aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@g5.osdl.org>2006-05-02 00:43:05 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2006-05-02 00:43:05 -0400
commit532f57da408c5a5710075d17047e2d97bdfd22f3 (patch)
tree3fb378bea1816f637aeeed0df805d0c30969cfc3
parent46c5ea3c9ae7fbc6e52a13c92e59d4fc7f4ca80a (diff)
parent2ad312d2093ae506ae0fa184d8d026b559083087 (diff)
Merge branch 'audit.b10' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b10' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: [PATCH] Audit Filter Performance [PATCH] Rework of IPC auditing [PATCH] More user space subject labels [PATCH] Reworked patch for labels on user space messages [PATCH] change lspp ipc auditing [PATCH] audit inode patch [PATCH] support for context based audit filtering, part 2 [PATCH] support for context based audit filtering [PATCH] no need to wank with task_lock() and pinning task down in audit_syscall_exit() [PATCH] drop task argument of audit_syscall_{entry,exit} [PATCH] drop gfp_mask in audit_log_exit() [PATCH] move call of audit_free() into do_exit() [PATCH] sockaddr patch [PATCH] deal with deadlocks in audit_free()
-rw-r--r--arch/i386/kernel/ptrace.c7
-rw-r--r--arch/i386/kernel/vm86.c2
-rw-r--r--arch/ia64/kernel/ptrace.c4
-rw-r--r--arch/mips/kernel/ptrace.c4
-rw-r--r--arch/powerpc/kernel/ptrace.c5
-rw-r--r--arch/s390/kernel/ptrace.c5
-rw-r--r--arch/sparc64/kernel/ptrace.c5
-rw-r--r--arch/um/kernel/ptrace.c6
-rw-r--r--arch/x86_64/kernel/ptrace.c6
-rw-r--r--include/linux/audit.h22
-rw-r--r--include/linux/netlink.h1
-rw-r--r--include/linux/security.h16
-rw-r--r--include/linux/selinux.h177
-rw-r--r--ipc/msg.c11
-rw-r--r--ipc/sem.c11
-rw-r--r--ipc/shm.c19
-rw-r--r--ipc/util.c7
-rw-r--r--kernel/audit.c160
-rw-r--r--kernel/audit.h10
-rw-r--r--kernel/auditfilter.c289
-rw-r--r--kernel/auditsc.c269
-rw-r--r--kernel/exit.c3
-rw-r--r--kernel/fork.c2
-rw-r--r--net/netlink/af_netlink.c2
-rw-r--r--net/socket.c2
-rw-r--r--security/dummy.c6
-rw-r--r--security/selinux/Makefile2
-rw-r--r--security/selinux/avc.c13
-rw-r--r--security/selinux/exports.c74
-rw-r--r--security/selinux/hooks.c8
-rw-r--r--security/selinux/ss/mls.c30
-rw-r--r--security/selinux/ss/mls.h4
-rw-r--r--security/selinux/ss/services.c235
33 files changed, 1142 insertions, 275 deletions
diff --git a/arch/i386/kernel/ptrace.c b/arch/i386/kernel/ptrace.c
index 506462ef36a0..fd7eaf7866e0 100644
--- a/arch/i386/kernel/ptrace.c
+++ b/arch/i386/kernel/ptrace.c
@@ -671,7 +671,7 @@ int do_syscall_trace(struct pt_regs *regs, int entryexit)
671 671
672 if (unlikely(current->audit_context)) { 672 if (unlikely(current->audit_context)) {
673 if (entryexit) 673 if (entryexit)
674 audit_syscall_exit(current, AUDITSC_RESULT(regs->eax), 674 audit_syscall_exit(AUDITSC_RESULT(regs->eax),
675 regs->eax); 675 regs->eax);
676 /* Debug traps, when using PTRACE_SINGLESTEP, must be sent only 676 /* Debug traps, when using PTRACE_SINGLESTEP, must be sent only
677 * on the syscall exit path. Normally, when TIF_SYSCALL_AUDIT is 677 * on the syscall exit path. Normally, when TIF_SYSCALL_AUDIT is
@@ -720,14 +720,13 @@ int do_syscall_trace(struct pt_regs *regs, int entryexit)
720 ret = is_sysemu; 720 ret = is_sysemu;
721out: 721out:
722 if (unlikely(current->audit_context) && !entryexit) 722 if (unlikely(current->audit_context) && !entryexit)
723 audit_syscall_entry(current, AUDIT_ARCH_I386, regs->orig_eax, 723 audit_syscall_entry(AUDIT_ARCH_I386, regs->orig_eax,
724 regs->ebx, regs->ecx, regs->edx, regs->esi); 724 regs->ebx, regs->ecx, regs->edx, regs->esi);
725 if (ret == 0) 725 if (ret == 0)
726 return 0; 726 return 0;
727 727
728 regs->orig_eax = -1; /* force skip of syscall restarting */ 728 regs->orig_eax = -1; /* force skip of syscall restarting */
729 if (unlikely(current->audit_context)) 729 if (unlikely(current->audit_context))
730 audit_syscall_exit(current, AUDITSC_RESULT(regs->eax), 730 audit_syscall_exit(AUDITSC_RESULT(regs->eax), regs->eax);
731 regs->eax);
732 return 1; 731 return 1;
733} 732}
diff --git a/arch/i386/kernel/vm86.c b/arch/i386/kernel/vm86.c
index aee14fafd13d..00e0118e717c 100644
--- a/arch/i386/kernel/vm86.c
+++ b/arch/i386/kernel/vm86.c
@@ -312,7 +312,7 @@ static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk
312 312
313 /*call audit_syscall_exit since we do not exit via the normal paths */ 313 /*call audit_syscall_exit since we do not exit via the normal paths */
314 if (unlikely(current->audit_context)) 314 if (unlikely(current->audit_context))
315 audit_syscall_exit(current, AUDITSC_RESULT(eax), eax); 315 audit_syscall_exit(AUDITSC_RESULT(eax), eax);
316 316
317 __asm__ __volatile__( 317 __asm__ __volatile__(
318 "movl %0,%%esp\n\t" 318 "movl %0,%%esp\n\t"
diff --git a/arch/ia64/kernel/ptrace.c b/arch/ia64/kernel/ptrace.c
index 9887c8787e7a..e61e15e28d8b 100644
--- a/arch/ia64/kernel/ptrace.c
+++ b/arch/ia64/kernel/ptrace.c
@@ -1644,7 +1644,7 @@ syscall_trace_enter (long arg0, long arg1, long arg2, long arg3,
1644 arch = AUDIT_ARCH_IA64; 1644 arch = AUDIT_ARCH_IA64;
1645 } 1645 }
1646 1646
1647 audit_syscall_entry(current, arch, syscall, arg0, arg1, arg2, arg3); 1647 audit_syscall_entry(arch, syscall, arg0, arg1, arg2, arg3);
1648 } 1648 }
1649 1649
1650} 1650}
@@ -1662,7 +1662,7 @@ syscall_trace_leave (long arg0, long arg1, long arg2, long arg3,
1662 1662
1663 if (success != AUDITSC_SUCCESS) 1663 if (success != AUDITSC_SUCCESS)
1664 result = -result; 1664 result = -result;
1665 audit_syscall_exit(current, success, result); 1665 audit_syscall_exit(success, result);
1666 } 1666 }
1667 1667
1668 if (test_thread_flag(TIF_SYSCALL_TRACE) 1668 if (test_thread_flag(TIF_SYSCALL_TRACE)
diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c
index f3106d0771b0..9b4733c12395 100644
--- a/arch/mips/kernel/ptrace.c
+++ b/arch/mips/kernel/ptrace.c
@@ -483,7 +483,7 @@ static inline int audit_arch(void)
483asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit) 483asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit)
484{ 484{
485 if (unlikely(current->audit_context) && entryexit) 485 if (unlikely(current->audit_context) && entryexit)
486 audit_syscall_exit(current, AUDITSC_RESULT(regs->regs[2]), 486 audit_syscall_exit(AUDITSC_RESULT(regs->regs[2]),
487 regs->regs[2]); 487 regs->regs[2]);
488 488
489 if (!(current->ptrace & PT_PTRACED)) 489 if (!(current->ptrace & PT_PTRACED))
@@ -507,7 +507,7 @@ asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit)
507 } 507 }
508 out: 508 out:
509 if (unlikely(current->audit_context) && !entryexit) 509 if (unlikely(current->audit_context) && !entryexit)
510 audit_syscall_entry(current, audit_arch(), regs->regs[2], 510 audit_syscall_entry(audit_arch(), regs->regs[2],
511 regs->regs[4], regs->regs[5], 511 regs->regs[4], regs->regs[5],
512 regs->regs[6], regs->regs[7]); 512 regs->regs[6], regs->regs[7]);
513} 513}
diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
index bcb83574335b..4a677d1bd4ef 100644
--- a/arch/powerpc/kernel/ptrace.c
+++ b/arch/powerpc/kernel/ptrace.c
@@ -538,7 +538,7 @@ void do_syscall_trace_enter(struct pt_regs *regs)
538 do_syscall_trace(); 538 do_syscall_trace();
539 539
540 if (unlikely(current->audit_context)) 540 if (unlikely(current->audit_context))
541 audit_syscall_entry(current, 541 audit_syscall_entry(
542#ifdef CONFIG_PPC32 542#ifdef CONFIG_PPC32
543 AUDIT_ARCH_PPC, 543 AUDIT_ARCH_PPC,
544#else 544#else
@@ -556,8 +556,7 @@ void do_syscall_trace_leave(struct pt_regs *regs)
556#endif 556#endif
557 557
558 if (unlikely(current->audit_context)) 558 if (unlikely(current->audit_context))
559 audit_syscall_exit(current, 559 audit_syscall_exit((regs->ccr&0x1000)?AUDITSC_FAILURE:AUDITSC_SUCCESS,
560 (regs->ccr&0x1000)?AUDITSC_FAILURE:AUDITSC_SUCCESS,
561 regs->result); 560 regs->result);
562 561
563 if ((test_thread_flag(TIF_SYSCALL_TRACE) 562 if ((test_thread_flag(TIF_SYSCALL_TRACE)
diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c
index 37dfe33dab73..8f36504075ed 100644
--- a/arch/s390/kernel/ptrace.c
+++ b/arch/s390/kernel/ptrace.c
@@ -734,7 +734,7 @@ asmlinkage void
734syscall_trace(struct pt_regs *regs, int entryexit) 734syscall_trace(struct pt_regs *regs, int entryexit)
735{ 735{
736 if (unlikely(current->audit_context) && entryexit) 736 if (unlikely(current->audit_context) && entryexit)
737 audit_syscall_exit(current, AUDITSC_RESULT(regs->gprs[2]), regs->gprs[2]); 737 audit_syscall_exit(AUDITSC_RESULT(regs->gprs[2]), regs->gprs[2]);
738 738
739 if (!test_thread_flag(TIF_SYSCALL_TRACE)) 739 if (!test_thread_flag(TIF_SYSCALL_TRACE))
740 goto out; 740 goto out;
@@ -761,8 +761,7 @@ syscall_trace(struct pt_regs *regs, int entryexit)
761 } 761 }
762 out: 762 out:
763 if (unlikely(current->audit_context) && !entryexit) 763 if (unlikely(current->audit_context) && !entryexit)
764 audit_syscall_entry(current, 764 audit_syscall_entry(test_thread_flag(TIF_31BIT)?AUDIT_ARCH_S390:AUDIT_ARCH_S390X,
765 test_thread_flag(TIF_31BIT)?AUDIT_ARCH_S390:AUDIT_ARCH_S390X,
766 regs->gprs[2], regs->orig_gpr2, regs->gprs[3], 765 regs->gprs[2], regs->orig_gpr2, regs->gprs[3],
767 regs->gprs[4], regs->gprs[5]); 766 regs->gprs[4], regs->gprs[5]);
768} 767}
diff --git a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c
index 49e6dedd027d..d31975e6d6f6 100644
--- a/arch/sparc64/kernel/ptrace.c
+++ b/arch/sparc64/kernel/ptrace.c
@@ -653,7 +653,7 @@ asmlinkage void syscall_trace(struct pt_regs *regs, int syscall_exit_p)
653 if (unlikely(tstate & (TSTATE_XCARRY | TSTATE_ICARRY))) 653 if (unlikely(tstate & (TSTATE_XCARRY | TSTATE_ICARRY)))
654 result = AUDITSC_FAILURE; 654 result = AUDITSC_FAILURE;
655 655
656 audit_syscall_exit(current, result, regs->u_regs[UREG_I0]); 656 audit_syscall_exit(result, regs->u_regs[UREG_I0]);
657 } 657 }
658 658
659 if (!(current->ptrace & PT_PTRACED)) 659 if (!(current->ptrace & PT_PTRACED))
@@ -677,8 +677,7 @@ asmlinkage void syscall_trace(struct pt_regs *regs, int syscall_exit_p)
677 677
678out: 678out:
679 if (unlikely(current->audit_context) && !syscall_exit_p) 679 if (unlikely(current->audit_context) && !syscall_exit_p)
680 audit_syscall_entry(current, 680 audit_syscall_entry((test_thread_flag(TIF_32BIT) ?
681 (test_thread_flag(TIF_32BIT) ?
