aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--drivers/tty/tty_audit.c2
-rw-r--r--fs/namei.c2
-rw-r--r--fs/namespace.c2
-rw-r--r--fs/proc/base.c6
-rw-r--r--include/linux/audit.h66
-rw-r--r--include/linux/capability.h5
-rw-r--r--include/linux/lsm_hooks.h4
-rw-r--r--include/linux/namei.h3
-rw-r--r--include/linux/sched.h4
-rw-r--r--include/linux/security.h5
-rw-r--r--init/init_task.c2
-rw-r--r--kernel/audit.c267
-rw-r--r--kernel/audit.h81
-rw-r--r--kernel/audit_fsnotify.c2
-rw-r--r--kernel/audit_tree.c19
-rw-r--r--kernel/audit_watch.c2
-rw-r--r--kernel/auditfilter.c6
-rw-r--r--kernel/auditsc.c320
-rw-r--r--security/apparmor/audit.c3
-rw-r--r--security/apparmor/include/audit.h3
-rw-r--r--security/commoncap.c2
-rw-r--r--security/integrity/ima/ima.h3
-rw-r--r--security/integrity/ima/ima_policy.c6
-rw-r--r--security/security.c6
-rw-r--r--security/selinux/include/audit.h4
-rw-r--r--security/selinux/ss/services.c3
-rw-r--r--security/smack/smack_lsm.c4
27 files changed, 440 insertions, 392 deletions
diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c
index 28f87fd6a28e..9f906a5b8e81 100644
--- a/drivers/tty/tty_audit.c
+++ b/drivers/tty/tty_audit.c
@@ -66,7 +66,7 @@ static void tty_audit_log(const char *description, dev_t dev,
66 uid_t loginuid = from_kuid(&init_user_ns, audit_get_loginuid(current)); 66 uid_t loginuid = from_kuid(&init_user_ns, audit_get_loginuid(current));
67 unsigned int sessionid = audit_get_sessionid(current); 67 unsigned int sessionid = audit_get_sessionid(current);
68 68
69 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY); 69 ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_TTY);
70 if (ab) { 70 if (ab) {
71 char name[sizeof(current->comm)]; 71 char name[sizeof(current->comm)];
72 72
diff --git a/fs/namei.c b/fs/namei.c
index 914178cdbe94..87d7710a2e1d 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2720,7 +2720,7 @@ filename_mountpoint(int dfd, struct filename *name, struct path *path,
2720 if (unlikely(error == -ESTALE)) 2720 if (unlikely(error == -ESTALE))
2721 error = path_mountpoint(&nd, flags | LOOKUP_REVAL, path); 2721 error = path_mountpoint(&nd, flags | LOOKUP_REVAL, path);
2722 if (likely(!error)) 2722 if (likely(!error))
2723 audit_inode(name, path->dentry, 0); 2723 audit_inode(name, path->dentry, flags & LOOKUP_NO_EVAL);
2724 restore_nameidata(); 2724 restore_nameidata();
2725 putname(name); 2725 putname(name);
2726 return error; 2726 return error;
diff --git a/fs/namespace.c b/fs/namespace.c
index c4e83d94840c..98a8c182af4f 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1640,6 +1640,8 @@ int ksys_umount(char __user *name, int flags)
1640 if (!(flags & UMOUNT_NOFOLLOW)) 1640 if (!(flags & UMOUNT_NOFOLLOW))
1641 lookup_flags |= LOOKUP_FOLLOW; 1641 lookup_flags |= LOOKUP_FOLLOW;
1642 1642
1643 lookup_flags |= LOOKUP_NO_EVAL;
1644
1643 retval = user_path_mountpoint_at(AT_FDCWD, name, lookup_flags, &path); 1645 retval = user_path_mountpoint_at(AT_FDCWD, name, lookup_flags, &path);
1644 if (retval) 1646 if (retval)
1645 goto out; 1647 goto out;
diff --git a/fs/proc/base.c b/fs/proc/base.c
index fca9fa5f23d8..5ab1849971b4 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
@@ -1210,7 +1210,7 @@ static const struct file_operations proc_oom_score_adj_operations = {
1210 .llseek = default_llseek, 1210 .llseek = default_llseek,
1211}; 1211};
1212 1212
1213#ifdef CONFIG_AUDITSYSCALL 1213#ifdef CONFIG_AUDIT
1214#define TMPBUFLEN 11 1214#define TMPBUFLEN 11
1215static ssize_t proc_loginuid_read(struct file * file, char __user * buf, 1215static ssize_t proc_loginuid_read(struct file * file, char __user * buf,
1216 size_t count, loff_t *ppos) 1216 size_t count, loff_t *ppos)
@@ -3044,7 +3044,7 @@ static const struct pid_entry tgid_base_stuff[] = {
3044 ONE("oom_score", S_IRUGO, proc_oom_score), 3044 ONE("oom_score", S_IRUGO, proc_oom_score),
3045 REG("oom_adj", S_IRUGO|S_IWUSR, proc_oom_adj_operations), 3045 REG("oom_adj", S_IRUGO|S_IWUSR, proc_oom_adj_operations),
3046 REG("oom_score_adj", S_IRUGO|S_IWUSR, proc_oom_score_adj_operations), 3046 REG("oom_score_adj", S_IRUGO|S_IWUSR, proc_oom_score_adj_operations),
3047#ifdef CONFIG_AUDITSYSCALL 3047#ifdef CONFIG_AUDIT
3048 REG("loginuid", S_IWUSR|S_IRUGO, proc_loginuid_operations), 3048 REG("loginuid", S_IWUSR|S_IRUGO, proc_loginuid_operations),
3049 REG("sessionid", S_IRUGO, proc_sessionid_operations), 3049 REG("sessionid", S_IRUGO, proc_sessionid_operations),
3050#endif 3050#endif
@@ -3432,7 +3432,7 @@ static const struct pid_entry tid_base_stuff[] = {
3432 ONE("oom_score", S_IRUGO, proc_oom_score), 3432 ONE("oom_score", S_IRUGO, proc_oom_score),
3433 REG("oom_adj", S_IRUGO|S_IWUSR, proc_oom_adj_operations), 3433 REG("oom_adj", S_IRUGO|S_IWUSR, proc_oom_adj_operations),
3434 REG("oom_score_adj", S_IRUGO|S_IWUSR, proc_oom_score_adj_operations), 3434 REG("oom_score_adj", S_IRUGO|S_IWUSR, proc_oom_score_adj_operations),
3435#ifdef CONFIG_AUDITSYSCALL 3435#ifdef CONFIG_AUDIT
3436 REG("loginuid", S_IWUSR|S_IRUGO, proc_loginuid_operations), 3436 REG("loginuid", S_IWUSR|S_IRUGO, proc_loginuid_operations),
3437 REG("sessionid", S_IRUGO, proc_sessionid_operations), 3437 REG("sessionid", S_IRUGO, proc_sessionid_operations),
3438#endif 3438#endif
diff --git a/include/linux/audit.h b/include/linux/audit.h
index a625c29a2ea2..1e69d9fe16da 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -25,6 +25,7 @@
25 25
26#include <linux/sched.h> 26#include <linux/sched.h>
27#include <linux/ptrace.h> 27#include <linux/ptrace.h>
28#include <linux/namei.h> /* LOOKUP_* */
28#include <uapi/linux/audit.h> 29#include <uapi/linux/audit.h>
29 30
30#define AUDIT_INO_UNSET ((unsigned long)-1) 31#define AUDIT_INO_UNSET ((unsigned long)-1)
@@ -159,6 +160,18 @@ extern int audit_update_lsm_rules(void);
159extern int audit_rule_change(int type, int seq, void *data, size_t datasz); 160extern int audit_rule_change(int type, int seq, void *data, size_t datasz);
160extern int audit_list_rules_send(struct sk_buff *request_skb, int seq); 161extern int audit_list_rules_send(struct sk_buff *request_skb, int seq);
161 162
163extern int audit_set_loginuid(kuid_t loginuid);
164
165static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
166{
167 return tsk->loginuid;
168}
169
170static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
171{
172 return tsk->sessionid;
173}
174
162extern u32 audit_enabled; 175extern u32 audit_enabled;
163#else /* CONFIG_AUDIT */ 176#else /* CONFIG_AUDIT */
164static inline __printf(4, 5) 177static inline __printf(4, 5)
@@ -201,6 +214,17 @@ static inline int audit_log_task_context(struct audit_buffer *ab)
201} 214}
202static inline void audit_log_task_info(struct audit_buffer *ab) 215static inline void audit_log_task_info(struct audit_buffer *ab)
203{ } 216{ }
217
218static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
219{
220 return INVALID_UID;
221}
222
223static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
224{
225 return AUDIT_SID_UNSET;
226}
227
204#define audit_enabled AUDIT_OFF 228#define audit_enabled AUDIT_OFF
205#endif /* CONFIG_AUDIT */ 229#endif /* CONFIG_AUDIT */
206 230
@@ -225,6 +249,7 @@ extern void __audit_getname(struct filename *name);
225 249
226#define AUDIT_INODE_PARENT 1 /* dentry represents the parent */ 250#define AUDIT_INODE_PARENT 1 /* dentry represents the parent */
227#define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */ 251#define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */
252#define AUDIT_INODE_NOEVAL 4 /* audit record incomplete */
228extern void __audit_inode(struct filename *name, const struct dentry *dentry, 253extern void __audit_inode(struct filename *name, const struct dentry *dentry,
229 unsigned int flags); 254 unsigned int flags);
230extern void __audit_file(const struct file *); 255extern void __audit_file(const struct file *);
@@ -285,12 +310,15 @@ static inline void audit_getname(struct filename *name)
285} 310}
286static inline void audit_inode(struct filename *name, 311static inline void audit_inode(struct filename *name,
287 const struct dentry *dentry, 312 const struct dentry *dentry,
288 unsigned int parent) { 313 unsigned int flags) {
289 if (unlikely(!audit_dummy_context())) { 314 if (unlikely(!audit_dummy_context())) {
290 unsigned int flags = 0; 315 unsigned int aflags = 0;
