[RFC PATCH v7 06/16] uapi|audit: add trust audit message definitions
From: deven . desai
Date: Wed Oct 13 2021 - 15:07:36 EST
From: Deven Bowers <deven.desai@xxxxxxxxxxxxxxxxxxx>
Introduce new definitions to audit.h centered around trust
decisions and policy loading and activation, as an extension
of the mandatory access control fields.
Signed-off-by: Deven Bowers <deven.desai@xxxxxxxxxxxxxxxxxxx>
---
Relevant changes since v6:
* Change audit records to MAC region (14XX) from
Integrity region (18XX), as IPE is an effectively a MAC system
around trust versus an extension to the integrity subsystem.
* Generalize the #defines to support the class of trust-based
Access-Control LSMs.
---
include/uapi/linux/audit.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index daa481729e9b..3a83b3605896 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -139,6 +139,10 @@
#define AUDIT_MAC_UNLBL_STCDEL 1417 /* NetLabel: del a static label */
#define AUDIT_MAC_CALIPSO_ADD 1418 /* NetLabel: add CALIPSO DOI entry */
#define AUDIT_MAC_CALIPSO_DEL 1419 /* NetLabel: del CALIPSO DOI entry */
+#define AUDIT_TRUST_RESULT 1420 /* IPE Denial or Grant */
+#define AUDIT_TRUST_POLICY_LOAD 1421 /* IPE Policy Load */
+#define AUDIT_TRUST_POLICY_ACTIVATE 1422 /* IPE Policy Activate */
+#define AUDIT_TRUST_STATUS 1423 /* IPE enforcing,permissive */
#define AUDIT_FIRST_KERN_ANOM_MSG 1700
#define AUDIT_LAST_KERN_ANOM_MSG 1799
--
2.33.0