aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/audit.c
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/audit.c')
-rw-r--r--kernel/audit.c62
1 files changed, 31 insertions, 31 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 2a8058764aa6..632d36059556 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -60,7 +60,6 @@
60#include <linux/mutex.h> 60#include <linux/mutex.h>
61#include <linux/gfp.h> 61#include <linux/gfp.h>
62#include <linux/pid.h> 62#include <linux/pid.h>
63#include <linux/slab.h>
64 63
65#include <linux/audit.h> 64#include <linux/audit.h>
66 65
@@ -400,7 +399,7 @@ static int audit_log_config_change(char *function_name, u32 new, u32 old,
400 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); 399 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
401 if (unlikely(!ab)) 400 if (unlikely(!ab))
402 return rc; 401 return rc;
403 audit_log_format(ab, "%s=%u old=%u", function_name, new, old); 402 audit_log_format(ab, "%s=%u old=%u ", function_name, new, old);
404 audit_log_session_info(ab); 403 audit_log_session_info(ab);
405 rc = audit_log_task_context(ab); 404 rc = audit_log_task_context(ab);
406 if (rc) 405 if (rc)
@@ -1067,7 +1066,7 @@ static void audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type)
1067 *ab = audit_log_start(NULL, GFP_KERNEL, msg_type); 1066 *ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
1068 if (unlikely(!*ab)) 1067 if (unlikely(!*ab))
1069 return; 1068 return;
1070 audit_log_format(*ab, "pid=%d uid=%u", pid, uid); 1069 audit_log_format(*ab, "pid=%d uid=%u ", pid, uid);
1071 audit_log_session_info(*ab); 1070 audit_log_session_info(*ab);
1072 audit_log_task_context(*ab); 1071 audit_log_task_context(*ab);
1073} 1072}
@@ -1096,10 +1095,11 @@ static void audit_log_feature_change(int which, u32 old_feature, u32 new_feature
1096 1095
1097 if (audit_enabled == AUDIT_OFF) 1096 if (audit_enabled == AUDIT_OFF)
1098 return; 1097 return;
1098
1099 ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_FEATURE_CHANGE); 1099 ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_FEATURE_CHANGE);
1100 if (!ab) 1100 if (!ab)
1101 return; 1101 return;
1102 audit_log_task_info(ab, current); 1102 audit_log_task_info(ab);
1103 audit_log_format(ab, " feature=%s old=%u new=%u old_lock=%u new_lock=%u res=%d", 1103 audit_log_format(ab, " feature=%s old=%u new=%u old_lock=%u new_lock=%u res=%d",
1104 audit_feature_names[which], !!old_feature, !!new_feature, 1104 audit_feature_names[which], !!old_feature, !!new_feature,
1105 !!old_lock, !!new_lock, res); 1105 !!old_lock, !!new_lock, res);
@@ -2042,7 +2042,7 @@ void audit_log_session_info(struct audit_buffer *ab)
2042 unsigned int sessionid = audit_get_sessionid(current); 2042 unsigned int sessionid = audit_get_sessionid(current);
2043 uid_t auid = from_kuid(&init_user_ns, audit_get_loginuid(current)); 2043 uid_t auid = from_kuid(&init_user_ns, audit_get_loginuid(current));
2044 2044
2045 audit_log_format(ab, " auid=%u ses=%u", auid, sessionid); 2045 audit_log_format(ab, "auid=%u ses=%u", auid, sessionid);
2046} 2046}
2047 2047
2048void audit_log_key(struct audit_buffer *ab, char *key) 2048void audit_log_key(struct audit_buffer *ab, char *key)
@@ -2058,11 +2058,13 @@ void audit_log_cap(struct audit_buffer *ab, char *prefix, kernel_cap_t *cap)
2058{ 2058{
2059 int i; 2059 int i;
2060 2060
2061 audit_log_format(ab, " %s=", prefix); 2061 if (cap_isclear(*cap)) {
2062 CAP_FOR_EACH_U32(i) { 2062 audit_log_format(ab, " %s=0", prefix);
2063 audit_log_format(ab, "%08x", 2063 return;
2064 cap->cap[CAP_LAST_U32 - i]);
2065 } 2064 }
2065 audit_log_format(ab, " %s=", prefix);
2066 CAP_FOR_EACH_U32(i)
2067 audit_log_format(ab, "%08x", cap->cap[CAP_LAST_U32 - i]);
2066} 2068}
2067 2069
2068static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) 2070static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)
@@ -2177,22 +2179,21 @@ void audit_log_name(struct audit_context *context, struct audit_names *n,
2177 } 2179 }
2178 2180
2179 /* log the audit_names record type */ 2181 /* log the audit_names record type */
2180 audit_log_format(ab, " nametype=");
2181 switch(n->type) { 2182 switch(n->type) {
2182 case AUDIT_TYPE_NORMAL: 2183 case AUDIT_TYPE_NORMAL:
2183 audit_log_format(ab, "NORMAL"); 2184 audit_log_format(ab, " nametype=NORMAL");
2184 break; 2185 break;
