From 3ec3b2fba526ead2fa3f3d7c91924f39a0733749 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 17 May 2005 12:08:48 +0100 Subject: AUDIT: Capture sys_socketcall arguments and sockaddrs Signed-off-by: David Woodhouse --- include/linux/audit.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/linux/audit.h b/include/linux/audit.h index 51e5879..2f5dc60 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -69,8 +69,9 @@ #define AUDIT_FS_WATCH 1301 /* Filesystem watch event */ #define AUDIT_PATH 1302 /* Filname path information */ #define AUDIT_IPC 1303 /* IPC record */ -#define AUDIT_SOCKET 1304 /* Socket record */ +#define AUDIT_SOCKETCALL 1304 /* sys_socketcall arguments */ #define AUDIT_CONFIG_CHANGE 1305 /* Audit system configuration change */ +#define AUDIT_SOCKADDR 1306 /* sockaddr copied as syscall arg */ #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ @@ -235,6 +236,8 @@ extern int audit_get_stamp(struct audit_context *ctx, extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); extern uid_t audit_get_loginuid(struct audit_context *ctx); extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); +extern int audit_socketcall(int nargs, unsigned long *args); +extern int audit_sockaddr(int len, void *addr); extern void audit_signal_info(int sig, struct task_struct *t); #else #define audit_alloc(t) ({ 0; }) @@ -248,6 +251,8 @@ extern void audit_signal_info(int sig, struct task_struct *t); #define audit_get_stamp(c,t,s) ({ 0; }) #define audit_get_loginuid(c) ({ -1; }) #define audit_ipc_perms(q,u,g,m) ({ 0; }) +#define audit_socketcall(n,a) ({ 0; }) +#define audit_sockaddr(len, addr) ({ 0; }) #define audit_signal_info(s,t) do { ; } while (0) #endif -- cgit v1.1