aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-04-18 10:09:25 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2008-04-28 06:18:03 -0400
commit2532386f480eefbdd67b48be55fb4fb3e5a6081c (patch)
treedd6a5a3c4116a67380a1336319c16632f04f80f9
parent436c405c7d19455a71f42c9bec5fd5e028f1eb4e (diff)
Audit: collect sessionid in netlink messages
Previously I added sessionid output to all audit messages where it was available but we still didn't know the sessionid of the sender of netlink messages. This patch adds that information to netlink messages so we can audit who sent netlink messages. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat
-rw-r--r--drivers/char/tty_audit.c7
-rw-r--r--include/linux/audit.h3
-rw-r--r--include/linux/netlink.h1
-rw-r--r--include/linux/tty.h4
-rw-r--r--include/net/netlabel.h1
-rw-r--r--include/net/xfrm.h23
-rw-r--r--kernel/audit.c72
-rw-r--r--kernel/auditfilter.c16
-rw-r--r--net/key/af_key.c17
-rw-r--r--net/netlabel/netlabel_unlabeled.c1
-rw-r--r--net/netlabel/netlabel_user.c4
-rw-r--r--net/netlabel/netlabel_user.h1
-rw-r--r--net/netlink/af_netlink.c1
-rw-r--r--net/xfrm/xfrm_policy.c12
-rw-r--r--net/xfrm/xfrm_state.c13
-rw-r--r--net/xfrm/xfrm_user.c41
-rw-r--r--security/smack/smackfs.c2
17 files changed, 132 insertions, 87 deletions
diff --git a/drivers/char/tty_audit.c b/drivers/char/tty_audit.c
index 7722466e052f..9739bbfc8f70 100644
--- a/drivers/char/tty_audit.c
+++ b/drivers/char/tty_audit.c
@@ -151,14 +151,9 @@ void tty_audit_fork(struct signal_struct *sig)
151/** 151/**
152 * tty_audit_push_task - Flush task's pending audit data 152 * tty_audit_push_task - Flush task's pending audit data
153 */ 153 */
154void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid) 154void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)
155{ 155{
156 struct tty_audit_buf *buf; 156 struct tty_audit_buf *buf;
157 /* FIXME I think this is correct. Check against netlink once that is
158 * I really need to read this code more closely. But that's for
159 * another patch.
160 */
161 unsigned int sessionid = audit_get_sessionid(tsk);
162 157
163 spin_lock_irq(&tsk->sighand->siglock); 158 spin_lock_irq(&tsk->sighand->siglock);
164 buf = tsk->signal->tty_audit_buf; 159 buf = tsk->signal->tty_audit_buf;
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 4ccb048cae1d..25f6ae30dd4b 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -569,7 +569,8 @@ extern int audit_update_lsm_rules(void);
569extern int audit_filter_user(struct netlink_skb_parms *cb, int type); 569extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
570extern int audit_filter_type(int type); 570extern int audit_filter_type(int type);
571extern int audit_receive_filter(int type, int pid, int uid, int seq, 571extern int audit_receive_filter(int type, int pid, int uid, int seq,
572 void *data, size_t datasz, uid_t loginuid, u32 sid); 572 void *data, size_t datasz, uid_t loginuid,
573 u32 sessionid, u32 sid);
573extern int audit_enabled; 574extern int audit_enabled;
574#else 575#else
575#define audit_log(c,g,t,f,...) do { ; } while (0) 576#define audit_log(c,g,t,f,...) do { ; } while (0)
diff --git a/include/linux/netlink.h b/include/linux/netlink.h
index fb0713b6ffaf..bec1062a25a1 100644
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -166,6 +166,7 @@ struct netlink_skb_parms
166 __u32 dst_group; 166 __u32 dst_group;
167 kernel_cap_t eff_cap; 167 kernel_cap_t eff_cap;
168 __u32 loginuid; /* Login (audit) uid */ 168 __u32 loginuid; /* Login (audit) uid */
169 __u32 sessionid; /* Session id (audit) */
169 __u32 sid; /* SELinux security id */ 170 __u32 sid; /* SELinux security id */
170}; 171};
171 172
diff --git a/include/linux/tty.h b/include/linux/tty.h
index dd8e08fe8855..430624504ca0 100644
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -351,7 +351,7 @@ extern void tty_audit_add_data(struct tty_struct *tty, unsigned char *data,
351extern void tty_audit_exit(void); 351extern void tty_audit_exit(void);
352extern void tty_audit_fork(struct signal_struct *sig); 352extern void tty_audit_fork(struct signal_struct *sig);
353extern void tty_audit_push(struct tty_struct *tty); 353extern void tty_audit_push(struct tty_struct *tty);
354extern void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid); 354extern void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid);
355extern void tty_audit_opening(void); 355extern void tty_audit_opening(void);
356#else 356#else
357static inline void tty_audit_add_data(struct tty_struct *tty, 357static inline void tty_audit_add_data(struct tty_struct *tty,
@@ -367,7 +367,7 @@ static inline void tty_audit_fork(struct signal_struct *sig)
367static inline void tty_audit_push(struct tty_struct *tty) 367static inline void tty_audit_push(struct tty_struct *tty)
368{ 368{
369} 369}
370static inline void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid) 370static inline void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)
371{ 371{
372} 372}
373static inline void tty_audit_opening(void) 373static inline void tty_audit_opening(void)
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 5e53a85b5ca1..e4d2d6baa983 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -103,6 +103,7 @@ struct cipso_v4_doi;
103struct netlbl_audit { 103struct netlbl_audit {
104 u32 secid; 104 u32 secid;
105 uid_t loginuid; 105 uid_t loginuid;
106 u32 sessionid;
106}; 107};
107 108
108/* 109/*
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index baa9f372cfd1..d1350bcccb03 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -597,8 +597,9 @@ struct xfrm_spi_skb_cb {
