Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp2948240imm;
        Thu, 24 May 2018 19:41:21 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZpMu0E8zFQgw0Q8Bsb55qu+zjoLJTNY1k/XZcLj8UVCIm2mLRv/a+yHhPKhqZy7PWc8ozGB
X-Received: by 2002:a17:902:5e3:: with SMTP id f90-v6mr610602plf.175.1527216081892;
        Thu, 24 May 2018 19:41:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1527216081; cv=none;
        d=google.com; s=arc-20160816;
        b=iiJIsIWzwshG0OKpMyx6oK6flThOj/K/YjEkfOHJpZtJ2a9gScNIGYm6mbByW8UOLP
         nj0lnmVvZ+AwkGpGSRHiP6aEzJcXBorS6zln/JkYOvf2FgQ0y9wACix7H1YN16lFsoqd
         fUtIfm6J9e38cyeDgV4rLPPwPdjESJ0dSQkq0q3oORVplM+GLcLEeIzaV02sRdrxKyAL
         EWItsy3R8oykyGkEeNAfzR/WWF1wta+djMk4FjR5QByizBDmXluG0RQmnV4AhXVoYMRu
         TycgwGfwq8VV45svJ+175eGWV6K6auiuHL5iNmjT9+J4JlLx6zUDjqhEJb0noreiLlkY
         GhfQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=SFFVdHoMv7RjC8lA0/dE6V7Rvb/0LtZnIsnjJxRv+0I=;
        b=YIQfLzJtnaXykviHZvsmqKD+sjs3Dk8BC6K4+scd2m2vpi86zctZEL+GqCREazSJmV
         +3ZrBJIos/RoUo9YRWbCw3CESiYNdAu0e/UEBiPEWtlEZ9lnAa5Zeyl8VYibaJp6m8rP
         NrxBDVKFihCPJhEjmCEXKxcaEcCZ/gzdrf10MJORtweom2tacLa2ThcC3H7tTbK+r2Mg
         bmtccol8dYf86Jdl1T1TMP2Q97Swhm1LBXKcSClrqB0lJWeS0kmwIF7Oy+HKbeo0ikgH
         oIM3jy2g5Vub/iJhDn2ZDwYxJgDjB1AHDZuKgPRVe2I+I+RSdmbpkgZKrPkLRGFSi8sZ
         y62Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b7-v6si22891765pfl.223.2018.05.24.19.41.07;
        Thu, 24 May 2018 19:41:21 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S968718AbeEXULM (ORCPT <rfc822;huangweiredhat@gmail.com>
        + 99 others); Thu, 24 May 2018 16:11:12 -0400
Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:42150 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL)
        by vger.kernel.org with ESMTP id S967788AbeEXULJ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 24 May 2018 16:11:09 -0400
Received: from pps.filterd (m0098417.ppops.net [127.0.0.1])
        by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w4OK4EGd108714
        for <linux-kernel@vger.kernel.org>; Thu, 24 May 2018 16:11:09 -0400
Received: from e19.ny.us.ibm.com (e19.ny.us.ibm.com [129.33.205.209])
        by mx0a-001b2d01.pphosted.com with ESMTP id 2j60t9s654-1
        (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT)
        for <linux-kernel@vger.kernel.org>; Thu, 24 May 2018 16:11:08 -0400
Received: from localhost
        by e19.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted
        for <linux-kernel@vger.kernel.org> from <stefanb@linux.vnet.ibm.com>;
        Thu, 24 May 2018 16:11:08 -0400
Received: from b01cxnp23032.gho.pok.ibm.com (9.57.198.27)
        by e19.ny.us.ibm.com (146.89.104.206) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted;
        Thu, 24 May 2018 16:11:07 -0400
Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com [9.57.199.111])
        by b01cxnp23032.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w4OKB27119071422;
        Thu, 24 May 2018 20:11:06 GMT
Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1])
        by IMSVA (Postfix) with ESMTP id 96FC8AC0E4;
        Thu, 24 May 2018 16:12:35 -0400 (EDT)
Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153])
        by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP id 80B8CAC0E7;
        Thu, 24 May 2018 16:12:35 -0400 (EDT)
From:   Stefan Berger <stefanb@linux.vnet.ibm.com>
To:     zohar@linux.vnet.ibm.com, sgrubb@redhat.com
Cc:     linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-audit@redhat.com, Stefan Berger <stefanb@linux.vnet.ibm.com>
Subject: [PATCH 0/8] IMA: work on audit records produced by IMA
Date:   Thu, 24 May 2018 16:10:57 -0400
X-Mailer: git-send-email 2.14.3
X-TM-AS-GCONF: 00
x-cbid: 18052420-0056-0000-0000-000004547ED5
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00009065; HX=3.00000241; KW=3.00000007;
 PH=3.00000004; SC=3.00000261; SDB=6.01036001; UDB=6.00529949; IPR=6.00815130;
 MB=3.00021234; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-24 20:11:08
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 18052420-0057-0000-0000-000008989C34
Message-Id: <20180524201105.3179904-1-stefanb@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-05-24_07:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501
 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0
 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000
 definitions=main-1805240228
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This series of patches cleans up some usages of the audit
subsystem's API by IMA and extends the audit subsystem's API
with API calls for adding new fields to the audit_buffer. Besides
that we extend the existing audit records created while parsing
IMA policy rules with fields that are common for audit records
produced by IMA. Besides that we introduce a new record type
that IMA creates while parsing policy rules.

   Stefan


Stefan Berger (8):
  ima: Call audit_log_string() rather than logging it untrusted
  ima: Use audit_log_format() rather than audit_log_string()
  audit: Implement audit_log_tty()
  audit: Allow others to call audit_log_d_path_exe()
  integrity: Add exe= and tty= before res= to integrity audits
  integrity: Factor out common part of integrity_audit_msg()
  ima: Do not audit if CONFIG_INTEGRITY_AUDIT is not set
  ima: Differentiate auditing policy rules from "audit" actions

 include/linux/audit.h                | 10 ++++++++++
 include/uapi/linux/audit.h           |  3 ++-
 kernel/audit.c                       |  8 ++++++++
 security/integrity/ima/Kconfig       |  1 +
 security/integrity/ima/ima_policy.c  | 12 ++++++++----
 security/integrity/integrity.h       | 26 ++++++++++++++++++++++++++
 security/integrity/integrity_audit.c | 32 +++++++++++++++++++-------------
 7 files changed, 74 insertions(+), 18 deletions(-)

-- 
2.13.6