291 if (parent) 316
292 flags |= AUDIT_INODE_PARENT; 317 if (flags & LOOKUP_PARENT)
293 __audit_inode(name, dentry, flags); 318 aflags |= AUDIT_INODE_PARENT;
319 if (flags & LOOKUP_NO_EVAL)
320 aflags |= AUDIT_INODE_NOEVAL;
321 __audit_inode(name, dentry, aflags);
294 } 322 }
295} 323}
296static inline void audit_file(struct file *file) 324static inline void audit_file(struct file *file)
@@ -320,21 +348,6 @@ static inline void audit_ptrace(struct task_struct *t)
320} 348}
321 349
322 /* Private API (for audit.c only) */ 350 /* Private API (for audit.c only) */
323extern unsigned int audit_serial(void);
324extern int auditsc_get_stamp(struct audit_context *ctx,
325 struct timespec64 *t, unsigned int *serial);
326extern int audit_set_loginuid(kuid_t loginuid);
327
328static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
329{
330 return tsk->loginuid;
331}
332
333static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
334{
335 return tsk->sessionid;
336}
337
338extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); 351extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
339extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode); 352extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
340extern void __audit_bprm(struct linux_binprm *bprm); 353extern void __audit_bprm(struct linux_binprm *bprm);
@@ -514,19 +527,6 @@ static inline void audit_seccomp(unsigned long syscall, long signr, int code)
514static inline void audit_seccomp_actions_logged(const char *names, 527static inline void audit_seccomp_actions_logged(const char *names,
515 const char *old_names, int res) 528 const char *old_names, int res)
516{ } 529{ }
517static inline int auditsc_get_stamp(struct audit_context *ctx,
518 struct timespec64 *t, unsigned int *serial)
519{
520 return 0;
521}
522static inline kuid_t audit_get_loginuid(struct task_struct *tsk)
523{
524 return INVALID_UID;
525}
526static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
527{
528 return AUDIT_SID_UNSET;
529}
530static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) 530static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
531{ } 531{ }
532static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, 532static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid,
diff --git a/include/linux/capability.h b/include/linux/capability.h
index c3f9a4d558a0..ecce0f43c73a 100644
--- a/include/linux/capability.h
+++ b/include/linux/capability.h
@@ -14,7 +14,7 @@
14#define _LINUX_CAPABILITY_H 14#define _LINUX_CAPABILITY_H
15 15
16#include <uapi/linux/capability.h> 16#include <uapi/linux/capability.h>
17 17#include <linux/uidgid.h>
18 18
19#define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3 19#define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_3
20#define _KERNEL_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_3 20#define _KERNEL_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_3
@@ -25,11 +25,12 @@ typedef struct kernel_cap_struct {
25 __u32 cap[_KERNEL_CAPABILITY_U32S]; 25 __u32 cap[_KERNEL_CAPABILITY_U32S];
26} kernel_cap_t; 26} kernel_cap_t;
27 27
28/* exact same as vfs_cap_data but in cpu endian and always filled completely */ 28/* same as vfs_ns_cap_data but in cpu endian and always filled completely */
29struct cpu_vfs_cap_data { 29struct cpu_vfs_cap_data {
30 __u32 magic_etc; 30 __u32 magic_etc;
31 kernel_cap_t permitted; 31 kernel_cap_t permitted;
32 kernel_cap_t inheritable; 32 kernel_cap_t inheritable;
33 kuid_t rootid;
33}; 34};
34 35
35#define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct)) 36#define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct))
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 22fc786d723a..85a301632cf1 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1344,7 +1344,6 @@
1344 * @field contains the field which relates to current LSM. 1344 * @field contains the field which relates to current LSM.
1345 * @op contains the operator that will be used for matching. 1345 * @op contains the operator that will be used for matching.
1346 * @rule points to the audit rule that will be checked against. 1346 * @rule points to the audit rule that will be checked against.
1347 * @actx points to the audit context associated with the check.
1348 * Return 1 if secid matches the rule, 0 if it does not, -ERRNO on failure. 1347 * Return 1 if secid matches the rule, 0 if it does not, -ERRNO on failure.
1349 * 1348 *
1350 * @audit_rule_free: 1349 * @audit_rule_free:
@@ -1766,8 +1765,7 @@ union security_list_options {
1766 int (*audit_rule_init)(u32 field, u32 op, char *rulestr, 1765 int (*audit_rule_init)(u32 field, u32 op, char *rulestr,
1767 void **lsmrule); 1766 void **lsmrule);
1768 int (*audit_rule_known)(struct audit_krule *krule); 1767 int (*audit_rule_known)(struct audit_krule *krule);
1769 int (*audit_rule_match)(u32 secid, u32 field, u32 op, void *lsmrule, 1768 int (*audit_rule_match)(u32 secid, u32 field, u32 op, void *lsmrule);
1770 struct audit_context *actx);
1771 void (*audit_rule_free)(void *lsmrule); 1769 void (*audit_rule_free)(void *lsmrule);
1772#endif /* CONFIG_AUDIT */ 1770#endif /* CONFIG_AUDIT */
1773 1771
diff --git a/include/linux/namei.h b/include/linux/namei.h
index a78606e8e3df..9138b4471dbf 100644
--- a/include/linux/namei.h
+++ b/include/linux/namei.h
@@ -24,6 +24,8 @@ enum {LAST_NORM, LAST_ROOT, LAST_DOT, LAST_DOTDOT, LAST_BIND};
24 * - internal "there are more path components" flag 24 * - internal "there are more path components" flag
25 * - dentry cache is untrusted; force a real lookup 25 * - dentry cache is untrusted; force a real lookup
26 * - suppress terminal automount 26 * - suppress terminal automount
27 * - skip revalidation
28 * - don't fetch xattrs on audit_inode
27 */ 29 */
28#define LOOKUP_FOLLOW 0x0001 30#define LOOKUP_FOLLOW 0x0001
29#define LOOKUP_DIRECTORY 0x0002 31#define LOOKUP_DIRECTORY 0x0002
@@ -33,6 +35,7 @@ enum {LAST_NORM, LAST_ROOT, LAST_DOT, LAST_DOTDOT, LAST_BIND};
33#define LOOKUP_REVAL 0x0020 35#define LOOKUP_REVAL 0x0020
34#define LOOKUP_RCU 0x0040 36#define LOOKUP_RCU 0x0040
35#define LOOKUP_NO_REVAL 0x0080 37#define LOOKUP_NO_REVAL 0x0080
38#define LOOKUP_NO_EVAL 0x0100
36 39
37/* 40/*
38 * Intent data 41 * Intent data
diff --git a/include/linux/sched.h b/include/linux/sched.h
index f073bd59df32..1549584a1538 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -872,8 +872,10 @@ struct task_struct {
872 872
873 struct callback_head *task_works; 873 struct callback_head *task_works;
874 874
875 struct audit_context *audit_context; 875#ifdef CONFIG_AUDIT
876#ifdef CONFIG_AUDITSYSCALL 876#ifdef CONFIG_AUDITSYSCALL
877 struct audit_context *audit_context;
878#endif
877 kuid_t loginuid; 879 kuid_t loginuid;
878 unsigned int sessionid; 880 unsigned int sessionid;
879#endif 881#endif
diff --git a/include/linux/security.h b/include/linux/security.h
index 13537a49ae97..2b35a43d11d6 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1679,8 +1679,7 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer)
1679#ifdef CONFIG_SECURITY 1679#ifdef CONFIG_SECURITY
1680int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule); 1680int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule);
1681int security_audit_rule_known(struct audit_krule *krule); 1681int security_audit_rule_known(struct audit_krule *krule);
1682int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, 1682int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule);
1683 struct audit_context *actx);
1684void security_audit_rule_free(void *lsmrule); 1683void security_audit_rule_free(void *lsmrule);
1685 1684
1686#else 1685#else
@@ -1697,7 +1696,7 @@ static inline int security_audit_rule_known(struct audit_krule *krule)
1697} 1696}
1698 1697
1699static inline int security_audit_rule_match(u32 secid, u32 field, u32 op, 1698static inline int security_audit_rule_match(u32 secid, u32 field, u32 op,
1700 void *lsmrule, struct audit_context *actx) 1699 void *lsmrule)
1701{ 1700{
1702 return 0; 1701 return 0;
1703} 1702}
diff --git a/init/init_task.c b/init/init_task.c
index df0257c5928c..c70ef656d0f4 100644
--- a/init/init_task.c
+++ b/init/init_task.c
@@ -122,7 +122,7 @@ struct task_struct init_task
122 .thread_pid = &init_struct_pid, 122 .thread_pid = &init_struct_pid,
