• Nathaniel Husted's avatar
    Kernel: Audit Support For The ARM Platform · 29ef73b7
    Nathaniel Husted authored
    This patch provides functionality to audit system call events on the
    ARM platform. The implementation was based off the structure of the
    MIPS platform and information in this
    mailing list thread. The required audit_syscall_exit and
    audit_syscall_entry checks were added to ptrace using the standard
    registers for system call values (r0 through r3). A thread information
    flag was added for auditing (TIF_SYSCALL_AUDIT) and a meta-flag was
    added (_TIF_SYSCALL_WORK) to simplify modifications to the syscall
    entry/exit. Now, if either the TRACE flag is set or the AUDIT flag is
    set, the syscall_trace function will be executed. The prober changes
    were made to Kconfig to allow CONFIG_AUDITSYSCALL to be enabled.
    Due to platform availability limitations, this patch was only tested
    on the Android platform running the modified "android-goldfish-2.6.29"
    kernel. A test compile was performed using Code Sourcery's
    cross-compilation toolset and the current linux-3.0 stable kernel. The
    changes compile without error. I'm hoping, due to the simple modifications,
    the patch is "obviously correct".
    Signed-off-by: default avatarNathaniel Husted <nhusted@gmail.com>
    Signed-off-by: default avatarEric Paris <eparis@redhat.com>
thread_info.h 5.04 KB