597/* Audit Information */ 597/* Audit Information */
598struct xfrm_audit 598struct xfrm_audit
599{ 599{
600 u32 loginuid;
601 u32 secid; 600 u32 secid;
601 uid_t loginuid;
602 u32 sessionid;
602}; 603};
603 604
604#ifdef CONFIG_AUDITSYSCALL 605#ifdef CONFIG_AUDITSYSCALL
@@ -616,13 +617,13 @@ static inline struct audit_buffer *xfrm_audit_start(const char *op)
616 return audit_buf; 617 return audit_buf;
617} 618}
618 619
619static inline void xfrm_audit_helper_usrinfo(u32 auid, u32 secid, 620static inline void xfrm_audit_helper_usrinfo(uid_t auid, u32 ses, u32 secid,
620 struct audit_buffer *audit_buf) 621 struct audit_buffer *audit_buf)
621{ 622{
622 char *secctx; 623 char *secctx;
623 u32 secctx_len; 624 u32 secctx_len;
624 625
625 audit_log_format(audit_buf, " auid=%u", auid); 626 audit_log_format(audit_buf, " auid=%u ses=%u", auid, ses);
626 if (secid != 0 && 627 if (secid != 0 &&
627 security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) { 628 security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) {
628 audit_log_format(audit_buf, " subj=%s", secctx); 629 audit_log_format(audit_buf, " subj=%s", secctx);
@@ -632,13 +633,13 @@ static inline void xfrm_audit_helper_usrinfo(u32 auid, u32 secid,
632} 633}
633 634
634extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, 635extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
635 u32 auid, u32 secid); 636 u32 auid, u32 ses, u32 secid);
636extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, 637extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
637 u32 auid, u32 secid); 638 u32 auid, u32 ses, u32 secid);
638extern void xfrm_audit_state_add(struct xfrm_state *x, int result, 639extern void xfrm_audit_state_add(struct xfrm_state *x, int result,
639 u32 auid, u32 secid); 640 u32 auid, u32 ses, u32 secid);
640extern void xfrm_audit_state_delete(struct xfrm_state *x, int result, 641extern void xfrm_audit_state_delete(struct xfrm_state *x, int result,
641 u32 auid, u32 secid); 642 u32 auid, u32 ses, u32 secid);
642extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x, 643extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
643 struct sk_buff *skb); 644 struct sk_buff *skb);
644extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family); 645extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family);
@@ -647,10 +648,10 @@ extern void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
647extern void xfrm_audit_state_icvfail(struct xfrm_state *x, 648extern void xfrm_audit_state_icvfail(struct xfrm_state *x,
648 struct sk_buff *skb, u8 proto); 649 struct sk_buff *skb, u8 proto);
649#else 650#else
650#define xfrm_audit_policy_add(x, r, a, s) do { ; } while (0) 651#define xfrm_audit_policy_add(x, r, a, se, s) do { ; } while (0)
651#define xfrm_audit_policy_delete(x, r, a, s) do { ; } while (0) 652#define xfrm_audit_policy_delete(x, r, a, se, s) do { ; } while (0)
652#define xfrm_audit_state_add(x, r, a, s) do { ; } while (0) 653#define xfrm_audit_state_add(x, r, a, se, s) do { ; } while (0)
653#define xfrm_audit_state_delete(x, r, a, s) do { ; } while (0) 654#define xfrm_audit_state_delete(x, r, a, se, s) do { ; } while (0)
654#define xfrm_audit_state_replay_overflow(x, s) do { ; } while (0) 655#define xfrm_audit_state_replay_overflow(x, s) do { ; } while (0)
655#define xfrm_audit_state_notfound_simple(s, f) do { ; } while (0) 656#define xfrm_audit_state_notfound_simple(s, f) do { ; } while (0)
656#define xfrm_audit_state_notfound(s, f, sp, sq) do { ; } while (0) 657#define xfrm_audit_state_notfound(s, f, sp, sq) do { ; } while (0)
diff --git a/kernel/audit.c b/kernel/audit.c
index a7b16086d36f..ad6d1abfa1d2 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -252,14 +252,15 @@ void audit_log_lost(const char *message)
252} 252}
253 253
254static int audit_log_config_change(char *function_name, int new, int old, 254static int audit_log_config_change(char *function_name, int new, int old,
255 uid_t loginuid, u32 sid, int allow_changes) 255 uid_t loginuid, u32 sessionid, u32 sid,
256 int allow_changes)
256{ 257{
257 struct audit_buffer *ab; 258 struct audit_buffer *ab;
258 int rc = 0; 259 int rc = 0;
259 260
260 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); 261 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
261 audit_log_format(ab, "%s=%d old=%d by auid=%u", function_name, new, 262 audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new,
262 old, loginuid); 263 old, loginuid, sessionid);
263 if (sid) { 264 if (sid) {
264 char *ctx = NULL; 265 char *ctx = NULL;
265 u32 len; 266 u32 len;
@@ -279,7 +280,8 @@ static int audit_log_config_change(char *function_name, int new, int old,
279} 280}
280 281
281static int audit_do_config_change(char *function_name, int *to_change, 282static int audit_do_config_change(char *function_name, int *to_change,
282 int new, uid_t loginuid, u32 sid) 283 int new, uid_t loginuid, u32 sessionid,
284 u32 sid)
283{ 285{
284 int allow_changes, rc = 0, old = *to_change; 286 int allow_changes, rc = 0, old = *to_change;
285 287
@@ -290,8 +292,8 @@ static int audit_do_config_change(char *function_name, int *to_change,
290 allow_changes = 1; 292 allow_changes = 1;
291 293
292 if (audit_enabled != AUDIT_OFF) { 294 if (audit_enabled != AUDIT_OFF) {
293 rc = audit_log_config_change(function_name, new, old, 295 rc = audit_log_config_change(function_name, new, old, loginuid,
294 loginuid, sid, allow_changes); 296 sessionid, sid, allow_changes);
295 if (rc) 297 if (rc)
296 allow_changes = 0; 298 allow_changes = 0;
297 } 299 }