123 .thread_group = LIST_HEAD_INIT(init_task.thread_group), 123 .thread_group = LIST_HEAD_INIT(init_task.thread_group),
124 .thread_node = LIST_HEAD_INIT(init_signals.thread_head), 124 .thread_node = LIST_HEAD_INIT(init_signals.thread_head),
125#ifdef CONFIG_AUDITSYSCALL 125#ifdef CONFIG_AUDIT
126 .loginuid = INVALID_UID, 126 .loginuid = INVALID_UID,
127 .sessionid = AUDIT_SID_UNSET, 127 .sessionid = AUDIT_SID_UNSET,
128#endif 128#endif
diff --git a/kernel/audit.c b/kernel/audit.c
index 632d36059556..c89ea48c70a6 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -396,10 +396,10 @@ static int audit_log_config_change(char *function_name, u32 new, u32 old,
396 struct audit_buffer *ab; 396 struct audit_buffer *ab;
397 int rc = 0; 397 int rc = 0;
398 398
399 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); 399 ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_CONFIG_CHANGE);
400 if (unlikely(!ab)) 400 if (unlikely(!ab))
401 return rc; 401 return rc;
402 audit_log_format(ab, "%s=%u old=%u ", function_name, new, old); 402 audit_log_format(ab, "op=set %s=%u old=%u ", function_name, new, old);
403 audit_log_session_info(ab); 403 audit_log_session_info(ab);
404 rc = audit_log_task_context(ab); 404 rc = audit_log_task_context(ab);
405 if (rc) 405 if (rc)
@@ -1053,7 +1053,8 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
1053 return err; 1053 return err;
1054} 1054}
1055 1055
1056static void audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type) 1056static void audit_log_common_recv_msg(struct audit_context *context,
1057 struct audit_buffer **ab, u16 msg_type)
1057{ 1058{
1058 uid_t uid = from_kuid(&init_user_ns, current_uid()); 1059 uid_t uid = from_kuid(&init_user_ns, current_uid());
1059 pid_t pid = task_tgid_nr(current); 1060 pid_t pid = task_tgid_nr(current);
@@ -1063,7 +1064,7 @@ static void audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type)
1063 return; 1064 return;
1064 } 1065 }
1065 1066
1066 *ab = audit_log_start(NULL, GFP_KERNEL, msg_type); 1067 *ab = audit_log_start(context, GFP_KERNEL, msg_type);
1067 if (unlikely(!*ab)) 1068 if (unlikely(!*ab))
1068 return; 1069 return;
1069 audit_log_format(*ab, "pid=%d uid=%u ", pid, uid); 1070 audit_log_format(*ab, "pid=%d uid=%u ", pid, uid);
@@ -1071,6 +1072,12 @@ static void audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type)
1071 audit_log_task_context(*ab); 1072 audit_log_task_context(*ab);
1072} 1073}
1073 1074
1075static inline void audit_log_user_recv_msg(struct audit_buffer **ab,
1076 u16 msg_type)
1077{
1078 audit_log_common_recv_msg(NULL, ab, msg_type);
1079}
1080
1074int is_audit_feature_set(int i) 1081int is_audit_feature_set(int i)
1075{ 1082{
1076 return af.features & AUDIT_FEATURE_TO_MASK(i); 1083 return af.features & AUDIT_FEATURE_TO_MASK(i);
@@ -1338,7 +1345,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
1338 if (err) 1345 if (err)
1339 break; 1346 break;
1340 } 1347 }
1341 audit_log_common_recv_msg(&ab, msg_type); 1348 audit_log_user_recv_msg(&ab, msg_type);
1342 if (msg_type != AUDIT_USER_TTY) 1349 if (msg_type != AUDIT_USER_TTY)
1343 audit_log_format(ab, " msg='%.*s'", 1350 audit_log_format(ab, " msg='%.*s'",
1344 AUDIT_MESSAGE_TEXT_MAX, 1351 AUDIT_MESSAGE_TEXT_MAX,
@@ -1361,8 +1368,12 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
1361 if (nlmsg_len(nlh) < sizeof(struct audit_rule_data)) 1368 if (nlmsg_len(nlh) < sizeof(struct audit_rule_data))
1362 return -EINVAL; 1369 return -EINVAL;
1363 if (audit_enabled == AUDIT_LOCKED) { 1370 if (audit_enabled == AUDIT_LOCKED) {
1364 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE); 1371 audit_log_common_recv_msg(audit_context(), &ab,
1365 audit_log_format(ab, " audit_enabled=%d res=0", audit_enabled); 1372 AUDIT_CONFIG_CHANGE);
1373 audit_log_format(ab, " op=%s audit_enabled=%d res=0",
1374 msg_type == AUDIT_ADD_RULE ?
1375 "add_rule" : "remove_rule",
1376 audit_enabled);
1366 audit_log_end(ab); 1377 audit_log_end(ab);
1367 return -EPERM; 1378 return -EPERM;
1368 } 1379 }
@@ -1373,7 +1384,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
1373 break; 1384 break;
1374 case AUDIT_TRIM: 1385 case AUDIT_TRIM:
1375 audit_trim_trees(); 1386 audit_trim_trees();
1376 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE); 1387 audit_log_common_recv_msg(audit_context(), &ab,
1388 AUDIT_CONFIG_CHANGE);
1377 audit_log_format(ab, " op=trim res=1"); 1389 audit_log_format(ab, " op=trim res=1");
1378 audit_log_end(ab); 1390 audit_log_end(ab);
1379 break; 1391 break;
@@ -1403,8 +1415,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
1403 /* OK, here comes... */ 1415 /* OK, here comes... */
1404 err = audit_tag_tree(old, new); 1416 err = audit_tag_tree(old, new);
1405 1417
1406 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE); 1418 audit_log_common_recv_msg(audit_context(), &ab,
1407 1419 AUDIT_CONFIG_CHANGE);
1408 audit_log_format(ab, " op=make_equiv old="); 1420 audit_log_format(ab, " op=make_equiv old=");
1409 audit_log_untrustedstring(ab, old); 1421 audit_log_untrustedstring(ab, old);
1410 audit_log_format(ab, " new="); 1422 audit_log_format(ab, " new=");
@@ -1471,7 +1483,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
1471 old.enabled = t & AUDIT_TTY_ENABLE; 1483 old.enabled = t & AUDIT_TTY_ENABLE;
1472 old.log_passwd = !!(t & AUDIT_TTY_LOG_PASSWD); 1484 old.log_passwd = !!(t & AUDIT_TTY_LOG_PASSWD);
1473 1485
1474 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE); 1486 audit_log_common_recv_msg(audit_context(), &ab,
1487 AUDIT_CONFIG_CHANGE);
1475 audit_log_format(ab, " op=tty_set old-enabled=%d new-enabled=%d" 1488 audit_log_format(ab, " op=tty_set old-enabled=%d new-enabled=%d"
1476 " old-log_passwd=%d new-log_passwd=%d res=%d", 1489 " old-log_passwd=%d new-log_passwd=%d res=%d",
1477 old.enabled, s.enabled, old.log_passwd, 1490 old.enabled, s.enabled, old.log_passwd,
@@ -2054,153 +2067,6 @@ void audit_log_key(struct audit_buffer *ab, char *key)
2054 audit_log_format(ab, "(null)"); 2067 audit_log_format(ab, "(null)");
2055} 2068}
2056 2069
2057void audit_log_cap(struct audit_buffer *ab, char *prefix, kernel_cap_t *cap)
2058{
2059 int i;
2060
2061 if (cap_isclear(*cap)) {
2062 audit_log_format(ab, " %s=0", prefix);
2063 return;
2064 }
2065 audit_log_format(ab, " %s=", prefix);
2066 CAP_FOR_EACH_U32(i)
2067 audit_log_format(ab, "%08x", cap->cap[CAP_LAST_U32 - i]);
2068}
2069
2070static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)
2071{
2072 audit_log_cap(ab, "cap_fp", &name->fcap.permitted);
2073 audit_log_cap(ab, "cap_fi", &name->fcap.inheritable);
2074 audit_log_format(ab, " cap_fe=%d cap_fver=%x",
2075 name->fcap.fE, name->fcap_ver);
2076}
2077
2078static inline int audit_copy_fcaps(struct audit_names *name,
2079 const struct dentry *dentry)
2080{
2081 struct cpu_vfs_cap_data caps;
2082 int rc;
2083
2084 if (!dentry)
2085 return 0;
2086
2087 rc = get_vfs_caps_from_disk(dentry, &caps);
2088 if (rc)
2089 return rc;
2090
2091 name->fcap.permitted = caps.permitted;
2092 name->fcap.inheritable = caps.inheritable;
2093 name->fcap.fE = !!(caps.magic_etc & VFS_CAP_FLAGS_EFFECTIVE);
2094 name->fcap_ver = (caps.magic_etc & VFS_CAP_REVISION_MASK) >>
2095 VFS_CAP_REVISION_SHIFT;
2096
2097 return 0;
2098}
2099
2100/* Copy inode data into an audit_names. */
2101void audit_copy_inode(struct audit_names *name, const struct dentry *dentry,
2102 struct inode *inode)
2103{
2104 name->ino = inode->i_ino;
2105 name->dev = inode->i_sb->s_dev;
2106 name->mode = inode->i_mode;
2107 name->uid = inode->i_uid;
2108 name->gid = inode->i_gid;
2109 name->rdev = inode->i_rdev;
2110 security_inode_getsecid(inode, &name->osid);
2111 audit_copy_fcaps(name, dentry);
2112}
2113
2114/**
2115 * audit_log_name - produce AUDIT_PATH record from struct audit_names
2116 * @context: audit_context for the task
2117 * @n: audit_names structure with reportable details
2118 * @path: optional path to report instead of audit_names->name
2119 * @record_num: record number to report when handling a list of names
2120 * @call_panic: optional pointer to int that will be updated if secid fails
2121 */
2122void audit_log_name(struct audit_context *context, struct audit_names *n,
2123 const struct path *path, int record_num, int *call_panic)
2124{
2125 struct audit_buffer *ab;
2126 ab = audit_log_start(context, GFP_KERNEL, AUDIT_PATH);