682 AUDIT_ARCH_SPARC : 681 AUDIT_ARCH_SPARC :
683 AUDIT_ARCH_SPARC64), 682 AUDIT_ARCH_SPARC64),
684 regs->u_regs[UREG_G1], 683 regs->u_regs[UREG_G1],
diff --git a/arch/um/kernel/ptrace.c b/arch/um/kernel/ptrace.c
index 60d2eda995c1..9a77fb3c269d 100644
--- a/arch/um/kernel/ptrace.c
+++ b/arch/um/kernel/ptrace.c
@@ -275,15 +275,13 @@ void syscall_trace(union uml_pt_regs *regs, int entryexit)
275 275
276 if (unlikely(current->audit_context)) { 276 if (unlikely(current->audit_context)) {
277 if (!entryexit) 277 if (!entryexit)
278 audit_syscall_entry(current, 278 audit_syscall_entry(HOST_AUDIT_ARCH,
279 HOST_AUDIT_ARCH,
280 UPT_SYSCALL_NR(regs), 279 UPT_SYSCALL_NR(regs),
281 UPT_SYSCALL_ARG1(regs), 280 UPT_SYSCALL_ARG1(regs),
282 UPT_SYSCALL_ARG2(regs), 281 UPT_SYSCALL_ARG2(regs),
283 UPT_SYSCALL_ARG3(regs), 282 UPT_SYSCALL_ARG3(regs),
284 UPT_SYSCALL_ARG4(regs)); 283 UPT_SYSCALL_ARG4(regs));
285 else audit_syscall_exit(current, 284 else audit_syscall_exit(AUDITSC_RESULT(UPT_SYSCALL_RET(regs)),
286 AUDITSC_RESULT(UPT_SYSCALL_RET(regs)),
287 UPT_SYSCALL_RET(regs)); 285 UPT_SYSCALL_RET(regs));
288 } 286 }
289 287
diff --git a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c
index da8e7903d817..2d50024c9f30 100644
--- a/arch/x86_64/kernel/ptrace.c
+++ b/arch/x86_64/kernel/ptrace.c
@@ -600,12 +600,12 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs)
600 600
601 if (unlikely(current->audit_context)) { 601 if (unlikely(current->audit_context)) {
602 if (test_thread_flag(TIF_IA32)) { 602 if (test_thread_flag(TIF_IA32)) {
603 audit_syscall_entry(current, AUDIT_ARCH_I386, 603 audit_syscall_entry(AUDIT_ARCH_I386,
604 regs->orig_rax, 604 regs->orig_rax,
605 regs->rbx, regs->rcx, 605 regs->rbx, regs->rcx,
606 regs->rdx, regs->rsi); 606 regs->rdx, regs->rsi);
607 } else { 607 } else {
608 audit_syscall_entry(current, AUDIT_ARCH_X86_64, 608 audit_syscall_entry(AUDIT_ARCH_X86_64,
609 regs->orig_rax, 609 regs->orig_rax,
610 regs->rdi, regs->rsi, 610 regs->rdi, regs->rsi,
611 regs->rdx, regs->r10); 611 regs->rdx, regs->r10);
@@ -616,7 +616,7 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs)
616asmlinkage void syscall_trace_leave(struct pt_regs *regs) 616asmlinkage void syscall_trace_leave(struct pt_regs *regs)
617{ 617{
618 if (unlikely(current->audit_context)) 618 if (unlikely(current->audit_context))
619 audit_syscall_exit(current, AUDITSC_RESULT(regs->rax), regs->rax); 619 audit_syscall_exit(AUDITSC_RESULT(regs->rax), regs->rax);
620 620
621 if ((test_thread_flag(TIF_SYSCALL_TRACE) 621 if ((test_thread_flag(TIF_SYSCALL_TRACE)
622 || test_thread_flag(TIF_SINGLESTEP)) 622 || test_thread_flag(TIF_SINGLESTEP))
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 1c47c59058c1..b74c148f14e3 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -83,6 +83,7 @@
83#define AUDIT_CONFIG_CHANGE 1305 /* Audit system configuration change */ 83#define AUDIT_CONFIG_CHANGE 1305 /* Audit system configuration change */
84#define AUDIT_SOCKADDR 1306 /* sockaddr copied as syscall arg */ 84#define AUDIT_SOCKADDR 1306 /* sockaddr copied as syscall arg */
85#define AUDIT_CWD 1307 /* Current working directory */ 85#define AUDIT_CWD 1307 /* Current working directory */
86#define AUDIT_IPC_SET_PERM 1311 /* IPC new permissions record type */
86 87
87#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ 88#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
88#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ 89#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
@@ -145,6 +146,11 @@
145#define AUDIT_PERS 10 146#define AUDIT_PERS 10
146#define AUDIT_ARCH 11 147#define AUDIT_ARCH 11
147#define AUDIT_MSGTYPE 12 148#define AUDIT_MSGTYPE 12
149#define AUDIT_SE_USER 13 /* security label user */
150#define AUDIT_SE_ROLE 14 /* security label role */
151#define AUDIT_SE_TYPE 15 /* security label type */
152#define AUDIT_SE_SEN 16 /* security label sensitivity label */
153#define AUDIT_SE_CLR 17 /* security label clearance label */
148 154
149 /* These are ONLY useful when checking 155 /* These are ONLY useful when checking
150 * at syscall exit time (AUDIT_AT_EXIT). */ 156 * at syscall exit time (AUDIT_AT_EXIT). */
@@ -287,10 +293,10 @@ struct netlink_skb_parms;
287 /* Public API */ 293 /* Public API */
288extern int audit_alloc(struct task_struct *task); 294extern int audit_alloc(struct task_struct *task);
289extern void audit_free(struct task_struct *task); 295extern void audit_free(struct task_struct *task);
290extern void audit_syscall_entry(struct task_struct *task, int arch, 296extern void audit_syscall_entry(int arch,
291 int major, unsigned long a0, unsigned long a1, 297 int major, unsigned long a0, unsigned long a1,
292 unsigned long a2, unsigned long a3); 298 unsigned long a2, unsigned long a3);
293extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code); 299extern void audit_syscall_exit(int failed, long return_code);
294extern void audit_getname(const char *name); 300extern void audit_getname(const char *name);
295extern void audit_putname(const char *name); 301extern void audit_putname(const char *name);
296extern void __audit_inode(const char *name, const struct inode *inode, unsigned flags); 302extern void __audit_inode(const char *name, const struct inode *inode, unsigned flags);
@@ -314,7 +320,8 @@ extern void auditsc_get_stamp(struct audit_context *ctx,
314 struct timespec *t, unsigned int *serial); 320 struct timespec *t, unsigned int *serial);
315extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); 321extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid);
316extern uid_t audit_get_loginuid(struct audit_context *ctx); 322extern uid_t audit_get_loginuid(struct audit_context *ctx);
317extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode, struct kern_ipc_perm *ipcp); 323extern int audit_ipc_obj(struct kern_ipc_perm *ipcp);
324extern int audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode, struct kern_ipc_perm *ipcp);
318extern int audit_socketcall(int nargs, unsigned long *args); 325extern int audit_socketcall(int nargs, unsigned long *args);
319extern int audit_sockaddr(int len, void *addr); 326extern int audit_sockaddr(int len, void *addr);
320extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); 327extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt);
@@ -323,8 +330,8 @@ extern int audit_set_macxattr(const char *name);
323#else 330#else
324#define audit_alloc(t) ({ 0; }) 331#define audit_alloc(t) ({ 0; })
325#define audit_free(t) do { ; } while (0) 332#define audit_free(t) do { ; } while (0)
326#define audit_syscall_entry(t,ta,a,b,c,d,e) do { ; } while (0) 333#define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0)
327#define audit_syscall_exit(t,f,r) do { ; } while (0) 334#define audit_syscall_exit(f,r) do { ; } while (0)
328#define audit_getname(n) do { ; } while (0) 335#define audit_getname(n) do { ; } while (0)
329#define audit_putname(n) do { ; } while (0) 336#define audit_putname(n) do { ; } while (0)
330#define __audit_inode(n,i,f) do { ; } while (0) 337#define __audit_inode(n,i,f) do { ; } while (0)
@@ -333,7 +340,8 @@ extern int audit_set_macxattr(const char *name);
333#define audit_inode_child(d,i,p) do { ; } while (0) 340#define audit_inode_child(d,i,p) do { ; } while (0)
334#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) 341#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
335#define audit_get_loginuid(c) ({ -1; }) 342#define audit_get_loginuid(c) ({ -1; })
336#define audit_ipc_perms(q,u,g,m,i) ({ 0; }) 343#define audit_ipc_obj(i) ({ 0; })
344#define audit_ipc_set_perm(q,u,g,m,i) ({ 0; })
337#define audit_socketcall(n,a) ({ 0; }) 345#define audit_socketcall(n,a) ({ 0; })
338#define audit_sockaddr(len, addr) ({ 0; }) 346#define audit_sockaddr(len, addr) ({ 0; })
339#define audit_avc_path(dentry, mnt) ({ 0; }) 347#define audit_avc_path(dentry, mnt) ({ 0; })
@@ -366,7 +374,7 @@ extern void audit_log_d_path(struct audit_buffer *ab,
366extern int audit_filter_user(struct netlink_skb_parms *cb, int type); 374extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
367extern int audit_filter_type(int type); 375extern int audit_filter_type(int type);
368extern int audit_receive_filter(int type, int pid, int uid, int seq, 376extern int audit_receive_filter(int type, int pid, int uid, int seq,
369 void *data, size_t datasz, uid_t loginuid); 377 void *data, size_t datasz, uid_t loginuid, u32 sid);
370#else 378#else
371#define audit_log(c,g,t,f,...) do { ; } while (0) 379#define audit_log(c,g,t,f,...) do { ; } while (0)
372#define audit_log_start(c,g,t) ({ NULL; }) 380#define audit_log_start(c,g,t) ({ NULL; })
diff --git a/include/linux/netlink.h b/include/linux/netlink.h
index f8f3d1c927f8..87b8a5703ebc 100644
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -143,6 +143,7 @@ struct netlink_skb_parms
143 __u32 dst_group; 143 __u32 dst_group;
144 kernel_cap_t eff_cap; 144 kernel_cap_t eff_cap;
145 __u32 loginuid; /* Login (audit) uid */ 145 __u32 loginuid; /* Login (audit) uid */
146 __u32 sid; /* SELinux security id */
146}; 147};
147 148
148#define NETLINK_CB(skb) (*(struct netlink_skb_parms*)&((skb)->cb)) 149#define NETLINK_CB(skb) (*(struct netlink_skb_parms*)&((skb)->cb))
diff --git a/include/linux/security.h b/include/linux/security.h
index aaa0a5cdbf75..1bab48f6aeac 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -869,11 +869,6 @@ struct swap_info_struct;
869 * @ipcp contains the kernel IPC permission structure 869 * @ipcp contains the kernel IPC permission structure
870 * @flag contains the desired (requested) permission set 870 * @flag contains the desired (requested) permission set
871 * Return 0 if permission is granted. 871 * Return 0 if permission is granted.
872 * @ipc_getsecurity:
873 * Copy the security label associated with the ipc object into
874 * @buffer. @buffer may be NULL to request the size of the buffer
875 * required. @size indicates the size of @buffer in bytes. Return
876 * number of bytes used/required on success.
877 * 872 *
878 * Security hooks for individual messages held in System V IPC message queues 873 * Security hooks for individual messages held in System V IPC message queues
879 * @msg_msg_alloc_security: 874 * @msg_msg_alloc_security:
@@ -1223,7 +1218,6 @@ struct security_operations {
1223 void (*task_to_inode)(struct task_struct *p, struct inode *inode); 1218 void (*task_to_inode)(struct task_struct *p, struct inode *inode);
1224 1219
1225 int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); 1220 int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag);
1226 int (*ipc_getsecurity)(struct kern_ipc_perm *ipcp, void *buffer, size_t size);
1227 1221
1228 int (*msg_msg_alloc_security) (struct msg_msg * msg); 1222 int (*msg_msg_alloc_security) (struct msg_msg * msg);
1229 void (*msg_msg_free_security) (struct msg_msg * msg); 1223 void (*msg_msg_free_security) (struct msg_msg * msg);
@@ -1887,11 +1881,6 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
1887 return security_ops->ipc_permission (ipcp, flag); 1881 return security_ops->ipc_permission (ipcp, flag);
1888} 1882}
1889 1883
1890static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
1891{
1892 return security_ops->ipc_getsecurity(ipcp, buffer, size);
1893}
1894
1895static inline int security_msg_msg_alloc (struct msg_msg * msg) 1884static inline int security_msg_msg_alloc (struct msg_msg * msg)
1896{ 1885{
1897 return security_ops->msg_msg_alloc_security (msg); 1886 return security_ops->msg_msg_alloc_security (msg);
@@ -2532,11 +2521,6 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
2532 return 0; 2521 return 0;
2533} 2522}
2534 2523
2535static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
2536{
2537 return -EOPNOTSUPP;
2538}
2539
2540static inline int security_msg_msg_alloc (struct msg_msg * msg) 2524static inline int security_msg_msg_alloc (struct msg_msg * msg)
2541{ 2525{
2542 return 0; 2526 return 0;
diff --git a/include/linux/selinux.h b/include/linux/selinux.h
new file mode 100644
index 000000000000..4047bcde4484
--- /dev/null
+++ b/include/linux/selinux.h
@@ -0,0 +1,177 @@
1/*
2 * SELinux services exported to the rest of the kernel.
