audit: remove audit_context when CONFIG_ AUDIT and not AUDITSYSCALL

Remove audit_context from struct task_struct and struct audit_buffer when CONFIG_AUDIT is enabled but CONFIG_AUDITSYSCALL is not. Also, audit_log_name() (and supporting inode and fcaps functions) should have been put back in auditsc.c when soft and hard link logging was normalized since it is only used by syscall auditing. See github issue https://github.com/linux-audit/audit-kernel/issues/105 Signed-off-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Richard Guy Briggs <rgb@redhat.com> 2019-02-01 22:45:17 -0500
committer: Paul Moore <paul@paul-moore.com> 2019-02-03 17:49:35 -0500
commit: 5f3d544f1671d214cd26e45bda326f921455256e (patch)
tree: 086be468806c2c27a768b754db36522e06d0babd /kernel/audit.c
parent: 90462a5bd30c6ed91c6758e59537d047d7878ff9 (diff)
1 files changed, 0 insertions, 157 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index b7177a8def2e..c89ea48c70a6 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -2067,163 +2067,6 @@ void audit_log_key(struct audit_buffer *ab, char *key)
                audit_log_format(ab, "(null)");
 }
-void audit_log_cap(struct audit_buffer *ab, char *prefix, kernel_cap_t *cap)
-{
-        int i;
-        if (cap_isclear(*cap)) {
-                audit_log_format(ab, " %s=0", prefix);
-                return;
-        }
-        audit_log_format(ab, " %s=", prefix);
-        CAP_FOR_EACH_U32(i)
-                audit_log_format(ab, "%08x", cap->cap[CAP_LAST_U32 - i]);
-}
-static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)
-{
-        if (name->fcap_ver == -1) {
-                audit_log_format(ab, " cap_fe=? cap_fver=? cap_fp=? cap_fi=?");
-                return;
-        }
-        audit_log_cap(ab, "cap_fp", &name->fcap.permitted);
-        audit_log_cap(ab, "cap_fi", &name->fcap.inheritable);
-        audit_log_format(ab, " cap_fe=%d cap_fver=%x cap_frootid=%d",
-                         name->fcap.fE, name->fcap_ver,
-                         from_kuid(&init_user_ns, name->fcap.rootid));
-}
-static inline int audit_copy_fcaps(struct audit_names *name,
-                                   const struct dentry *dentry)
-{
-        struct cpu_vfs_cap_data caps;
-        int rc;
-        if (!dentry)
-                return 0;
-        rc = get_vfs_caps_from_disk(dentry, &caps);
-        if (rc)
-                return rc;
-        name->fcap.permitted = caps.permitted;
-        name->fcap.inheritable = caps.inheritable;
-        name->fcap.fE = !!(caps.magic_etc & VFS_CAP_FLAGS_EFFECTIVE);
-        name->fcap.rootid = caps.rootid;
-        name->fcap_ver = (caps.magic_etc & VFS_CAP_REVISION_MASK) >>
-                                VFS_CAP_REVISION_SHIFT;
-        return 0;
-}
-/* Copy inode data into an audit_names. */
-void audit_copy_inode(struct audit_names *name, const struct dentry *dentry,
-                      struct inode *inode, unsigned int flags)
-{
-        name->ino   = inode->i_ino;
-        name->dev   = inode->i_sb->s_dev;
-        name->mode  = inode->i_mode;
-        name->uid   = inode->i_uid;
-        name->gid   = inode->i_gid;
-        name->rdev  = inode->i_rdev;
-        security_inode_getsecid(inode, &name->osid);
-        if (flags & AUDIT_INODE_NOEVAL) {
-                name->fcap_ver = -1;
-                return;
-        }
-        audit_copy_fcaps(name, dentry);
-}
-/**
- * audit_log_name - produce AUDIT_PATH record from struct audit_names
- * @context: audit_context for the task
- * @n: audit_names structure with reportable details
- * @path: optional path to report instead of audit_names->name
- * @record_num: record number to report when handling a list of names
- * @call_panic: optional pointer to int that will be updated if secid fails
- */
-void audit_log_name(struct audit_context *context, struct audit_names *n,
-                    const struct path *path, int record_num, int *call_panic)
-{
-        struct audit_buffer *ab;
-        ab = audit_log_start(context, GFP_KERNEL, AUDIT_PATH);
-        if (!ab)
-                return;
-        audit_log_format(ab, "item=%d", record_num);
-        if (path)
-                audit_log_d_path(ab, " name=", path);