2127 if (!ab)
2128 return;
2129
2130 audit_log_format(ab, "item=%d", record_num);
2131
2132 if (path)
2133 audit_log_d_path(ab, " name=", path);
2134 else if (n->name) {
2135 switch (n->name_len) {
2136 case AUDIT_NAME_FULL:
2137 /* log the full path */
2138 audit_log_format(ab, " name=");
2139 audit_log_untrustedstring(ab, n->name->name);
2140 break;
2141 case 0:
2142 /* name was specified as a relative path and the
2143 * directory component is the cwd */
2144 audit_log_d_path(ab, " name=", &context->pwd);
2145 break;
2146 default:
2147 /* log the name's directory component */
2148 audit_log_format(ab, " name=");
2149 audit_log_n_untrustedstring(ab, n->name->name,
2150 n->name_len);
2151 }
2152 } else
2153 audit_log_format(ab, " name=(null)");
2154
2155 if (n->ino != AUDIT_INO_UNSET)
2156 audit_log_format(ab, " inode=%lu"
2157 " dev=%02x:%02x mode=%#ho"
2158 " ouid=%u ogid=%u rdev=%02x:%02x",
2159 n->ino,
2160 MAJOR(n->dev),
2161 MINOR(n->dev),
2162 n->mode,
2163 from_kuid(&init_user_ns, n->uid),
2164 from_kgid(&init_user_ns, n->gid),
2165 MAJOR(n->rdev),
2166 MINOR(n->rdev));
2167 if (n->osid != 0) {
2168 char *ctx = NULL;
2169 u32 len;
2170 if (security_secid_to_secctx(
2171 n->osid, &ctx, &len)) {
2172 audit_log_format(ab, " osid=%u", n->osid);
2173 if (call_panic)
2174 *call_panic = 2;
2175 } else {
2176 audit_log_format(ab, " obj=%s", ctx);
2177 security_release_secctx(ctx, len);
2178 }
2179 }
2180
2181 /* log the audit_names record type */
2182 switch(n->type) {
2183 case AUDIT_TYPE_NORMAL:
2184 audit_log_format(ab, " nametype=NORMAL");
2185 break;
2186 case AUDIT_TYPE_PARENT:
2187 audit_log_format(ab, " nametype=PARENT");
2188 break;
2189 case AUDIT_TYPE_CHILD_DELETE:
2190 audit_log_format(ab, " nametype=DELETE");
2191 break;
2192 case AUDIT_TYPE_CHILD_CREATE:
2193 audit_log_format(ab, " nametype=CREATE");
2194 break;
2195 default:
2196 audit_log_format(ab, " nametype=UNKNOWN");
2197 break;
2198 }
2199
2200 audit_log_fcaps(ab, n);
2201 audit_log_end(ab);
2202}
2203
2204int audit_log_task_context(struct audit_buffer *ab) 2070int audit_log_task_context(struct audit_buffer *ab)
2205{ 2071{
2206 char *ctx = NULL; 2072 char *ctx = NULL;
@@ -2322,6 +2188,91 @@ void audit_log_link_denied(const char *operation)
2322 audit_log_end(ab); 2188 audit_log_end(ab);
2323} 2189}
2324 2190
2191/* global counter which is incremented every time something logs in */
2192static atomic_t session_id = ATOMIC_INIT(0);
2193
2194static int audit_set_loginuid_perm(kuid_t loginuid)
2195{
2196 /* if we are unset, we don't need privs */
2197 if (!audit_loginuid_set(current))
2198 return 0;
2199 /* if AUDIT_FEATURE_LOGINUID_IMMUTABLE means never ever allow a change*/
2200 if (is_audit_feature_set(AUDIT_FEATURE_LOGINUID_IMMUTABLE))
2201 return -EPERM;
2202 /* it is set, you need permission */
2203 if (!capable(CAP_AUDIT_CONTROL))
2204 return -EPERM;
2205 /* reject if this is not an unset and we don't allow that */
2206 if (is_audit_feature_set(AUDIT_FEATURE_ONLY_UNSET_LOGINUID)
2207 && uid_valid(loginuid))
2208 return -EPERM;
2209 return 0;
2210}
2211
2212static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,
2213 unsigned int oldsessionid,
2214 unsigned int sessionid, int rc)
2215{
2216 struct audit_buffer *ab;
2217 uid_t uid, oldloginuid, loginuid;
2218 struct tty_struct *tty;
2219
2220 if (!audit_enabled)
2221 return;
2222
2223 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN);
2224 if (!ab)
2225 return;
2226
2227 uid = from_kuid(&init_user_ns, task_uid(current));
2228 oldloginuid = from_kuid(&init_user_ns, koldloginuid);
2229 loginuid = from_kuid(&init_user_ns, kloginuid),
2230 tty = audit_get_tty();
2231
2232 audit_log_format(ab, "pid=%d uid=%u", task_tgid_nr(current), uid);
2233 audit_log_task_context(ab);
2234 audit_log_format(ab, " old-auid=%u auid=%u tty=%s old-ses=%u ses=%u res=%d",
2235 oldloginuid, loginuid, tty ? tty_name(tty) : "(none)",
2236 oldsessionid, sessionid, !rc);
2237 audit_put_tty(tty);
2238 audit_log_end(ab);
2239}
2240
2241/**
2242 * audit_set_loginuid - set current task's loginuid
2243 * @loginuid: loginuid value
2244 *
2245 * Returns 0.
2246 *
2247 * Called (set) from fs/proc/base.c::proc_loginuid_write().
2248 */
2249int audit_set_loginuid(kuid_t loginuid)
2250{
2251 unsigned int oldsessionid, sessionid = AUDIT_SID_UNSET;
2252 kuid_t oldloginuid;
2253 int rc;
2254
2255 oldloginuid = audit_get_loginuid(current);
2256 oldsessionid = audit_get_sessionid(current);
2257
2258 rc = audit_set_loginuid_perm(loginuid);
2259 if (rc)
2260 goto out;
2261
2262 /* are we setting or clearing? */
2263 if (uid_valid(loginuid)) {
2264 sessionid = (unsigned int)atomic_inc_return(&session_id);
2265 if (unlikely(sessionid == AUDIT_SID_UNSET))
2266 sessionid = (unsigned int)atomic_inc_return(&session_id);
2267 }
2268
2269 current->sessionid = sessionid;
2270 current->loginuid = loginuid;
2271out:
2272 audit_log_set_loginuid(oldloginuid, loginuid, oldsessionid, sessionid, rc);
2273 return rc;
2274}
2275
2325/** 2276/**
2326 * audit_log_end - end one audit record 2277 * audit_log_end - end one audit record
2327 * @ab: the audit_buffer 2278 * @ab: the audit_buffer
diff --git a/kernel/audit.h b/kernel/audit.h
index 91421679a168..958d5b8fc1b3 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -69,6 +69,7 @@ struct audit_cap_data {
69 kernel_cap_t effective; /* effective set of process */ 69 kernel_cap_t effective; /* effective set of process */
70 }; 70 };
71 kernel_cap_t ambient; 71 kernel_cap_t ambient;
72 kuid_t rootid;
72}; 73};
73 74
74/* When fs/namei.c:getname() is called, we store the pointer in name and bump 75/* When fs/namei.c:getname() is called, we store the pointer in name and bump
@@ -212,15 +213,6 @@ extern bool audit_ever_enabled;
212 213
213extern void audit_log_session_info(struct audit_buffer *ab); 214extern void audit_log_session_info(struct audit_buffer *ab);
214 215
215extern void audit_copy_inode(struct audit_names *name,
216 const struct dentry *dentry,
217 struct inode *inode);
218extern void audit_log_cap(struct audit_buffer *ab, char *prefix,
219 kernel_cap_t *cap);
220extern void audit_log_name(struct audit_context *context,
221 struct audit_names *n, const struct path *path,
222 int record_num, int *call_panic);
223
224extern int auditd_test_task(struct task_struct *task); 216extern int auditd_test_task(struct task_struct *task);
225 217
226#define AUDIT_INODE_BUCKETS 32 218#define AUDIT_INODE_BUCKETS 32
@@ -267,25 +259,52 @@ extern void audit_log_d_path_exe(struct audit_buffer *ab,
267extern struct tty_struct *audit_get_tty(void); 259extern struct tty_struct *audit_get_tty(void);
268extern void audit_put_tty(struct tty_struct *tty); 260extern void audit_put_tty(struct tty_struct *tty);
269 261
270/* audit watch functions */ 262/* audit watch/mark/tree functions */
271#ifdef CONFIG_AUDITSYSCALL 263#ifdef CONFIG_AUDITSYSCALL
264extern unsigned int audit_serial(void);
265extern int auditsc_get_stamp(struct audit_context *ctx,
266 struct timespec64 *t, unsigned int *serial);
267
272extern void audit_put_watch(struct audit_watch *watch); 268extern void audit_put_watch(struct audit_watch *watch);
273extern void audit_get_watch(struct audit_watch *watch); 269extern void audit_get_watch(struct audit_watch *watch);
274extern int audit_to_watch(struct audit_krule *krule, char *path, int len, u32 op); 270extern int audit_to_watch(struct audit_krule *krule, char *path, int len,
271 u32 op);
275extern int audit_add_watch(struct audit_krule *krule, struct list_head **list); 272extern int audit_add_watch(struct audit_krule *krule, struct list_head **list);
276extern void audit_remove_watch_rule(struct audit_krule *krule); 273extern void audit_remove_watch_rule(struct audit_krule *krule);
277extern char *audit_watch_path(struct audit_watch *watch); 274extern char *audit_watch_path(struct audit_watch *watch);
278extern int audit_watch_compare(struct audit_watch *watch, unsigned long ino, dev_t dev); 275extern int audit_watch_compare(struct audit_watch *watch, unsigned long ino,
276 dev_t dev);
279 277
280extern struct audit_fsnotify_mark *audit_alloc_mark(struct audit_krule *krule, char *pathname, int len); 278extern struct audit_fsnotify_mark *audit_alloc_mark(struct audit_krule *krule,
279 char *pathname, int len);