@@ -305,26 +307,28 @@ static int audit_do_config_change(char *function_name, int *to_change,
305 return rc; 307 return rc;
306} 308}
307 309
308static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sid) 310static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sessionid,
311 u32 sid)
309{ 312{
310 return audit_do_config_change("audit_rate_limit", &audit_rate_limit, 313 return audit_do_config_change("audit_rate_limit", &audit_rate_limit,
311 limit, loginuid, sid); 314 limit, loginuid, sessionid, sid);
312} 315}
313 316
314static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid) 317static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sessionid,
318 u32 sid)
315{ 319{
316 return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit, 320 return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit,
317 limit, loginuid, sid); 321 limit, loginuid, sessionid, sid);
318} 322}
319 323
320static int audit_set_enabled(int state, uid_t loginuid, u32 sid) 324static int audit_set_enabled(int state, uid_t loginuid, u32 sessionid, u32 sid)
321{ 325{
322 int rc; 326 int rc;
323 if (state < AUDIT_OFF || state > AUDIT_LOCKED) 327 if (state < AUDIT_OFF || state > AUDIT_LOCKED)
324 return -EINVAL; 328 return -EINVAL;
325 329
326 rc = audit_do_config_change("audit_enabled", &audit_enabled, state, 330 rc = audit_do_config_change("audit_enabled", &audit_enabled, state,
327 loginuid, sid); 331 loginuid, sessionid, sid);
328 332
329 if (!rc) 333 if (!rc)
330 audit_ever_enabled |= !!state; 334 audit_ever_enabled |= !!state;
@@ -332,7 +336,7 @@ static int audit_set_enabled(int state, uid_t loginuid, u32 sid)
332 return rc; 336 return rc;
333} 337}
334 338
335static int audit_set_failure(int state, uid_t loginuid, u32 sid) 339static int audit_set_failure(int state, uid_t loginuid, u32 sessionid, u32 sid)
336{ 340{
337 if (state != AUDIT_FAIL_SILENT 341 if (state != AUDIT_FAIL_SILENT
338 && state != AUDIT_FAIL_PRINTK 342 && state != AUDIT_FAIL_PRINTK
@@ -340,7 +344,7 @@ static int audit_set_failure(int state, uid_t loginuid, u32 sid)
340 return -EINVAL; 344 return -EINVAL;
341 345
342 return audit_do_config_change("audit_failure", &audit_failure, state, 346 return audit_do_config_change("audit_failure", &audit_failure, state,
343 loginuid, sid); 347 loginuid, sessionid, sid);
344} 348}
345 349
346static int kauditd_thread(void *dummy) 350static int kauditd_thread(void *dummy)
@@ -385,7 +389,7 @@ static int kauditd_thread(void *dummy)
385 return 0; 389 return 0;
386} 390}
387 391
388static int audit_prepare_user_tty(pid_t pid, uid_t loginuid) 392static int audit_prepare_user_tty(pid_t pid, uid_t loginuid, u32 sessionid)
389{ 393{
390 struct task_struct *tsk; 394 struct task_struct *tsk;
391 int err; 395 int err;
@@ -404,7 +408,7 @@ static int audit_prepare_user_tty(pid_t pid, uid_t loginuid)
404 if (err) 408 if (err)
405 goto out; 409 goto out;
406 410
407 tty_audit_push_task(tsk, loginuid); 411 tty_audit_push_task(tsk, loginuid, sessionid);
408out: 412out:
409 read_unlock(&tasklist_lock); 413 read_unlock(&tasklist_lock);
410 return err; 414 return err;
@@ -534,7 +538,8 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
534} 538}
535 539
536static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type, 540static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
537 u32 pid, u32 uid, uid_t auid, u32 sid) 541 u32 pid, u32 uid, uid_t auid, u32 ses,
542 u32 sid)
538{ 543{
539 int rc = 0; 544 int rc = 0;
540 char *ctx = NULL; 545 char *ctx = NULL;
@@ -546,8 +551,8 @@ static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
546 } 551 }
547 552
548 *ab = audit_log_start(NULL, GFP_KERNEL, msg_type); 553 *ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
549 audit_log_format(*ab, "user pid=%d uid=%u auid=%u", 554 audit_log_format(*ab, "user pid=%d uid=%u auid=%u ses=%u",
550 pid, uid, auid); 555 pid, uid, auid, ses);
551 if (sid) { 556 if (sid) {
552 rc = security_secid_to_secctx(sid, &ctx, &len); 557 rc = security_secid_to_secctx(sid, &ctx, &len);
553 if (rc) 558 if (rc)
@@ -570,6 +575,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
570 struct audit_buffer *ab; 575 struct audit_buffer *ab;
571 u16 msg_type = nlh->nlmsg_type; 576 u16 msg_type = nlh->nlmsg_type;
572 uid_t loginuid; /* loginuid of sender */ 577 uid_t loginuid; /* loginuid of sender */
578 u32 sessionid;
573 struct audit_sig_info *sig_data; 579 struct audit_sig_info *sig_data;
574 char *ctx = NULL; 580 char *ctx = NULL;
575 u32 len; 581 u32 len;
@@ -591,6 +597,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
591 pid = NETLINK_CREDS(skb)->pid; 597 pid = NETLINK_CREDS(skb)->pid;
592 uid = NETLINK_CREDS(skb)->uid; 598 uid = NETLINK_CREDS(skb)->uid;
593 loginuid = NETLINK_CB(skb).loginuid; 599 loginuid = NETLINK_CB(skb).loginuid;
600 sessionid = NETLINK_CB(skb).sessionid;
594 sid = NETLINK_CB(skb).sid; 601 sid = NETLINK_CB(skb).sid;
595 seq = nlh->nlmsg_seq; 602 seq = nlh->nlmsg_seq;
596 data = NLMSG_DATA(nlh); 603 data = NLMSG_DATA(nlh);
@@ -613,12 +620,12 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
613 status_get = (struct audit_status *)data; 620 status_get = (struct audit_status *)data;
614 if (status_get->mask & AUDIT_STATUS_ENABLED) { 621 if (status_get->mask & AUDIT_STATUS_ENABLED) {
615 err = audit_set_enabled(status_get->enabled, 622 err = audit_set_enabled(status_get->enabled,
616 loginuid, sid); 623 loginuid, sessionid, sid);
617 if (err < 0) return err; 624 if (err < 0) return err;
618 } 625 }
619 if (status_get->mask & AUDIT_STATUS_FAILURE) { 626 if (status_get->mask & AUDIT_STATUS_FAILURE) {
