Google Git
Sign in
fuchsia / fuchsia / 40aae55bbc1d52c1dddd38f462021c0358ef6e39
commit40aae55bbc1d52c1dddd38f462021c0358ef6e39[log] [tgz]
authorWez <wez@google.com>Fri Feb 14 13:11:41 2025 -0800
committerCQ Bot <fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com>Fri Feb 14 13:11:41 2025 -0800
treee4ff6b956debb32af718900a39aa806f7292cb9b
parenta2312bcc6c8954286136cd01310a410ea4bbf134 [diff]
[sestarnix] Revise the audit-logging mechanism to support details

Introduce an AuditContext that can be cheaply instantiated in each
hook that performs permission checks, to allow details of the
invoking task, file being accessed, etc, to be audit-logged.

This initial implementation supports audit details for CurrentTask,
FileObject, and FsNode, and "layering" of caller-supplied audit
context with additional context by helper functions such as
has_file_permission(), etc.

CurrentTask context is not actually included in audit logs in this
implementation, because the details are already included by the
tags added by Starnix to each log line.

Bug: 362707360
Change-Id: I6bbdade0bc61f763eccb177e826dc0600c88ed1c
Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/1205847
Commit-Queue: Wez <wez@google.com>
Fuchsia-Auto-Submit: Wez <wez@google.com>
Reviewed-by: Ali Zhang <alizhang@google.com>
Commit-Queue: Auto-Submit <auto-submit@fuchsia-infra.iam.gserviceaccount.com>
Reviewed-by: Laura Peskin <pesk@google.com>
Reviewed-by: Miguel Flores <miguelfrde@google.com>
5 files changed
tree: e4ff6b956debb32af718900a39aa806f7292cb9b
  1. .helix/
  2. boards/
  3. build/
  4. bundles/
  5. docs/
  6. examples/
  7. infra/
  8. products/
  9. scripts/
  10. sdk/
  11. src/
  12. third_party/
  13. tools/
  14. zircon/
  15. .clang-format
  16. .clang-tidy
  17. .editorconfig
  18. .git-blame-ignore-revs
  19. .gitattributes
  20. .gitignore
  21. .gitmodules
  22. .gn
  23. .ignore
  24. analysis_options.yaml
  25. AUTHORS
  26. BUILD.gn
  27. CODE_OF_CONDUCT.md
  28. CONTRIBUTING.md
  29. fuchsia.code-workspace
  30. LICENSE
  31. OWNERS
  32. PATENTS
  33. pyproject.toml
  34. pyrightconfig.json
  35. README.md
  36. rustfmt.toml
  37. shac.star
  38. shac.textproto
README.md

Fuchsia

What is Fuchsia?

Fuchsia is an open source, general purpose operating system supporting modern 64-bit Intel and ARM processors.

We expect everyone interacting with our project to respect our code of conduct.

Read more about Fuchsia's principles.

How can I build and run Fuchsia?

See Getting Started.

Where can I learn more about Fuchsia?

See fuchsia.dev.