Merge tag 'audit-pr-20190305' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit

Pull audit updates from Paul Moore: "A lucky 13 audit patches for v5.1. Despite the rather large diffstat, most of the changes are from two bug fix patches that move code from one Kconfig option to another. Beyond that bit of churn, the remaining changes are largely cleanups and bug-fixes as we slowly march towards container auditing. It isn't all boring though, we do have a couple of new things: file capabilities v3 support, and expanded support for filtering on filesystems to solve problems with remote filesystems. All changes pass the audit-testsuite. Please merge for v5.1" * tag 'audit-pr-20190305' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: mark expected switch fall-through audit: hide auditsc_get_stamp and audit_serial prototypes audit: join tty records to their syscall audit: remove audit_context when CONFIG_ AUDIT and not AUDITSYSCALL audit: remove unused actx param from audit_rule_match audit: ignore fcaps on umount audit: clean up AUDITSYSCALL prototypes and stubs audit: more filter PATH records keyed on filesystem magic audit: add support for fcaps v3 audit: move loginuid and sessionid from CONFIG_AUDITSYSCALL to CONFIG_AUDIT audit: add syscall information to CONFIG_CHANGE records audit: hand taken context to audit_kill_trees for syscall logging audit: give a clue what CONFIG_CHANGE op was involved
author: Linus Torvalds <torvalds@linux-foundation.org> 2019-03-07 15:20:11 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2019-03-07 15:20:11 -0500
commit: be37f21a08ce65c7632c7f45e1755a4b07f278a0 (patch)
tree: 5f61b71e21dd809ea558ad195d06b7ebd4fb49c5 /include/linux/audit.h
parent: 3ac96c30ccfa802501dd2f4941e4508ea54b0b8a (diff)
parent: 131d34cb07957151c369366b158690057d2bce5e (diff)
1 files changed, 33 insertions, 33 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index a625c29a2ea2..1e69d9fe16da 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -25,6 +25,7 @@
 #include <linux/sched.h>
 #include <linux/ptrace.h>
+#include <linux/namei.h>  /* LOOKUP_* */
 #include <uapi/linux/audit.h>
 #define AUDIT_INO_UNSET ((unsigned long)-1)
@@ -159,6 +160,18 @@ extern int		    audit_update_lsm_rules(void);
 extern int audit_rule_change(int type, int seq, void *data, size_t datasz);
 extern int audit_list_rules_send(struct sk_buff *request_skb, int seq);
+extern int audit_set_loginuid(kuid_t loginuid);
+static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
+{
+        return tsk->loginuid;
+}
+static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
+{
+        return tsk->sessionid;
+}
 extern u32 audit_enabled;
 #else /* CONFIG_AUDIT */
 static inline __printf(4, 5)
@@ -201,6 +214,17 @@ static inline int audit_log_task_context(struct audit_buffer *ab)
 }
 static inline void audit_log_task_info(struct audit_buffer *ab)
 { }
+static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
+{
+        return INVALID_UID;
+}
+static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
+{
+        return AUDIT_SID_UNSET;
+}
 #define audit_enabled AUDIT_OFF
 #endif /* CONFIG_AUDIT */
@@ -225,6 +249,7 @@ extern void __audit_getname(struct filename *name);
 #define AUDIT_INODE_PARENT      1       /* dentry represents the parent */
 #define AUDIT_INODE_HIDDEN      2       /* audit record should be hidden */
+#define AUDIT_INODE_NOEVAL      4       /* audit record incomplete */
 extern void __audit_inode(struct filename *name, const struct dentry *dentry,
                                unsigned int flags);
 extern void __audit_file(const struct file *);
@@ -285,12 +310,15 @@ static inline void audit_getname(struct filename *name)
 }
 static inline void audit_inode(struct filename *name,
                                const struct dentry *dentry,
-                                unsigned int parent) {
+                                unsigned int flags) {
        if (unlikely(!audit_dummy_context())) {