3 *
4 * Author: James Morris <jmorris@redhat.com>
5 *
6 * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
7 * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
8 * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2,
12 * as published by the Free Software Foundation.
13 */
14#ifndef _LINUX_SELINUX_H
15#define _LINUX_SELINUX_H
16
17struct selinux_audit_rule;
18struct audit_context;
19struct inode;
20struct kern_ipc_perm;
21
22#ifdef CONFIG_SECURITY_SELINUX
23
24/**
25 * selinux_audit_rule_init - alloc/init an selinux audit rule structure.
26 * @field: the field this rule refers to
27 * @op: the operater the rule uses
28 * @rulestr: the text "target" of the rule
29 * @rule: pointer to the new rule structure returned via this
30 *
31 * Returns 0 if successful, -errno if not. On success, the rule structure
32 * will be allocated internally. The caller must free this structure with
33 * selinux_audit_rule_free() after use.
34 */
35int selinux_audit_rule_init(u32 field, u32 op, char *rulestr,
36 struct selinux_audit_rule **rule);
37
38/**
39 * selinux_audit_rule_free - free an selinux audit rule structure.
40 * @rule: pointer to the audit rule to be freed
41 *
42 * This will free all memory associated with the given rule.
43 * If @rule is NULL, no operation is performed.
44 */
45void selinux_audit_rule_free(struct selinux_audit_rule *rule);
46
47/**
48 * selinux_audit_rule_match - determine if a context ID matches a rule.
49 * @ctxid: the context ID to check
50 * @field: the field this rule refers to
51 * @op: the operater the rule uses
52 * @rule: pointer to the audit rule to check against
53 * @actx: the audit context (can be NULL) associated with the check
54 *
55 * Returns 1 if the context id matches the rule, 0 if it does not, and
56 * -errno on failure.
57 */
58int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
59 struct selinux_audit_rule *rule,
60 struct audit_context *actx);
61
62/**
63 * selinux_audit_set_callback - set the callback for policy reloads.
64 * @callback: the function to call when the policy is reloaded
65 *
66 * This sets the function callback function that will update the rules
67 * upon policy reloads. This callback should rebuild all existing rules
68 * using selinux_audit_rule_init().
69 */
70void selinux_audit_set_callback(int (*callback)(void));
71
72/**
73 * selinux_task_ctxid - determine a context ID for a process.
74 * @tsk: the task object
75 * @ctxid: ID value returned via this
76 *
77 * On return, ctxid will contain an ID for the context. This value
78 * should only be used opaquely.
79 */
80void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid);
81
82/**
83 * selinux_ctxid_to_string - map a security context ID to a string
84 * @ctxid: security context ID to be converted.
85 * @ctx: address of context string to be returned
86 * @ctxlen: length of returned context string.
87 *
88 * Returns 0 if successful, -errno if not. On success, the context
89 * string will be allocated internally, and the caller must call
90 * kfree() on it after use.
91 */
92int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen);
93
94/**
95 * selinux_get_inode_sid - get the inode's security context ID
96 * @inode: inode structure to get the sid from.
97 * @sid: pointer to security context ID to be filled in.
98 *
99 * Returns nothing
100 */
101void selinux_get_inode_sid(const struct inode *inode, u32 *sid);
102
103/**
104 * selinux_get_ipc_sid - get the ipc security context ID
105 * @ipcp: ipc structure to get the sid from.
106 * @sid: pointer to security context ID to be filled in.
107 *
108 * Returns nothing
109 */
110void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid);
111
112/**
113 * selinux_get_task_sid - return the SID of task
114 * @tsk: the task whose SID will be returned
115 * @sid: pointer to security context ID to be filled in.
116 *
117 * Returns nothing
118 */
119void selinux_get_task_sid(struct task_struct *tsk, u32 *sid);
120
121
122#else
123
124static inline int selinux_audit_rule_init(u32 field, u32 op,
125 char *rulestr,
126 struct selinux_audit_rule **rule)
127{
128 return -ENOTSUPP;
129}
130
131static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule)
132{
133 return;
134}
135
136static inline int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
137 struct selinux_audit_rule *rule,
138 struct audit_context *actx)
139{
140 return 0;
141}
142
143static inline void selinux_audit_set_callback(int (*callback)(void))
144{
145 return;
146}
147
148static inline void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid)
149{
150 *ctxid = 0;
151}
152
153static inline int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen)
154{
155 *ctx = NULL;
156 *ctxlen = 0;
157 return 0;
158}
159
160static inline void selinux_get_inode_sid(const struct inode *inode, u32 *sid)
161{
162 *sid = 0;
163}
164
165static inline void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid)
166{
167 *sid = 0;
168}
169
170static inline void selinux_get_task_sid(struct task_struct *tsk, u32 *sid)
171{
172 *sid = 0;
173}
174
175#endif /* CONFIG_SECURITY_SELINUX */
176
177#endif /* _LINUX_SELINUX_H */
diff --git a/ipc/msg.c b/ipc/msg.c
index 48a7f17a7236..7d1340ccb16b 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -13,6 +13,9 @@
13 * mostly rewritten, threaded and wake-one semantics added 13 * mostly rewritten, threaded and wake-one semantics added
14 * MSGMAX limit removed, sysctl's added 14 * MSGMAX limit removed, sysctl's added
15 * (c) 1999 Manfred Spraul <manfred@colorfullife.com> 15 * (c) 1999 Manfred Spraul <manfred@colorfullife.com>
16 *
17 * support for audit of ipc object properties and permission changes
18 * Dustin Kirkland <dustin.kirkland@us.ibm.com>
16 */ 19 */
17 20
18#include <linux/capability.h> 21#include <linux/capability.h>
@@ -447,6 +450,11 @@ asmlinkage long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf)
447 if (msg_checkid(msq,msqid)) 450 if (msg_checkid(msq,msqid))
448 goto out_unlock_up; 451 goto out_unlock_up;
449 ipcp = &msq->q_perm; 452 ipcp = &msq->q_perm;
453
454 err = audit_ipc_obj(ipcp);
455 if (err)
456 goto out_unlock_up;
457
450 err = -EPERM; 458 err = -EPERM;
451 if (current->euid != ipcp->cuid && 459 if (current->euid != ipcp->cuid &&
452 current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN)) 460 current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN))
@@ -460,7 +468,8 @@ asmlinkage long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf)
460 switch (cmd) { 468 switch (cmd) {
461 case IPC_SET: 469 case IPC_SET:
462 { 470 {
463 if ((err = audit_ipc_perms(setbuf.qbytes, setbuf.uid, setbuf.gid, setbuf.mode, ipcp))) 471 err = audit_ipc_set_perm(setbuf.qbytes, setbuf.uid, setbuf.gid, setbuf.mode, ipcp);
472 if (err)
464 goto out_unlock_up; 473 goto out_unlock_up;
465 474
466 err = -EPERM; 475 err = -EPERM;
diff --git a/ipc/sem.c b/ipc/sem.c
index 642659cd596b..7919f8ece6ba 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -61,6 +61,9 @@
61 * (c) 2001 Red Hat Inc <alan@redhat.com> 61 * (c) 2001 Red Hat Inc <alan@redhat.com>
62 * Lockless wakeup 62 * Lockless wakeup
63 * (c) 2003 Manfred Spraul <manfred@colorfullife.com> 63 * (c) 2003 Manfred Spraul <manfred@colorfullife.com>
64 *
65 * support for audit of ipc object properties and permission changes
66 * Dustin Kirkland <dustin.kirkland@us.ibm.com>
64 */ 67 */
65 68
66#include <linux/config.h> 69#include <linux/config.h>
@@ -820,6 +823,11 @@ static int semctl_down(int semid, int semnum, int cmd, int version, union semun
820 goto out_unlock; 823 goto out_unlock;
821 } 824 }
822 ipcp = &sma->sem_perm; 825 ipcp = &sma->sem_perm;
826
827 err = audit_ipc_obj(ipcp);
828 if (err)
829 goto out_unlock;
830
823 if (current->euid != ipcp->cuid && 831 if (current->euid != ipcp->cuid &&
824 current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN)) { 832 current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN)) {
825 err=-EPERM; 833 err=-EPERM;
@@ -836,7 +844,8 @@ static int semctl_down(int semid, int semnum, int cmd, int version, union semun
836 err = 0; 844 err = 0;
837 break; 845 break;
838 case IPC_SET: 846 case IPC_SET:
839 if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid, setbuf.mode, ipcp))) 847 err = audit_ipc_set_perm(0, setbuf.uid, setbuf.gid, setbuf.mode, ipcp);
848 if (err)
840 goto out_unlock; 849 goto out_unlock;
841 ipcp->uid = setbuf.uid; 850 ipcp->uid = setbuf.uid;
842 ipcp->gid = setbuf.gid; 851 ipcp->gid = setbuf.gid;
diff --git a/ipc/shm.c b/ipc/shm.c
index 1c2faf62bc73..809896851902 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -13,6 +13,8 @@
13 * Shared /dev/zero support, Kanoj Sarcar <kanoj@sgi.com> 13 * Shared /dev/zero support, Kanoj Sarcar <kanoj@sgi.com>
14 * Move the mm functionality over to mm/shmem.c, Christoph Rohland <cr@sap.com> 14 * Move the mm functionality over to mm/shmem.c, Christoph Rohland <cr@sap.com>
15 * 15 *
16 * support for audit of ipc object properties and permission changes
17 * Dustin Kirkland <dustin.kirkland@us.ibm.com>
16 */ 18 */
17 19
18#include <linux/config.h> 20#include <linux/config.h>
@@ -542,6 +544,10 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
542 if(err) 544 if(err)
543 goto out_unlock; 545 goto out_unlock;
544 546
547 err = audit_ipc_obj(&(shp->shm_perm));
548 if (err)
549 goto out_unlock;
550
545 if (!capable(CAP_IPC_LOCK)) { 551 if (!capable(CAP_IPC_LOCK)) {
546 err = -EPERM; 552 err = -EPERM;
547 if (current->euid != shp->shm_perm.uid && 553 if (current->euid != shp->shm_perm.uid &&
@@ -594,6 +600,10 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
594 if(err) 600 if(err)
595 goto out_unlock_up; 601 goto out_unlock_up;
596 602
603 err = audit_ipc_obj(&(shp->shm_perm));
604 if (err)
605 goto out_unlock_up;
606
597 if (current->euid != shp->shm_perm.uid && 607 if (current->euid != shp->shm_perm.uid &&
598 current->euid != shp->shm_perm.cuid && 608 current->euid != shp->shm_perm.cuid &&
599 !capable(CAP_SYS_ADMIN)) { 609 !capable(CAP_SYS_ADMIN)) {
@@ -627,12 +637,15 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
627 err=-EINVAL; 637 err=-EINVAL;
628 if(shp==NULL) 638 if(shp==NULL)
629 goto out_up; 639 goto out_up;
630 if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid,
631 setbuf.mode, &(shp->shm_perm))))
632 goto out_unlock_up;
633 err = shm_checkid(shp,shmid); 640 err = shm_checkid(shp,shmid);
634 if(err) 641 if(err)
635 goto out_unlock_up; 642 goto out_unlock_up;
643 err = audit_ipc_obj(&(shp->shm_perm));
644 if (err)
645 goto out_unlock_up;
646 err = audit_ipc_set_perm(0, setbuf.uid, setbuf.gid, setbuf.mode, &(shp->shm_perm));
647 if (err)
648 goto out_unlock_up;
636 err=-EPERM; 649 err=-EPERM;
637 if (current->euid != shp->shm_perm.uid && 650 if (current->euid != shp->shm_perm.uid &&
638 current->euid != shp->shm_perm.cuid && 651 current->euid != shp->shm_perm.cuid &&
diff --git a/ipc/util.c b/ipc/util.c
index b3dcfad3b4f7..8193299f45f6 100644
--- a/ipc/util.c
+++ b/ipc/util.c
@@ -10,6 +10,8 @@
10 * Manfred Spraul <manfred@colorfullife.com> 10 * Manfred Spraul <manfred@colorfullife.com>
11 * Oct 2002 - One lock per IPC id. RCU ipc_free for lock-free grow_ary(). 11 * Oct 2002 - One lock per IPC id. RCU ipc_free for lock-free grow_ary().
