diff options
| author | John Johansen <john.johansen@canonical.com> | 2022-04-19 16:25:55 -0700 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2022-10-03 14:49:03 -0700 |
| commit | 8c4b785a86be1219f7d50f7b38266c454d6a9bbc (patch) | |
| tree | 80e4ed818228d64dae3d8f5b90b009c0a2015e40 /security/apparmor/audit.c | |
| parent | 90917d5b6866df79d892087ba51b46c983d2fcfe (diff) | |
apparmor: add mediation class information to auditing
Audit messages currently don't contain the mediation class which can
make them less clear than they should be in some circumstances. With
newer mediation classes coming this potential confusion will become
worse.
Fix this by adding the mediatin class to the messages.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor/audit.c')
| -rw-r--r-- | security/apparmor/audit.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c index 704b0c895605..e638f7bc9f52 100644 --- a/security/apparmor/audit.c +++ b/security/apparmor/audit.c @@ -36,6 +36,28 @@ static const char *const aa_audit_type[] = { "AUTO" }; +static const char *const aa_class_names[] = { + "none", + "unknown", + "file", + "cap", + "net", + "rlimits", + "domain", + "mount", + "unknown", + "ptrace", + "signal", + "unknown", + "unknown", + "unknown", + "net", + "unknown", + "label", + "lsm", +}; + + /* * Currently AppArmor auditing is fed straight into the audit framework. * @@ -65,6 +87,12 @@ static void audit_pre(struct audit_buffer *ab, void *ca) audit_log_format(ab, " operation=\"%s\"", aad(sa)->op); } + if (aad(sa)->class) + audit_log_format(ab, " class=\"%s\"", + aad(sa)->class <= AA_CLASS_LAST ? + aa_class_names[aad(sa)->class] : + "unknown"); + if (aad(sa)->info) { audit_log_format(ab, " info=\"%s\"", aad(sa)->info); if (aad(sa)->error) |