620 err = audit_set_failure(status_get->failure, 627 err = audit_set_failure(status_get->failure,
621 loginuid, sid); 628 loginuid, sessionid, sid);
622 if (err < 0) return err; 629 if (err < 0) return err;
623 } 630 }
624 if (status_get->mask & AUDIT_STATUS_PID) { 631 if (status_get->mask & AUDIT_STATUS_PID) {
@@ -627,17 +634,17 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
627 if (audit_enabled != AUDIT_OFF) 634 if (audit_enabled != AUDIT_OFF)
628 audit_log_config_change("audit_pid", new_pid, 635 audit_log_config_change("audit_pid", new_pid,
629 audit_pid, loginuid, 636 audit_pid, loginuid,
630 sid, 1); 637 sessionid, sid, 1);
631 638
632 audit_pid = new_pid; 639 audit_pid = new_pid;
633 audit_nlk_pid = NETLINK_CB(skb).pid; 640 audit_nlk_pid = NETLINK_CB(skb).pid;
634 } 641 }
635 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) 642 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT)
636 err = audit_set_rate_limit(status_get->rate_limit, 643 err = audit_set_rate_limit(status_get->rate_limit,
637 loginuid, sid); 644 loginuid, sessionid, sid);
638 if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) 645 if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT)
639 err = audit_set_backlog_limit(status_get->backlog_limit, 646 err = audit_set_backlog_limit(status_get->backlog_limit,
640 loginuid, sid); 647 loginuid, sessionid, sid);
641 break; 648 break;
642 case AUDIT_USER: 649 case AUDIT_USER:
643 case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG: 650 case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG:
@@ -649,12 +656,13 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
649 if (err == 1) { 656 if (err == 1) {
650 err = 0; 657 err = 0;
651 if (msg_type == AUDIT_USER_TTY) { 658 if (msg_type == AUDIT_USER_TTY) {
652 err = audit_prepare_user_tty(pid, loginuid); 659 err = audit_prepare_user_tty(pid, loginuid,
660 sessionid);
653 if (err) 661 if (err)
654 break; 662 break;
655 } 663 }
656 audit_log_common_recv_msg(&ab, msg_type, pid, uid, 664 audit_log_common_recv_msg(&ab, msg_type, pid, uid,
657 loginuid, sid); 665 loginuid, sessionid, sid);
658 666
659 if (msg_type != AUDIT_USER_TTY) 667 if (msg_type != AUDIT_USER_TTY)
660 audit_log_format(ab, " msg='%.1024s'", 668 audit_log_format(ab, " msg='%.1024s'",
@@ -677,7 +685,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
677 return -EINVAL; 685 return -EINVAL;
678 if (audit_enabled == AUDIT_LOCKED) { 686 if (audit_enabled == AUDIT_LOCKED) {
679 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid, 687 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
680 uid, loginuid, sid); 688 uid, loginuid, sessionid, sid);
681 689
682 audit_log_format(ab, " audit_enabled=%d res=0", 690 audit_log_format(ab, " audit_enabled=%d res=0",
683 audit_enabled); 691 audit_enabled);
@@ -688,7 +696,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
688 case AUDIT_LIST: 696 case AUDIT_LIST:
689 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, 697 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
690 uid, seq, data, nlmsg_len(nlh), 698 uid, seq, data, nlmsg_len(nlh),
691 loginuid, sid); 699 loginuid, sessionid, sid);
692 break; 700 break;
693 case AUDIT_ADD_RULE: 701 case AUDIT_ADD_RULE:
694 case AUDIT_DEL_RULE: 702 case AUDIT_DEL_RULE:
@@ -696,7 +704,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
696 return -EINVAL; 704 return -EINVAL;
697 if (audit_enabled == AUDIT_LOCKED) { 705 if (audit_enabled == AUDIT_LOCKED) {
698 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid, 706 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
699 uid, loginuid, sid); 707 uid, loginuid, sessionid, sid);
700 708
701 audit_log_format(ab, " audit_enabled=%d res=0", 709 audit_log_format(ab, " audit_enabled=%d res=0",
702 audit_enabled); 710 audit_enabled);
@@ -707,13 +715,13 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
707 case AUDIT_LIST_RULES: 715 case AUDIT_LIST_RULES:
708 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, 716 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
709 uid, seq, data, nlmsg_len(nlh), 717 uid, seq, data, nlmsg_len(nlh),
710 loginuid, sid); 718 loginuid, sessionid, sid);
711 break; 719 break;
712 case AUDIT_TRIM: 720 case AUDIT_TRIM:
713 audit_trim_trees(); 721 audit_trim_trees();
714 722
715 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid, 723 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
716 uid, loginuid, sid); 724 uid, loginuid, sessionid, sid);
717 725
718 audit_log_format(ab, " op=trim res=1"); 726 audit_log_format(ab, " op=trim res=1");
719 audit_log_end(ab); 727 audit_log_end(ab);
@@ -745,7 +753,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
745 err = audit_tag_tree(old, new); 753 err = audit_tag_tree(old, new);
746 754
747 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid, 755 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
748 uid, loginuid, sid); 756 uid, loginuid, sessionid, sid);
749 757
750 audit_log_format(ab, " op=make_equiv old="); 758 audit_log_format(ab, " op=make_equiv old=");
751 audit_log_untrustedstring(ab, old); 759 audit_log_untrustedstring(ab, old);
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 28fef6bf8534..af3ae91c47b1 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1500,8 +1500,9 @@ static void audit_list_rules(int pid, int seq, struct sk_buff_head *q)
1500} 1500}
1501 1501
1502/* Log rule additions and removals */ 1502/* Log rule additions and removals */
1503static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action, 1503static void audit_log_rule_change(uid_t loginuid, u32 sessionid, u32 sid,