12 * Mingming Cao <cmm@us.ibm.com> 12 * Mingming Cao <cmm@us.ibm.com>
13 * Mar 2006 - support for audit of ipc object properties
14 * Dustin Kirkland <dustin.kirkland@us.ibm.com>
13 */ 15 */
14 16
15#include <linux/config.h> 17#include <linux/config.h>
@@ -27,6 +29,7 @@
27#include <linux/workqueue.h> 29#include <linux/workqueue.h>
28#include <linux/seq_file.h> 30#include <linux/seq_file.h>
29#include <linux/proc_fs.h> 31#include <linux/proc_fs.h>
32#include <linux/audit.h>
30 33
31#include <asm/unistd.h> 34#include <asm/unistd.h>
32 35
@@ -464,8 +467,10 @@ void ipc_rcu_putref(void *ptr)
464 467
465int ipcperms (struct kern_ipc_perm *ipcp, short flag) 468int ipcperms (struct kern_ipc_perm *ipcp, short flag)
466{ /* flag will most probably be 0 or S_...UGO from <linux/stat.h> */ 469{ /* flag will most probably be 0 or S_...UGO from <linux/stat.h> */
467 int requested_mode, granted_mode; 470 int requested_mode, granted_mode, err;
468 471
472 if (unlikely((err = audit_ipc_obj(ipcp))))
473 return err;
469 requested_mode = (flag >> 6) | (flag >> 3) | flag; 474 requested_mode = (flag >> 6) | (flag >> 3) | flag;
470 granted_mode = ipcp->mode; 475 granted_mode = ipcp->mode;
471 if (current->euid == ipcp->cuid || current->euid == ipcp->uid) 476 if (current->euid == ipcp->cuid || current->euid == ipcp->uid)
diff --git a/kernel/audit.c b/kernel/audit.c
index c8ccbd09048f..df57b493e1cb 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -55,6 +55,9 @@
55#include <net/netlink.h> 55#include <net/netlink.h>
56#include <linux/skbuff.h> 56#include <linux/skbuff.h>
57#include <linux/netlink.h> 57#include <linux/netlink.h>
58#include <linux/selinux.h>
59
60#include "audit.h"
58 61
59/* No auditing will take place until audit_initialized != 0. 62/* No auditing will take place until audit_initialized != 0.
60 * (Initialization happens after skb_init is called.) */ 63 * (Initialization happens after skb_init is called.) */
@@ -227,49 +230,103 @@ void audit_log_lost(const char *message)
227 } 230 }
228} 231}
229 232
230static int audit_set_rate_limit(int limit, uid_t loginuid) 233static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sid)
231{ 234{
232 int old = audit_rate_limit; 235 int old = audit_rate_limit;
233 audit_rate_limit = limit; 236
234 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, 237 if (sid) {
238 char *ctx = NULL;
239 u32 len;
240 int rc;
241 if ((rc = selinux_ctxid_to_string(sid, &ctx, &len)))
242 return rc;
243 else
244 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
245 "audit_rate_limit=%d old=%d by auid=%u subj=%s",
246 limit, old, loginuid, ctx);
247 kfree(ctx);
248 } else
249 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
235 "audit_rate_limit=%d old=%d by auid=%u", 250 "audit_rate_limit=%d old=%d by auid=%u",
236 audit_rate_limit, old, loginuid); 251 limit, old, loginuid);
252 audit_rate_limit = limit;
237 return old; 253 return old;
238} 254}
239 255
240static int audit_set_backlog_limit(int limit, uid_t loginuid) 256static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid)
241{ 257{
242 int old = audit_backlog_limit; 258 int old = audit_backlog_limit;
243 audit_backlog_limit = limit; 259
244 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, 260 if (sid) {
261 char *ctx = NULL;
262 u32 len;
263 int rc;
264 if ((rc = selinux_ctxid_to_string(sid, &ctx, &len)))
265 return rc;
266 else
267 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
268 "audit_backlog_limit=%d old=%d by auid=%u subj=%s",
269 limit, old, loginuid, ctx);
270 kfree(ctx);
271 } else
272 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
245 "audit_backlog_limit=%d old=%d by auid=%u", 273 "audit_backlog_limit=%d old=%d by auid=%u",
246 audit_backlog_limit, old, loginuid); 274 limit, old, loginuid);
275 audit_backlog_limit = limit;
247 return old; 276 return old;
248} 277}
249 278
250static int audit_set_enabled(int state, uid_t loginuid) 279static int audit_set_enabled(int state, uid_t loginuid, u32 sid)
251{ 280{
252 int old = audit_enabled; 281 int old = audit_enabled;
282
253 if (state != 0 && state != 1) 283 if (state != 0 && state != 1)
254 return -EINVAL; 284 return -EINVAL;
255 audit_enabled = state; 285
256 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, 286 if (sid) {
287 char *ctx = NULL;
288 u32 len;
289 int rc;
290 if ((rc = selinux_ctxid_to_string(sid, &ctx, &len)))
291 return rc;
292 else
293 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
294 "audit_enabled=%d old=%d by auid=%u subj=%s",
295 state, old, loginuid, ctx);
296 kfree(ctx);
297 } else
298 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
257 "audit_enabled=%d old=%d by auid=%u", 299 "audit_enabled=%d old=%d by auid=%u",
258 audit_enabled, old, loginuid); 300 state, old, loginuid);
301 audit_enabled = state;
259 return old; 302 return old;
260} 303}
261 304
262static int audit_set_failure(int state, uid_t loginuid) 305static int audit_set_failure(int state, uid_t loginuid, u32 sid)
263{ 306{
264 int old = audit_failure; 307 int old = audit_failure;
308
265 if (state != AUDIT_FAIL_SILENT 309 if (state != AUDIT_FAIL_SILENT
266 && state != AUDIT_FAIL_PRINTK 310 && state != AUDIT_FAIL_PRINTK
267 && state != AUDIT_FAIL_PANIC) 311 && state != AUDIT_FAIL_PANIC)
268 return -EINVAL; 312 return -EINVAL;
269 audit_failure = state; 313
270 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, 314 if (sid) {
315 char *ctx = NULL;
316 u32 len;
317 int rc;
318 if ((rc = selinux_ctxid_to_string(sid, &ctx, &len)))
319 return rc;
320 else
321 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
322 "audit_failure=%d old=%d by auid=%u subj=%s",
323 state, old, loginuid, ctx);
324 kfree(ctx);
325 } else
326 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
271 "audit_failure=%d old=%d by auid=%u", 327 "audit_failure=%d old=%d by auid=%u",
272 audit_failure, old, loginuid); 328 state, old, loginuid);
329 audit_failure = state;
273 return old; 330 return old;
274} 331}
275 332
@@ -387,7 +444,7 @@ static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type)
387 444
388static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 445static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
389{ 446{
390 u32 uid, pid, seq; 447 u32 uid, pid, seq, sid;
391 void *data; 448 void *data;
392 struct audit_status *status_get, status_set; 449 struct audit_status *status_get, status_set;
393 int err; 450 int err;
@@ -413,6 +470,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
413 pid = NETLINK_CREDS(skb)->pid; 470 pid = NETLINK_CREDS(skb)->pid;
414 uid = NETLINK_CREDS(skb)->uid; 471 uid = NETLINK_CREDS(skb)->uid;
415 loginuid = NETLINK_CB(skb).loginuid; 472 loginuid = NETLINK_CB(skb).loginuid;
473 sid = NETLINK_CB(skb).sid;
416 seq = nlh->nlmsg_seq; 474 seq = nlh->nlmsg_seq;
417 data = NLMSG_DATA(nlh); 475 data = NLMSG_DATA(nlh);
418 476
@@ -433,25 +491,43 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
433 return -EINVAL; 491 return -EINVAL;
434 status_get = (struct audit_status *)data; 492 status_get = (struct audit_status *)data;
435 if (status_get->mask & AUDIT_STATUS_ENABLED) { 493 if (status_get->mask & AUDIT_STATUS_ENABLED) {
436 err = audit_set_enabled(status_get->enabled, loginuid); 494 err = audit_set_enabled(status_get->enabled,
495 loginuid, sid);
437 if (err < 0) return err; 496 if (err < 0) return err;
438 } 497 }
439 if (status_get->mask & AUDIT_STATUS_FAILURE) { 498 if (status_get->mask & AUDIT_STATUS_FAILURE) {
440 err = audit_set_failure(status_get->failure, loginuid); 499 err = audit_set_failure(status_get->failure,
500 loginuid, sid);
441 if (err < 0) return err; 501 if (err < 0) return err;
442 } 502 }
443 if (status_get->mask & AUDIT_STATUS_PID) { 503 if (status_get->mask & AUDIT_STATUS_PID) {
444 int old = audit_pid; 504 int old = audit_pid;
505 if (sid) {
506 char *ctx = NULL;
507 u32 len;
508 int rc;
509 if ((rc = selinux_ctxid_to_string(
510 sid, &ctx, &len)))
511 return rc;
512 else
513 audit_log(NULL, GFP_KERNEL,
514 AUDIT_CONFIG_CHANGE,
515 "audit_pid=%d old=%d by auid=%u subj=%s",
516 status_get->pid, old,
517 loginuid, ctx);
518 kfree(ctx);
519 } else
520 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
521 "audit_pid=%d old=%d by auid=%u",
522 status_get->pid, old, loginuid);
445 audit_pid = status_get->pid; 523 audit_pid = status_get->pid;
446 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
447 "audit_pid=%d old=%d by auid=%u",
448 audit_pid, old, loginuid);
449 } 524 }
450 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) 525 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT)
451 audit_set_rate_limit(status_get->rate_limit, loginuid); 526 audit_set_rate_limit(status_get->rate_limit,
527 loginuid, sid);
452 if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) 528 if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT)
453 audit_set_backlog_limit(status_get->backlog_limit, 529 audit_set_backlog_limit(status_get->backlog_limit,
454 loginuid); 530 loginuid, sid);
455 break; 531 break;
456 case AUDIT_USER: 532 case AUDIT_USER:
457 case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: 533 case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
@@ -465,8 +541,23 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
465 ab = audit_log_start(NULL, GFP_KERNEL, msg_type); 541 ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
466 if (ab) { 542 if (ab) {
467 audit_log_format(ab, 543 audit_log_format(ab,
468 "user pid=%d uid=%u auid=%u msg='%.1024s'", 544 "user pid=%d uid=%u auid=%u",
469 pid, uid, loginuid, (char *)data); 545 pid, uid, loginuid);
546 if (sid) {
547 char *ctx = NULL;
548 u32 len;
549 if (selinux_ctxid_to_string(
550 sid, &ctx, &len)) {
551 audit_log_format(ab,
552 " ssid=%u", sid);
553 /* Maybe call audit_panic? */
554 } else
555 audit_log_format(ab,
556 " subj=%s", ctx);
557 kfree(ctx);
558 }
559 audit_log_format(ab, " msg='%.1024s'",
560 (char *)data);
470 audit_set_pid(ab, pid); 561 audit_set_pid(ab, pid);
471 audit_log_end(ab); 562 audit_log_end(ab);
472 } 563 }
@@ -480,7 +571,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
480 case AUDIT_LIST: 571 case AUDIT_LIST:
481 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, 572 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
482 uid, seq, data, nlmsg_len(nlh), 573 uid, seq, data, nlmsg_len(nlh),
483 loginuid); 574 loginuid, sid);
484 break; 575 break;
485 case AUDIT_ADD_RULE: 576 case AUDIT_ADD_RULE:
486 case AUDIT_DEL_RULE: 577 case AUDIT_DEL_RULE:
@@ -490,7 +581,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
490 case AUDIT_LIST_RULES: 581 case AUDIT_LIST_RULES:
491 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, 582 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
492 uid, seq, data, nlmsg_len(nlh), 583 uid, seq, data, nlmsg_len(nlh),
493 loginuid); 584 loginuid, sid);
494 break; 585 break;
495 case AUDIT_SIGNAL_INFO: 586 case AUDIT_SIGNAL_INFO:
496 sig_data.uid = audit_sig_uid; 587 sig_data.uid = audit_sig_uid;
@@ -564,6 +655,11 @@ static int __init audit_init(void)
564 skb_queue_head_init(&audit_skb_queue); 655 skb_queue_head_init(&audit_skb_queue);
565 audit_initialized = 1; 656 audit_initialized = 1;
566 audit_enabled = audit_default; 657 audit_enabled = audit_default;
658
659 /* Register the callback with selinux. This callback will be invoked
660 * when a new policy is loaded. */
661 selinux_audit_set_callback(&selinux_audit_rule_update);
662
567 audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized"); 663 audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized");
568 return 0; 664 return 0;
569} 665}
diff --git a/kernel/audit.h b/kernel/audit.h
index bc5392076e2b..6f733920fd32 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -54,9 +54,11 @@ enum audit_state {
54 54
55/* Rule lists */ 55/* Rule lists */
56struct audit_field { 56struct audit_field {
57 u32 type; 57 u32 type;
58 u32 val; 58 u32 val;
59 u32 op; 59 u32 op;
60 char *se_str;
61 struct selinux_audit_rule *se_rule;
60}; 62};
61 63
62struct audit_krule { 64struct audit_krule {
@@ -86,3 +88,5 @@ extern void audit_send_reply(int pid, int seq, int type,
86extern void audit_log_lost(const char *message); 88extern void audit_log_lost(const char *message);
87extern void audit_panic(const char *message); 89extern void audit_panic(const char *message);
88extern struct mutex audit_netlink_mutex; 90extern struct mutex audit_netlink_mutex;
91
92extern int selinux_audit_rule_update(void);
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index d3a8539f3a83..7c134906d689 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -23,6 +23,7 @@
23#include <linux/audit.h> 23#include <linux/audit.h>
24#include <linux/kthread.h> 24#include <linux/kthread.h>
25#include <linux/netlink.h> 25#include <linux/netlink.h>
26#include <linux/selinux.h>
26#include "audit.h" 27#include "audit.h"
27 28
28/* There are three lists of rules -- one to search at task creation 29/* There are three lists of rules -- one to search at task creation
@@ -42,6 +43,13 @@ struct list_head audit_filter_list[AUDIT_NR_FILTERS] = {
42 43
43static inline void audit_free_rule(struct audit_entry *e) 44static inline void audit_free_rule(struct audit_entry *e)
