diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-29 14:41:22 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-29 14:41:22 -0400 |
| commit | 9781db7b345b5dfe93787aaaf310c861db7c1ede (patch) | |
| tree | d9796e29fd914ca04835636be95bbd5082a034fd /kernel/auditfilter.c | |
| parent | 97094dcf5cefc8ccfdf93839f54dac2c4d316165 (diff) | |
| parent | 8b67dca9420474623709e00d72a066068a502b20 (diff) | |
Merge branch 'audit.b50' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b50' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:
[PATCH] new predicate - AUDIT_FILETYPE
[patch 2/2] Use find_task_by_vpid in audit code
[patch 1/2] audit: let userspace fully control TTY input auditing
[PATCH 2/2] audit: fix sparse shadowed variable warnings
[PATCH 1/2] audit: move extern declarations to audit.h
Audit: MAINTAINERS update
Audit: increase the maximum length of the key field
Audit: standardize string audit interfaces
Audit: stop deadlock from signals under load
Audit: save audit_backlog_limit audit messages in case auditd comes back
Audit: collect sessionid in netlink messages
Audit: end printk with newline
Diffstat (limited to 'kernel/auditfilter.c')
| -rw-r--r-- | kernel/auditfilter.c | 45 |
1 files changed, 25 insertions, 20 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 13430176b3c9..0e0bd27e6512 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
| @@ -89,14 +89,9 @@ struct list_head audit_filter_list[AUDIT_NR_FILTERS] = { | |||
| 89 | 89 | ||
| 90 | DEFINE_MUTEX(audit_filter_mutex); | 90 | DEFINE_MUTEX(audit_filter_mutex); |
| 91 | 91 | ||
| 92 | /* Inotify handle */ | ||
| 93 | extern struct inotify_handle *audit_ih; | ||
| 94 | |||
| 95 | /* Inotify events we care about. */ | 92 | /* Inotify events we care about. */ |
| 96 | #define AUDIT_IN_WATCH IN_MOVE|IN_CREATE|IN_DELETE|IN_DELETE_SELF|IN_MOVE_SELF | 93 | #define AUDIT_IN_WATCH IN_MOVE|IN_CREATE|IN_DELETE|IN_DELETE_SELF|IN_MOVE_SELF |
| 97 | 94 | ||
| 98 | extern int audit_enabled; | ||
| 99 | |||
| 100 | void audit_free_parent(struct inotify_watch *i_watch) | 95 | void audit_free_parent(struct inotify_watch *i_watch) |
| 101 | { | 96 | { |
| 102 | struct audit_parent *parent; | 97 | struct audit_parent *parent; |
| @@ -422,7 +417,7 @@ exit_err: | |||
| 422 | static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule) | 417 | static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule) |
| 423 | { | 418 | { |
| 424 | struct audit_entry *entry; | 419 | struct audit_entry *entry; |
| 425 | struct audit_field *f; | 420 | struct audit_field *ino_f; |
| 426 | int err = 0; | 421 | int err = 0; |
| 427 | int i; | 422 | int i; |
| 428 | 423 | ||
| @@ -483,6 +478,10 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule) | |||
| 483 | if (f->val & ~15) | 478 | if (f->val & ~15) |
| 484 | goto exit_free; | 479 | goto exit_free; |
| 485 | break; | 480 | break; |
| 481 | case AUDIT_FILETYPE: | ||
| 482 | if ((f->val & ~S_IFMT) > S_IFMT) | ||
| 483 | goto exit_free; | ||
| 484 | break; | ||
| 486 | case AUDIT_INODE: | 485 | case AUDIT_INODE: |
| 487 | err = audit_to_inode(&entry->rule, f); | 486 | err = audit_to_inode(&entry->rule, f); |
| 488 | if (err) | 487 | if (err) |
| @@ -504,9 +503,9 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule) | |||
| 504 | } | 503 | } |
| 505 | } | 504 | } |
| 506 | 505 | ||
| 507 | f = entry->rule.inode_f; | 506 | ino_f = entry->rule.inode_f; |
| 508 | if (f) { | 507 | if (ino_f) { |
| 509 | switch(f->op) { | 508 | switch(ino_f->op) { |
| 510 | case AUDIT_NOT_EQUAL: | 509 | case AUDIT_NOT_EQUAL: |
| 511 | entry->rule.inode_f = NULL; | 510 | entry->rule.inode_f = NULL; |
| 512 | case AUDIT_EQUAL: | 511 | case AUDIT_EQUAL: |
| @@ -531,7 +530,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, | |||
| 531 | { | 530 | { |
| 532 | int err = 0; | 531 | int err = 0; |
| 533 | struct audit_entry *entry; | 532 | struct audit_entry *entry; |
| 534 | struct audit_field *f; | 533 | struct audit_field *ino_f; |
| 535 | void *bufp; | 534 | void *bufp; |