-        else if (n->name) {
-                switch (n->name_len) {
-                case AUDIT_NAME_FULL:
-                        /* log the full path */
-                        audit_log_format(ab, " name=");
-                        audit_log_untrustedstring(ab, n->name->name);
-                        break;
-                case 0:
-                        /* name was specified as a relative path and the
-                         * directory component is the cwd */
-                        audit_log_d_path(ab, " name=", &context->pwd);
-                        break;
-                default:
-                        /* log the name's directory component */
-                        audit_log_format(ab, " name=");
-                        audit_log_n_untrustedstring(ab, n->name->name,
-                                                    n->name_len);
-                }
-        } else
-                audit_log_format(ab, " name=(null)");
-        if (n->ino != AUDIT_INO_UNSET)
-                audit_log_format(ab, " inode=%lu"
-                                 " dev=%02x:%02x mode=%#ho"
-                                 " ouid=%u ogid=%u rdev=%02x:%02x",
-                                 n->ino,
-                                 MAJOR(n->dev),
-                                 MINOR(n->dev),
-                                 n->mode,
-                                 from_kuid(&init_user_ns, n->uid),
-                                 from_kgid(&init_user_ns, n->gid),
-                                 MAJOR(n->rdev),
-                                 MINOR(n->rdev));
-        if (n->osid != 0) {
-                char *ctx = NULL;
-                u32 len;
-                if (security_secid_to_secctx(
-                        n->osid, &ctx, &len)) {
-                        audit_log_format(ab, " osid=%u", n->osid);
-                        if (call_panic)
-                                *call_panic = 2;
-                } else {
-                        audit_log_format(ab, " obj=%s", ctx);
-                        security_release_secctx(ctx, len);
-                }
-        }
-        /* log the audit_names record type */
-        switch(n->type) {
-        case AUDIT_TYPE_NORMAL:
-                audit_log_format(ab, " nametype=NORMAL");
-                break;
-        case AUDIT_TYPE_PARENT:
-                audit_log_format(ab, " nametype=PARENT");
-                break;
-        case AUDIT_TYPE_CHILD_DELETE:
-                audit_log_format(ab, " nametype=DELETE");
-                break;
-        case AUDIT_TYPE_CHILD_CREATE:
-                audit_log_format(ab, " nametype=CREATE");
-                break;
-        default:
-                audit_log_format(ab, " nametype=UNKNOWN");
-                break;
-        }
-        audit_log_fcaps(ab, n);
-        audit_log_end(ab);
-}
 int audit_log_task_context(struct audit_buffer *ab)
 {
        char *ctx = NULL;
author	Richard Guy Briggs <rgb@redhat.com>	2019-02-01 22:45:17 -0500
committer	Paul Moore <paul@paul-moore.com>	2019-02-03 17:49:35 -0500
commit	5f3d544f1671d214cd26e45bda326f921455256e (patch)
tree	086be468806c2c27a768b754db36522e06d0babd /kernel/audit.c
parent	90462a5bd30c6ed91c6758e59537d047d7878ff9 (diff)

diff --git a/kernel/audit.c b/kernel/audit.c index b7177a8def2e..c89ea48c70a6 100644 --- a/kernel/audit.c +++ b/kernel/audit.c
@@ -2067,163 +2067,6 @@ void audit_log_key(struct audit_buffer ab, char key)
2067	audit_log_format(ab, "(null)");	2067	audit_log_format(ab, "(null)");
2068	}	2068	}
2069		2069
2070	void audit_log_cap(struct audit_buffer ab, char prefix, kernel_cap_t *cap)
2071	{
2072	int i;
2073
2074	if (cap_isclear(*cap)) {
2075	audit_log_format(ab, " %s=0", prefix);
2076	return;
2077	}
2078	audit_log_format(ab, " %s=", prefix);
2079	CAP_FOR_EACH_U32(i)
2080	audit_log_format(ab, "%08x", cap->cap[CAP_LAST_U32 - i]);
2081	}
2082
2083	static void audit_log_fcaps(struct audit_buffer ab, struct audit_names name)
2084	{
2085	if (name->fcap_ver == -1) {
2086	audit_log_format(ab, " cap_fe=? cap_fver=? cap_fp=? cap_fi=?");
2087	return;
2088	}
2089	audit_log_cap(ab, "cap_fp", &name->fcap.permitted);
