a68916eaed
IPE, like SELinux, supports a permissive mode. This mode allows policy authors to test and evaluate IPE policy without it affecting their programs. When the mode is changed, a 1404 AUDIT_MAC_STATUS will be reported. This patch adds the following audit records: audit: MAC_STATUS enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1 audit: MAC_STATUS enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 enabled=1 old-enabled=1 lsm=ipe res=1 The audit record only emit when the value from the user input is different from the current enforce value. Signed-off-by: Deven Bowers <deven.desai@linux.microsoft.com> Signed-off-by: Fan Wu <wufan@linux.microsoft.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
20 lines
599 B
C
20 lines
599 B
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
/*
|
|
* Copyright (C) 2020-2024 Microsoft Corporation. All rights reserved.
|
|
*/
|
|
|
|
#ifndef _IPE_AUDIT_H
|
|
#define _IPE_AUDIT_H
|
|
|
|
#include "policy.h"
|
|
|
|
void ipe_audit_match(const struct ipe_eval_ctx *const ctx,
|
|
enum ipe_match match_type,
|
|
enum ipe_action_type act, const struct ipe_rule *const r);
|
|
void ipe_audit_policy_load(const struct ipe_policy *const p);
|
|
void ipe_audit_policy_activation(const struct ipe_policy *const op,
|
|
const struct ipe_policy *const np);
|
|
void ipe_audit_enforce(bool new_enforce, bool old_enforce);
|
|
|
|
#endif /* _IPE_AUDIT_H */
|