_syscall/security/dummy.c	2004-12-02 
21:23:49.000000000 -0800
@@ -873,6 +873,12 @@
 	return -EINVAL;
 }
 
+static void dummy_audit_syscall(struct task_struct *p, void *regs, int 
entryexit)
+{
+#ifdef HAVE_ARCH_AUDIT_SYSCALL
+	audit_syscall(p, regs, entryexit);
+#endif
+}
 
 struct security_operations dummy_security_ops;
 
@@ -1005,6 +1011,7 @@
 	set_to_dummy_if_null(ops, d_instantiate);
  	set_to_dummy_if_null(ops, getprocattr);
  	set_to_dummy_if_null(ops, setprocattr);
+	set_to_dummy_if_null(ops, audit_syscall);
 #ifdef CONFIG_SECURITY_NETWORK
 	set_to_dummy_if_null(ops, unix_stream_connect);
 	set_to_dummy_if_null(ops, unix_may_send);



This archive was generated by hypermail 2.1.3 : Mon Dec 06 2004 - 16:17:01 PST