[NetLabel]: add audit support for configuration changes
This patch adds audit support to NetLabel, including six new audit message
types shown below.
#define AUDIT_MAC_UNLBL_ACCEPT 1406
#define AUDIT_MAC_UNLBL_DENY 1407
#define AUDIT_MAC_CIPSOV4_ADD 1408
#define AUDIT_MAC_CIPSOV4_DEL 1409
#define AUDIT_MAC_MAP_ADD 1410
#define AUDIT_MAC_MAP_DEL 1411
Signed-off-by: Paul Moore <paul.moore@hp.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
diff --git a/net/netlabel/netlabel_mgmt.c b/net/netlabel/netlabel_mgmt.c
index 8626c9f..0ac314f 100644
--- a/net/netlabel/netlabel_mgmt.c
+++ b/net/netlabel/netlabel_mgmt.c
@@ -108,7 +108,7 @@
switch (entry->type) {
case NETLBL_NLTYPE_UNLABELED:
- ret_val = netlbl_domhsh_add(entry);
+ ret_val = netlbl_domhsh_add(entry, NETLINK_CB(skb).sid);
break;
case NETLBL_NLTYPE_CIPSOV4:
if (!info->attrs[NLBL_MGMT_A_CV4DOI])
@@ -125,7 +125,7 @@
rcu_read_unlock();
goto add_failure;
}
- ret_val = netlbl_domhsh_add(entry);
+ ret_val = netlbl_domhsh_add(entry, NETLINK_CB(skb).sid);
rcu_read_unlock();
break;
default:
@@ -161,7 +161,7 @@
return -EINVAL;
domain = nla_data(info->attrs[NLBL_MGMT_A_DOMAIN]);
- return netlbl_domhsh_remove(domain);
+ return netlbl_domhsh_remove(domain, NETLINK_CB(skb).sid);
}
/**
@@ -277,7 +277,8 @@
switch (entry->type) {
case NETLBL_NLTYPE_UNLABELED:
- ret_val = netlbl_domhsh_add_default(entry);
+ ret_val = netlbl_domhsh_add_default(entry,
+ NETLINK_CB(skb).sid);
break;
case NETLBL_NLTYPE_CIPSOV4:
if (!info->attrs[NLBL_MGMT_A_CV4DOI])
@@ -294,7 +295,8 @@
rcu_read_unlock();
goto adddef_failure;
}
- ret_val = netlbl_domhsh_add_default(entry);
+ ret_val = netlbl_domhsh_add_default(entry,
+ NETLINK_CB(skb).sid);
rcu_read_unlock();
break;
default:
@@ -322,7 +324,7 @@
*/
static int netlbl_mgmt_removedef(struct sk_buff *skb, struct genl_info *info)
{
- return netlbl_domhsh_remove_default();
+ return netlbl_domhsh_remove_default(NETLINK_CB(skb).sid);
}
/**