[PATCH] support for context based audit filtering The following patch provides selinux interfaces that will allow the audit system to perform filtering based on the process context (user, role, type, sensitivity, and clearance). These interfaces will allow the selinux module to perform efficient matches based on lower level selinux constructs, rather than relying on context retrievals and string comparisons within the audit module. It also allows for dominance checks on the mls portion of the contexts that are impossible with only string comparisons. Signed-off-by: Darrel Goeddel <dgoeddel@trustedcs.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

commit: 376bd9cb357ec945ac893feaeb63af7370a6e70b [log] [tgz]
author: Darrel Goeddel <dgoeddel@trustedcs.com> Fri Feb 24 15:44:05 2006 -0600
committer: Al Viro <viro@zeniv.linux.org.uk> Mon May 01 06:06:24 2006 -0400
tree: 7e2848792982dfe30e19a600a41fa5cb49ee6e6e
parent: 97e94c453073a2aba4bb5e0825ddc5e923debf11 [diff] [blame]
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 39fef6e..740f950 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h

@@ -145,6 +145,11 @@
 #define AUDIT_PERS	10
 #define AUDIT_ARCH	11
 #define AUDIT_MSGTYPE	12
+#define AUDIT_SE_USER	13	/* security label user */
+#define AUDIT_SE_ROLE	14	/* security label role */
+#define AUDIT_SE_TYPE	15	/* security label type */
+#define AUDIT_SE_SEN	16	/* security label sensitivity label */
+#define AUDIT_SE_CLR	17	/* security label clearance label */
 
 				/* These are ONLY useful when checking
 				 * at syscall exit time (AUDIT_AT_EXIT). */
commit	376bd9cb357ec945ac893feaeb63af7370a6e70b	[log] [tgz]
author	Darrel Goeddel <dgoeddel@trustedcs.com>	Fri Feb 24 15:44:05 2006 -0600
committer	Al Viro <viro@zeniv.linux.org.uk>	Mon May 01 06:06:24 2006 -0400
tree	7e2848792982dfe30e19a600a41fa5cb49ee6e6e
parent	97e94c453073a2aba4bb5e0825ddc5e923debf11 [diff] [blame]