| 536 | size_t remain = datasz - sizeof(struct audit_rule_data); | 535 | size_t remain = datasz - sizeof(struct audit_rule_data); |
| 537 | int i; | 536 | int i; |
| @@ -654,14 +653,18 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, | |||
| 654 | if (f->val & ~15) | 653 | if (f->val & ~15) |
| 655 | goto exit_free; | 654 | goto exit_free; |
| 656 | break; | 655 | break; |
| 656 | case AUDIT_FILETYPE: | ||
| 657 | if ((f->val & ~S_IFMT) > S_IFMT) | ||
| 658 | goto exit_free; | ||
| 659 | break; | ||
| 657 | default: | 660 | default: |
| 658 | goto exit_free; | 661 | goto exit_free; |
| 659 | } | 662 | } |
| 660 | } | 663 | } |
| 661 | 664 | ||
| 662 | f = entry->rule.inode_f; | 665 | ino_f = entry->rule.inode_f; |
| 663 | if (f) { | 666 | if (ino_f) { |
| 664 | switch(f->op) { | 667 | switch(ino_f->op) { |
| 665 | case AUDIT_NOT_EQUAL: | 668 | case AUDIT_NOT_EQUAL: |
| 666 | entry->rule.inode_f = NULL; | 669 | entry->rule.inode_f = NULL; |
| 667 | case AUDIT_EQUAL: | 670 | case AUDIT_EQUAL: |
| @@ -1500,8 +1503,9 @@ static void audit_list_rules(int pid, int seq, struct sk_buff_head *q) | |||
| 1500 | } | 1503 | } |
| 1501 | 1504 | ||
| 1502 | /* Log rule additions and removals */ | 1505 | /* Log rule additions and removals */ |
| 1503 | static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action, | 1506 | static void audit_log_rule_change(uid_t loginuid, u32 sessionid, u32 sid, |
| 1504 | struct audit_krule *rule, int res) | 1507 | char *action, struct audit_krule *rule, |
| 1508 | int res) | ||
| 1505 | { | 1509 | { |
| 1506 | struct audit_buffer *ab; | 1510 | struct audit_buffer *ab; |
| 1507 | 1511 | ||
| @@ -1511,7 +1515,7 @@ static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action, | |||
| 1511 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); | 1515 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); |
| 1512 | if (!ab) | 1516 | if (!ab) |
| 1513 | return; | 1517 | return; |
| 1514 | audit_log_format(ab, "auid=%u", loginuid); | 1518 | audit_log_format(ab, "auid=%u ses=%u", loginuid, sessionid); |
| 1515 | if (sid) { | 1519 | if (sid) { |
| 1516 | char *ctx = NULL; | 1520 | char *ctx = NULL; |
| 1517 | u32 len; | 1521 | u32 len; |
| @@ -1543,7 +1547,7 @@ static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action, | |||
| 1543 | * @sid: SE Linux Security ID of sender | 1547 | * @sid: SE Linux Security ID of sender |
| 1544 | */ | 1548 | */ |
| 1545 | int audit_receive_filter(int type, int pid, int uid, int seq, void *data, | 1549 | int audit_receive_filter(int type, int pid, int uid, int seq, void *data, |
| 1546 | size_t datasz, uid_t loginuid, u32 sid) | 1550 | size_t datasz, uid_t loginuid, u32 sessionid, u32 sid) |
| 1547 | { | 1551 | { |
| 1548 | struct task_struct *tsk; | 1552 | struct task_struct *tsk; |
| 1549 | struct audit_netlink_list *dest; | 1553 | struct audit_netlink_list *dest; |
| @@ -1590,7 +1594,8 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data, | |||
| 1590 | 1594 | ||
| 1591 | err = audit_add_rule(entry, | 1595 | err = audit_add_rule(entry, |
| 1592 | &audit_filter_list[entry->rule.listnr]); | 1596 | &audit_filter_list[entry->rule.listnr]); |
| 1593 | audit_log_rule_change(loginuid, sid, "add", &entry->rule, !err); | 1597 | audit_log_rule_change(loginuid, sessionid, sid, "add", |
| 1598 | &entry->rule, !err); | ||
| 1594 | 1599 | ||
| 1595 | if (err) | 1600 | if (err) |
| 1596 | audit_free_rule(entry); | 1601 | audit_free_rule(entry); |
| @@ -1606,8 +1611,8 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data, | |||
| 1606 | 1611 | ||
| 1607 | err = audit_del_rule(entry, | 1612 | err = audit_del_rule(entry, |
| 1608 | &audit_filter_list[entry->rule.listnr]); | 1613 | &audit_filter_list[entry->rule.listnr]); |
| 1609 | audit_log_rule_change(loginuid, sid, "remove", &entry->rule, | 1614 | audit_log_rule_change(loginuid, sessionid, sid, "remove", |
| 1610 | !err); | 1615 | &entry->rule, !err); |
| 1611 | 1616 | ||
| 1612 | audit_free_rule(entry); | 1617 | audit_free_rule(entry); |
| 1613 | break; | 1618 | break; |