audit: Report suspicious O_CREAT usage

This renames the very specific audit_log_link_denied() to audit_log_path_denied() and adds the AUDIT_* type as an argument. This allows for the creation of the new AUDIT_ANOM_CREAT that can be used to report the fifo/regular file creation restrictions that were introduced in commit 30aba6656f61 ("namei: allow restricted O_CREAT of FIFOs and regular files"). Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Kees Cook <keescook@chromium.org> 2019-10-02 16:41:58 -0700
committer: Paul Moore <paul@paul-moore.com> 2019-10-03 13:59:29 -0400
commit: 245d73698ed7abdc7e520dfa38048bb80ce89571 (patch)
tree: fb75f332d9a6efdb29749b6c66b28bafa86f33b2 /include/uapi/linux/audit.h
parent: 54ecb8f7028c5eb3d740bb82b0f1d90f2df63c5c (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h
index c89c6495983d..3ad935527177 100644
--- a/include/uapi/linux/audit.h
+++ b/include/uapi/linux/audit.h
@@ -143,6 +143,7 @@
 #define AUDIT_ANOM_PROMISCUOUS      1700 /* Device changed promiscuous mode */
 #define AUDIT_ANOM_ABEND            1701 /* Process ended abnormally */
 #define AUDIT_ANOM_LINK		    1702 /* Suspicious use of file links */
+#define AUDIT_ANOM_CREAT	    1703 /* Suspicious file creation */
 #define AUDIT_INTEGRITY_DATA	    1800 /* Data integrity verification */
 #define AUDIT_INTEGRITY_METADATA    1801 /* Metadata integrity verification */
 #define AUDIT_INTEGRITY_STATUS	    1802 /* Integrity enable status */
author	Kees Cook <keescook@chromium.org>	2019-10-02 16:41:58 -0700
committer	Paul Moore <paul@paul-moore.com>	2019-10-03 13:59:29 -0400
commit	245d73698ed7abdc7e520dfa38048bb80ce89571 (patch)
tree	fb75f332d9a6efdb29749b6c66b28bafa86f33b2 /include/uapi/linux/audit.h
parent	54ecb8f7028c5eb3d740bb82b0f1d90f2df63c5c (diff)