44{ 45{
46 int i;
47 if (e->rule.fields)
48 for (i = 0; i < e->rule.field_count; i++) {
49 struct audit_field *f = &e->rule.fields[i];
50 kfree(f->se_str);
51 selinux_audit_rule_free(f->se_rule);
52 }
45 kfree(e->rule.fields); 53 kfree(e->rule.fields);
46 kfree(e); 54 kfree(e);
47} 55}
@@ -52,9 +60,29 @@ static inline void audit_free_rule_rcu(struct rcu_head *head)
52 audit_free_rule(e); 60 audit_free_rule(e);
53} 61}
54 62
63/* Initialize an audit filterlist entry. */
64static inline struct audit_entry *audit_init_entry(u32 field_count)
65{
66 struct audit_entry *entry;
67 struct audit_field *fields;
68
69 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
70 if (unlikely(!entry))
71 return NULL;
72
73 fields = kzalloc(sizeof(*fields) * field_count, GFP_KERNEL);
74 if (unlikely(!fields)) {
75 kfree(entry);
76 return NULL;
77 }
78 entry->rule.fields = fields;
79
80 return entry;
81}
82
55/* Unpack a filter field's string representation from user-space 83/* Unpack a filter field's string representation from user-space
56 * buffer. */ 84 * buffer. */
57static __attribute__((unused)) char *audit_unpack_string(void **bufp, size_t *remain, size_t len) 85static char *audit_unpack_string(void **bufp, size_t *remain, size_t len)
58{ 86{
59 char *str; 87 char *str;
60 88
@@ -84,7 +112,6 @@ static inline struct audit_entry *audit_to_entry_common(struct audit_rule *rule)
84{ 112{
85 unsigned listnr; 113 unsigned listnr;
86 struct audit_entry *entry; 114 struct audit_entry *entry;
87 struct audit_field *fields;
88 int i, err; 115 int i, err;
89 116
90 err = -EINVAL; 117 err = -EINVAL;
@@ -108,23 +135,14 @@ static inline struct audit_entry *audit_to_entry_common(struct audit_rule *rule)
108 goto exit_err; 135 goto exit_err;
109 136
110 err = -ENOMEM; 137 err = -ENOMEM;
111 entry = kmalloc(sizeof(*entry), GFP_KERNEL); 138 entry = audit_init_entry(rule->field_count);
112 if (unlikely(!entry)) 139 if (!entry)
113 goto exit_err;
114 fields = kmalloc(sizeof(*fields) * rule->field_count, GFP_KERNEL);
115 if (unlikely(!fields)) {
116 kfree(entry);
117 goto exit_err; 140 goto exit_err;
118 }
119
120 memset(&entry->rule, 0, sizeof(struct audit_krule));
121 memset(fields, 0, sizeof(struct audit_field));
122 141
123 entry->rule.flags = rule->flags & AUDIT_FILTER_PREPEND; 142 entry->rule.flags = rule->flags & AUDIT_FILTER_PREPEND;
124 entry->rule.listnr = listnr; 143 entry->rule.listnr = listnr;
125 entry->rule.action = rule->action; 144 entry->rule.action = rule->action;
126 entry->rule.field_count = rule->field_count; 145 entry->rule.field_count = rule->field_count;
127 entry->rule.fields = fields;
128 146
129 for (i = 0; i < AUDIT_BITMASK_SIZE; i++) 147 for (i = 0; i < AUDIT_BITMASK_SIZE; i++)
130 entry->rule.mask[i] = rule->mask[i]; 148 entry->rule.mask[i] = rule->mask[i];
@@ -150,15 +168,20 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule)
150 for (i = 0; i < rule->field_count; i++) { 168 for (i = 0; i < rule->field_count; i++) {
151 struct audit_field *f = &entry->rule.fields[i]; 169 struct audit_field *f = &entry->rule.fields[i];
152 170
153 if (rule->fields[i] & AUDIT_UNUSED_BITS) {
154 err = -EINVAL;
155 goto exit_free;
156 }
157
158 f->op = rule->fields[i] & (AUDIT_NEGATE|AUDIT_OPERATORS); 171 f->op = rule->fields[i] & (AUDIT_NEGATE|AUDIT_OPERATORS);
159 f->type = rule->fields[i] & ~(AUDIT_NEGATE|AUDIT_OPERATORS); 172 f->type = rule->fields[i] & ~(AUDIT_NEGATE|AUDIT_OPERATORS);
160 f->val = rule->values[i]; 173 f->val = rule->values[i];
161 174
175 if (f->type & AUDIT_UNUSED_BITS ||
176 f->type == AUDIT_SE_USER ||
177 f->type == AUDIT_SE_ROLE ||
178 f->type == AUDIT_SE_TYPE ||
179 f->type == AUDIT_SE_SEN ||
180 f->type == AUDIT_SE_CLR) {
181 err = -EINVAL;
182 goto exit_free;
183 }
184
162 entry->rule.vers_ops = (f->op & AUDIT_OPERATORS) ? 2 : 1; 185 entry->rule.vers_ops = (f->op & AUDIT_OPERATORS) ? 2 : 1;
163 186
164 /* Support for legacy operators where 187 /* Support for legacy operators where
@@ -188,8 +211,9 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
188 int err = 0; 211 int err = 0;
189 struct audit_entry *entry; 212 struct audit_entry *entry;
190 void *bufp; 213 void *bufp;
191 /* size_t remain = datasz - sizeof(struct audit_rule_data); */ 214 size_t remain = datasz - sizeof(struct audit_rule_data);
192 int i; 215 int i;
216 char *str;
193 217
194 entry = audit_to_entry_common((struct audit_rule *)data); 218 entry = audit_to_entry_common((struct audit_rule *)data);
195 if (IS_ERR(entry)) 219 if (IS_ERR(entry))
@@ -207,10 +231,35 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
207 231
208 f->op = data->fieldflags[i] & AUDIT_OPERATORS; 232 f->op = data->fieldflags[i] & AUDIT_OPERATORS;
209 f->type = data->fields[i]; 233 f->type = data->fields[i];
234 f->val = data->values[i];
235 f->se_str = NULL;
236 f->se_rule = NULL;
210 switch(f->type) { 237 switch(f->type) {
211 /* call type-specific conversion routines here */ 238 case AUDIT_SE_USER:
212 default: 239 case AUDIT_SE_ROLE:
213 f->val = data->values[i]; 240 case AUDIT_SE_TYPE:
241 case AUDIT_SE_SEN:
242 case AUDIT_SE_CLR:
243 str = audit_unpack_string(&bufp, &remain, f->val);
244 if (IS_ERR(str))
245 goto exit_free;
246 entry->rule.buflen += f->val;
247
248 err = selinux_audit_rule_init(f->type, f->op, str,
249 &f->se_rule);
250 /* Keep currently invalid fields around in case they
251 * become valid after a policy reload. */
252 if (err == -EINVAL) {
253 printk(KERN_WARNING "audit rule for selinux "
254 "\'%s\' is invalid\n", str);
255 err = 0;
256 }
257 if (err) {
258 kfree(str);
259 goto exit_free;
260 } else
261 f->se_str = str;
262 break;
214 } 263 }
215 } 264 }
216 265
@@ -286,7 +335,14 @@ static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule)
286 data->fields[i] = f->type; 335 data->fields[i] = f->type;
287 data->fieldflags[i] = f->op; 336 data->fieldflags[i] = f->op;
288 switch(f->type) { 337 switch(f->type) {
289 /* call type-specific conversion routines here */ 338 case AUDIT_SE_USER:
339 case AUDIT_SE_ROLE:
340 case AUDIT_SE_TYPE:
341 case AUDIT_SE_SEN:
342 case AUDIT_SE_CLR:
343 data->buflen += data->values[i] =
344 audit_pack_string(&bufp, f->se_str);
345 break;
290 default: 346 default:
291 data->values[i] = f->val; 347 data->values[i] = f->val;
292 } 348 }
@@ -314,7 +370,14 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b)
314 return 1; 370 return 1;
315 371
316 switch(a->fields[i].type) { 372 switch(a->fields[i].type) {
317 /* call type-specific comparison routines here */ 373 case AUDIT_SE_USER:
374 case AUDIT_SE_ROLE:
375 case AUDIT_SE_TYPE:
376 case AUDIT_SE_SEN:
377 case AUDIT_SE_CLR:
378 if (strcmp(a->fields[i].se_str, b->fields[i].se_str))
379 return 1;
380 break;
318 default: 381 default:
319 if (a->fields[i].val != b->fields[i].val) 382 if (a->fields[i].val != b->fields[i].val)
320 return 1; 383 return 1;
@@ -328,6 +391,81 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b)
328 return 0; 391 return 0;
329} 392}
330 393
394/* Duplicate selinux field information. The se_rule is opaque, so must be
395 * re-initialized. */
396static inline int audit_dupe_selinux_field(struct audit_field *df,
397 struct audit_field *sf)
398{
399 int ret = 0;
400 char *se_str;
401
402 /* our own copy of se_str */
403 se_str = kstrdup(sf->se_str, GFP_KERNEL);
404 if (unlikely(IS_ERR(se_str)))
405 return -ENOMEM;
406 df->se_str = se_str;
407
408 /* our own (refreshed) copy of se_rule */
409 ret = selinux_audit_rule_init(df->type, df->op, df->se_str,
410 &df->se_rule);
411 /* Keep currently invalid fields around in case they
412 * become valid after a policy reload. */
413 if (ret == -EINVAL) {
414 printk(KERN_WARNING "audit rule for selinux \'%s\' is "
415 "invalid\n", df->se_str);
416 ret = 0;
417 }
418
419 return ret;
420}
421
422/* Duplicate an audit rule. This will be a deep copy with the exception
423 * of the watch - that pointer is carried over. The selinux specific fields
424 * will be updated in the copy. The point is to be able to replace the old
425 * rule with the new rule in the filterlist, then free the old rule. */
426static struct audit_entry *audit_dupe_rule(struct audit_krule *old)
427{
428 u32 fcount = old->field_count;
429 struct audit_entry *entry;
430 struct audit_krule *new;
431 int i, err = 0;
432
433 entry = audit_init_entry(fcount);
434 if (unlikely(!entry))
435 return ERR_PTR(-ENOMEM);
436
437 new = &entry->rule;
438 new->vers_ops = old->vers_ops;
439 new->flags = old->flags;
440 new->listnr = old->listnr;
441 new->action = old->action;
442 for (i = 0; i < AUDIT_BITMASK_SIZE; i++)
443 new->mask[i] = old->mask[i];
444 new->buflen = old->buflen;
445 new->field_count = old->field_count;
446 memcpy(new->fields, old->fields, sizeof(struct audit_field) * fcount);
447
448 /* deep copy this information, updating the se_rule fields, because
449 * the originals will all be freed when the old rule is freed. */
450 for (i = 0; i < fcount; i++) {
451 switch (new->fields[i].type) {
452 case AUDIT_SE_USER:
453 case AUDIT_SE_ROLE:
454 case AUDIT_SE_TYPE:
455 case AUDIT_SE_SEN:
456 case AUDIT_SE_CLR:
457 err = audit_dupe_selinux_field(&new->fields[i],
458 &old->fields[i]);
459 }
460 if (err) {
461 audit_free_rule(entry);
462 return ERR_PTR(err);
463 }
464 }
465
466 return entry;
467}
468
331/* Add rule to given filterlist if not a duplicate. Protected by 469/* Add rule to given filterlist if not a duplicate. Protected by
332 * audit_netlink_mutex. */ 470 * audit_netlink_mutex. */
333static inline int audit_add_rule(struct audit_entry *entry, 471static inline int audit_add_rule(struct audit_entry *entry,
@@ -448,9 +586,10 @@ static int audit_list_rules(void *_dest)
448 * @data: payload data 586 * @data: payload data
449 * @datasz: size of payload data 587 * @datasz: size of payload data
450 * @loginuid: loginuid of sender 588 * @loginuid: loginuid of sender
589 * @sid: SE Linux Security ID of sender
451 */ 590 */
452int audit_receive_filter(int type, int pid, int uid, int seq, void *data, 591int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
453 size_t datasz, uid_t loginuid) 592 size_t datasz, uid_t loginuid, u32 sid)
454{ 593{
455 struct task_struct *tsk; 594 struct task_struct *tsk;
456 int *dest; 595 int *dest;
@@ -493,9 +632,23 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
493 632
494 err = audit_add_rule(entry, 633 err = audit_add_rule(entry,
495 &audit_filter_list[entry->rule.listnr]); 634 &audit_filter_list[entry->rule.listnr]);
496 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, 635 if (sid) {
497 "auid=%u add rule to list=%d res=%d\n", 636 char *ctx = NULL;
498 loginuid, entry->rule.listnr, !err); 637 u32 len;
638 if (selinux_ctxid_to_string(sid, &ctx, &len)) {
639 /* Maybe call audit_panic? */
640 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
641 "auid=%u ssid=%u add rule to list=%d res=%d",
642 loginuid, sid, entry->rule.listnr, !err);
643 } else
644 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
645 "auid=%u subj=%s add rule to list=%d res=%d",
646 loginuid, ctx, entry->rule.listnr, !err);
647 kfree(ctx);
648 } else
649 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
650 "auid=%u add rule to list=%d res=%d",
651 loginuid, entry->rule.listnr, !err);
499 652
500 if (err) 653 if (err)
501 audit_free_rule(entry); 654 audit_free_rule(entry);
@@ -511,9 +664,24 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
511 664
512 err = audit_del_rule(entry, 665 err = audit_del_rule(entry,
513 &audit_filter_list[entry->rule.listnr]); 666 &audit_filter_list[entry->rule.listnr]);
514 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, 667
515 "auid=%u remove rule from list=%d res=%d\n", 668 if (sid) {
516 loginuid, entry->rule.listnr, !err); 669 char *ctx = NULL;
670 u32 len;
671 if (selinux_ctxid_to_string(sid, &ctx, &len)) {
672 /* Maybe call audit_panic? */
673 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
674 "auid=%u ssid=%u remove rule from list=%d res=%d",
675 loginuid, sid, entry->rule.listnr, !err);
676 } else
677 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
678 "auid=%u subj=%s remove rule from list=%d res=%d",
679 loginuid, ctx, entry->rule.listnr, !err);
680 kfree(ctx);
681 } else
682 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
683 "auid=%u remove rule from list=%d res=%d",
684 loginuid, entry->rule.listnr, !err);
517 685
518 audit_free_rule(entry); 686 audit_free_rule(entry);
519 break; 687 break;
@@ -628,3 +796,62 @@ unlock_and_return:
628 rcu_read_unlock(); 796 rcu_read_unlock();
629 return result; 797 return result;
630} 798}
799
800/* Check to see if the rule contains any selinux fields. Returns 1 if there
801 are selinux fields specified in the rule, 0 otherwise. */
802static inline int audit_rule_has_selinux(struct audit_krule *rule)
803{
804 int i;
805
806 for (i = 0; i < rule->field_count; i++) {
807 struct audit_field *f = &rule->fields[i];
808 switch (f->type) {
809 case AUDIT_SE_USER:
810 case AUDIT_SE_ROLE:
811 case AUDIT_SE_TYPE:
812 case AUDIT_SE_SEN:
813 case AUDIT_SE_CLR:
814 return 1;
815 }
816 }
817
818 return 0;
819}
820
821/* This function will re-initialize the se_rule field of all applicable rules.
