Acasă Explorează Ajutor
Înregistrare Autentificare
phyus
/
linux-vybrid_public
8
0
Bifurcare 0
Fisiere Probleme 0 Trageți solicitările 0 Wiki
Arbore: 3323eec921
Ramuri Etichete
linux-vybrid_pu...
/
security
/
integrity
/
ima
/
ima_audit.c

ima_audit.c 2.1 KB
Istoric Crud

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 
  1. /*
    2. 

  2.  * Copyright (C) 2008 IBM Corporation
    3. 

  3.  * Author: Mimi Zohar <zohar@us.ibm.com>
    4. 

  4.  *
    5. 

  5.  * This program is free software; you can redistribute it and/or modify
    6. 

  6.  * it under the terms of the GNU General Public License as published by
    7. 

  7.  * the Free Software Foundation, version 2 of the License.
    8. 

  8.  *
    9. 

  9.  * File: integrity_audit.c
    10. 

  10.  * 	Audit calls for the integrity subsystem
    11. 

  11.  */
    12. 

  12. 

  13. #include <linux/fs.h>
    14. 

  14. #include <linux/audit.h>
    15. 

  15. #include "ima.h"
    16. 

  16. 

  17. static int ima_audit;
    18. 

  18. 

  19. #ifdef CONFIG_IMA_AUDIT
    20. 

  20. 

  21. /* ima_audit_setup - enable informational auditing messages */
    22. 

  22. static int __init ima_audit_setup(char *str)
    23. 

  23. {
    24. 

  24. 	unsigned long audit;
    25. 

  25. 	int rc;
    26. 

  26. 	char *op;
    27. 

  27. 

  28. 	rc = strict_strtoul(str, 0, &audit);
    29. 

  29. 	if (rc || audit > 1)
    30. 

  30. 		printk(KERN_INFO "ima: invalid ima_audit value\n");
    31. 

  31. 	else
    32. 

  32. 		ima_audit = audit;
    33. 

  33. 	op = ima_audit ? "ima_audit_enabled" : "ima_audit_not_enabled";
    34. 

  34. 	integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, NULL, NULL, op, 0, 0);
    35. 

  35. 	return 1;
    36. 

  36. }
    37. 

  37. __setup("ima_audit=", ima_audit_setup);
    38. 

  38. #endif
    39. 

  39. 

  40. void integrity_audit_msg(int audit_msgno, struct inode *inode,
    41. 

  41. 			 const unsigned char *fname, const char *op,
    42. 

  42. 			 const char *cause, int result, int audit_info)
    43. 

  43. {
    44. 

  44. 	struct audit_buffer *ab;
    45. 

  45. 

  46. 	if (!ima_audit && audit_info == 1) /* Skip informational messages */
    47. 

  47. 		return;
    48. 

  48. 

  49. 	ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno);
    50. 

  50. 	audit_log_format(ab, "integrity: pid=%d uid=%u auid=%u",
    51. 

  51. 			 current->pid, current->cred->uid,
    52. 

  52. 			 audit_get_loginuid(current));
    53. 

  53. 	audit_log_task_context(ab);
    54. 

  54. 	switch (audit_msgno) {
    55. 

  55. 	case AUDIT_INTEGRITY_DATA:
    56. 

  56. 	case AUDIT_INTEGRITY_METADATA:
    57. 

  57. 	case AUDIT_INTEGRITY_PCR:
    58. 

  58. 		audit_log_format(ab, " op=%s cause=%s", op, cause);
    59. 

  59. 		break;
    60. 

  60. 	case AUDIT_INTEGRITY_HASH:
    61. 

  61. 		audit_log_format(ab, " op=%s hash=%s", op, cause);
    62. 

  62. 		break;
    63. 

  63. 	case AUDIT_INTEGRITY_STATUS:
    64. 

  64. 	default:
    65. 

  65. 		audit_log_format(ab, " op=%s", op);
    66. 

  66. 	}
    67. 

  67. 	audit_log_format(ab, " comm=");
    68. 

  68. 	audit_log_untrustedstring(ab, current->comm);
    69. 

  69. 	if (fname) {
    70. 

  70. 		audit_log_format(ab, " name=");
    71. 

  71. 		audit_log_untrustedstring(ab, fname);
    72. 

  72. 	}
    73. 

  73. 	if (inode)
    74. 

  74. 		audit_log_format(ab, " dev=%s ino=%lu",
    75. 

  75. 				 inode->i_sb->s_id, inode->i_ino);
    76. 

  76. 	audit_log_format(ab, " res=%d", result);
    77. 

  77. 	audit_log_end(ab);
    78. 

  78. }
    79.