diff options
| author | Jonathan Herman <hermanjl@cs.unc.edu> | 2013-01-17 16:15:55 -0500 |
|---|---|---|
| committer | Jonathan Herman <hermanjl@cs.unc.edu> | 2013-01-17 16:15:55 -0500 |
| commit | 8dea78da5cee153b8af9c07a2745f6c55057fe12 (patch) | |
| tree | a8f4d49d63b1ecc92f2fddceba0655b2472c5bd9 /security/tomoyo/audit.c | |
| parent | 406089d01562f1e2bf9f089fd7637009ebaad589 (diff) | |
Patched in Tegra support.
Diffstat (limited to 'security/tomoyo/audit.c')
| -rw-r--r-- | security/tomoyo/audit.c | 38 |
1 files changed, 12 insertions, 26 deletions
diff --git a/security/tomoyo/audit.c b/security/tomoyo/audit.c index c1b00375c9a..5dbb1f7617c 100644 --- a/security/tomoyo/audit.c +++ b/security/tomoyo/audit.c | |||
| @@ -112,7 +112,7 @@ out: | |||
| 112 | * | 112 | * |
| 113 | * Returns file type string. | 113 | * Returns file type string. |
| 114 | */ | 114 | */ |
| 115 | static inline const char *tomoyo_filetype(const umode_t mode) | 115 | static inline const char *tomoyo_filetype(const mode_t mode) |
| 116 | { | 116 | { |
| 117 | switch (mode & S_IFMT) { | 117 | switch (mode & S_IFMT) { |
| 118 | case S_IFREG: | 118 | case S_IFREG: |
| @@ -168,14 +168,9 @@ static char *tomoyo_print_header(struct tomoyo_request_info *r) | |||
| 168 | stamp.day, stamp.hour, stamp.min, stamp.sec, r->profile, | 168 | stamp.day, stamp.hour, stamp.min, stamp.sec, r->profile, |
| 169 | tomoyo_mode[r->mode], tomoyo_yesno(r->granted), gpid, | 169 | tomoyo_mode[r->mode], tomoyo_yesno(r->granted), gpid, |
| 170 | tomoyo_sys_getpid(), tomoyo_sys_getppid(), | 170 | tomoyo_sys_getpid(), tomoyo_sys_getppid(), |
| 171 | from_kuid(&init_user_ns, current_uid()), | 171 | current_uid(), current_gid(), current_euid(), |
| 172 | from_kgid(&init_user_ns, current_gid()), | 172 | current_egid(), current_suid(), current_sgid(), |
| 173 | from_kuid(&init_user_ns, current_euid()), | 173 | current_fsuid(), current_fsgid()); |
| 174 | from_kgid(&init_user_ns, current_egid()), | ||
| 175 | from_kuid(&init_user_ns, current_suid()), | ||
| 176 | from_kgid(&init_user_ns, current_sgid()), | ||
| 177 | from_kuid(&init_user_ns, current_fsuid()), | ||
| 178 | from_kgid(&init_user_ns, current_fsgid())); | ||
| 179 | if (!obj) | 174 | if (!obj) |
| 180 | goto no_obj_info; | 175 | goto no_obj_info; |
| 181 | if (!obj->validate_done) { | 176 | if (!obj->validate_done) { |
| @@ -185,7 +180,7 @@ static char *tomoyo_print_header(struct tomoyo_request_info *r) | |||
| 185 | for (i = 0; i < TOMOYO_MAX_PATH_STAT; i++) { | 180 | for (i = 0; i < TOMOYO_MAX_PATH_STAT; i++) { |
| 186 | struct tomoyo_mini_stat *stat; | 181 | struct tomoyo_mini_stat *stat; |
| 187 | unsigned int dev; | 182 | unsigned int dev; |
| 188 | umode_t mode; | 183 | mode_t mode; |
| 189 | if (!obj->stat_valid[i]) | 184 | if (!obj->stat_valid[i]) |
| 190 | continue; | 185 | continue; |
| 191 | stat = &obj->stat[i]; | 186 | stat = &obj->stat[i]; |
| @@ -196,19 +191,15 @@ static char *tomoyo_print_header(struct tomoyo_request_info *r) | |||
| 196 | tomoyo_buffer_len - 1 - pos, | 191 | tomoyo_buffer_len - 1 - pos, |
| 197 | " path%u.parent={ uid=%u gid=%u " | 192 | " path%u.parent={ uid=%u gid=%u " |
| 198 | "ino=%lu perm=0%o }", (i >> 1) + 1, | 193 | "ino=%lu perm=0%o }", (i >> 1) + 1, |
| 199 | from_kuid(&init_user_ns, stat->uid), | 194 | stat->uid, stat->gid, (unsigned long) |
| 200 | from_kgid(&init_user_ns, stat->gid), | 195 | stat->ino, stat->mode & S_IALLUGO); |
| 201 | (unsigned long)stat->ino, | ||
| 202 | stat->mode & S_IALLUGO); | ||
| 203 | continue; | 196 | continue; |
| 204 | } | 197 | } |