822 * It will traverse the filter lists serarching for rules that contain selinux
823 * specific filter fields. When such a rule is found, it is copied, the
824 * selinux field is re-initialized, and the old rule is replaced with the
825 * updated rule. */
826int selinux_audit_rule_update(void)
827{
828 struct audit_entry *entry, *n, *nentry;
829 int i, err = 0;
830
831 /* audit_netlink_mutex synchronizes the writers */
832 mutex_lock(&audit_netlink_mutex);
833
834 for (i = 0; i < AUDIT_NR_FILTERS; i++) {
835 list_for_each_entry_safe(entry, n, &audit_filter_list[i], list) {
836 if (!audit_rule_has_selinux(&entry->rule))
837 continue;
838
839 nentry = audit_dupe_rule(&entry->rule);
840 if (unlikely(IS_ERR(nentry))) {
841 /* save the first error encountered for the
842 * return value */
843 if (!err)
844 err = PTR_ERR(nentry);
845 audit_panic("error updating selinux filters");
846 list_del_rcu(&entry->list);
847 } else {
848 list_replace_rcu(&entry->list, &nentry->list);
849 }
850 call_rcu(&entry->rcu, audit_free_rule_rcu);
851 }
852 }
853
854 mutex_unlock(&audit_netlink_mutex);
855
856 return err;
857}
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 7f160df21a23..1c03a4ed1b27 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -58,6 +58,7 @@
58#include <linux/security.h> 58#include <linux/security.h>
59#include <linux/list.h> 59#include <linux/list.h>
60#include <linux/tty.h> 60#include <linux/tty.h>
61#include <linux/selinux.h>
61 62
62#include "audit.h" 63#include "audit.h"
63 64
@@ -89,7 +90,7 @@ struct audit_names {
89 uid_t uid; 90 uid_t uid;
90 gid_t gid; 91 gid_t gid;
91 dev_t rdev; 92 dev_t rdev;
92 char *ctx; 93 u32 osid;
93}; 94};
94 95
95struct audit_aux_data { 96struct audit_aux_data {
@@ -106,7 +107,7 @@ struct audit_aux_data_ipcctl {
106 uid_t uid; 107 uid_t uid;
107 gid_t gid; 108 gid_t gid;
108 mode_t mode; 109 mode_t mode;
109 char *ctx; 110 u32 osid;
110}; 111};
111 112
112struct audit_aux_data_socketcall { 113struct audit_aux_data_socketcall {
@@ -167,7 +168,8 @@ static int audit_filter_rules(struct task_struct *tsk,
167 struct audit_context *ctx, 168 struct audit_context *ctx,
168 enum audit_state *state) 169 enum audit_state *state)
169{ 170{
170 int i, j; 171 int i, j, need_sid = 1;
172 u32 sid;
171 173
172 for (i = 0; i < rule->field_count; i++) { 174 for (i = 0; i < rule->field_count; i++) {
173 struct audit_field *f = &rule->fields[i]; 175 struct audit_field *f = &rule->fields[i];
@@ -257,6 +259,27 @@ static int audit_filter_rules(struct task_struct *tsk,
257 if (ctx) 259 if (ctx)
258 result = audit_comparator(ctx->loginuid, f->op, f->val); 260 result = audit_comparator(ctx->loginuid, f->op, f->val);
259 break; 261 break;
262 case AUDIT_SE_USER:
263 case AUDIT_SE_ROLE:
264 case AUDIT_SE_TYPE:
265 case AUDIT_SE_SEN:
266 case AUDIT_SE_CLR:
267 /* NOTE: this may return negative values indicating
268 a temporary error. We simply treat this as a
269 match for now to avoid losing information that
270 may be wanted. An error message will also be
271 logged upon error */
272 if (f->se_rule) {
273 if (need_sid) {
274 selinux_task_ctxid(tsk, &sid);
275 need_sid = 0;
276 }
277 result = selinux_audit_rule_match(sid, f->type,
278 f->op,
279 f->se_rule,
280 ctx);
281 }
282 break;
260 case AUDIT_ARG0: 283 case AUDIT_ARG0:
261 case AUDIT_ARG1: 284 case AUDIT_ARG1:
262 case AUDIT_ARG2: 285 case AUDIT_ARG2:
@@ -329,7 +352,6 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
329 return AUDIT_BUILD_CONTEXT; 352 return AUDIT_BUILD_CONTEXT;
330} 353}
331 354
332/* This should be called with task_lock() held. */
333static inline struct audit_context *audit_get_context(struct task_struct *tsk, 355static inline struct audit_context *audit_get_context(struct task_struct *tsk,
334 int return_valid, 356 int return_valid,
335 int return_code) 357 int return_code)
@@ -391,9 +413,6 @@ static inline void audit_free_names(struct audit_context *context)
391#endif 413#endif
392 414
393 for (i = 0; i < context->name_count; i++) { 415 for (i = 0; i < context->name_count; i++) {
394 char *p = context->names[i].ctx;
395 context->names[i].ctx = NULL;
396 kfree(p);
397 if (context->names[i].name) 416 if (context->names[i].name)
398 __putname(context->names[i].name); 417 __putname(context->names[i].name);
399 } 418 }
@@ -416,11 +435,6 @@ static inline void audit_free_aux(struct audit_context *context)
416 dput(axi->dentry); 435 dput(axi->dentry);
417 mntput(axi->mnt); 436 mntput(axi->mnt);
418 } 437 }
419 if ( aux->type == AUDIT_IPC ) {
420 struct audit_aux_data_ipcctl *axi = (void *)aux;
421 if (axi->ctx)
422 kfree(axi->ctx);
423 }
424 438
425 context->aux = aux->next; 439 context->aux = aux->next;
426 kfree(aux); 440 kfree(aux);
@@ -506,7 +520,7 @@ static inline void audit_free_context(struct audit_context *context)
506 printk(KERN_ERR "audit: freed %d contexts\n", count); 520 printk(KERN_ERR "audit: freed %d contexts\n", count);
507} 521}
508 522
509static void audit_log_task_context(struct audit_buffer *ab, gfp_t gfp_mask) 523static void audit_log_task_context(struct audit_buffer *ab)
510{ 524{
511 char *ctx = NULL; 525 char *ctx = NULL;
512 ssize_t len = 0; 526 ssize_t len = 0;
@@ -518,7 +532,7 @@ static void audit_log_task_context(struct audit_buffer *ab, gfp_t gfp_mask)
518 return; 532 return;
519 } 533 }
520 534
521 ctx = kmalloc(len, gfp_mask); 535 ctx = kmalloc(len, GFP_KERNEL);
522 if (!ctx) 536 if (!ctx)
523 goto error_path; 537 goto error_path;
524 538
@@ -536,47 +550,46 @@ error_path:
536 return; 550 return;
537} 551}
538 552
539static void audit_log_task_info(struct audit_buffer *ab, gfp_t gfp_mask) 553static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
540{ 554{
541 char name[sizeof(current->comm)]; 555 char name[sizeof(tsk->comm)];
542 struct mm_struct *mm = current->mm; 556 struct mm_struct *mm = tsk->mm;
543 struct vm_area_struct *vma; 557 struct vm_area_struct *vma;
544 558
545 get_task_comm(name, current); 559 /* tsk == current */
560
561 get_task_comm(name, tsk);
546 audit_log_format(ab, " comm="); 562 audit_log_format(ab, " comm=");
547 audit_log_untrustedstring(ab, name); 563 audit_log_untrustedstring(ab, name);
548 564
549 if (!mm) 565 if (mm) {
550 return; 566 down_read(&mm->mmap_sem);
551 567 vma = mm->mmap;
552 /* 568 while (vma) {
553 * this is brittle; all callers that pass GFP_ATOMIC will have 569 if ((vma->vm_flags & VM_EXECUTABLE) &&
554 * NULL current->mm and we won't get here. 570 vma->vm_file) {
555 */ 571 audit_log_d_path(ab, "exe=",
556 down_read(&mm->mmap_sem); 572 vma->vm_file->f_dentry,
557 vma = mm->mmap; 573 vma->vm_file->f_vfsmnt);
558 while (vma) { 574 break;
559 if ((vma->vm_flags & VM_EXECUTABLE) && 575 }
560 vma->vm_file) { 576 vma = vma->vm_next;
561 audit_log_d_path(ab, "exe=",
562 vma->vm_file->f_dentry,
563 vma->vm_file->f_vfsmnt);
564 break;
565 } 577 }
566 vma = vma->vm_next; 578 up_read(&mm->mmap_sem);
567 } 579 }
568 up_read(&mm->mmap_sem); 580 audit_log_task_context(ab);
569 audit_log_task_context(ab, gfp_mask);
570} 581}
571 582
572static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask) 583static void audit_log_exit(struct audit_context *context, struct task_struct *tsk)
573{ 584{
574 int i; 585 int i, call_panic = 0;
575 struct audit_buffer *ab; 586 struct audit_buffer *ab;
576 struct audit_aux_data *aux; 587 struct audit_aux_data *aux;
577 const char *tty; 588 const char *tty;
578 589
579 ab = audit_log_start(context, gfp_mask, AUDIT_SYSCALL); 590 /* tsk == current */
591
592 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL);
580 if (!ab) 593 if (!ab)
581 return; /* audit_panic has been called */ 594 return; /* audit_panic has been called */
582 audit_log_format(ab, "arch=%x syscall=%d", 595 audit_log_format(ab, "arch=%x syscall=%d",
@@ -587,8 +600,8 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
587 audit_log_format(ab, " success=%s exit=%ld", 600 audit_log_format(ab, " success=%s exit=%ld",
588 (context->return_valid==AUDITSC_SUCCESS)?"yes":"no", 601 (context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
589 context->return_code); 602 context->return_code);
590 if (current->signal->tty && current->signal->tty->name) 603 if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
591 tty = current->signal->tty->name; 604 tty = tsk->signal->tty->name;
592 else 605 else
593 tty = "(none)"; 606 tty = "(none)";
594 audit_log_format(ab, 607 audit_log_format(ab,
@@ -607,12 +620,12 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
607 context->gid, 620 context->gid,
608 context->euid, context->suid, context->fsuid, 621 context->euid, context->suid, context->fsuid,
609 context->egid, context->sgid, context->fsgid, tty); 622 context->egid, context->sgid, context->fsgid, tty);
610 audit_log_task_info(ab, gfp_mask); 623 audit_log_task_info(ab, tsk);
611 audit_log_end(ab); 624 audit_log_end(ab);
612 625
613 for (aux = context->aux; aux; aux = aux->next) { 626 for (aux = context->aux; aux; aux = aux->next) {
614 627
615 ab = audit_log_start(context, gfp_mask, aux->type); 628 ab = audit_log_start(context, GFP_KERNEL, aux->type);
616 if (!ab) 629 if (!ab)
617 continue; /* audit_panic has been called */ 630 continue; /* audit_panic has been called */
618 631
@@ -620,8 +633,39 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
620 case AUDIT_IPC: { 633 case AUDIT_IPC: {
621 struct audit_aux_data_ipcctl *axi = (void *)aux; 634 struct audit_aux_data_ipcctl *axi = (void *)aux;
622 audit_log_format(ab, 635 audit_log_format(ab,
623 " qbytes=%lx iuid=%u igid=%u mode=%x obj=%s", 636 " qbytes=%lx iuid=%u igid=%u mode=%x",
624 axi->qbytes, axi->uid, axi->gid, axi->mode, axi->ctx); 637 axi->qbytes, axi->uid, axi->gid, axi->mode);
638 if (axi->osid != 0) {
639 char *ctx = NULL;
640 u32 len;
641 if (selinux_ctxid_to_string(
