commit 671a2781ff01abf4fdc8904881fc3abd3a8279af
author Jeff Vander Stoep <jeffv@google.com> Fri Jul 10 17:19:55 2015 -0400
committer Paul Moore <pmoore@redhat.com> Mon Jul 13 13:31:58 2015 -0400
tree d4bacc22ccd65b486f6f71360ac128ad365edcf3
parent 892e8cac99a71f6254f84fc662068d912e1943bf

security: add ioctl specific auditing to lsm_audit

Add information about ioctl calls to the LSM audit data. Log the
file path and command number.

Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by: Nick Kralevich <nnk@google.com>
[PM: subject line tweak]
Signed-off-by: Paul Moore <pmoore@redhat.com>

security/lsm_audit.c

diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 1d34277..9f6c649 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -245,6 +245,21 @@
 		}
 		break;
 	}
+	case LSM_AUDIT_DATA_IOCTL_OP: {
+		struct inode *inode;
+
+		audit_log_d_path(ab, " path=", &a->u.op->path);
+
+		inode = a->u.op->path.dentry->d_inode;
+		if (inode) {
+			audit_log_format(ab, " dev=");
+			audit_log_untrustedstring(ab, inode->i_sb->s_id);
+			audit_log_format(ab, " ino=%lu", inode->i_ino);
+		}
+
+		audit_log_format(ab, " ioctlcmd=%hx", a->u.op->cmd);
+		break;
+	}
 	case LSM_AUDIT_DATA_DENTRY: {
 		struct inode *inode;