AUDIT: Capture sys_socketcall arguments and sockaddrs

[linux.git] / include / linux / audit.h

diff --git a/include/linux/audit.h b/include/linux/audit.h
index 51e5879af7fc4336b5f5638802b7db149ca5cde8..2f5dc60f8bbd96317ba6fde8488ebd4053c7682e 100644 (file)
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -69,8 +69,9 @@
 #define AUDIT_FS_WATCH         1301    /* Filesystem watch event */
 #define AUDIT_PATH             1302    /* Filname path information */
 #define AUDIT_IPC              1303    /* IPC record */
-#define AUDIT_SOCKET           1304    /* Socket record */
+#define AUDIT_SOCKETCALL       1304    /* sys_socketcall arguments */
 #define AUDIT_CONFIG_CHANGE    1305    /* Audit system configuration change */
+#define AUDIT_SOCKADDR         1306    /* sockaddr copied as syscall arg */
 
 #define AUDIT_AVC              1400    /* SE Linux avc denial or grant */
 #define AUDIT_SELINUX_ERR      1401    /* Internal SE Linux Errors */
@@ -235,6 +236,8 @@ extern int audit_get_stamp(struct audit_context *ctx,
 extern int  audit_set_loginuid(struct task_struct *task, uid_t loginuid);
 extern uid_t audit_get_loginuid(struct audit_context *ctx);
 extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode);
+extern int audit_socketcall(int nargs, unsigned long *args);
+extern int audit_sockaddr(int len, void *addr);
 extern void audit_signal_info(int sig, struct task_struct *t);
 #else
 #define audit_alloc(t) ({ 0; })
@@ -248,6 +251,8 @@ extern void audit_signal_info(int sig, struct task_struct *t);
 #define audit_get_stamp(c,t,s) ({ 0; })
 #define audit_get_loginuid(c) ({ -1; })
 #define audit_ipc_perms(q,u,g,m) ({ 0; })
+#define audit_socketcall(n,a) ({ 0; })
+#define audit_sockaddr(len, addr) ({ 0; })
 #define audit_signal_info(s,t) do { ; } while (0)
 #endif