2185 case AUDIT_TYPE_PARENT: 2186 case AUDIT_TYPE_PARENT:
2186 audit_log_format(ab, "PARENT"); 2187 audit_log_format(ab, " nametype=PARENT");
2187 break; 2188 break;
2188 case AUDIT_TYPE_CHILD_DELETE: 2189 case AUDIT_TYPE_CHILD_DELETE:
2189 audit_log_format(ab, "DELETE"); 2190 audit_log_format(ab, " nametype=DELETE");
2190 break; 2191 break;
2191 case AUDIT_TYPE_CHILD_CREATE: 2192 case AUDIT_TYPE_CHILD_CREATE:
2192 audit_log_format(ab, "CREATE"); 2193 audit_log_format(ab, " nametype=CREATE");
2193 break; 2194 break;
2194 default: 2195 default:
2195 audit_log_format(ab, "UNKNOWN"); 2196 audit_log_format(ab, " nametype=UNKNOWN");
2196 break; 2197 break;
2197 } 2198 }
2198 2199
@@ -2247,15 +2248,15 @@ out_null:
2247 audit_log_format(ab, " exe=(null)"); 2248 audit_log_format(ab, " exe=(null)");
2248} 2249}
2249 2250
2250struct tty_struct *audit_get_tty(struct task_struct *tsk) 2251struct tty_struct *audit_get_tty(void)
2251{ 2252{
2252 struct tty_struct *tty = NULL; 2253 struct tty_struct *tty = NULL;
2253 unsigned long flags; 2254 unsigned long flags;
2254 2255
2255 spin_lock_irqsave(&tsk->sighand->siglock, flags); 2256 spin_lock_irqsave(&current->sighand->siglock, flags);
2256 if (tsk->signal) 2257 if (current->signal)
2257 tty = tty_kref_get(tsk->signal->tty); 2258 tty = tty_kref_get(current->signal->tty);
2258 spin_unlock_irqrestore(&tsk->sighand->siglock, flags); 2259 spin_unlock_irqrestore(&current->sighand->siglock, flags);
2259 return tty; 2260 return tty;
2260} 2261}
2261 2262
@@ -2264,25 +2265,24 @@ void audit_put_tty(struct tty_struct *tty)
2264 tty_kref_put(tty); 2265 tty_kref_put(tty);
2265} 2266}
2266 2267
2267void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) 2268void audit_log_task_info(struct audit_buffer *ab)
2268{ 2269{
2269 const struct cred *cred; 2270 const struct cred *cred;
2270 char comm[sizeof(tsk->comm)]; 2271 char comm[sizeof(current->comm)];
2271 struct tty_struct *tty; 2272 struct tty_struct *tty;
2272 2273
2273 if (!ab) 2274 if (!ab)
2274 return; 2275 return;
2275 2276
2276 /* tsk == current */
2277 cred = current_cred(); 2277 cred = current_cred();
2278 tty = audit_get_tty(tsk); 2278 tty = audit_get_tty();
2279 audit_log_format(ab, 2279 audit_log_format(ab,
2280 " ppid=%d pid=%d auid=%u uid=%u gid=%u" 2280 " ppid=%d pid=%d auid=%u uid=%u gid=%u"
2281 " euid=%u suid=%u fsuid=%u" 2281 " euid=%u suid=%u fsuid=%u"
2282 " egid=%u sgid=%u fsgid=%u tty=%s ses=%u", 2282 " egid=%u sgid=%u fsgid=%u tty=%s ses=%u",
2283 task_ppid_nr(tsk), 2283 task_ppid_nr(current),
2284 task_tgid_nr(tsk), 2284 task_tgid_nr(current),
2285 from_kuid(&init_user_ns, audit_get_loginuid(tsk)), 2285 from_kuid(&init_user_ns, audit_get_loginuid(current)),
2286 from_kuid(&init_user_ns, cred->uid), 2286 from_kuid(&init_user_ns, cred->uid),
2287 from_kgid(&init_user_ns, cred->gid), 2287 from_kgid(&init_user_ns, cred->gid),
2288 from_kuid(&init_user_ns, cred->euid), 2288 from_kuid(&init_user_ns, cred->euid),
@@ -2292,11 +2292,11 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
2292 from_kgid(&init_user_ns, cred->sgid), 2292 from_kgid(&init_user_ns, cred->sgid),
2293 from_kgid(&init_user_ns, cred->fsgid), 2293 from_kgid(&init_user_ns, cred->fsgid),
2294 tty ? tty_name(tty) : "(none)", 2294 tty ? tty_name(tty) : "(none)",
2295 audit_get_sessionid(tsk)); 2295 audit_get_sessionid(current));
2296 audit_put_tty(tty); 2296 audit_put_tty(tty);
2297 audit_log_format(ab, " comm="); 2297 audit_log_format(ab, " comm=");
2298 audit_log_untrustedstring(ab, get_task_comm(comm, tsk)); 2298 audit_log_untrustedstring(ab, get_task_comm(comm, current));
2299 audit_log_d_path_exe(ab, tsk->mm); 2299 audit_log_d_path_exe(ab, current->mm);
2300 audit_log_task_context(ab); 2300 audit_log_task_context(ab);
2301} 2301}
2302EXPORT_SYMBOL(audit_log_task_info); 2302EXPORT_SYMBOL(audit_log_task_info);
@@ -2317,7 +2317,7 @@ void audit_log_link_denied(const char *operation)
2317 if (!ab) 2317 if (!ab)
2318 return; 2318 return;
2319 audit_log_format(ab, "op=%s", operation); 2319 audit_log_format(ab, "op=%s", operation);
2320 audit_log_task_info(ab, current); 2320 audit_log_task_info(ab);
2321 audit_log_format(ab, " res=0"); 2321 audit_log_format(ab, " res=0");
2322 audit_log_end(ab); 2322 audit_log_end(ab);
2323} 2323}
generated by cgit v1.2.2 (git 2.25.0) at 2025-10-03 23:41:57 -0400