commit af601e4623d0303bfafa54ec728b7ae8493a8e1b
author Steve Grubb <sgrubb@redhat.com> Wed Jan 04 14:08:39 2006 +0000
committer Al Viro <viro@zeniv.linux.org.uk> Mon Mar 20 14:08:54 2006 -0500
tree 5f79d5ae42eeccfc1ffaf8e82a1999e4d3af793e
parent d884596f44ef5a0bcd8a66405dc04902aeaa6fc7

[PATCH] SE Linux audit events

Attached is a patch that hardwires important SE Linux events to the audit
system. Please Apply.

Signed-off-by: Steve Grubb <sgrubb@redhat.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

security/selinux/selinuxfs.c

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index b5fa02d..5eba666 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -21,6 +21,7 @@
 #include <linux/major.h>
 #include <linux/seq_file.h>
 #include <linux/percpu.h>
+#include <linux/audit.h>
 #include <asm/uaccess.h>
 #include <asm/semaphore.h>
 
@@ -126,6 +127,10 @@
 		length = task_has_security(current, SECURITY__SETENFORCE);
 		if (length)
 			goto out;
+		audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
+			"enforcing=%d old_enforcing=%d auid=%u", new_value, 
+			selinux_enforcing,
+			audit_get_loginuid(current->audit_context));
 		selinux_enforcing = new_value;
 		if (selinux_enforcing)
 			avc_ss_reset(0);
@@ -176,6 +181,9 @@
 		length = selinux_disable();
 		if (length < 0)
 			goto out;
+		audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
+			"selinux=0 auid=%u",
+			audit_get_loginuid(current->audit_context));
 	}
 
 	length = count;
@@ -261,6 +269,9 @@
 		length = ret;
 	else
 		length = count;
+	audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
+		"policy loaded auid=%u",
+		audit_get_loginuid(current->audit_context));
 out:
 	up(&sel_sem);
 	vfree(data);