281extern char *audit_mark_path(struct audit_fsnotify_mark *mark); 280extern char *audit_mark_path(struct audit_fsnotify_mark *mark);
282extern void audit_remove_mark(struct audit_fsnotify_mark *audit_mark); 281extern void audit_remove_mark(struct audit_fsnotify_mark *audit_mark);
283extern void audit_remove_mark_rule(struct audit_krule *krule); 282extern void audit_remove_mark_rule(struct audit_krule *krule);
284extern int audit_mark_compare(struct audit_fsnotify_mark *mark, unsigned long ino, dev_t dev); 283extern int audit_mark_compare(struct audit_fsnotify_mark *mark,
284 unsigned long ino, dev_t dev);
285extern int audit_dupe_exe(struct audit_krule *new, struct audit_krule *old); 285extern int audit_dupe_exe(struct audit_krule *new, struct audit_krule *old);
286extern int audit_exe_compare(struct task_struct *tsk, struct audit_fsnotify_mark *mark); 286extern int audit_exe_compare(struct task_struct *tsk,
287 struct audit_fsnotify_mark *mark);
288
289extern struct audit_chunk *audit_tree_lookup(const struct inode *inode);
290extern void audit_put_chunk(struct audit_chunk *chunk);
291extern bool audit_tree_match(struct audit_chunk *chunk,
292 struct audit_tree *tree);
293extern int audit_make_tree(struct audit_krule *rule, char *pathname, u32 op);
294extern int audit_add_tree_rule(struct audit_krule *rule);
295extern int audit_remove_tree_rule(struct audit_krule *rule);
296extern void audit_trim_trees(void);
297extern int audit_tag_tree(char *old, char *new);
298extern const char *audit_tree_path(struct audit_tree *tree);
299extern void audit_put_tree(struct audit_tree *tree);
300extern void audit_kill_trees(struct audit_context *context);
287 301
288#else 302extern int audit_signal_info(int sig, struct task_struct *t);
303extern void audit_filter_inodes(struct task_struct *tsk,
304 struct audit_context *ctx);
305extern struct list_head *audit_killed_trees(void);
306#else /* CONFIG_AUDITSYSCALL */
307#define auditsc_get_stamp(c, t, s) 0
289#define audit_put_watch(w) {} 308#define audit_put_watch(w) {}
290#define audit_get_watch(w) {} 309#define audit_get_watch(w) {}
291#define audit_to_watch(k, p, l, o) (-EINVAL) 310#define audit_to_watch(k, p, l, o) (-EINVAL)
@@ -301,21 +320,7 @@ extern int audit_exe_compare(struct task_struct *tsk, struct audit_fsnotify_mark
301#define audit_mark_compare(m, i, d) 0 320#define audit_mark_compare(m, i, d) 0
302#define audit_exe_compare(t, m) (-EINVAL) 321#define audit_exe_compare(t, m) (-EINVAL)
303#define audit_dupe_exe(n, o) (-EINVAL) 322#define audit_dupe_exe(n, o) (-EINVAL)
304#endif /* CONFIG_AUDITSYSCALL */
305 323
306#ifdef CONFIG_AUDITSYSCALL
307extern struct audit_chunk *audit_tree_lookup(const struct inode *inode);
308extern void audit_put_chunk(struct audit_chunk *chunk);
309extern bool audit_tree_match(struct audit_chunk *chunk, struct audit_tree *tree);
310extern int audit_make_tree(struct audit_krule *rule, char *pathname, u32 op);
311extern int audit_add_tree_rule(struct audit_krule *rule);
312extern int audit_remove_tree_rule(struct audit_krule *rule);
313extern void audit_trim_trees(void);
314extern int audit_tag_tree(char *old, char *new);
315extern const char *audit_tree_path(struct audit_tree *tree);
316extern void audit_put_tree(struct audit_tree *tree);
317extern void audit_kill_trees(struct list_head *list);
318#else
319#define audit_remove_tree_rule(rule) BUG() 324#define audit_remove_tree_rule(rule) BUG()
320#define audit_add_tree_rule(rule) -EINVAL 325#define audit_add_tree_rule(rule) -EINVAL
321#define audit_make_tree(rule, str, op) -EINVAL 326#define audit_make_tree(rule, str, op) -EINVAL
@@ -323,8 +328,11 @@ extern void audit_kill_trees(struct list_head *list);
323#define audit_put_tree(tree) (void)0 328#define audit_put_tree(tree) (void)0
324#define audit_tag_tree(old, new) -EINVAL 329#define audit_tag_tree(old, new) -EINVAL
325#define audit_tree_path(rule) "" /* never called */ 330#define audit_tree_path(rule) "" /* never called */
326#define audit_kill_trees(list) BUG() 331#define audit_kill_trees(context) BUG()
327#endif 332
333#define audit_signal_info(s, t) AUDIT_DISABLED
334#define audit_filter_inodes(t, c) AUDIT_DISABLED
335#endif /* CONFIG_AUDITSYSCALL */
328 336
329extern char *audit_unpack_string(void **bufp, size_t *remain, size_t len); 337extern char *audit_unpack_string(void **bufp, size_t *remain, size_t len);
330 338
@@ -334,14 +342,5 @@ extern u32 audit_sig_sid;
334 342
335extern int audit_filter(int msgtype, unsigned int listtype); 343extern int audit_filter(int msgtype, unsigned int listtype);
336 344
337#ifdef CONFIG_AUDITSYSCALL
338extern int audit_signal_info(int sig, struct task_struct *t);
339extern void audit_filter_inodes(struct task_struct *tsk, struct audit_context *ctx);
340extern struct list_head *audit_killed_trees(void);
341#else
342#define audit_signal_info(s,t) AUDIT_DISABLED
343#define audit_filter_inodes(t,c) AUDIT_DISABLED
344#endif
345
346extern void audit_ctl_lock(void); 345extern void audit_ctl_lock(void);
347extern void audit_ctl_unlock(void); 346extern void audit_ctl_unlock(void);
diff --git a/kernel/audit_fsnotify.c b/kernel/audit_fsnotify.c
index cf4512a33675..37ae95cfb7f4 100644
--- a/kernel/audit_fsnotify.c
+++ b/kernel/audit_fsnotify.c
@@ -127,7 +127,7 @@ static void audit_mark_log_rule_change(struct audit_fsnotify_mark *audit_mark, c
127 127
128 if (!audit_enabled) 128 if (!audit_enabled)
129 return; 129 return;
130 ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE); 130 ab = audit_log_start(audit_context(), GFP_NOFS, AUDIT_CONFIG_CHANGE);
131 if (unlikely(!ab)) 131 if (unlikely(!ab))
132 return; 132 return;
133 audit_log_session_info(ab); 133 audit_log_session_info(ab);
diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c
index d4af4d97f847..abfb112f26aa 100644
--- a/kernel/audit_tree.c
+++ b/kernel/audit_tree.c
@@ -524,13 +524,14 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree)
524 return 0; 524 return 0;
525} 525}
526 526
527static void audit_tree_log_remove_rule(struct audit_krule *rule) 527static void audit_tree_log_remove_rule(struct audit_context *context,
528 struct audit_krule *rule)
528{ 529{
529 struct audit_buffer *ab; 530 struct audit_buffer *ab;
530 531
531 if (!audit_enabled) 532 if (!audit_enabled)
532 return; 533 return;
533 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); 534 ab = audit_log_start(context, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
534 if (unlikely(!ab)) 535 if (unlikely(!ab))
535 return; 536 return;
536 audit_log_format(ab, "op=remove_rule dir="); 537 audit_log_format(ab, "op=remove_rule dir=");
@@ -540,7 +541,7 @@ static void audit_tree_log_remove_rule(struct audit_krule *rule)
540 audit_log_end(ab); 541 audit_log_end(ab);
541} 542}
542 543
543static void kill_rules(struct audit_tree *tree) 544static void kill_rules(struct audit_context *context, struct audit_tree *tree)
544{ 545{
545 struct audit_krule *rule, *next; 546 struct audit_krule *rule, *next;
546 struct audit_entry *entry; 547 struct audit_entry *entry;
@@ -551,7 +552,7 @@ static void kill_rules(struct audit_tree *tree)
551 list_del_init(&rule->rlist); 552 list_del_init(&rule->rlist);
552 if (rule->tree) { 553 if (rule->tree) {
553 /* not a half-baked one */ 554 /* not a half-baked one */
554 audit_tree_log_remove_rule(rule); 555 audit_tree_log_remove_rule(context, rule);
555 if (entry->rule.exe) 556 if (entry->rule.exe)
556 audit_remove_mark(entry->rule.exe); 557 audit_remove_mark(entry->rule.exe);
557 rule->tree = NULL; 558 rule->tree = NULL;
@@ -633,7 +634,7 @@ static void trim_marked(struct audit_tree *tree)
633 tree->goner = 1; 634 tree->goner = 1;
634 spin_unlock(&hash_lock); 635 spin_unlock(&hash_lock);
635 mutex_lock(&audit_filter_mutex); 636 mutex_lock(&audit_filter_mutex);
636 kill_rules(tree); 637 kill_rules(audit_context(), tree);
637 list_del_init(&tree->list); 638 list_del_init(&tree->list);
638 mutex_unlock(&audit_filter_mutex); 639 mutex_unlock(&audit_filter_mutex);
639 prune_one(tree); 640 prune_one(tree);
@@ -973,8 +974,10 @@ static void audit_schedule_prune(void)
973 * ... and that one is done if evict_chunk() decides to delay until the end 974 * ... and that one is done if evict_chunk() decides to delay until the end
974 * of syscall. Runs synchronously. 975 * of syscall. Runs synchronously.
