sh: syscall audit support.

syscall_exit_work:

	! r0: current_thread_info->flags

	! r8: current_thread_info

	tst	#_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP, r0

	tst	#_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP | _TIF_SYSCALL_AUDIT, r0

	bt/s	work_pending

	 tst	#_TIF_NEED_RESCHED, r0

#ifdef CONFIG_TRACE_IRQFLAGS

#endif

	sti

	! XXX setup arguments...

	mov	r15, r4

	mov	#1, r5

	mov.l	4f, r0			! do_syscall_trace

	jsr	@r0

	 nop

syscall_trace_entry:

	!                     	Yes it is traced.

	! XXX setup arguments...

	mov     r15, r4

	mov     #0, r5

	mov.l	4f, r11		! Call do_syscall_trace which notifies

	jsr	@r11	    	! superior (will chomp R[0-7])

	 nop

	!

	get_current_thread_info r8, r10

	mov.l	@(TI_FLAGS,r8), r8

	mov	#_TIF_SYSCALL_TRACE, r10

	mov	#(_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT), r10

	tst	r10, r8

	bf	syscall_trace_entry

	!

 *	edited by Linus Torvalds

 *

 * SuperH version:   Copyright (C) 1999, 2000  Kaz Kojima & Niibe Yutaka

 *

 * Audit support: Yuichi Nakamura <ynakam@hitachisoft.jp>

 */

#include <linux/kernel.h>

#include <linux/sched.h>

#include <linux/security.h>

#include <linux/signal.h>

#include <linux/io.h>

#include <linux/audit.h>

#include <asm/uaccess.h>

#include <asm/pgtable.h>

#include <asm/system.h>

	return ret;

}

asmlinkage void do_syscall_trace(void)

asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit)

{

	struct task_struct *tsk = current;

	if (unlikely(current->audit_context) && entryexit)

		audit_syscall_exit(AUDITSC_RESULT(regs->regs[0]),

				   regs->regs[0]);

	if (!test_thread_flag(TIF_SYSCALL_TRACE) &&

	    !test_thread_flag(TIF_SINGLESTEP))

		return;

		goto out;

	if (!(tsk->ptrace & PT_PTRACED))

		return;

		goto out;

	/* the 0x80 provides a way for the tracing parent to distinguish

	   between a syscall stop and SIGTRAP delivery */

	ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) &&

		send_sig(tsk->exit_code, tsk, 1);

		tsk->exit_code = 0;

	}

out:

	if (unlikely(current->audit_context) && !entryexit)

		audit_syscall_entry(AUDIT_ARCH_SH, regs->regs[3],

				    regs->regs[4], regs->regs[5],

				    regs->regs[6], regs->regs[7]);

}

#define TIF_NEED_RESCHED	2	/* rescheduling necessary */

#define TIF_RESTORE_SIGMASK	3	/* restore signal mask in do_signal() */

#define TIF_SINGLESTEP		4	/* singlestepping active */

#define TIF_SYSCALL_AUDIT	5

#define TIF_USEDFPU		16	/* FPU was used by this task this quantum (SMP) */

#define TIF_POLLING_NRFLAG	17	/* true if poll_idle() is polling TIF_NEED_RESCHED */

#define TIF_MEMDIE		18

#define _TIF_NEED_RESCHED	(1<<TIF_NEED_RESCHED)

#define _TIF_RESTORE_SIGMASK	(1<<TIF_RESTORE_SIGMASK)

#define _TIF_SINGLESTEP		(1<<TIF_SINGLESTEP)

#define _TIF_SYSCALL_AUDIT		(1<<TIF_SYSCALL_AUDIT)

#define _TIF_USEDFPU		(1<<TIF_USEDFPU)

#define _TIF_POLLING_NRFLAG	(1<<TIF_POLLING_NRFLAG)

#define _TIF_FREEZE		(1<<TIF_FREEZE)

config AUDITSYSCALL

	bool "Enable system-call auditing support"

	depends on AUDIT && (X86 || PPC || PPC64 || S390 || IA64 || UML || SPARC64)

	depends on AUDIT && (X86 || PPC || PPC64 || S390 || IA64 || UML || SPARC64|| SUPERH)

	default y if SECURITY_SELINUX

	help

	  Enable low-overhead system-call auditing infrastructure that