642 axi->osid, &ctx, &len)) {
643 audit_log_format(ab, " osid=%u",
644 axi->osid);
645 call_panic = 1;
646 } else
647 audit_log_format(ab, " obj=%s", ctx);
648 kfree(ctx);
649 }
650 break; }
651
652 case AUDIT_IPC_SET_PERM: {
653 struct audit_aux_data_ipcctl *axi = (void *)aux;
654 audit_log_format(ab,
655 " new qbytes=%lx new iuid=%u new igid=%u new mode=%x",
656 axi->qbytes, axi->uid, axi->gid, axi->mode);
657 if (axi->osid != 0) {
658 char *ctx = NULL;
659 u32 len;
660 if (selinux_ctxid_to_string(
661 axi->osid, &ctx, &len)) {
662 audit_log_format(ab, " osid=%u",
663 axi->osid);
664 call_panic = 1;
665 } else
666 audit_log_format(ab, " obj=%s", ctx);
667 kfree(ctx);
668 }
625 break; } 669 break; }
626 670
627 case AUDIT_SOCKETCALL: { 671 case AUDIT_SOCKETCALL: {
@@ -649,7 +693,7 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
649 } 693 }
650 694
651 if (context->pwd && context->pwdmnt) { 695 if (context->pwd && context->pwdmnt) {
652 ab = audit_log_start(context, gfp_mask, AUDIT_CWD); 696 ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD);
653 if (ab) { 697 if (ab) {
654 audit_log_d_path(ab, "cwd=", context->pwd, context->pwdmnt); 698 audit_log_d_path(ab, "cwd=", context->pwd, context->pwdmnt);
655 audit_log_end(ab); 699 audit_log_end(ab);
@@ -659,7 +703,7 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
659 unsigned long ino = context->names[i].ino; 703 unsigned long ino = context->names[i].ino;
660 unsigned long pino = context->names[i].pino; 704 unsigned long pino = context->names[i].pino;
661 705
662 ab = audit_log_start(context, gfp_mask, AUDIT_PATH); 706 ab = audit_log_start(context, GFP_KERNEL, AUDIT_PATH);
663 if (!ab) 707 if (!ab)
664 continue; /* audit_panic has been called */ 708 continue; /* audit_panic has been called */
665 709
@@ -685,32 +729,35 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
685 context->names[i].gid, 729 context->names[i].gid,
686 MAJOR(context->names[i].rdev), 730 MAJOR(context->names[i].rdev),
687 MINOR(context->names[i].rdev)); 731 MINOR(context->names[i].rdev));
688 if (context->names[i].ctx) { 732 if (context->names[i].osid != 0) {
689 audit_log_format(ab, " obj=%s", 733 char *ctx = NULL;
690 context->names[i].ctx); 734 u32 len;
735 if (selinux_ctxid_to_string(
736 context->names[i].osid, &ctx, &len)) {
737 audit_log_format(ab, " osid=%u",
738 context->names[i].osid);
739 call_panic = 2;
740 } else
741 audit_log_format(ab, " obj=%s", ctx);
742 kfree(ctx);
691 } 743 }
692 744
693 audit_log_end(ab); 745 audit_log_end(ab);
694 } 746 }
747 if (call_panic)
748 audit_panic("error converting sid to string");
695} 749}
696 750
697/** 751/**
698 * audit_free - free a per-task audit context 752 * audit_free - free a per-task audit context
699 * @tsk: task whose audit context block to free 753 * @tsk: task whose audit context block to free
700 * 754 *
701 * Called from copy_process and __put_task_struct. 755 * Called from copy_process and do_exit
702 */ 756 */
703void audit_free(struct task_struct *tsk) 757void audit_free(struct task_struct *tsk)
704{ 758{
705 struct audit_context *context; 759 struct audit_context *context;
706 760
707 /*
708 * No need to lock the task - when we execute audit_free()
709 * then the task has no external references anymore, and
710 * we are tearing it down. (The locking also confuses
711 * DEBUG_LOCKDEP - this freeing may occur in softirq
712 * contexts as well, via RCU.)
713 */
714 context = audit_get_context(tsk, 0, 0); 761 context = audit_get_context(tsk, 0, 0);
715 if (likely(!context)) 762 if (likely(!context))
716 return; 763 return;
@@ -719,8 +766,9 @@ void audit_free(struct task_struct *tsk)
719 * function (e.g., exit_group), then free context block. 766 * function (e.g., exit_group), then free context block.
720 * We use GFP_ATOMIC here because we might be doing this 767 * We use GFP_ATOMIC here because we might be doing this
721 * in the context of the idle thread */ 768 * in the context of the idle thread */
769 /* that can happen only if we are called from do_exit() */
722 if (context->in_syscall && context->auditable) 770 if (context->in_syscall && context->auditable)
723 audit_log_exit(context, GFP_ATOMIC); 771 audit_log_exit(context, tsk);
724 772
725 audit_free_context(context); 773 audit_free_context(context);
726} 774}
@@ -743,10 +791,11 @@ void audit_free(struct task_struct *tsk)
743 * will only be written if another part of the kernel requests that it 791 * will only be written if another part of the kernel requests that it
744 * be written). 792 * be written).
745 */ 793 */
746void audit_syscall_entry(struct task_struct *tsk, int arch, int major, 794void audit_syscall_entry(int arch, int major,
747 unsigned long a1, unsigned long a2, 795 unsigned long a1, unsigned long a2,
748 unsigned long a3, unsigned long a4) 796 unsigned long a3, unsigned long a4)
749{ 797{
798 struct task_struct *tsk = current;
750 struct audit_context *context = tsk->audit_context; 799 struct audit_context *context = tsk->audit_context;
751 enum audit_state state; 800 enum audit_state state;
752 801
@@ -824,22 +873,18 @@ void audit_syscall_entry(struct task_struct *tsk, int arch, int major,
824 * message), then write out the syscall information. In call cases, 873 * message), then write out the syscall information. In call cases,
825 * free the names stored from getname(). 874 * free the names stored from getname().
826 */ 875 */
827void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code) 876void audit_syscall_exit(int valid, long return_code)
828{ 877{
878 struct task_struct *tsk = current;
829 struct audit_context *context; 879 struct audit_context *context;
830 880
831 get_task_struct(tsk);
832 task_lock(tsk);
833 context = audit_get_context(tsk, valid, return_code); 881 context = audit_get_context(tsk, valid, return_code);
834 task_unlock(tsk);
835 882
836 /* Not having a context here is ok, since the parent may have
837 * called __put_task_struct. */
838 if (likely(!context)) 883 if (likely(!context))
839 goto out; 884 return;
840 885
841 if (context->in_syscall && context->auditable) 886 if (context->in_syscall && context->auditable)
842 audit_log_exit(context, GFP_KERNEL); 887 audit_log_exit(context, tsk);
843 888
844 context->in_syscall = 0; 889 context->in_syscall = 0;
845 context->auditable = 0; 890 context->auditable = 0;
@@ -854,8 +899,6 @@ void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code)
854 audit_free_aux(context); 899 audit_free_aux(context);
855 tsk->audit_context = context; 900 tsk->audit_context = context;
856 } 901 }
857 out:
858 put_task_struct(tsk);
859} 902}
860 903
861/** 904/**
@@ -936,40 +979,11 @@ void audit_putname(const char *name)
936#endif 979#endif
937} 980}
938 981
939void audit_inode_context(int idx, const struct inode *inode) 982static void audit_inode_context(int idx, const struct inode *inode)
940{ 983{
941 struct audit_context *context = current->audit_context; 984 struct audit_context *context = current->audit_context;
942 const char *suffix = security_inode_xattr_getsuffix();
943 char *ctx = NULL;
944 int len = 0;
945
946 if (!suffix)
947 goto ret;
948
949 len = security_inode_getsecurity(inode, suffix, NULL, 0, 0);
950 if (len == -EOPNOTSUPP)
951 goto ret;
952 if (len < 0)
953 goto error_path;
954
955 ctx = kmalloc(len, GFP_KERNEL);
956 if (!ctx)
957 goto error_path;
958 985
959 len = security_inode_getsecurity(inode, suffix, ctx, len, 0); 986 selinux_get_inode_sid(inode, &context->names[idx].osid);
960 if (len < 0)
961 goto error_path;
962
963 kfree(context->names[idx].ctx);
964 context->names[idx].ctx = ctx;
965 goto ret;
966
967error_path:
968 if (ctx)
969 kfree(ctx);
970 audit_panic("error in audit_inode_context");
971ret:
972 return;
973} 987}
974 988
975 989
@@ -1155,40 +1169,37 @@ uid_t audit_get_loginuid(struct audit_context *ctx)
1155 return ctx ? ctx->loginuid : -1; 1169 return ctx ? ctx->loginuid : -1;
1156} 1170}
1157 1171
1158static char *audit_ipc_context(struct kern_ipc_perm *ipcp) 1172/**
1173 * audit_ipc_obj - record audit data for ipc object
1174 * @ipcp: ipc permissions
1175 *
1176 * Returns 0 for success or NULL context or < 0 on error.
1177 */
1178int audit_ipc_obj(struct kern_ipc_perm *ipcp)
1159{ 1179{
1180 struct audit_aux_data_ipcctl *ax;
1160 struct audit_context *context = current->audit_context; 1181 struct audit_context *context = current->audit_context;
1161 char *ctx = NULL;
1162 int len = 0;
1163 1182
1164 if (likely(!context)) 1183 if (likely(!context))
1165 return NULL; 1184 return 0;
1166
1167 len = security_ipc_getsecurity(ipcp, NULL, 0);
1168 if (len == -EOPNOTSUPP)
1169 goto ret;
1170 if (len < 0)
1171 goto error_path;
1172
1173 ctx = kmalloc(len, GFP_ATOMIC);
1174 if (!ctx)
1175 goto error_path;
1176 1185
1177 len = security_ipc_getsecurity(ipcp, ctx, len); 1186 ax = kmalloc(sizeof(*ax), GFP_ATOMIC);
1178 if (len < 0) 1187 if (!ax)
1179 goto error_path; 1188 return -ENOMEM;
1180 1189
1181 return ctx; 1190 ax->uid = ipcp->uid;
1191 ax->gid = ipcp->gid;
1192 ax->mode = ipcp->mode;
1193 selinux_get_ipc_sid(ipcp, &ax->osid);
1182 1194
1183error_path: 1195 ax->d.type = AUDIT_IPC;
1184 kfree(ctx); 1196 ax->d.next = context->aux;
1185 audit_panic("error in audit_ipc_context"); 1197 context->aux = (void *)ax;
1186ret: 1198 return 0;
1187 return NULL;
1188} 1199}
1189 1200
1190/** 1201/**
1191 * audit_ipc_perms - record audit data for ipc 1202 * audit_ipc_set_perm - record audit data for new ipc permissions
1192 * @qbytes: msgq bytes 1203 * @qbytes: msgq bytes
1193 * @uid: msgq user id 1204 * @uid: msgq user id
1194 * @gid: msgq group id 1205 * @gid: msgq group id
@@ -1196,7 +1207,7 @@ ret:
1196 * 1207 *
1197 * Returns 0 for success or NULL context or < 0 on error. 1208 * Returns 0 for success or NULL context or < 0 on error.