975 */ 976 */
976void audit_kill_trees(struct list_head *list) 977void audit_kill_trees(struct audit_context *context)
977{ 978{
979 struct list_head *list = &context->killed_trees;
980
978 audit_ctl_lock(); 981 audit_ctl_lock();
979 mutex_lock(&audit_filter_mutex); 982 mutex_lock(&audit_filter_mutex);
980 983
@@ -982,7 +985,7 @@ void audit_kill_trees(struct list_head *list)
982 struct audit_tree *victim; 985 struct audit_tree *victim;
983 986
984 victim = list_entry(list->next, struct audit_tree, list); 987 victim = list_entry(list->next, struct audit_tree, list);
985 kill_rules(victim); 988 kill_rules(context, victim);
986 list_del_init(&victim->list); 989 list_del_init(&victim->list);
987 990
988 mutex_unlock(&audit_filter_mutex); 991 mutex_unlock(&audit_filter_mutex);
@@ -1017,7 +1020,7 @@ static void evict_chunk(struct audit_chunk *chunk)
1017 list_del_init(&owner->same_root); 1020 list_del_init(&owner->same_root);
1018 spin_unlock(&hash_lock); 1021 spin_unlock(&hash_lock);
1019 if (!postponed) { 1022 if (!postponed) {
1020 kill_rules(owner); 1023 kill_rules(audit_context(), owner);
1021 list_move(&owner->list, &prune_list); 1024 list_move(&owner->list, &prune_list);
1022 need_prune = 1; 1025 need_prune = 1;
1023 } else { 1026 } else {
diff --git a/kernel/audit_watch.c b/kernel/audit_watch.c
index 20ef9ba134b0..e8d1adeb2223 100644
--- a/kernel/audit_watch.c
+++ b/kernel/audit_watch.c
@@ -242,7 +242,7 @@ static void audit_watch_log_rule_change(struct audit_krule *r, struct audit_watc
242 242
243 if (!audit_enabled) 243 if (!audit_enabled)
244 return; 244 return;
245 ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE); 245 ab = audit_log_start(audit_context(), GFP_NOFS, AUDIT_CONFIG_CHANGE);
246 if (!ab) 246 if (!ab)
247 return; 247 return;
248 audit_log_session_info(ab); 248 audit_log_session_info(ab);
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index bf309f2592c4..63f8b3f26fab 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -670,7 +670,7 @@ static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule)
670 data->values[i] = AUDIT_UID_UNSET; 670 data->values[i] = AUDIT_UID_UNSET;
671 break; 671 break;
672 } 672 }
673 /* fallthrough if set */ 673 /* fall through - if set */
674 default: 674 default:
675 data->values[i] = f->val; 675 data->values[i] = f->val;
676 } 676 }
@@ -1091,7 +1091,7 @@ static void audit_log_rule_change(char *action, struct audit_krule *rule, int re
1091 if (!audit_enabled) 1091 if (!audit_enabled)
1092 return; 1092 return;
1093 1093
1094 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); 1094 ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_CONFIG_CHANGE);
1095 if (!ab) 1095 if (!ab)
1096 return; 1096 return;
1097 audit_log_session_info(ab); 1097 audit_log_session_info(ab);
@@ -1355,7 +1355,7 @@ int audit_filter(int msgtype, unsigned int listtype)
1355 if (f->lsm_rule) { 1355 if (f->lsm_rule) {
1356 security_task_getsecid(current, &sid); 1356 security_task_getsecid(current, &sid);
1357 result = security_audit_rule_match(sid, 1357 result = security_audit_rule_match(sid,
1358 f->type, f->op, f->lsm_rule, NULL); 1358 f->type, f->op, f->lsm_rule);
1359 } 1359 }
1360 break; 1360 break;
1361 case AUDIT_EXE: 1361 case AUDIT_EXE:
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 6593a5207fb0..d1eab1d4a930 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -631,9 +631,8 @@ static int audit_filter_rules(struct task_struct *tsk,
631 need_sid = 0; 631 need_sid = 0;
632 } 632 }
633 result = security_audit_rule_match(sid, f->type, 633 result = security_audit_rule_match(sid, f->type,
634 f->op, 634 f->op,
635 f->lsm_rule, 635 f->lsm_rule);
636 ctx);
637 } 636 }
638 break; 637 break;
639 case AUDIT_OBJ_USER: 638 case AUDIT_OBJ_USER:
@@ -647,13 +646,17 @@ static int audit_filter_rules(struct task_struct *tsk,
647 /* Find files that match */ 646 /* Find files that match */
648 if (name) { 647 if (name) {
649 result = security_audit_rule_match( 648 result = security_audit_rule_match(
650 name->osid, f->type, f->op, 649 name->osid,
651 f->lsm_rule, ctx); 650 f->type,
651 f->op,
652 f->lsm_rule);
652 } else if (ctx) { 653 } else if (ctx) {
653 list_for_each_entry(n, &ctx->names_list, list) { 654 list_for_each_entry(n, &ctx->names_list, list) {
654 if (security_audit_rule_match(n->osid, f->type, 655 if (security_audit_rule_match(
655 f->op, f->lsm_rule, 656 n->osid,
656 ctx)) { 657 f->type,
658 f->op,
659 f->lsm_rule)) {
657 ++result; 660 ++result;
658 break; 661 break;
659 } 662 }
@@ -664,7 +667,7 @@ static int audit_filter_rules(struct task_struct *tsk,
664 break; 667 break;
665 if (security_audit_rule_match(ctx->ipc.osid, 668 if (security_audit_rule_match(ctx->ipc.osid,
666 f->type, f->op, 669 f->type, f->op,
667 f->lsm_rule, ctx)) 670 f->lsm_rule))
668 ++result; 671 ++result;
669 } 672 }
670 break; 673 break;
@@ -1136,6 +1139,32 @@ out:
1136 kfree(buf_head); 1139 kfree(buf_head);
1137} 1140}
1138 1141
1142void audit_log_cap(struct audit_buffer *ab, char *prefix, kernel_cap_t *cap)
1143{
1144 int i;
1145
1146 if (cap_isclear(*cap)) {
1147 audit_log_format(ab, " %s=0", prefix);
1148 return;
1149 }
1150 audit_log_format(ab, " %s=", prefix);
1151 CAP_FOR_EACH_U32(i)
1152 audit_log_format(ab, "%08x", cap->cap[CAP_LAST_U32 - i]);
1153}
1154
1155static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)
1156{
1157 if (name->fcap_ver == -1) {
1158 audit_log_format(ab, " cap_fe=? cap_fver=? cap_fp=? cap_fi=?");
1159 return;
1160 }
1161 audit_log_cap(ab, "cap_fp", &name->fcap.permitted);
1162 audit_log_cap(ab, "cap_fi", &name->fcap.inheritable);
1163 audit_log_format(ab, " cap_fe=%d cap_fver=%x cap_frootid=%d",
1164 name->fcap.fE, name->fcap_ver,
1165 from_kuid(&init_user_ns, name->fcap.rootid));
1166}
1167
1139static void show_special(struct audit_context *context, int *call_panic) 1168static void show_special(struct audit_context *context, int *call_panic)
1140{ 1169{
1141 struct audit_buffer *ab; 1170 struct audit_buffer *ab;
@@ -1258,6 +1287,97 @@ static inline int audit_proctitle_rtrim(char *proctitle, int len)
1258 return len; 1287 return len;
1259} 1288}
1260 1289
1290/*
1291 * audit_log_name - produce AUDIT_PATH record from struct audit_names
1292 * @context: audit_context for the task
1293 * @n: audit_names structure with reportable details
1294 * @path: optional path to report instead of audit_names->name
1295 * @record_num: record number to report when handling a list of names
1296 * @call_panic: optional pointer to int that will be updated if secid fails
1297 */
1298static void audit_log_name(struct audit_context *context, struct audit_names *n,
1299 const struct path *path, int record_num, int *call_panic)
1300{
1301 struct audit_buffer *ab;
1302
1303 ab = audit_log_start(context, GFP_KERNEL, AUDIT_PATH);
1304 if (!ab)
1305 return;
1306
1307 audit_log_format(ab, "item=%d", record_num);
1308
1309 if (path)
1310 audit_log_d_path(ab, " name=", path);
1311 else if (n->name) {
1312 switch (n->name_len) {
1313 case AUDIT_NAME_FULL:
1314 /* log the full path */
1315 audit_log_format(ab, " name=");
1316 audit_log_untrustedstring(ab, n->name->name);
1317 break;
1318 case 0:
1319 /* name was specified as a relative path and the
1320 * directory component is the cwd
1321 */
1322 audit_log_d_path(ab, " name=", &context->pwd);
1323 break;
1324 default:
1325 /* log the name's directory component */
1326 audit_log_format(ab, " name=");
1327 audit_log_n_untrustedstring(ab, n->name->name,
1328 n->name_len);
1329 }
1330 } else
1331 audit_log_format(ab, " name=(null)");
1332
1333 if (n->ino != AUDIT_INO_UNSET)
1334 audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#ho ouid=%u ogid=%u rdev=%02x:%02x",
1335 n->ino,
1336 MAJOR(n->dev),
1337 MINOR(n->dev),
1338 n->mode,
1339 from_kuid(&init_user_ns, n->uid),
1340 from_kgid(&init_user_ns, n->gid),
1341 MAJOR(n->rdev),
1342 MINOR(n->rdev));
1343 if (n->osid != 0) {
1344 char *ctx = NULL;
1345 u32 len;
1346
1347 if (security_secid_to_secctx(
1348 n->osid, &ctx, &len)) {
1349 audit_log_format(ab, " osid=%u", n->osid);
1350 if (call_panic)
1351 *call_panic = 2;
1352 } else {
1353 audit_log_format(ab, " obj=%s", ctx);
1354 security_release_secctx(ctx, len);
1355 }
1356 }
1357
1358 /* log the audit_names record type */
1359 switch (n->type) {
1360 case AUDIT_TYPE_NORMAL:
1361 audit_log_format(ab, " nametype=NORMAL");
1362 break;
1363 case AUDIT_TYPE_PARENT:
1364 audit_log_format(ab, " nametype=PARENT");
1365 break;
1366 case AUDIT_TYPE_CHILD_DELETE:
1367 audit_log_format(ab, " nametype=DELETE");
1368 break;
1369 case AUDIT_TYPE_CHILD_CREATE:
1370 audit_log_format(ab, " nametype=CREATE");
1371 break;
1372 default:
1373 audit_log_format(ab, " nametype=UNKNOWN");
1374 break;
1375 }
1376
1377 audit_log_fcaps(ab, n);
1378 audit_log_end(ab);
1379}
1380
1261static void audit_log_proctitle(void) 1381static void audit_log_proctitle(void)
1262{ 1382{
1263 int res; 1383 int res;
@@ -1358,6 +1478,9 @@ static void audit_log_exit(void)