1504 struct audit_krule *rule, int res) 1504 char *action, struct audit_krule *rule,
1505 int res)
1505{ 1506{
1506 struct audit_buffer *ab; 1507 struct audit_buffer *ab;
1507 1508
@@ -1511,7 +1512,7 @@ static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action,
1511 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); 1512 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
1512 if (!ab) 1513 if (!ab)
1513 return; 1514 return;
1514 audit_log_format(ab, "auid=%u", loginuid); 1515 audit_log_format(ab, "auid=%u ses=%u", loginuid, sessionid);
1515 if (sid) { 1516 if (sid) {
1516 char *ctx = NULL; 1517 char *ctx = NULL;
1517 u32 len; 1518 u32 len;
@@ -1543,7 +1544,7 @@ static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action,
1543 * @sid: SE Linux Security ID of sender 1544 * @sid: SE Linux Security ID of sender
1544 */ 1545 */
1545int audit_receive_filter(int type, int pid, int uid, int seq, void *data, 1546int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
1546 size_t datasz, uid_t loginuid, u32 sid) 1547 size_t datasz, uid_t loginuid, u32 sessionid, u32 sid)
1547{ 1548{
1548 struct task_struct *tsk; 1549 struct task_struct *tsk;
1549 struct audit_netlink_list *dest; 1550 struct audit_netlink_list *dest;
@@ -1590,7 +1591,8 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
1590 1591
1591 err = audit_add_rule(entry, 1592 err = audit_add_rule(entry,
1592 &audit_filter_list[entry->rule.listnr]); 1593 &audit_filter_list[entry->rule.listnr]);
1593 audit_log_rule_change(loginuid, sid, "add", &entry->rule, !err); 1594 audit_log_rule_change(loginuid, sessionid, sid, "add",
1595 &entry->rule, !err);
1594 1596
1595 if (err) 1597 if (err)
1596 audit_free_rule(entry); 1598 audit_free_rule(entry);
@@ -1606,8 +1608,8 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
1606 1608
1607 err = audit_del_rule(entry, 1609 err = audit_del_rule(entry,
1608 &audit_filter_list[entry->rule.listnr]); 1610 &audit_filter_list[entry->rule.listnr]);
1609 audit_log_rule_change(loginuid, sid, "remove", &entry->rule, 1611 audit_log_rule_change(loginuid, sessionid, sid, "remove",
1610 !err); 1612 &entry->rule, !err);
1611 1613
1612 audit_free_rule(entry); 1614 audit_free_rule(entry);
1613 break; 1615 break;
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 2403a31fe0f6..9e7236ff6bcc 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -1498,7 +1498,8 @@ static int pfkey_add(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr,
1498 err = xfrm_state_update(x); 1498 err = xfrm_state_update(x);
1499 1499
1500 xfrm_audit_state_add(x, err ? 0 : 1, 1500 xfrm_audit_state_add(x, err ? 0 : 1,
1501 audit_get_loginuid(current), 0); 1501 audit_get_loginuid(current),
1502 audit_get_sessionid(current), 0);
1502 1503
1503 if (err < 0) { 1504 if (err < 0) {
1504 x->km.state = XFRM_STATE_DEAD; 1505 x->km.state = XFRM_STATE_DEAD;
@@ -1552,7 +1553,8 @@ static int pfkey_delete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
1552 km_state_notify(x, &c); 1553 km_state_notify(x, &c);
1553out: 1554out:
1554 xfrm_audit_state_delete(x, err ? 0 : 1, 1555 xfrm_audit_state_delete(x, err ? 0 : 1,
1555 audit_get_loginuid(current), 0); 1556 audit_get_loginuid(current),
1557 audit_get_sessionid(current), 0);
1556 xfrm_state_put(x); 1558 xfrm_state_put(x);
1557 1559
1558 return err; 1560 return err;
@@ -1728,6 +1730,7 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hd
1728 return -EINVAL; 1730 return -EINVAL;
1729 1731
1730 audit_info.loginuid = audit_get_loginuid(current); 1732 audit_info.loginuid = audit_get_loginuid(current);
1733 audit_info.sessionid = audit_get_sessionid(current);
1731 audit_info.secid = 0; 1734 audit_info.secid = 0;
1732 err = xfrm_state_flush(proto, &audit_info); 1735 err = xfrm_state_flush(proto, &audit_info);
1733 if (err) 1736 if (err)
@@ -2324,7 +2327,8 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
2324 hdr->sadb_msg_type != SADB_X_SPDUPDATE); 2327 hdr->sadb_msg_type != SADB_X_SPDUPDATE);
2325 2328
2326 xfrm_audit_policy_add(xp, err ? 0 : 1, 2329 xfrm_audit_policy_add(xp, err ? 0 : 1,
2327 audit_get_loginuid(current), 0); 2330 audit_get_loginuid(current),
2331 audit_get_sessionid(current), 0);
2328 2332
2329 if (err) 2333 if (err)
2330 goto out; 2334 goto out;
@@ -2406,7 +2410,8 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
2406 return -ENOENT; 2410 return -ENOENT;
2407 2411
2408 xfrm_audit_policy_delete(xp, err ? 0 : 1, 2412 xfrm_audit_policy_delete(xp, err ? 0 : 1,
2409 audit_get_loginuid(current), 0); 2413 audit_get_loginuid(current),
2414 audit_get_sessionid(current), 0);
2410 2415
2411 if (err) 2416 if (err)
2412 goto out; 2417 goto out;
@@ -2667,7 +2672,8 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
2667 2672
2668 if (delete) { 2673 if (delete) {
2669 xfrm_audit_policy_delete(xp, err ? 0 : 1, 2674 xfrm_audit_policy_delete(xp, err ? 0 : 1,
2670 audit_get_loginuid(current), 0); 2675 audit_get_loginuid(current),
2676 audit_get_sessionid(current), 0);
2671 2677
2672 if (err) 2678 if (err)
2673 goto out; 2679 goto out;
@@ -2767,6 +2773,7 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg
2767 int err; 2773 int err;
2768 2774
2769 audit_info.loginuid = audit_get_loginuid(current); 2775 audit_info.loginuid = audit_get_loginuid(current);
2776 audit_info.sessionid = audit_get_sessionid(current);
2770 audit_info.secid = 0; 2777 audit_info.secid = 0;
2771 err = xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info); 2778 err = xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info);
2772 if (err) 2779 if (err)
