1 files changed, 38 insertions, 0 deletions

diff --git a/bus/selinux.c b/bus/selinux.c
index 673b2ca0..06dae881 100644
--- a/bus/selinux.c
+++ b/bus/selinux.c
@@ -37,6 +37,9 @@
 #include <selinux/flask.h>
 #include <signal.h>
 #include <stdarg.h>
+#ifdef HAVE_LIBAUDIT
+#include <libaudit.h>
+#endif /* HAVE_LIBAUDIT */
 #endif /* HAVE_SELINUX */
 
 #define BUS_SID_FROM_SELINUX(sid)  ((BusSELinuxID*) (sid))
@@ -98,12 +101,40 @@ static const struct avc_lock_callback lock_cb =
  * @param variable argument list
  */
 #ifdef HAVE_SELINUX
+#ifdef HAVE_LIBAUDIT
+static int audit_fd = -1;
+static void audit_init(void)
+{
+  audit_fd = audit_open();
+  if (audit_fd < 0) {
+    /* If kernel doesn't support audit, bail out */
+    if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT)
+      return;
+    /* If user bus, bail out */
+    if (errno == EPERM && getuid() != 0)
+      return;
+    _dbus_warn ("Failed opening connection to the audit subsystem");
+  }
+}
+#endif /* HAVE_LIBAUDIT */
+
 static void 
 log_callback (const char *fmt, ...) 
 {
   va_list ap;
   va_start(ap, fmt);
+#ifdef HAVE_LIBAUDIT
+  {
+     char buf[PATH_MAX*2];
+
+       /* FIXME: need to change this to show real user */
+     vsnprintf(buf, sizeof(buf), fmt, ap);
+     audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
+                                NULL, getuid());
+  }
+#else
   vsyslog (LOG_INFO, fmt, ap);
+#endif /* HAVE_LIBAUDIT */
   va_end(ap);
 }
 
@@ -294,6 +325,10 @@ bus_selinux_full_init (void)
 
   freecon (bus_context);
   
+#ifdef HAVE_LIBAUDIT
+  audit_init ();
+#endif /* HAVE_LIBAUDIT */
+
   return TRUE;
 #else
   return TRUE;
@@ -866,6 +901,9 @@ bus_selinux_shutdown (void)
 #endif /* DBUS_ENABLE_VERBOSE_MODE */
 
   avc_destroy ();
+#ifdef HAVE_LIBAUDIT
+      audit_close (audit_fd);
+#endif /* HAVE_LIBAUDIT */
 #endif /* HAVE_SELINUX */
 }