| 205 | pos += snprintf(buffer + pos, tomoyo_buffer_len - 1 - pos, | 198 | pos += snprintf(buffer + pos, tomoyo_buffer_len - 1 - pos, |
| 206 | " path%u={ uid=%u gid=%u ino=%lu major=%u" | 199 | " path%u={ uid=%u gid=%u ino=%lu major=%u" |
| 207 | " minor=%u perm=0%o type=%s", (i >> 1) + 1, | 200 | " minor=%u perm=0%o type=%s", (i >> 1) + 1, |
| 208 | from_kuid(&init_user_ns, stat->uid), | 201 | stat->uid, stat->gid, (unsigned long) |
| 209 | from_kgid(&init_user_ns, stat->gid), | 202 | stat->ino, MAJOR(dev), MINOR(dev), |
| 210 | (unsigned long)stat->ino, | ||
| 211 | MAJOR(dev), MINOR(dev), | ||
| 212 | mode & S_IALLUGO, tomoyo_filetype(mode)); | 203 | mode & S_IALLUGO, tomoyo_filetype(mode)); |
| 213 | if (S_ISCHR(mode) || S_ISBLK(mode)) { | 204 | if (S_ISCHR(mode) || S_ISBLK(mode)) { |
| 214 | dev = stat->rdev; | 205 | dev = stat->rdev; |
| @@ -322,7 +313,6 @@ static unsigned int tomoyo_log_count; | |||
| 322 | */ | 313 | */ |
| 323 | static bool tomoyo_get_audit(const struct tomoyo_policy_namespace *ns, | 314 | static bool tomoyo_get_audit(const struct tomoyo_policy_namespace *ns, |
| 324 | const u8 profile, const u8 index, | 315 | const u8 profile, const u8 index, |
| 325 | const struct tomoyo_acl_info *matched_acl, | ||
| 326 | const bool is_granted) | 316 | const bool is_granted) |
| 327 | { | 317 | { |
| 328 | u8 mode; | 318 | u8 mode; |
| @@ -334,9 +324,6 @@ static bool tomoyo_get_audit(const struct tomoyo_policy_namespace *ns, | |||
| 334 | p = tomoyo_profile(ns, profile); | 324 | p = tomoyo_profile(ns, profile); |
| 335 | if (tomoyo_log_count >= p->pref[TOMOYO_PREF_MAX_AUDIT_LOG]) | 325 | if (tomoyo_log_count >= p->pref[TOMOYO_PREF_MAX_AUDIT_LOG]) |
| 336 | return false; | 326 | return false; |
| 337 | if (is_granted && matched_acl && matched_acl->cond && | ||
| 338 | matched_acl->cond->grant_log != TOMOYO_GRANTLOG_AUTO) | ||
| 339 | return matched_acl->cond->grant_log == TOMOYO_GRANTLOG_YES; | ||
| 340 | mode = p->config[index]; | 327 | mode = p->config[index]; |
| 341 | if (mode == TOMOYO_CONFIG_USE_DEFAULT) | 328 | if (mode == TOMOYO_CONFIG_USE_DEFAULT) |
| 342 | mode = p->config[category]; | 329 | mode = p->config[category]; |
| @@ -363,8 +350,7 @@ void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt, | |||
| 363 | char *buf; | 350 | char *buf; |
| 364 | struct tomoyo_log *entry; | 351 | struct tomoyo_log *entry; |
| 365 | bool quota_exceeded = false; | 352 | bool quota_exceeded = false; |
| 366 | if (!tomoyo_get_audit(r->domain->ns, r->profile, r->type, | 353 | if (!tomoyo_get_audit(r->domain->ns, r->profile, r->type, r->granted)) |
| 367 | r->matched_acl, r->granted)) | ||
| 368 | goto out; | 354 | goto out; |
| 369 | buf = tomoyo_init_log(r, len, fmt, args); | 355 | buf = tomoyo_init_log(r, len, fmt, args); |
| 370 | if (!buf) | 356 | if (!buf) |
| @@ -455,11 +441,11 @@ void tomoyo_read_log(struct tomoyo_io_buffer *head) | |||
| 455 | * tomoyo_poll_log - Wait for an audit log. | 441 | * tomoyo_poll_log - Wait for an audit log. |
| 456 | * | 442 | * |
| 457 | * @file: Pointer to "struct file". | 443 | * @file: Pointer to "struct file". |
| 458 | * @wait: Pointer to "poll_table". Maybe NULL. | 444 | * @wait: Pointer to "poll_table". |
| 459 | * | 445 | * |
| 460 | * Returns POLLIN | POLLRDNORM when ready to read an audit log. | 446 | * Returns POLLIN | POLLRDNORM when ready to read an audit log. |
| 461 | */ | 447 | */ |
| 462 | unsigned int tomoyo_poll_log(struct file *file, poll_table *wait) | 448 | int tomoyo_poll_log(struct file *file, poll_table *wait) |
| 463 | { | 449 | { |
| 464 | if (tomoyo_log_count) | 450 | if (tomoyo_log_count) |
| 465 | return POLLIN | POLLRDNORM; | 451 | return POLLIN | POLLRDNORM; |