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index d282ad1570a7..0099da5b2591 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -1780,6 +1780,7 @@ int __init netlbl_unlabel_defconf(void)
1780 * messages so don't worry to much about these values. */ 1780 * messages so don't worry to much about these values. */
1781 security_task_getsecid(current, &audit_info.secid); 1781 security_task_getsecid(current, &audit_info.secid);
1782 audit_info.loginuid = 0; 1782 audit_info.loginuid = 0;
1783 audit_info.sessionid = 0;
1783 1784
1784 entry = kzalloc(sizeof(*entry), GFP_KERNEL); 1785 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
1785 if (entry == NULL) 1786 if (entry == NULL)
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index b17d4203806e..68706b4e3bf8 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -107,7 +107,9 @@ struct audit_buffer *netlbl_audit_start_common(int type,
107 if (audit_buf == NULL) 107 if (audit_buf == NULL)
108 return NULL; 108 return NULL;
109 109
110 audit_log_format(audit_buf, "netlabel: auid=%u", audit_info->loginuid); 110 audit_log_format(audit_buf, "netlabel: auid=%u ses=%u",
111 audit_info->loginuid,
112 audit_info->sessionid);
111 113
112 if (audit_info->secid != 0 && 114 if (audit_info->secid != 0 &&
113 security_secid_to_secctx(audit_info->secid, 115 security_secid_to_secctx(audit_info->secid,
diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h
index 6d7f4ab46c2b..6caef8b20611 100644
--- a/net/netlabel/netlabel_user.h
+++ b/net/netlabel/netlabel_user.h
@@ -51,6 +51,7 @@ static inline void netlbl_netlink_auditinfo(struct sk_buff *skb,
51{ 51{
52 audit_info->secid = NETLINK_CB(skb).sid; 52 audit_info->secid = NETLINK_CB(skb).sid;
53 audit_info->loginuid = NETLINK_CB(skb).loginuid; 53 audit_info->loginuid = NETLINK_CB(skb).loginuid;
54 audit_info->sessionid = NETLINK_CB(skb).sessionid;
54} 55}
55 56
56/* NetLabel NETLINK I/O functions */ 57/* NetLabel NETLINK I/O functions */
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 46f3e44bb83a..9b97f8006c9c 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1248,6 +1248,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
1248 NETLINK_CB(skb).pid = nlk->pid; 1248 NETLINK_CB(skb).pid = nlk->pid;
1249 NETLINK_CB(skb).dst_group = dst_group; 1249 NETLINK_CB(skb).dst_group = dst_group;
1250 NETLINK_CB(skb).loginuid = audit_get_loginuid(current); 1250 NETLINK_CB(skb).loginuid = audit_get_loginuid(current);
1251 NETLINK_CB(skb).sessionid = audit_get_sessionid(current);
1251 security_task_getsecid(current, &(NETLINK_CB(skb).sid)); 1252 security_task_getsecid(current, &(NETLINK_CB(skb).sid));
1252 memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); 1253 memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
1253 1254
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index e0c0390613c0..cae9fd815543 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -762,6 +762,7 @@ xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info)
762 if (err) { 762 if (err) {
763 xfrm_audit_policy_delete(pol, 0, 763 xfrm_audit_policy_delete(pol, 0,
764 audit_info->loginuid, 764 audit_info->loginuid,
765 audit_info->sessionid,
765 audit_info->secid); 766 audit_info->secid);
766 return err; 767 return err;
767 } 768 }
@@ -777,6 +778,7 @@ xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info)
777 if (err) { 778 if (err) {
778 xfrm_audit_policy_delete(pol, 0, 779 xfrm_audit_policy_delete(pol, 0,
779 audit_info->loginuid, 780 audit_info->loginuid,
781 audit_info->sessionid,
780 audit_info->secid); 782 audit_info->secid);
781 return err; 783 return err;
782 } 784 }
@@ -819,6 +821,7 @@ int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info)
819 write_unlock_bh(&xfrm_policy_lock); 821 write_unlock_bh(&xfrm_policy_lock);
820 822
821 xfrm_audit_policy_delete(pol, 1, audit_info->loginuid, 823 xfrm_audit_policy_delete(pol, 1, audit_info->loginuid,
824 audit_info->sessionid,
822 audit_info->secid); 825 audit_info->secid);
823 826
824 xfrm_policy_kill(pol); 827 xfrm_policy_kill(pol);
@@ -841,6 +844,7 @@ int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info)
841 844
842 xfrm_audit_policy_delete(pol, 1, 845 xfrm_audit_policy_delete(pol, 1,
843 audit_info->loginuid, 846 audit_info->loginuid,
847 audit_info->sessionid,
844 audit_info->secid); 848 audit_info->secid);
845 xfrm_policy_kill(pol); 849 xfrm_policy_kill(pol);
846 killed++; 850 killed++;
@@ -2472,14 +2476,14 @@ static void xfrm_audit_common_policyinfo(struct xfrm_policy *xp,
2472} 2476}
2473 2477
2474void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, 2478void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
2475 u32 auid, u32 secid) 2479 uid_t auid, u32 sessionid, u32 secid)
2476{ 2480{
2477 struct audit_buffer *audit_buf; 2481 struct audit_buffer *audit_buf;
2478 2482
2479 audit_buf = xfrm_audit_start("SPD-add"); 2483 audit_buf = xfrm_audit_start("SPD-add");
2480 if (audit_buf == NULL) 2484 if (audit_buf == NULL)
2481 return; 2485 return;
2482 xfrm_audit_helper_usrinfo(auid, secid, audit_buf); 2486 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2483 audit_log_format(audit_buf, " res=%u", result); 2487 audit_log_format(audit_buf, " res=%u", result);
2484 xfrm_audit_common_policyinfo(xp, audit_buf); 2488 xfrm_audit_common_policyinfo(xp, audit_buf);
2485 audit_log_end(audit_buf); 2489 audit_log_end(audit_buf);
@@ -2487,14 +2491,14 @@ void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
2487EXPORT_SYMBOL_GPL(xfrm_audit_policy_add); 2491EXPORT_SYMBOL_GPL(xfrm_audit_policy_add);
2488 2492