-                unsigned int flags = 0;
+                unsigned int aflags = 0;
-                if (parent)
-                        flags |= AUDIT_INODE_PARENT;
+                if (flags & LOOKUP_PARENT)
-                __audit_inode(name, dentry, flags);
+                        aflags |= AUDIT_INODE_PARENT;
+                if (flags & LOOKUP_NO_EVAL)
+                        aflags |= AUDIT_INODE_NOEVAL;
+                __audit_inode(name, dentry, aflags);
        }
 }
 static inline void audit_file(struct file *file)
@@ -320,21 +348,6 @@ static inline void audit_ptrace(struct task_struct *t)
 }
                                /* Private API (for audit.c only) */
-extern unsigned int audit_serial(void);
-extern int auditsc_get_stamp(struct audit_context *ctx,
-                              struct timespec64 *t, unsigned int *serial);
-extern int audit_set_loginuid(kuid_t loginuid);
-static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
-{
-        return tsk->loginuid;
-}
-static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
-{
-        return tsk->sessionid;
-}
 extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
 extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
 extern void __audit_bprm(struct linux_binprm *bprm);
@@ -514,19 +527,6 @@ static inline void audit_seccomp(unsigned long syscall, long signr, int code)
 static inline void audit_seccomp_actions_logged(const char *names,
                                                const char *old_names, int res)
 { }
-static inline int auditsc_get_stamp(struct audit_context *ctx,
-                              struct timespec64 *t, unsigned int *serial)
-{
-        return 0;
-}
-static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
-{
-        return INVALID_UID;
-}
-static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
-{
-        return AUDIT_SID_UNSET;
-}
 static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
 { }
 static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid,
author	Linus Torvalds <torvalds@linux-foundation.org>	2019-03-07 15:20:11 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2019-03-07 15:20:11 -0500
commit	be37f21a08ce65c7632c7f45e1755a4b07f278a0 (patch)
tree	5f61b71e21dd809ea558ad195d06b7ebd4fb49c5 /include/linux/audit.h
parent	3ac96c30ccfa802501dd2f4941e4508ea54b0b8a (diff)
parent	131d34cb07957151c369366b158690057d2bce5e (diff)

diff --git a/include/linux/audit.h b/include/linux/audit.h index a625c29a2ea2..1e69d9fe16da 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h
@@ -25,6 +25,7 @@
25		25
26	#include <linux/sched.h>	26	#include <linux/sched.h>
27	#include <linux/ptrace.h>	27	#include <linux/ptrace.h>
		28	#include <linux/namei.h> /* LOOKUP_* */
28	#include <uapi/linux/audit.h>	29	#include <uapi/linux/audit.h>
29		30
30	#define AUDIT_INO_UNSET ((unsigned long)-1)	31	#define AUDIT_INO_UNSET ((unsigned long)-1)
@@ -159,6 +160,18 @@ extern int audit_update_lsm_rules(void);
159	extern int audit_rule_change(int type, int seq, void *data, size_t datasz);	160	extern int audit_rule_change(int type, int seq, void *data, size_t datasz);
160	extern int audit_list_rules_send(struct sk_buff *request_skb, int seq);	161	extern int audit_list_rules_send(struct sk_buff *request_skb, int seq);
161		162
		163	extern int audit_set_loginuid(kuid_t loginuid);
		164
		165	static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
		166	{
		167	return tsk->loginuid;
		168	}
		169
		170	static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
		171	{
		172	return tsk->sessionid;
		173	}
		174
162	extern u32 audit_enabled;	175	extern u32 audit_enabled;
163	#else /* CONFIG_AUDIT */	176	#else /* CONFIG_AUDIT */
164	static inline __printf(4, 5)	177	static inline __printf(4, 5)
@@ -201,6 +214,17 @@ static inline int audit_log_task_context(struct audit_buffer *ab)
201	}	214	}
202	static inline void audit_log_task_info(struct audit_buffer *ab)	215	static inline void audit_log_task_info(struct audit_buffer *ab)
