#include <linux/types.h>
#include <linux/list.h>
#include <linux/socket.h>
+#include <linux/audit.h>
+#include <linux/tty.h>
+#include <linux/security.h>
#include <net/sock.h>
#include <net/netlink.h>
#include <net/genetlink.h>
#include "netlabel_cipso_v4.h"
#include "netlabel_user.h"
+/* do not do any auditing if audit_enabled == 0, see kernel/audit.c for
+ * details */
+extern int audit_enabled;
+
/*
* NetLabel NETLINK Setup Functions
*/
}
/*
- * NetLabel Common Protocol Functions
+ * NetLabel Audit Functions
*/
/**
- * netlbl_netlink_send_ack - Send an ACK message
- * @info: the generic NETLINK information
- * @genl_family: the generic NETLINK family ID value
- * @ack_cmd: the generic NETLINK family ACK command value
- * @ret_code: return code to use
+ * netlbl_audit_start_common - Start an audit message
+ * @type: audit message type
+ * @audit_info: NetLabel audit information
*
* Description:
- * This function sends an ACK message to the sender of the NETLINK message
- * specified by @info.
+ * Start an audit message using the type specified in @type and fill the audit
+ * message with some fields common to all NetLabel audit messages. Returns
+ * a pointer to the audit buffer on success, NULL on failure.
*
*/
-void netlbl_netlink_send_ack(const struct genl_info *info,
- u32 genl_family,
- u8 ack_cmd,
- u32 ret_code)
+struct audit_buffer *netlbl_audit_start_common(int type,
+ struct netlbl_audit *audit_info)
{
- size_t data_size;
- struct sk_buff *skb;
-
- data_size = GENL_HDRLEN + 2 * NETLBL_LEN_U32;
- skb = netlbl_netlink_alloc_skb(0, data_size, GFP_KERNEL);
- if (skb == NULL)
- return;
-
- if (netlbl_netlink_hdr_put(skb,
- info->snd_pid,
- 0,
- genl_family,
- ack_cmd) == NULL)
- goto send_ack_failure;
-
- if (nla_put_u32(skb, NLA_U32, info->snd_seq) != 0)
- goto send_ack_failure;
- if (nla_put_u32(skb, NLA_U32, ret_code) != 0)
- goto send_ack_failure;
-
- netlbl_netlink_snd(skb, info->snd_pid);
- return;
-
-send_ack_failure:
- kfree_skb(skb);
-}
+ struct audit_context *audit_ctx = current->audit_context;
+ struct audit_buffer *audit_buf;
+ char *secctx;
+ u32 secctx_len;
-/*
- * NETLINK I/O Functions
- */
+ if (audit_enabled == 0)
+ return NULL;
-/**
- * netlbl_netlink_snd - Send a NetLabel message
- * @skb: NetLabel message
- * @pid: destination PID
- *
- * Description:
- * Sends a unicast NetLabel message over the NETLINK socket.
- *
- */
-int netlbl_netlink_snd(struct sk_buff *skb, u32 pid)
-{
- return genlmsg_unicast(skb, pid);
-}
+ audit_buf = audit_log_start(audit_ctx, GFP_ATOMIC, type);
+ if (audit_buf == NULL)
+ return NULL;
-/**
- * netlbl_netlink_snd - Send a NetLabel message
- * @skb: NetLabel message
- * @pid: sending PID
- * @group: multicast group id
- *
- * Description:
- * Sends a multicast NetLabel message over the NETLINK socket to all members
- * of @group except @pid.
- *
- */
-int netlbl_netlink_snd_multicast(struct sk_buff *skb, u32 pid, u32 group)
-{
- return genlmsg_multicast(skb, pid, group, GFP_KERNEL);
+ audit_log_format(audit_buf, "netlabel: auid=%u", audit_info->loginuid);
+
+ if (audit_info->secid != 0 &&
+ security_secid_to_secctx(audit_info->secid,
+ &secctx,
+ &secctx_len) == 0)
+ audit_log_format(audit_buf, " subj=%s", secctx);
+
+ return audit_buf;
}