1358 audit_log_cap(ab, "pi", &axs->new_pcap.inheritable); 1478 audit_log_cap(ab, "pi", &axs->new_pcap.inheritable);
1359 audit_log_cap(ab, "pe", &axs->new_pcap.effective); 1479 audit_log_cap(ab, "pe", &axs->new_pcap.effective);
1360 audit_log_cap(ab, "pa", &axs->new_pcap.ambient); 1480 audit_log_cap(ab, "pa", &axs->new_pcap.ambient);
1481 audit_log_format(ab, " frootid=%d",
1482 from_kuid(&init_user_ns,
1483 axs->fcap.rootid));
1361 break; } 1484 break; }
1362 1485
1363 } 1486 }
@@ -1444,6 +1567,9 @@ void __audit_free(struct task_struct *tsk)
1444 if (!context) 1567 if (!context)
1445 return; 1568 return;
1446 1569
1570 if (!list_empty(&context->killed_trees))
1571 audit_kill_trees(context);
1572
1447 /* We are called either by do_exit() or the fork() error handling code; 1573 /* We are called either by do_exit() or the fork() error handling code;
1448 * in the former case tsk == current and in the latter tsk is a 1574 * in the former case tsk == current and in the latter tsk is a
1449 * random task_struct that doesn't doesn't have any meaningful data we 1575 * random task_struct that doesn't doesn't have any meaningful data we
@@ -1460,9 +1586,6 @@ void __audit_free(struct task_struct *tsk)
1460 audit_log_exit(); 1586 audit_log_exit();
1461 } 1587 }
1462 1588
1463 if (!list_empty(&context->killed_trees))
1464 audit_kill_trees(&context->killed_trees);
1465
1466 audit_set_context(tsk, NULL); 1589 audit_set_context(tsk, NULL);
1467 audit_free_context(context); 1590 audit_free_context(context);
1468} 1591}
@@ -1537,6 +1660,9 @@ void __audit_syscall_exit(int success, long return_code)
1537 if (!context) 1660 if (!context)
1538 return; 1661 return;
1539 1662
1663 if (!list_empty(&context->killed_trees))
1664 audit_kill_trees(context);
1665
1540 if (!context->dummy && context->in_syscall) { 1666 if (!context->dummy && context->in_syscall) {
1541 if (success) 1667 if (success)
1542 context->return_valid = AUDITSC_SUCCESS; 1668 context->return_valid = AUDITSC_SUCCESS;
@@ -1571,9 +1697,6 @@ void __audit_syscall_exit(int success, long return_code)
1571 context->in_syscall = 0; 1697 context->in_syscall = 0;
1572 context->prio = context->state == AUDIT_RECORD_CONTEXT ? ~0ULL : 0; 1698 context->prio = context->state == AUDIT_RECORD_CONTEXT ? ~0ULL : 0;
1573 1699
1574 if (!list_empty(&context->killed_trees))
1575 audit_kill_trees(&context->killed_trees);
1576
1577 audit_free_names(context); 1700 audit_free_names(context);
1578 unroll_tree_refs(context, NULL, 0); 1701 unroll_tree_refs(context, NULL, 0);
1579 audit_free_aux(context); 1702 audit_free_aux(context);
@@ -1750,6 +1873,47 @@ void __audit_getname(struct filename *name)
1750 get_fs_pwd(current->fs, &context->pwd); 1873 get_fs_pwd(current->fs, &context->pwd);
1751} 1874}
1752 1875
1876static inline int audit_copy_fcaps(struct audit_names *name,
1877 const struct dentry *dentry)
1878{
1879 struct cpu_vfs_cap_data caps;
1880 int rc;
1881
1882 if (!dentry)
1883 return 0;
1884
1885 rc = get_vfs_caps_from_disk(dentry, &caps);
1886 if (rc)
1887 return rc;
1888
1889 name->fcap.permitted = caps.permitted;
1890 name->fcap.inheritable = caps.inheritable;
1891 name->fcap.fE = !!(caps.magic_etc & VFS_CAP_FLAGS_EFFECTIVE);
1892 name->fcap.rootid = caps.rootid;
1893 name->fcap_ver = (caps.magic_etc & VFS_CAP_REVISION_MASK) >>
1894 VFS_CAP_REVISION_SHIFT;
1895
1896 return 0;
1897}
1898
1899/* Copy inode data into an audit_names. */
1900void audit_copy_inode(struct audit_names *name, const struct dentry *dentry,
1901 struct inode *inode, unsigned int flags)
1902{
1903 name->ino = inode->i_ino;
1904 name->dev = inode->i_sb->s_dev;
1905 name->mode = inode->i_mode;
1906 name->uid = inode->i_uid;
1907 name->gid = inode->i_gid;
1908 name->rdev = inode->i_rdev;
1909 security_inode_getsecid(inode, &name->osid);
1910 if (flags & AUDIT_INODE_NOEVAL) {
1911 name->fcap_ver = -1;
1912 return;
1913 }
1914 audit_copy_fcaps(name, dentry);
1915}
1916
1753/** 1917/**
1754 * __audit_inode - store the inode and device from a lookup 1918 * __audit_inode - store the inode and device from a lookup
1755 * @name: name being audited 1919 * @name: name being audited
@@ -1763,10 +1927,31 @@ void __audit_inode(struct filename *name, const struct dentry *dentry,
1763 struct inode *inode = d_backing_inode(dentry); 1927 struct inode *inode = d_backing_inode(dentry);
1764 struct audit_names *n; 1928 struct audit_names *n;
1765 bool parent = flags & AUDIT_INODE_PARENT; 1929 bool parent = flags & AUDIT_INODE_PARENT;
1930 struct audit_entry *e;
1931 struct list_head *list = &audit_filter_list[AUDIT_FILTER_FS];
1932 int i;
1766 1933
1767 if (!context->in_syscall) 1934 if (!context->in_syscall)
1768 return; 1935 return;
1769 1936
1937 rcu_read_lock();
1938 if (!list_empty(list)) {
1939 list_for_each_entry_rcu(e, list, list) {
1940 for (i = 0; i < e->rule.field_count; i++) {
1941 struct audit_field *f = &e->rule.fields[i];
1942
1943 if (f->type == AUDIT_FSTYPE
1944 && audit_comparator(inode->i_sb->s_magic,
1945 f->op, f->val)
1946 && e->rule.action == AUDIT_NEVER) {
1947 rcu_read_unlock();
1948 return;
1949 }
1950 }
1951 }
1952 }
1953 rcu_read_unlock();
1954
1770 if (!name) 1955 if (!name)
1771 goto out_alloc; 1956 goto out_alloc;
1772 1957
@@ -1832,7 +2017,7 @@ out:
1832 n->type = AUDIT_TYPE_NORMAL; 2017 n->type = AUDIT_TYPE_NORMAL;
1833 } 2018 }
1834 handle_path(dentry); 2019 handle_path(dentry);
1835 audit_copy_inode(n, dentry, inode); 2020 audit_copy_inode(n, dentry, inode, flags & AUDIT_INODE_NOEVAL);
1836} 2021}
1837 2022
1838void __audit_file(const struct file *file) 2023void __audit_file(const struct file *file)
@@ -1875,14 +2060,12 @@ void __audit_inode_child(struct inode *parent,
1875 for (i = 0; i < e->rule.field_count; i++) { 2060 for (i = 0; i < e->rule.field_count; i++) {
1876 struct audit_field *f = &e->rule.fields[i]; 2061 struct audit_field *f = &e->rule.fields[i];
1877 2062
1878 if (f->type == AUDIT_FSTYPE) { 2063 if (f->type == AUDIT_FSTYPE
1879 if (audit_comparator(parent->i_sb->s_magic, 2064 && audit_comparator(parent->i_sb->s_magic,
1880 f->op, f->val)) { 2065 f->op, f->val)
1881 if (e->rule.action == AUDIT_NEVER) { 2066 && e->rule.action == AUDIT_NEVER) {
1882 rcu_read_unlock(); 2067 rcu_read_unlock();
1883 return; 2068 return;
1884 }
1885 }
1886 } 2069 }
1887 } 2070 }
1888 } 2071 }
@@ -1933,7 +2116,7 @@ void __audit_inode_child(struct inode *parent,
1933 n = audit_alloc_name(context, AUDIT_TYPE_PARENT); 2116 n = audit_alloc_name(context, AUDIT_TYPE_PARENT);
1934 if (!n) 2117 if (!n)
1935 return; 2118 return;
1936 audit_copy_inode(n, NULL, parent); 2119 audit_copy_inode(n, NULL, parent, 0);
1937 } 2120 }
1938 2121
1939 if (!found_child) { 2122 if (!found_child) {
@@ -1952,7 +2135,7 @@ void __audit_inode_child(struct inode *parent,
1952 } 2135 }
1953 2136
1954 if (inode) 2137 if (inode)
1955 audit_copy_inode(found_child, dentry, inode); 2138 audit_copy_inode(found_child, dentry, inode, 0);
1956 else 2139 else
1957 found_child->ino = AUDIT_INO_UNSET; 2140 found_child->ino = AUDIT_INO_UNSET;
1958} 2141}
@@ -1983,90 +2166,6 @@ int auditsc_get_stamp(struct audit_context *ctx,
1983 return 1; 2166 return 1;
1984} 2167}
1985 2168
1986/* global counter which is incremented every time something logs in */
1987static atomic_t session_id = ATOMIC_INIT(0);
1988
1989static int audit_set_loginuid_perm(kuid_t loginuid)
1990{
1991 /* if we are unset, we don't need privs */
1992 if (!audit_loginuid_set(current))
1993 return 0;
1994 /* if AUDIT_FEATURE_LOGINUID_IMMUTABLE means never ever allow a change*/
1995 if (is_audit_feature_set(AUDIT_FEATURE_LOGINUID_IMMUTABLE))
1996 return -EPERM;
1997 /* it is set, you need permission */
1998 if (!capable(CAP_AUDIT_CONTROL))
1999 return -EPERM;
2000 /* reject if this is not an unset and we don't allow that */
2001 if (is_audit_feature_set(AUDIT_FEATURE_ONLY_UNSET_LOGINUID) && uid_valid(loginuid))
2002 return -EPERM;
2003 return 0;
2004}
2005
2006static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,
2007 unsigned int oldsessionid, unsigned int sessionid,
2008 int rc)
2009{
2010 struct audit_buffer *ab;
2011 uid_t uid, oldloginuid, loginuid;
2012 struct tty_struct *tty;
2013
2014 if (!audit_enabled)
2015 return;
2016
2017 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN);
2018 if (!ab)
2019 return;
2020
2021 uid = from_kuid(&init_user_ns, task_uid(current));
2022 oldloginuid = from_kuid(&init_user_ns, koldloginuid);
2023 loginuid = from_kuid(&init_user_ns, kloginuid),
2024 tty = audit_get_tty();
2025
2026 audit_log_format(ab, "pid=%d uid=%u", task_tgid_nr(current), uid);
2027 audit_log_task_context(ab);
2028 audit_log_format(ab, " old-auid=%u auid=%u tty=%s old-ses=%u ses=%u res=%d",
2029 oldloginuid, loginuid, tty ? tty_name(tty) : "(none)",
2030 oldsessionid, sessionid, !rc);
2031 audit_put_tty(tty);
2032 audit_log_end(ab);
2033}
2034
2035/**
2036 * audit_set_loginuid - set current task's audit_context loginuid
2037 * @loginuid: loginuid value
2038 *
2039 * Returns 0.
