diff options
| author | Richard Guy Briggs <rgb@redhat.com> | 2018-05-16 07:55:46 -0400 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2018-05-17 16:41:19 -0400 |
| commit | 38f80590486e38a4f2aac7b1fcf9cf60cb618a1a (patch) | |
| tree | 5f5f8690e66e215fa3293c19b9c7779f9cee9231 /kernel/auditsc.c | |
| parent | 8982a1fbe0b51efba09401f18cc69abc801149c8 (diff) | |
audit: normalize loginuid read access
Recognizing that the loginuid is an internal audit value, use an access
function to retrieve the audit loginuid value for the task rather than
reaching directly into the task struct to get it.
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'kernel/auditsc.c')
| -rw-r--r-- | kernel/auditsc.c | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index f3d3dc652c2c..ef3e189bcb15 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -374,7 +374,7 @@ static int audit_field_compare(struct task_struct *tsk, | |||
| 374 | case AUDIT_COMPARE_EGID_TO_OBJ_GID: | 374 | case AUDIT_COMPARE_EGID_TO_OBJ_GID: |
| 375 | return audit_compare_gid(cred->egid, name, f, ctx); | 375 | return audit_compare_gid(cred->egid, name, f, ctx); |
| 376 | case AUDIT_COMPARE_AUID_TO_OBJ_UID: | 376 | case AUDIT_COMPARE_AUID_TO_OBJ_UID: |
| 377 | return audit_compare_uid(tsk->loginuid, name, f, ctx); | 377 | return audit_compare_uid(audit_get_loginuid(tsk), name, f, ctx); |
| 378 | case AUDIT_COMPARE_SUID_TO_OBJ_UID: | 378 | case AUDIT_COMPARE_SUID_TO_OBJ_UID: |
| 379 | return audit_compare_uid(cred->suid, name, f, ctx); | 379 | return audit_compare_uid(cred->suid, name, f, ctx); |
| 380 | case AUDIT_COMPARE_SGID_TO_OBJ_GID: | 380 | case AUDIT_COMPARE_SGID_TO_OBJ_GID: |
| @@ -385,7 +385,8 @@ static int audit_field_compare(struct task_struct *tsk, | |||
| 385 | return audit_compare_gid(cred->fsgid, name, f, ctx); | 385 | return audit_compare_gid(cred->fsgid, name, f, ctx); |
| 386 | /* uid comparisons */ | 386 | /* uid comparisons */ |
| 387 | case AUDIT_COMPARE_UID_TO_AUID: | 387 | case AUDIT_COMPARE_UID_TO_AUID: |
| 388 | return audit_uid_comparator(cred->uid, f->op, tsk->loginuid); | 388 | return audit_uid_comparator(cred->uid, f->op, |
| 389 | audit_get_loginuid(tsk)); | ||
| 389 | case AUDIT_COMPARE_UID_TO_EUID: | 390 | case AUDIT_COMPARE_UID_TO_EUID: |
| 390 | return audit_uid_comparator(cred->uid, f->op, cred->euid); | 391 | return audit_uid_comparator(cred->uid, f->op, cred->euid); |
| 391 | case AUDIT_COMPARE_UID_TO_SUID: | 392 | case AUDIT_COMPARE_UID_TO_SUID: |
| @@ -394,11 +395,14 @@ static int audit_field_compare(struct task_struct *tsk, | |||
| 394 | return audit_uid_comparator(cred->uid, f->op, cred->fsuid); | 395 | return audit_uid_comparator(cred->uid, f->op, cred->fsuid); |
| 395 | /* auid comparisons */ | 396 | /* auid comparisons */ |
| 396 | case AUDIT_COMPARE_AUID_TO_EUID: | 397 | case AUDIT_COMPARE_AUID_TO_EUID: |
| 397 | return audit_uid_comparator(tsk->loginuid, f->op, cred->euid); | 398 | return audit_uid_comparator(audit_get_loginuid(tsk), f->op, |
| 399 | cred->euid); | ||
| 398 | case AUDIT_COMPARE_AUID_TO_SUID: | 400 | case AUDIT_COMPARE_AUID_TO_SUID: |
| 399 | return audit_uid_comparator(tsk->loginuid, f->op, cred->suid); | 401 | return audit_uid_comparator(audit_get_loginuid(tsk), f->op, |
| 402 | cred->suid); | ||
| 400 | case AUDIT_COMPARE_AUID_TO_FSUID: | 403 | case AUDIT_COMPARE_AUID_TO_FSUID: |
| 401 | return audit_uid_comparator(tsk->loginuid, f->op, cred->fsuid); | 404 | return audit_uid_comparator(audit_get_loginuid(tsk), f->op, |
| 405 | cred->fsuid); | ||
| 402 | /* euid comparisons */ | 406 | /* euid comparisons */ |
| 403 | case AUDIT_COMPARE_EUID_TO_SUID: | 407 | case AUDIT_COMPARE_EUID_TO_SUID: |
| 404 | return audit_uid_comparator(cred->euid, f->op, cred->suid); | 408 | return audit_uid_comparator(cred->euid, f->op, cred->suid); |
| @@ -611,7 +615,8 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
| 611 | result = match_tree_refs(ctx, rule->tree); | 615 | result = match_tree_refs(ctx, rule->tree); |
| 612 | break; | 616 | break; |
| 613 | case AUDIT_LOGINUID: | 617 | case AUDIT_LOGINUID: |
| 614 | result = audit_uid_comparator(tsk->loginuid, f->op, f->uid); | 618 | result = audit_uid_comparator(audit_get_loginuid(tsk), |
| 619 | f->op, f->uid); | ||
| 615 | break; | 620 | break; |
| 616 | case AUDIT_LOGINUID_SET: | 621 | case AUDIT_LOGINUID_SET: |
| 617 | result = audit_comparator(audit_loginuid_set(tsk), f->op, f->val); | 622 | result = audit_comparator(audit_loginuid_set(tsk), f->op, f->val); |
| @@ -2278,14 +2283,15 @@ int audit_signal_info(int sig, struct task_struct *t) | |||
| 2278 | { | 2283 | { |
| 2279 | struct audit_aux_data_pids *axp; | 2284 | struct audit_aux_data_pids *axp; |
| 2280 | struct audit_context *ctx = audit_context(); | 2285 | struct audit_context *ctx = audit_context(); |
| 2281 | kuid_t uid = current_uid(), t_uid = task_uid(t); | 2286 | kuid_t uid = current_uid(), auid, t_uid = task_uid(t); |
| 2282 | 2287 | ||
| 2283 | if (auditd_test_task(t) && | 2288 | if (auditd_test_task(t) && |
| 2284 | (sig == SIGTERM || sig == SIGHUP || | 2289 | (sig == SIGTERM || sig == SIGHUP || |
| 2285 | sig == SIGUSR1 || sig == SIGUSR2)) { | 2290 | sig == SIGUSR1 || sig == SIGUSR2)) { |
| 2286 | audit_sig_pid = task_tgid_nr(current); | 2291 | audit_sig_pid = task_tgid_nr(current); |
| 2287 | if (uid_valid(current->loginuid)) | 2292 | auid = audit_get_loginuid(current); |
| 2288 | audit_sig_uid = current->loginuid; | 2293 | if (uid_valid(auid)) |
| 2294 | audit_sig_uid = auid; | ||
| 2289 | else | 2295 | else |
| 2290 | audit_sig_uid = uid; | 2296 | audit_sig_uid = uid; |
| 2291 | security_task_getsecid(current, &audit_sig_sid); | 2297 | security_task_getsecid(current, &audit_sig_sid); |