v2.4.4 audit sources

Change-Id: I9315a7408817db51edf084fb4d27fbb492785084 Signed-off-by: Ashlee Young <ashlee@wildernessvoice.com>
author: Ashlee Young <ashlee@wildernessvoice.com> 2015-11-29 08:22:13 -0800
committer: Ashlee Young <ashlee@wildernessvoice.com> 2015-11-29 08:22:13 -0800
commit: df5afa4fcd9725380f94ca6476248d4cc24f889a (patch)
tree: 65456f62397305febf7f40778c5a413a35d094ef /framework/src/audit/lib/syscall-update.txt
parent: 76f6bf922552c00546e6e85ca471eab28f56986c (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/framework/src/audit/lib/syscall-update.txt b/framework/src/audit/lib/syscall-update.txt
new file mode 100644
index 00000000..89d63717
--- /dev/null
+++ b/framework/src/audit/lib/syscall-update.txt
@@ -0,0 +1,20 @@
+The place where syscall information is gathered is:
+
+arch/alpha/include/uapi/asm/unistd.h
+arch/arm/include/uapi/asm/unistd.h
+arch/ia64/include/uapi/asm/unistd.h
+arch/powerpc/include/uapi/asm/unistd.h
+arch/s390/include/uapi/asm/unistd.h
+arch/x86/syscalls/syscall_32.tbl
+arch/x86/syscalls/syscall_64.tbl
+include/uapi/asm-generic/unistd.h  (aarch64)
+
+For src/ausearch-lookup.c:
+Inspect include/linux/net.h for socketcall updates
+Inspect include/linux/ipc.h for ipccall updates
+
+For adding new arches, the following might be useful to get a first pass file:
+
+cat unistd.h | grep '^#define __NR_' | tr -d ')' | tr 'NR+' ' ' | awk '{ printf "_S(%s, \"%s\")\n", $6, $3 }; '
+
+it will still need hand editing
author	Ashlee Young <ashlee@wildernessvoice.com>	2015-11-29 08:22:13 -0800
committer	Ashlee Young <ashlee@wildernessvoice.com>	2015-11-29 08:22:13 -0800
commit	df5afa4fcd9725380f94ca6476248d4cc24f889a (patch)
tree	65456f62397305febf7f40778c5a413a35d094ef /framework/src/audit/lib/syscall-update.txt
parent	76f6bf922552c00546e6e85ca471eab28f56986c (diff)