eb59d494ee
Replace the single skb pointer in an audit_buffer with a list of
skb pointers. Add the audit_stamp information to the audit_buffer as
there's no guarantee that there will be an audit_context containing
the stamp associated with the event. At audit_log_end() time create
auxiliary records as have been added to the list. Functions are
created to manage the skb list in the audit_buffer.
Create a new audit record AUDIT_MAC_TASK_CONTEXTS.
An example of the MAC_TASK_CONTEXTS record is:
type=MAC_TASK_CONTEXTS
msg=audit(1600880931.832:113)
subj_apparmor=unconfined
subj_smack=_
When an audit event includes a AUDIT_MAC_TASK_CONTEXTS record the
"subj=" field in other records in the event will be "subj=?".
An AUDIT_MAC_TASK_CONTEXTS record is supplied when the system has
multiple security modules that may make access decisions based on a
subject security context.
Refactor audit_log_task_context(), creating a new audit_log_subj_ctx().
This is used in netlabel auditing to provide multiple subject security
contexts as necessary.
Suggested-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[PM: subj tweak, audit example readability indents]
Signed-off-by: Paul Moore <paul@paul-moore.com>
|
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| netlabel_addrlist.c | ||
| netlabel_addrlist.h | ||
| netlabel_calipso.c | ||
| netlabel_calipso.h | ||
| netlabel_cipso_v4.c | ||
| netlabel_cipso_v4.h | ||
| netlabel_domainhash.c | ||
| netlabel_domainhash.h | ||
| netlabel_kapi.c | ||
| netlabel_mgmt.c | ||
| netlabel_mgmt.h | ||
| netlabel_unlabeled.c | ||
| netlabel_unlabeled.h | ||
| netlabel_user.c | ||
| netlabel_user.h | ||