2090	audit_log_cap(ab, "cap_fi", &name->fcap.inheritable);
2091	audit_log_format(ab, " cap_fe=%d cap_fver=%x cap_frootid=%d",
2092	name->fcap.fE, name->fcap_ver,
2093	from_kuid(&init_user_ns, name->fcap.rootid));
2094	}
2095
2096	static inline int audit_copy_fcaps(struct audit_names *name,
2097	const struct dentry *dentry)
2098	{
2099	struct cpu_vfs_cap_data caps;
2100	int rc;
2101
2102	if (!dentry)
2103	return 0;
2104
2105	rc = get_vfs_caps_from_disk(dentry, &caps);
2106	if (rc)
2107	return rc;
2108
2109	name->fcap.permitted = caps.permitted;
2110	name->fcap.inheritable = caps.inheritable;
2111	name->fcap.fE = !!(caps.magic_etc & VFS_CAP_FLAGS_EFFECTIVE);
2112	name->fcap.rootid = caps.rootid;
2113	name->fcap_ver = (caps.magic_etc & VFS_CAP_REVISION_MASK) >>
2114	VFS_CAP_REVISION_SHIFT;
2115
2116	return 0;
2117	}
2118
2119	/* Copy inode data into an audit_names. */
2120	void audit_copy_inode(struct audit_names name, const struct dentry dentry,
2121	struct inode *inode, unsigned int flags)
2122	{
2123	name->ino = inode->i_ino;
2124	name->dev = inode->i_sb->s_dev;
2125	name->mode = inode->i_mode;
2126	name->uid = inode->i_uid;
2127	name->gid = inode->i_gid;
2128	name->rdev = inode->i_rdev;
2129	security_inode_getsecid(inode, &name->osid);
2130	if (flags & AUDIT_INODE_NOEVAL) {
2131	name->fcap_ver = -1;
2132	return;
2133	}
2134	audit_copy_fcaps(name, dentry);
2135	}
2136
2137	/**
2138	* audit_log_name - produce AUDIT_PATH record from struct audit_names
2139	* @context: audit_context for the task
2140	* @n: audit_names structure with reportable details
2141	* @path: optional path to report instead of audit_names->name
2142	* @record_num: record number to report when handling a list of names
2143	* @call_panic: optional pointer to int that will be updated if secid fails
2144	*/
2145	void audit_log_name(struct audit_context context, struct audit_names n,
2146	const struct path path, int record_num, int call_panic)
2147	{
2148	struct audit_buffer *ab;
2149	ab = audit_log_start(context, GFP_KERNEL, AUDIT_PATH);
2150	if (!ab)
2151	return;
2152
2153	audit_log_format(ab, "item=%d", record_num);
2154
2155	if (path)
2156	audit_log_d_path(ab, " name=", path);
2157	else if (n->name) {
2158	switch (n->name_len) {
2159	case AUDIT_NAME_FULL:
2160	/* log the full path */
2161	audit_log_format(ab, " name=");
2162	audit_log_untrustedstring(ab, n->name->name);
2163	break;
2164	case 0:
2165	/* name was specified as a relative path and the
2166	* directory component is the cwd */
2167	audit_log_d_path(ab, " name=", &context->pwd);
2168	break;
2169	default:
2170	/* log the name's directory component */
2171	audit_log_format(ab, " name=");
2172	audit_log_n_untrustedstring(ab, n->name->name,
2173	n->name_len);
2174	}
2175	} else
2176	audit_log_format(ab, " name=(null)");
2177
2178	if (n->ino != AUDIT_INO_UNSET)
2179	audit_log_format(ab, " inode=%lu"
2180	" dev=%02x:%02x mode=%#ho"
2181	" ouid=%u ogid=%u rdev=%02x:%02x",
2182	n->ino,
2183	MAJOR(n->dev),
2184	MINOR(n->dev),
2185	n->mode,
2186	from_kuid(&init_user_ns, n->uid),
2187	from_kgid(&init_user_ns, n->gid),
2188	MAJOR(n->rdev),
2189	MINOR(n->rdev));
2190	if (n->osid != 0) {
2191	char *ctx = NULL;
2192	u32 len;
2193	if (security_secid_to_secctx(
2194	n->osid, &ctx, &len)) {
2195	audit_log_format(ab, " osid=%u", n->osid);
2196	if (call_panic)
2197	*call_panic = 2;
2198	} else {
2199	audit_log_format(ab, " obj=%s", ctx);
2200	security_release_secctx(ctx, len);
2201	}
2202	}
2203
2204	/* log the audit_names record type */
2205	switch(n->type) {
2206	case AUDIT_TYPE_NORMAL:
2207	audit_log_format(ab, " nametype=NORMAL");
2208	break;
2209	case AUDIT_TYPE_PARENT:
2210	audit_log_format(ab, " nametype=PARENT");
2211	break;
2212	case AUDIT_TYPE_CHILD_DELETE:
2213	audit_log_format(ab, " nametype=DELETE");
2214	break;
2215	case AUDIT_TYPE_CHILD_CREATE:
2216	audit_log_format(ab, " nametype=CREATE");
2217	break;
2218	default:
2219	audit_log_format(ab, " nametype=UNKNOWN");
2220	break;
2221	}
2222
2223	audit_log_fcaps(ab, n);
2224	audit_log_end(ab);
2225	}
2226
2227	int audit_log_task_context(struct audit_buffer *ab)	2070	int audit_log_task_context(struct audit_buffer *ab)
2228	{	2071	{
2229	char *ctx = NULL;	2072	char *ctx = NULL;