2489void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, 2493void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
2490 u32 auid, u32 secid) 2494 uid_t auid, u32 sessionid, u32 secid)
2491{ 2495{
2492 struct audit_buffer *audit_buf; 2496 struct audit_buffer *audit_buf;
2493 2497
2494 audit_buf = xfrm_audit_start("SPD-delete"); 2498 audit_buf = xfrm_audit_start("SPD-delete");
2495 if (audit_buf == NULL) 2499 if (audit_buf == NULL)
2496 return; 2500 return;
2497 xfrm_audit_helper_usrinfo(auid, secid, audit_buf); 2501 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2498 audit_log_format(audit_buf, " res=%u", result); 2502 audit_log_format(audit_buf, " res=%u", result);
2499 xfrm_audit_common_policyinfo(xp, audit_buf); 2503 xfrm_audit_common_policyinfo(xp, audit_buf);
2500 audit_log_end(audit_buf); 2504 audit_log_end(audit_buf);
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 5dcc10b93c86..c3f5f70934ec 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -496,7 +496,8 @@ expired:
496 km_state_expired(x, 1, 0); 496 km_state_expired(x, 1, 0);
497 497
498 xfrm_audit_state_delete(x, err ? 0 : 1, 498 xfrm_audit_state_delete(x, err ? 0 : 1,
499 audit_get_loginuid(current), 0); 499 audit_get_loginuid(current),
500 audit_get_sessionid(current), 0);
500 501
501out: 502out:
502 spin_unlock(&x->lock); 503 spin_unlock(&x->lock);
@@ -603,6 +604,7 @@ xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
603 (err = security_xfrm_state_delete(x)) != 0) { 604 (err = security_xfrm_state_delete(x)) != 0) {
604 xfrm_audit_state_delete(x, 0, 605 xfrm_audit_state_delete(x, 0,
605 audit_info->loginuid, 606 audit_info->loginuid,
607 audit_info->sessionid,
606 audit_info->secid); 608 audit_info->secid);
607 return err; 609 return err;
608 } 610 }
@@ -641,6 +643,7 @@ restart:
641 err = xfrm_state_delete(x); 643 err = xfrm_state_delete(x);
642 xfrm_audit_state_delete(x, err ? 0 : 1, 644 xfrm_audit_state_delete(x, err ? 0 : 1,
643 audit_info->loginuid, 645 audit_info->loginuid,
646 audit_info->sessionid,
644 audit_info->secid); 647 audit_info->secid);
645 xfrm_state_put(x); 648 xfrm_state_put(x);
646 649
@@ -2123,14 +2126,14 @@ static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
2123} 2126}
2124 2127
2125void xfrm_audit_state_add(struct xfrm_state *x, int result, 2128void xfrm_audit_state_add(struct xfrm_state *x, int result,
2126 u32 auid, u32 secid) 2129 uid_t auid, u32 sessionid, u32 secid)
2127{ 2130{
2128 struct audit_buffer *audit_buf; 2131 struct audit_buffer *audit_buf;
2129 2132
2130 audit_buf = xfrm_audit_start("SAD-add"); 2133 audit_buf = xfrm_audit_start("SAD-add");
2131 if (audit_buf == NULL) 2134 if (audit_buf == NULL)
2132 return; 2135 return;
2133 xfrm_audit_helper_usrinfo(auid, secid, audit_buf); 2136 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2134 xfrm_audit_helper_sainfo(x, audit_buf); 2137 xfrm_audit_helper_sainfo(x, audit_buf);
2135 audit_log_format(audit_buf, " res=%u", result); 2138 audit_log_format(audit_buf, " res=%u", result);
2136 audit_log_end(audit_buf); 2139 audit_log_end(audit_buf);
@@ -2138,14 +2141,14 @@ void xfrm_audit_state_add(struct xfrm_state *x, int result,
2138EXPORT_SYMBOL_GPL(xfrm_audit_state_add); 2141EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2139 2142
2140void xfrm_audit_state_delete(struct xfrm_state *x, int result, 2143void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2141 u32 auid, u32 secid) 2144 uid_t auid, u32 sessionid, u32 secid)
2142{ 2145{
2143 struct audit_buffer *audit_buf; 2146 struct audit_buffer *audit_buf;
2144 2147
2145 audit_buf = xfrm_audit_start("SAD-delete"); 2148 audit_buf = xfrm_audit_start("SAD-delete");
2146 if (audit_buf == NULL) 2149 if (audit_buf == NULL)
2147 return; 2150 return;
2148 xfrm_audit_helper_usrinfo(auid, secid, audit_buf); 2151 xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2149 xfrm_audit_helper_sainfo(x, audit_buf); 2152 xfrm_audit_helper_sainfo(x, audit_buf);
2150 audit_log_format(audit_buf, " res=%u", result); 2153 audit_log_format(audit_buf, " res=%u", result);
2151 audit_log_end(audit_buf); 2154 audit_log_end(audit_buf);
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 22a30ae582a2..a1b0fbe3ea35 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -407,6 +407,9 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
407 struct xfrm_state *x; 407 struct xfrm_state *x;
408 int err; 408 int err;
409 struct km_event c; 409 struct km_event c;
410 uid_t loginuid = NETLINK_CB(skb).loginuid;
411 u32 sessionid = NETLINK_CB(skb).sessionid;
412 u32 sid = NETLINK_CB(skb).sid;
410 413
411 err = verify_newsa_info(p, attrs); 414 err = verify_newsa_info(p, attrs);
412 if (err) 415 if (err)
@@ -422,8 +425,7 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
422 else 425 else
423 err = xfrm_state_update(x); 426 err = xfrm_state_update(x);
424 427
425 xfrm_audit_state_add(x, err ? 0 : 1, NETLINK_CB(skb).loginuid, 428 xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid, sid);
426 NETLINK_CB(skb).sid);
427 429
428 if (err < 0) { 430 if (err < 0) {
429 x->km.state = XFRM_STATE_DEAD; 431 x->km.state = XFRM_STATE_DEAD;
@@ -478,6 +480,9 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
478 int err = -ESRCH; 480 int err = -ESRCH;
479 struct km_event c; 481 struct km_event c;
480 struct xfrm_usersa_id *p = nlmsg_data(nlh); 482 struct xfrm_usersa_id *p = nlmsg_data(nlh);
483 uid_t loginuid = NETLINK_CB(skb).loginuid;
484 u32 sessionid = NETLINK_CB(skb).sessionid;
485 u32 sid = NETLINK_CB(skb).sid;
481 486
482 x = xfrm_user_state_lookup(p, attrs, &err); 487 x = xfrm_user_state_lookup(p, attrs, &err);