203	{ }	216	{ }
		217
		218	static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
		219	{
		220	return INVALID_UID;
		221	}
		222
		223	static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
		224	{
		225	return AUDIT_SID_UNSET;
		226	}
		227
204	#define audit_enabled AUDIT_OFF	228	#define audit_enabled AUDIT_OFF
205	#endif /* CONFIG_AUDIT */	229	#endif /* CONFIG_AUDIT */
206		230
@@ -225,6 +249,7 @@ extern void __audit_getname(struct filename *name);
225		249
226	#define AUDIT_INODE_PARENT 1 /* dentry represents the parent */	250	#define AUDIT_INODE_PARENT 1 /* dentry represents the parent */
227	#define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */	251	#define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */
		252	#define AUDIT_INODE_NOEVAL 4 /* audit record incomplete */
228	extern void __audit_inode(struct filename name, const struct dentry dentry,	253	extern void __audit_inode(struct filename name, const struct dentry dentry,
229	unsigned int flags);	254	unsigned int flags);
230	extern void __audit_file(const struct file *);	255	extern void __audit_file(const struct file *);
@@ -285,12 +310,15 @@ static inline void audit_getname(struct filename *name)
285	}	310	}
286	static inline void audit_inode(struct filename *name,	311	static inline void audit_inode(struct filename *name,
287	const struct dentry *dentry,	312	const struct dentry *dentry,
288	unsigned int parent) {	313	unsigned int flags) {
289	if (unlikely(!audit_dummy_context())) {	314	if (unlikely(!audit_dummy_context())) {
290	unsigned int flags = 0;	315	unsigned int aflags = 0;
291	if (parent)	316
292	flags \|= AUDIT_INODE_PARENT;	317	if (flags & LOOKUP_PARENT)
293	__audit_inode(name, dentry, flags);	318	aflags \|= AUDIT_INODE_PARENT;
		319	if (flags & LOOKUP_NO_EVAL)
		320	aflags \|= AUDIT_INODE_NOEVAL;
		321	__audit_inode(name, dentry, aflags);
294	}	322	}
295	}	323	}
296	static inline void audit_file(struct file *file)	324	static inline void audit_file(struct file *file)
@@ -320,21 +348,6 @@ static inline void audit_ptrace(struct task_struct *t)
320	}	348	}
321		349
322	/* Private API (for audit.c only) */	350	/* Private API (for audit.c only) */
323	extern unsigned int audit_serial(void);
324	extern int auditsc_get_stamp(struct audit_context *ctx,
325	struct timespec64 t, unsigned int serial);
326	extern int audit_set_loginuid(kuid_t loginuid);
327
328	static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
329	{
330	return tsk->loginuid;
331	}
332
333	static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
334	{
335	return tsk->sessionid;
336	}
337
338	extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);	351	extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
339	extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);	352	extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
340	extern void __audit_bprm(struct linux_binprm *bprm);	353	extern void __audit_bprm(struct linux_binprm *bprm);
@@ -514,19 +527,6 @@ static inline void audit_seccomp(unsigned long syscall, long signr, int code)
514	static inline void audit_seccomp_actions_logged(const char *names,	527	static inline void audit_seccomp_actions_logged(const char *names,
515	const char *old_names, int res)	528	const char *old_names, int res)
516	{ }	529	{ }
517	static inline int auditsc_get_stamp(struct audit_context *ctx,
518	struct timespec64 t, unsigned int serial)
519	{
520	return 0;
521	}
522	static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
523	{
524	return INVALID_UID;
525	}
526	static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
527	{
528	return AUDIT_SID_UNSET;
529	}
530	static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)	530	static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
531	{ }	531	{ }
532	static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid,	532	static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid,