Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966067AbdGTW40 (ORCPT ); Thu, 20 Jul 2017 18:56:26 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:50020 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S965664AbdGTW4X (ORCPT ); Thu, 20 Jul 2017 18:56:23 -0400 From: Mehmet Kayaalp To: ima-devel Cc: containers , linux-kernel , linux-security-module , Tycho Andersen , "Serge E . Hallyn" , Yuqiong Sun , David Safford , Mehmet Kayaalp , Stefan Berger , Mimi Zohar Subject: [RFC PATCH 4/5] ima: differentiate auditing policy rules from "audit" actions Date: Thu, 20 Jul 2017 18:50:32 -0400 X-Mailer: git-send-email 2.9.4 In-Reply-To: <20170720225033.21298-1-mkayaalp@linux.vnet.ibm.com> References: <20170720225033.21298-1-mkayaalp@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 17072022-0044-0000-0000-000003712D63 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00007395; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000214; SDB=6.00890486; UDB=6.00444905; IPR=6.00670653; BA=6.00005482; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00016303; XFM=3.00000015; UTC=2017-07-20 22:56:22 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17072022-0045-0000-0000-0000079F36C9 Message-Id: <20170720225033.21298-5-mkayaalp@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-07-20_12:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000 definitions=main-1707200354 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1607 Lines: 41 From: Mimi Zohar The AUDIT_INTEGRITY_RULE is used for auditing IMA policy rules and the IMA "audit" policy action. This patch defines AUDIT_INTEGRITY_POLICY to reflect the IMA policy rules. Signed-off-by: Mimi Zohar --- include/uapi/linux/audit.h | 3 ++- security/integrity/ima/ima_policy.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h index 0714a66..649d4c4 100644 --- a/include/uapi/linux/audit.h +++ b/include/uapi/linux/audit.h @@ -144,7 +144,8 @@ #define AUDIT_INTEGRITY_STATUS 1802 /* Integrity enable status */ #define AUDIT_INTEGRITY_HASH 1803 /* Integrity HASH type */ #define AUDIT_INTEGRITY_PCR 1804 /* PCR invalidation msgs */ -#define AUDIT_INTEGRITY_RULE 1805 /* policy rule */ +#define AUDIT_INTEGRITY_RULE 1805 /* IMA audit action policy msgs */ +#define AUDIT_INTEGRITY_POLICY 1806 /* IMA policy rules */ #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index f443662..9844eb1 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -613,7 +613,7 @@ static int ima_parse_rule(char *rule, struct ima_rule_entry *entry) bool uid_token; int result = 0; - ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_RULE); + ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_INTEGRITY_POLICY); entry->uid = INVALID_UID; entry->fowner = INVALID_UID; -- 2.9.4