Signed-off-by: Miloslav Trmač <mitr(a)redhat.com>
---
crypto/af_alg.c | 30 ++++++++++++++++++++++++++++++
1 files changed, 30 insertions(+), 0 deletions(-)
diff --git a/crypto/af_alg.c b/crypto/af_alg.c
index 490ae43..fc1b0f7 100644
--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -14,6 +14,7 @@
#include <asm/atomic.h>
#include <crypto/if_alg.h>
+#include <linux/audit.h>
#include <linux/crypto.h>
#include <linux/idr.h>
#include <linux/init.h>
@@ -160,6 +161,11 @@ static void alg_sk_destruct(struct sock *sk) {}
void af_alg_sk_destruct_child(struct sock *sk)
{
struct alg_sock *ask = alg_sk(sk);
+ struct alg_sock *parent_ask = alg_sk(ask->parent);
+
+ audit_log_crypto_op(AUDIT_CRYPTO_OP_CTX_DEL, parent_ask->id,
+ ask->id, -1,
+ ask->type->alg_name(parent_ask->private), NULL);
sock_put(ask->parent);
alg_sk_destruct(sk);
@@ -235,6 +241,11 @@ static int alg_setkey(struct sock *sk, char __user *ukey,
u8 *key;
int err;
+ err = audit_log_crypto_op(AUDIT_CRYPTO_OP_TFM_KEY_IMPORT, ask->id, -1,
+ -1, type->alg_name(ask->private), NULL);
+ if (err)
+ return err;
+
key = sock_kmalloc(sk, keylen, GFP_KERNEL);
if (!key)
return -ENOMEM;
@@ -315,6 +326,14 @@ int af_alg_accept(struct sock *sk, struct socket *newsock)
alg_sk(sk2)->parent = sk;
alg_sk(sk2)->type = type;
+ err = audit_log_crypto_op(AUDIT_CRYPTO_OP_CTX_NEW, ask->id,
+ alg_sk(sk2)->id, -1,
+ type->alg_name(ask->private), NULL);
+ if (err) {
+ sk_free(sk2);
+ return err;
+ }
+
newsock->ops = type->ops;
newsock->state = SS_CONNECTED;
@@ -359,6 +378,9 @@ static void alg_sock_destruct(struct sock *sk)
{
struct alg_sock *ask = alg_sk(sk);
+ audit_log_crypto_op(AUDIT_CRYPTO_OP_TFM_DEL, ask->id, -1, -1, NULL,
+ NULL);
+
alg_do_release(ask->type, ask->private);
alg_sk_destruct(sk);
}
@@ -379,6 +401,14 @@ static int alg_create(struct net *net, struct socket *sock, int
protocol,
if (!sk)
goto out;
+ err = audit_log_crypto_op(AUDIT_CRYPTO_OP_TFM_NEW, alg_sk(sk)->id, -1,
+ -1, NULL, NULL);
+ if (err) {
+ alg_sk_destruct(sk);
+ sk_free(sk);
+ goto out;
+ }
+
sock->ops = &alg_proto_ops;
sock_init_data(sock, sk);
--
1.7.3.2