SSI-87: soc: imx: secvio: Report to audit FW all security violations
Report to audit framework in case a secure violation is reported to the driver. Signed-off-by: Franck LENORMAND <franck.lenormand@nxp.com>5.4-rM2-2.2.x-imx-squashed
parent
53dca82ef1
commit
9e2b6dacf5
|
@ -1,2 +1,3 @@
|
|||
obj-y += imx-secvio-sc.o
|
||||
obj-$(CONFIG_DEBUG_FS) += imx-secvio-debugfs.o
|
||||
obj-$(CONFIG_AUDIT) += imx-secvio-audit.o
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
/*
|
||||
* Copyright 2019 NXP
|
||||
*
|
||||
*/
|
||||
|
||||
#include <linux/audit.h>
|
||||
|
||||
#include <soc/imx/imx-secvio-sc.h>
|
||||
|
||||
int report_to_audit_notify(struct notifier_block *nb, unsigned long status,
|
||||
void *notif_info)
|
||||
{
|
||||
int ret = 0;
|
||||
struct audit_buffer *ab;
|
||||
struct secvio_sc_notifier_info *info = notif_info;
|
||||
|
||||
ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_INTEGRITY_RULE);
|
||||
if (!ab) {
|
||||
ret = -ENOMEM;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
audit_log_format(ab, " hpsvs=0x%.08x lps=0x%.08x lptds=0x%.08x",
|
||||
info->hpsvs, info->lps, info->lptds);
|
||||
audit_log_task_info(ab);
|
||||
audit_log_end(ab);
|
||||
|
||||
exit:
|
||||
return ret;
|
||||
}
|
|
@ -25,6 +25,7 @@ struct imx_secvio_sc_data {
|
|||
|
||||
struct notifier_block irq_nb;
|
||||
struct notifier_block report_nb;
|
||||
struct notifier_block audit_nb;
|
||||
|
||||
struct nvmem_device *nvmem;
|
||||
|
||||
|
@ -67,4 +68,16 @@ int imx_secvio_sc_debugfs(struct device *dev)
|
|||
}
|
||||
#endif /* CONFIG_DEBUG_FS */
|
||||
|
||||
#ifdef CONFIG_AUDIT
|
||||
int report_to_audit_notify(struct notifier_block *nb, unsigned long status,
|
||||
void *notif_info);
|
||||
#else /* CONFIG_AUDIT */
|
||||
static inline
|
||||
int report_to_audit_notify(struct notifier_block *nb, unsigned long status,
|
||||
void *notif_info)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
#endif /* CONFIG_AUDIT */
|
||||
|
||||
#endif /* SECVIO_SC_H */
|
||||
|
|
|
@ -590,6 +590,21 @@ static int imx_secvio_sc_setup(struct device *dev)
|
|||
goto clean;
|
||||
}
|
||||
|
||||
/* Register the notification to report to audit FW */
|
||||
data->audit_nb.notifier_call = report_to_audit_notify;
|
||||
ret = register_imx_secvio_sc_notifier(&data->audit_nb);
|
||||
if (ret) {
|
||||
dev_err(dev, "Failed to register report audit handler\n");
|
||||
goto clean;
|
||||
}
|
||||
|
||||
ret = devm_add_action(dev, if_unregister_imx_secvio_sc_notifier,
|
||||
&data->audit_nb);
|
||||
if (ret) {
|
||||
dev_err(dev, "Failed to add action to remove audit notif\n");
|
||||
goto clean;
|
||||
}
|
||||
|
||||
/* Register misc device for IOCTL */
|
||||
data->miscdev.name = devm_kstrdup(dev, "secvio-sc", GFP_KERNEL);
|
||||
data->miscdev.minor = MISC_DYNAMIC_MINOR;
|
||||
|
|
Loading…
Reference in New Issue