483 if (x == NULL) 488 if (x == NULL)
@@ -502,8 +507,7 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
502 km_state_notify(x, &c); 507 km_state_notify(x, &c);
503 508
504out: 509out:
505 xfrm_audit_state_delete(x, err ? 0 : 1, NETLINK_CB(skb).loginuid, 510 xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid, sid);
506 NETLINK_CB(skb).sid);
507 xfrm_state_put(x); 511 xfrm_state_put(x);
508 return err; 512 return err;
509} 513}
@@ -1123,6 +1127,9 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1123 struct km_event c; 1127 struct km_event c;
1124 int err; 1128 int err;
1125 int excl; 1129 int excl;
1130 uid_t loginuid = NETLINK_CB(skb).loginuid;
1131 u32 sessionid = NETLINK_CB(skb).sessionid;
1132 u32 sid = NETLINK_CB(skb).sid;
1126 1133
1127 err = verify_newpolicy_info(p); 1134 err = verify_newpolicy_info(p);
1128 if (err) 1135 if (err)
@@ -1141,8 +1148,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1141 * a type XFRM_MSG_UPDPOLICY - JHS */ 1148 * a type XFRM_MSG_UPDPOLICY - JHS */
1142 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; 1149 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY;
1143 err = xfrm_policy_insert(p->dir, xp, excl); 1150 err = xfrm_policy_insert(p->dir, xp, excl);
1144 xfrm_audit_policy_add(xp, err ? 0 : 1, NETLINK_CB(skb).loginuid, 1151 xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid, sid);
1145 NETLINK_CB(skb).sid);
1146 1152
1147 if (err) { 1153 if (err) {
1148 security_xfrm_policy_free(xp->security); 1154 security_xfrm_policy_free(xp->security);
@@ -1371,9 +1377,12 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1371 NETLINK_CB(skb).pid); 1377 NETLINK_CB(skb).pid);
1372 } 1378 }
1373 } else { 1379 } else {
1374 xfrm_audit_policy_delete(xp, err ? 0 : 1, 1380 uid_t loginuid = NETLINK_CB(skb).loginuid;
1375 NETLINK_CB(skb).loginuid, 1381 u32 sessionid = NETLINK_CB(skb).sessionid;
1376 NETLINK_CB(skb).sid); 1382 u32 sid = NETLINK_CB(skb).sid;
1383
1384 xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid,
1385 sid);
1377 1386
1378 if (err != 0) 1387 if (err != 0)
1379 goto out; 1388 goto out;
@@ -1399,6 +1408,7 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
1399 int err; 1408 int err;
1400 1409
1401 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1410 audit_info.loginuid = NETLINK_CB(skb).loginuid;
1411 audit_info.sessionid = NETLINK_CB(skb).sessionid;
1402 audit_info.secid = NETLINK_CB(skb).sid; 1412 audit_info.secid = NETLINK_CB(skb).sid;
1403 err = xfrm_state_flush(p->proto, &audit_info); 1413 err = xfrm_state_flush(p->proto, &audit_info);
1404 if (err) 1414 if (err)
@@ -1546,6 +1556,7 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
1546 return err; 1556 return err;
1547 1557
1548 audit_info.loginuid = NETLINK_CB(skb).loginuid; 1558 audit_info.loginuid = NETLINK_CB(skb).loginuid;
1559 audit_info.sessionid = NETLINK_CB(skb).sessionid;
1549 audit_info.secid = NETLINK_CB(skb).sid; 1560 audit_info.secid = NETLINK_CB(skb).sid;
1550 err = xfrm_policy_flush(type, &audit_info); 1561 err = xfrm_policy_flush(type, &audit_info);
1551 if (err) 1562 if (err)
@@ -1604,9 +1615,11 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
1604 read_unlock(&xp->lock); 1615 read_unlock(&xp->lock);
1605 err = 0; 1616 err = 0;
1606 if (up->hard) { 1617 if (up->hard) {
1618 uid_t loginuid = NETLINK_CB(skb).loginuid;
1619 uid_t sessionid = NETLINK_CB(skb).sessionid;
1620 u32 sid = NETLINK_CB(skb).sid;
1607 xfrm_policy_delete(xp, p->dir); 1621 xfrm_policy_delete(xp, p->dir);
1608 xfrm_audit_policy_delete(xp, 1, NETLINK_CB(skb).loginuid, 1622 xfrm_audit_policy_delete(xp, 1, loginuid, sessionid, sid);
1609 NETLINK_CB(skb).sid);
1610 1623
1611 } else { 1624 } else {
1612 // reset the timers here? 1625 // reset the timers here?
@@ -1640,9 +1653,11 @@ static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
1640 km_state_expired(x, ue->hard, current->pid); 1653 km_state_expired(x, ue->hard, current->pid);
1641 1654
1642 if (ue->hard) { 1655 if (ue->hard) {
1656 uid_t loginuid = NETLINK_CB(skb).loginuid;
1657 uid_t sessionid = NETLINK_CB(skb).sessionid;
1658 u32 sid = NETLINK_CB(skb).sid;
1643 __xfrm_state_delete(x); 1659 __xfrm_state_delete(x);
1644 xfrm_audit_state_delete(x, 1, NETLINK_CB(skb).loginuid, 1660 xfrm_audit_state_delete(x, 1, loginuid, sessionid, sid);
1645 NETLINK_CB(skb).sid);
1646 } 1661 }
1647 err = 0; 1662 err = 0;
1648out: 1663out:
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 6ba283783b70..5d1bee0fa513 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -324,6 +324,7 @@ void smk_cipso_doi(void)
324 struct netlbl_audit audit_info; 324 struct netlbl_audit audit_info;
325 325
326 audit_info.loginuid = audit_get_loginuid(current); 326 audit_info.loginuid = audit_get_loginuid(current);
327 audit_info.sessionid = audit_get_sessionid(current);
327 audit_info.secid = smack_to_secid(current->security); 328 audit_info.secid = smack_to_secid(current->security);
328 329
329 rc = netlbl_cfg_map_del(NULL, &audit_info); 330 rc = netlbl_cfg_map_del(NULL, &audit_info);
@@ -356,6 +357,7 @@ void smk_unlbl_ambient(char *oldambient)
356 struct netlbl_audit audit_info; 357 struct netlbl_audit audit_info;
357 358
358 audit_info.loginuid = audit_get_loginuid(current); 359 audit_info.loginuid = audit_get_loginuid(current);
360 audit_info.sessionid = audit_get_sessionid(current);
359 audit_info.secid = smack_to_secid(current->security); 361 audit_info.secid = smack_to_secid(current->security);
360 362
361 if (oldambient != NULL) { 363 if (oldambient != NULL) {
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-27 04:07:43 -0500