TOMOYO Linux uses /sys/kernel/security/tomoyo/ interface
for reporting access logs in domain policy format.
One is 'grant_log', used for auditing accesses which are
granted in the TOMOYO Linux policy.
The other is 'reject_log', used for auditing accesses which
are not granted in the TOMOYO Linux policy.
The userland daemon /usr/lib/ccs/ccs-auditd will save these logs.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
security/tomoyo/audit.c | 238 ++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 238 insertions(+)
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ linux-2.6-mm/security/tomoyo/audit.c 2007-11-14 15:15:44.000000000 +0900
@@ -0,0 +1,238 @@
+/*
+ * security/tomoyo/audit.c
+ *
+ * Audit functions for TOMOYO Linux
+ */
+
+#include "tomoyo.h"
+
+#ifdef CONFIG_SECURITY_TOMOYO_USE_AUDITD
+/**
+ * tmy_audit - write audit log.
+ * @fmt: format strings for printf().
+ *
+ * Returns zero on success.
+ * Returns nonzero on failure.
+ *
+ * Write audit log.
+ */
+int tmy_audit(const char *fmt, ...)
+{
+ struct audit_buffer *ab;
+ int len;
+ va_list args;
+ char *buf;
+ char *cp;
+ ab = audit_log_start(current->audit_context, GFP_KERNEL, AUDIT_KERNEL);
+ if (!ab)
+ return -ENOMEM;
+ buf = kzalloc(PAGE_SIZE, GFP_KERNEL);
+ if (!buf)
+ goto out;
+ va_start(args, fmt);
+ len = vsnprintf(buf, PAGE_SIZE - 1, fmt, args);
+ va_end(args);
+ if (len > PAGE_SIZE - 1) {
+ kfree(buf);
+ buf = kzalloc(len + 16, GFP_KERNEL);
+ if (!buf)
+ goto out;
+ va_start(args, fmt);
+ vsnprintf(buf, len + 15, fmt, args);
+ va_end(args);
+ }
+ cp = strchr(buf, '\0') - 1;
+ if (cp >= buf && *cp == '\n')
+ *cp = '\0';
+ audit_log_format(ab, "TOMOYO: %s", buf);
+ kfree(buf);
+out: ;
+ audit_log_end(ab);
+ return buf ? 0 : -ENOMEM;
+}
+#endif
+
+static DECLARE_WAIT_QUEUE_HEAD(grant_log_wait);
+static DECLARE_WAIT_QUEUE_HEAD(reject_log_wait);
+
+static ...
