git.baikalelectronics.ru Git - kernel.git/commit

author	Nathaniel Husted <nhusted@gmail.com>
	Tue, 3 Jan 2012 19:23:09 +0000 (14:23 -0500)
committer	Al Viro <viro@zeniv.linux.org.uk>
	Tue, 17 Jan 2012 21:17:01 +0000 (16:17 -0500)
commit	841770e13d2df3b72ab498bf54cc45dab8c13b0b
tree	4edfccf0b4d2b24c8e6069113eb69bb8c7a9b037	tree \| snapshot
parent	e06da2241cf6237795f7b38e7c49cb6a188d9db3	commit \| diff

Kernel: Audit Support For The ARM Platform

This patch provides functionality to audit system call events on the
ARM platform. The implementation was based off the structure of the
MIPS platform and information in this
(http://lists.fedoraproject.org/pipermail/arm/2009-October/000382.html)
mailing list thread. The required audit_syscall_exit and
audit_syscall_entry checks were added to ptrace using the standard
registers for system call values (r0 through r3). A thread information
flag was added for auditing (TIF_SYSCALL_AUDIT) and a meta-flag was
added (_TIF_SYSCALL_WORK) to simplify modifications to the syscall
entry/exit. Now, if either the TRACE flag is set or the AUDIT flag is
set, the syscall_trace function will be executed. The prober changes
were made to Kconfig to allow CONFIG_AUDITSYSCALL to be enabled.

Due to platform availability limitations, this patch was only tested
on the Android platform running the modified "android-goldfish-2.6.29"
kernel. A test compile was performed using Code Sourcery's
cross-compilation toolset and the current linux-3.0 stable kernel. The
changes compile without error. I'm hoping, due to the simple modifications,
the patch is "obviously correct".

Signed-off-by: Nathaniel Husted <nhusted@gmail.com>
Signed-off-by: Eric Paris <eparis@redhat.com>

arch/arm/include/asm/kprobes.h		diff \| blob \| history
arch/arm/include/asm/ptrace.h		diff \| blob \| history
arch/arm/include/asm/thread_info.h		diff \| blob \| history
arch/arm/kernel/entry-common.S		diff \| blob \| history
arch/arm/kernel/ptrace.c		diff \| blob \| history
init/Kconfig		diff \| blob \| history