2040 *
2041 * Called (set) from fs/proc/base.c::proc_loginuid_write().
2042 */
2043int audit_set_loginuid(kuid_t loginuid)
2044{
2045 unsigned int oldsessionid, sessionid = AUDIT_SID_UNSET;
2046 kuid_t oldloginuid;
2047 int rc;
2048
2049 oldloginuid = audit_get_loginuid(current);
2050 oldsessionid = audit_get_sessionid(current);
2051
2052 rc = audit_set_loginuid_perm(loginuid);
2053 if (rc)
2054 goto out;
2055
2056 /* are we setting or clearing? */
2057 if (uid_valid(loginuid)) {
2058 sessionid = (unsigned int)atomic_inc_return(&session_id);
2059 if (unlikely(sessionid == AUDIT_SID_UNSET))
2060 sessionid = (unsigned int)atomic_inc_return(&session_id);
2061 }
2062
2063 current->sessionid = sessionid;
2064 current->loginuid = loginuid;
2065out:
2066 audit_log_set_loginuid(oldloginuid, loginuid, oldsessionid, sessionid, rc);
2067 return rc;
2068}
2069
2070/** 2169/**
2071 * __audit_mq_open - record audit data for a POSIX MQ open 2170 * __audit_mq_open - record audit data for a POSIX MQ open
2072 * @oflag: open flag 2171 * @oflag: open flag
@@ -2355,6 +2454,7 @@ int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
2355 ax->fcap.permitted = vcaps.permitted; 2454 ax->fcap.permitted = vcaps.permitted;
2356 ax->fcap.inheritable = vcaps.inheritable; 2455 ax->fcap.inheritable = vcaps.inheritable;
2357 ax->fcap.fE = !!(vcaps.magic_etc & VFS_CAP_FLAGS_EFFECTIVE); 2456 ax->fcap.fE = !!(vcaps.magic_etc & VFS_CAP_FLAGS_EFFECTIVE);
2457 ax->fcap.rootid = vcaps.rootid;
2358 ax->fcap_ver = (vcaps.magic_etc & VFS_CAP_REVISION_MASK) >> VFS_CAP_REVISION_SHIFT; 2458 ax->fcap_ver = (vcaps.magic_etc & VFS_CAP_REVISION_MASK) >> VFS_CAP_REVISION_SHIFT;
2359 2459
2360 ax->old_pcap.permitted = old->cap_permitted; 2460 ax->old_pcap.permitted = old->cap_permitted;
diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index eeaddfe0c0fb..5a8b9cded4f2 100644
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -225,8 +225,7 @@ int aa_audit_rule_known(struct audit_krule *rule)
225 return 0; 225 return 0;
226} 226}
227 227
228int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, 228int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule)
229 struct audit_context *actx)
230{ 229{
231 struct aa_audit_rule *rule = vrule; 230 struct aa_audit_rule *rule = vrule;
232 struct aa_label *label; 231 struct aa_label *label;
diff --git a/security/apparmor/include/audit.h b/security/apparmor/include/audit.h
index b8c8b1066b0a..ee559bc2acb8 100644
--- a/security/apparmor/include/audit.h
+++ b/security/apparmor/include/audit.h
@@ -192,7 +192,6 @@ static inline int complain_error(int error)
192void aa_audit_rule_free(void *vrule); 192void aa_audit_rule_free(void *vrule);
193int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule); 193int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule);
194int aa_audit_rule_known(struct audit_krule *rule); 194int aa_audit_rule_known(struct audit_krule *rule);
195int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, 195int aa_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule);
196 struct audit_context *actx);
197 196
198#endif /* __AA_AUDIT_H */ 197#endif /* __AA_AUDIT_H */
diff --git a/security/commoncap.c b/security/commoncap.c
index f1d117c3d8ae..c477fb673701 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -642,6 +642,8 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data
642 cpu_caps->permitted.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK; 642 cpu_caps->permitted.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK;
643 cpu_caps->inheritable.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK; 643 cpu_caps->inheritable.cap[CAP_LAST_U32] &= CAP_LAST_U32_VALID_MASK;
644 644
645 cpu_caps->rootid = rootkuid;
646
645 return 0; 647 return 0;
646} 648}
647 649
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index cc12f3449a72..026163f37ba1 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -307,8 +307,7 @@ static inline int security_filter_rule_init(u32 field, u32 op, char *rulestr,
307} 307}
308 308
309static inline int security_filter_rule_match(u32 secid, u32 field, u32 op, 309static inline int security_filter_rule_match(u32 secid, u32 field, u32 op,
310 void *lsmrule, 310 void *lsmrule)
311 struct audit_context *actx)
312{ 311{
313 return -EINVAL; 312 return -EINVAL;
314} 313}
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 122797023bdb..e0cc323f948f 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -340,8 +340,7 @@ retry:
340 rc = security_filter_rule_match(osid, 340 rc = security_filter_rule_match(osid,
341 rule->lsm[i].type, 341 rule->lsm[i].type,
342 Audit_equal, 342 Audit_equal,
343 rule->lsm[i].rule, 343 rule->lsm[i].rule);
344 NULL);
345 break; 344 break;
346 case LSM_SUBJ_USER: 345 case LSM_SUBJ_USER:
347 case LSM_SUBJ_ROLE: 346 case LSM_SUBJ_ROLE:
@@ -349,8 +348,7 @@ retry:
349 rc = security_filter_rule_match(secid, 348 rc = security_filter_rule_match(secid,
350 rule->lsm[i].type, 349 rule->lsm[i].type,
351 Audit_equal, 350 Audit_equal,
352 rule->lsm[i].rule, 351 rule->lsm[i].rule);
353 NULL);
354 default: 352 default:
355 break; 353 break;
356 } 354 }
diff --git a/security/security.c b/security/security.c
index ed9b8cbf21cf..301b141b9a32 100644
--- a/security/security.c
+++ b/security/security.c
@@ -2302,11 +2302,9 @@ void security_audit_rule_free(void *lsmrule)
2302 call_void_hook(audit_rule_free, lsmrule); 2302 call_void_hook(audit_rule_free, lsmrule);
2303} 2303}
2304 2304
2305int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, 2305int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule)
2306 struct audit_context *actx)
2307{ 2306{
2308 return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule, 2307 return call_int_hook(audit_rule_match, 0, secid, field, op, lsmrule);
2309 actx);
2310} 2308}
2311#endif /* CONFIG_AUDIT */ 2309#endif /* CONFIG_AUDIT */
2312 2310
diff --git a/security/selinux/include/audit.h b/security/selinux/include/audit.h
index 36e1d44c0209..682e2b5de2a4 100644
--- a/security/selinux/include/audit.h
+++ b/security/selinux/include/audit.h
@@ -43,13 +43,11 @@ void selinux_audit_rule_free(void *rule);
43 * @field: the field this rule refers to 43 * @field: the field this rule refers to
44 * @op: the operater the rule uses 44 * @op: the operater the rule uses
45 * @rule: pointer to the audit rule to check against 45 * @rule: pointer to the audit rule to check against
46 * @actx: the audit context (can be NULL) associated with the check
47 * 46 *
48 * Returns 1 if the context id matches the rule, 0 if it does not, and 47 * Returns 1 if the context id matches the rule, 0 if it does not, and
49 * -errno on failure. 48 * -errno on failure.
50 */ 49 */
51int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule, 50int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *rule);
52 struct audit_context *actx);
53 51
54/** 52/**
55 * selinux_audit_rule_known - check to see if rule contains selinux fields. 53 * selinux_audit_rule_known - check to see if rule contains selinux fields.
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index a0a2aa964111..1269e2be3c2d 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -3402,8 +3402,7 @@ int selinux_audit_rule_known(struct audit_krule *rule)
3402 return 0; 3402 return 0;
3403} 3403}
3404 3404
3405int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule, 3405int selinux_audit_rule_match(u32 sid, u32 field, u32 op, void *vrule)
3406 struct audit_context *actx)
3407{ 3406{
3408 struct selinux_state *state = &selinux_state; 3407 struct selinux_state *state = &selinux_state;
3409 struct context *ctxt; 3408 struct context *ctxt;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 2309c696c6c8..424bce4ef21d 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4295,13 +4295,11 @@ static int smack_audit_rule_known(struct audit_krule *krule)
4295 * @field: audit rule flags given from user-space 4295 * @field: audit rule flags given from user-space
4296 * @op: required testing operator 4296 * @op: required testing operator
4297 * @vrule: smack internal rule presentation 4297 * @vrule: smack internal rule presentation
4298 * @actx: audit context associated with the check
4299 * 4298 *
4300 * The core Audit hook. It's used to take the decision of 4299 * The core Audit hook. It's used to take the decision of
4301 * whether to audit or not to audit a given object. 4300 * whether to audit or not to audit a given object.
4302 */ 4301 */
4303static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule, 4302static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule)
4304 struct audit_context *actx)
4305{ 4303{
4306 struct smack_known *skp; 4304 struct smack_known *skp;
4307 char *rule = vrule; 4305 char *rule = vrule;
generated by cgit v1.2.2 (git 2.25.0) at 2025-04-25 19:42:36 -0400