1
2
3
4
5
6
7
8
9
10
11
12
13#include <linux/fs.h>
14#include <linux/gfp.h>
15#include <linux/audit.h>
16#include "integrity.h"
17
18static int integrity_audit_info;
19
20
21static int __init integrity_audit_setup(char *str)
22{
23 unsigned long audit;
24
25 if (!kstrtoul(str, 0, &audit))
26 integrity_audit_info = audit ? 1 : 0;
27 return 1;
28}
29__setup("integrity_audit=", integrity_audit_setup);
30
31void integrity_audit_msg(int audit_msgno, struct inode *inode,
32 const unsigned char *fname, const char *op,
33 const char *cause, int result, int audit_info)
34{
35 struct audit_buffer *ab;
36 char name[TASK_COMM_LEN];
37
38 if (!integrity_audit_info && audit_info == 1)
39 return;
40
41 ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno);
42 audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u",
43 task_pid_nr(current),
44 from_kuid(&init_user_ns, current_cred()->uid),
45 from_kuid(&init_user_ns, audit_get_loginuid(current)),
46 audit_get_sessionid(current));
47 audit_log_task_context(ab);
48 audit_log_format(ab, " op=");
49 audit_log_string(ab, op);
50 audit_log_format(ab, " cause=");
51 audit_log_string(ab, cause);
52 audit_log_format(ab, " comm=");
53 audit_log_untrustedstring(ab, get_task_comm(name, current));
54 if (fname) {
55 audit_log_format(ab, " name=");
56 audit_log_untrustedstring(ab, fname);
57 }
58 if (inode) {
59 audit_log_format(ab, " dev=");
60 audit_log_untrustedstring(ab, inode->i_sb->s_id);
61 audit_log_format(ab, " ino=%lu", inode->i_ino);
62 }
63 audit_log_format(ab, " res=%d", !result);
64 audit_log_end(ab);
65}
66