1198 */ 1209 */
1199int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode, struct kern_ipc_perm *ipcp) 1210int audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode, struct kern_ipc_perm *ipcp)
1200{ 1211{
1201 struct audit_aux_data_ipcctl *ax; 1212 struct audit_aux_data_ipcctl *ax;
1202 struct audit_context *context = current->audit_context; 1213 struct audit_context *context = current->audit_context;
@@ -1212,9 +1223,9 @@ int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode, str
1212 ax->uid = uid; 1223 ax->uid = uid;
1213 ax->gid = gid; 1224 ax->gid = gid;
1214 ax->mode = mode; 1225 ax->mode = mode;
1215 ax->ctx = audit_ipc_context(ipcp); 1226 selinux_get_ipc_sid(ipcp, &ax->osid);
1216 1227
1217 ax->d.type = AUDIT_IPC; 1228 ax->d.type = AUDIT_IPC_SET_PERM;
1218 ax->d.next = context->aux; 1229 ax->d.next = context->aux;
1219 context->aux = (void *)ax; 1230 context->aux = (void *)ax;
1220 return 0; 1231 return 0;
diff --git a/kernel/exit.c b/kernel/exit.c
index f86434d7b3d1..e95b93282210 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -35,6 +35,7 @@
35#include <linux/futex.h> 35#include <linux/futex.h>
36#include <linux/compat.h> 36#include <linux/compat.h>
37#include <linux/pipe_fs_i.h> 37#include <linux/pipe_fs_i.h>
38#include <linux/audit.h> /* for audit_free() */
38 39
39#include <asm/uaccess.h> 40#include <asm/uaccess.h>
40#include <asm/unistd.h> 41#include <asm/unistd.h>
@@ -910,6 +911,8 @@ fastcall NORET_TYPE void do_exit(long code)
910 if (unlikely(tsk->compat_robust_list)) 911 if (unlikely(tsk->compat_robust_list))
911 compat_exit_robust_list(tsk); 912 compat_exit_robust_list(tsk);
912#endif 913#endif
914 if (unlikely(tsk->audit_context))
915 audit_free(tsk);
913 exit_mm(tsk); 916 exit_mm(tsk);
914 917
915 exit_sem(tsk); 918 exit_sem(tsk);
diff --git a/kernel/fork.c b/kernel/fork.c
index d2fa57d480d4..ac8100e3088a 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -114,8 +114,6 @@ void __put_task_struct(struct task_struct *tsk)
114 WARN_ON(atomic_read(&tsk->usage)); 114 WARN_ON(atomic_read(&tsk->usage));
115 WARN_ON(tsk == current); 115 WARN_ON(tsk == current);
116 116
117 if (unlikely(tsk->audit_context))
118 audit_free(tsk);
119 security_task_free(tsk); 117 security_task_free(tsk);
120 free_uid(tsk->user); 118 free_uid(tsk->user);
121 put_group_info(tsk->group_info); 119 put_group_info(tsk->group_info);
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index b8ea61f357e6..3862e73d14d7 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -56,6 +56,7 @@
56#include <linux/mm.h> 56#include <linux/mm.h>
57#include <linux/types.h> 57#include <linux/types.h>
58#include <linux/audit.h> 58#include <linux/audit.h>
59#include <linux/selinux.h>
59 60
60#include <net/sock.h> 61#include <net/sock.h>
61#include <net/scm.h> 62#include <net/scm.h>
@@ -1156,6 +1157,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
1156 NETLINK_CB(skb).dst_pid = dst_pid; 1157 NETLINK_CB(skb).dst_pid = dst_pid;
1157 NETLINK_CB(skb).dst_group = dst_group; 1158 NETLINK_CB(skb).dst_group = dst_group;
1158 NETLINK_CB(skb).loginuid = audit_get_loginuid(current->audit_context); 1159 NETLINK_CB(skb).loginuid = audit_get_loginuid(current->audit_context);
1160 selinux_get_task_sid(current, &(NETLINK_CB(skb).sid));
1159 memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); 1161 memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
1160 1162
1161 /* What can I do? Netlink is asynchronous, so that 1163 /* What can I do? Netlink is asynchronous, so that
diff --git a/net/socket.c b/net/socket.c
index 0ce12dfc7a71..02948b622bd2 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -267,6 +267,8 @@ int move_addr_to_user(void *kaddr, int klen, void __user *uaddr, int __user *ule
267 return -EINVAL; 267 return -EINVAL;
268 if(len) 268 if(len)
269 { 269 {
270 if (audit_sockaddr(klen, kaddr))
271 return -ENOMEM;
270 if(copy_to_user(uaddr,kaddr,len)) 272 if(copy_to_user(uaddr,kaddr,len))
271 return -EFAULT; 273 return -EFAULT;
272 } 274 }
diff --git a/security/dummy.c b/security/dummy.c
index fd99429278e9..8ccccccc12ac 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -563,11 +563,6 @@ static int dummy_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
563 return 0; 563 return 0;
564} 564}
565 565
566static int dummy_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
567{
568 return -EOPNOTSUPP;
569}
570
571static int dummy_msg_msg_alloc_security (struct msg_msg *msg) 566static int dummy_msg_msg_alloc_security (struct msg_msg *msg)
572{ 567{
573 return 0; 568 return 0;
@@ -976,7 +971,6 @@ void security_fixup_ops (struct security_operations *ops)
976 set_to_dummy_if_null(ops, task_reparent_to_init); 971 set_to_dummy_if_null(ops, task_reparent_to_init);
977 set_to_dummy_if_null(ops, task_to_inode); 972 set_to_dummy_if_null(ops, task_to_inode);
978 set_to_dummy_if_null(ops, ipc_permission); 973 set_to_dummy_if_null(ops, ipc_permission);
979 set_to_dummy_if_null(ops, ipc_getsecurity);
980 set_to_dummy_if_null(ops, msg_msg_alloc_security); 974 set_to_dummy_if_null(ops, msg_msg_alloc_security);
981 set_to_dummy_if_null(ops, msg_msg_free_security); 975 set_to_dummy_if_null(ops, msg_msg_free_security);
982 set_to_dummy_if_null(ops, msg_queue_alloc_security); 976 set_to_dummy_if_null(ops, msg_queue_alloc_security);
diff --git a/security/selinux/Makefile b/security/selinux/Makefile
index 688c0a267b62..faf2e02e4410 100644
--- a/security/selinux/Makefile
+++ b/security/selinux/Makefile
@@ -4,7 +4,7 @@
4 4
5obj-$(CONFIG_SECURITY_SELINUX) := selinux.o ss/ 5obj-$(CONFIG_SECURITY_SELINUX) := selinux.o ss/
6 6
7selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o 7selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o exports.o
8 8
9selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o 9selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o
10 10
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index ac5d69bb3377..a300702da527 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -800,7 +800,7 @@ out:
800int avc_ss_reset(u32 seqno) 800int avc_ss_reset(u32 seqno)
801{ 801{
802 struct avc_callback_node *c; 802 struct avc_callback_node *c;
803 int i, rc = 0; 803 int i, rc = 0, tmprc;
804 unsigned long flag; 804 unsigned long flag;
805 struct avc_node *node; 805 struct avc_node *node;
806 806
@@ -813,15 +813,16 @@ int avc_ss_reset(u32 seqno)
813 813
814 for (c = avc_callbacks; c; c = c->next) { 814 for (c = avc_callbacks; c; c = c->next) {
815 if (c->events & AVC_CALLBACK_RESET) { 815 if (c->events & AVC_CALLBACK_RESET) {
816 rc = c->callback(AVC_CALLBACK_RESET, 816 tmprc = c->callback(AVC_CALLBACK_RESET,
817 0, 0, 0, 0, NULL); 817 0, 0, 0, 0, NULL);
818 if (rc) 818 /* save the first error encountered for the return
819 goto out; 819 value and continue processing the callbacks */
820 if (!rc)
821 rc = tmprc;
820 } 822 }
821 } 823 }
822 824
823 avc_latest_notif_update(seqno, 0); 825 avc_latest_notif_update(seqno, 0);
824out:
825 return rc; 826 return rc;
826} 827}
827 828
diff --git a/security/selinux/exports.c b/security/selinux/exports.c
new file mode 100644
index 000000000000..ae4c73eb3085
--- /dev/null
+++ b/security/selinux/exports.c
@@ -0,0 +1,74 @@
1/*
2 * SELinux services exported to the rest of the kernel.
3 *
4 * Author: James Morris <jmorris@redhat.com>
5 *
6 * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com>
7 * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
8 * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2,
12 * as published by the Free Software Foundation.
13 */
14#include <linux/types.h>
15#include <linux/kernel.h>
16#include <linux/module.h>
17#include <linux/selinux.h>
18#include <linux/fs.h>
19#include <linux/ipc.h>
20
21#include "security.h"
22#include "objsec.h"
23
24void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid)
25{
26 struct task_security_struct *tsec = tsk->security;
27 if (selinux_enabled)
28 *ctxid = tsec->sid;
29 else
30 *ctxid = 0;
31}
32
33int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen)
34{
35 if (selinux_enabled)
36 return security_sid_to_context(ctxid, ctx, ctxlen);
37 else {
38 *ctx = NULL;
39 *ctxlen = 0;
40 }
41
42 return 0;
43}
44
45void selinux_get_inode_sid(const struct inode *inode, u32 *sid)
46{
47 if (selinux_enabled) {
48 struct inode_security_struct *isec = inode->i_security;
49 *sid = isec->sid;
50 return;
51 }
52 *sid = 0;
53}
54
55void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid)
56{
57 if (selinux_enabled) {
58 struct ipc_security_struct *isec = ipcp->security;
59 *sid = isec->sid;
60 return;
61 }
62 *sid = 0;
63}
64
65void selinux_get_task_sid(struct task_struct *tsk, u32 *sid)
66{
67 if (selinux_enabled) {
68 struct task_security_struct *tsec = tsk->security;
69 *sid = tsec->sid;
70 return;
71 }
72 *sid = 0;
73}
74
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index b61b9554bc27..3cf368a16448 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4052,13 +4052,6 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
4052 return ipc_has_perm(ipcp, av); 4052 return ipc_has_perm(ipcp, av);
4053} 4053}
4054 4054
4055static int selinux_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
4056{
4057 struct ipc_security_struct *isec = ipcp->security;
4058
4059 return selinux_getsecurity(isec->sid, buffer, size);
4060}
4061
4062/* module stacking operations */ 4055/* module stacking operations */
4063static int selinux_register_security (const char *name, struct security_operations *ops) 4056static int selinux_register_security (const char *name, struct security_operations *ops)
4064{ 4057{
@@ -4321,7 +4314,6 @@ static struct security_operations selinux_ops = {
4321 .task_to_inode = selinux_task_to_inode, 4314 .task_to_inode = selinux_task_to_inode,
4322 4315
4323 .ipc_permission = selinux_ipc_permission, 4316 .ipc_permission = selinux_ipc_permission,
4324 .ipc_getsecurity = selinux_ipc_getsecurity,
4325 4317
4326 .msg_msg_alloc_security = selinux_msg_msg_alloc_security, 4318 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
4327 .msg_msg_free_security = selinux_msg_msg_free_security, 4319 .msg_msg_free_security = selinux_msg_msg_free_security,
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c
index 84047f69f9c1..7bc5b6440f70 100644
--- a/security/selinux/ss/mls.c
+++ b/security/selinux/ss/mls.c
@@ -8,7 +8,7 @@
8 * 8 *
9 * Support for enhanced MLS infrastructure. 9 * Support for enhanced MLS infrastructure.
10 * 10 *
11 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 11 * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
12 */ 12 */
13 13
14#include <linux/kernel.h> 14#include <linux/kernel.h>
@@ -385,6 +385,34 @@ out:
385} 385}
386 386
387/* 387/*
388 * Set the MLS fields in the security context structure
389 * `context' based on the string representation in
390 * the string `str'. This function will allocate temporary memory with the
391 * given constraints of gfp_mask.
392 */
393int mls_from_string(char *str, struct context *context, gfp_t gfp_mask)
394{
395 char *tmpstr, *freestr;
396 int rc;
397
398 if (!selinux_mls_enabled)
399 return -EINVAL;
400
401 /* we need freestr because mls_context_to_sid will change
402 the value of tmpstr */
403 tmpstr = freestr = kstrdup(str, gfp_mask);
404 if (!tmpstr) {
405 rc = -ENOMEM;
406 } else {
407 rc = mls_context_to_sid(':', &tmpstr, context,
408 NULL, SECSID_NULL);
409 kfree(freestr);
410 }
411
412 return rc;
413}
414
415/*
388 * Copies the effective MLS range from `src' into `dst'. 416 * Copies the effective MLS range from `src' into `dst'.
389 */ 417 */
390static inline int mls_scopy_context(struct context *dst, 418static inline int mls_scopy_context(struct context *dst,
diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h
index 03de697c8058..fbb42f07dd7c 100644
--- a/security/selinux/ss/mls.h
+++ b/security/selinux/ss/mls.h
@@ -8,7 +8,7 @@
8 * 8 *
9 * Support for enhanced MLS infrastructure. 9 * Support for enhanced MLS infrastructure.
10 * 10 *
11 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 11 * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
12 */ 12 */
13 13
14#ifndef _SS_MLS_H_ 14#ifndef _SS_MLS_H_
@@ -27,6 +27,8 @@ int mls_context_to_sid(char oldc,
27 struct sidtab *s, 27 struct sidtab *s,
28 u32 def_sid); 28 u32 def_sid);
29 29
30int mls_from_string(char *str, struct context *context, gfp_t gfp_mask);
31
30int mls_convert_context(struct policydb *oldp, 32int mls_convert_context(struct policydb *oldp,
31 struct policydb *newp, 33 struct policydb *newp,
32 struct context *context); 34 struct context *context);
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 61492485de84..7177e98df7f3 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -7,12 +7,13 @@
7 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 7 * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
8 * 8 *
9 * Support for enhanced MLS infrastructure. 9 * Support for enhanced MLS infrastructure.
10 * Support for context based audit filters.
10 * 11 *
11 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> 12 * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com>
12 * 13 *
13 * Added conditional policy language extensions 14 * Added conditional policy language extensions
14 * 15 *
15 * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 16 * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc.
16 * Copyright (C) 2003 - 2004 Tresys Technology, LLC 17 * Copyright (C) 2003 - 2004 Tresys Technology, LLC
17 * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> 18 * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com>
18 * This program is free software; you can redistribute it and/or modify 19 * This program is free software; you can redistribute it and/or modify
@@ -1811,3 +1812,235 @@ out:
1811 POLICY_RDUNLOCK; 1812 POLICY_RDUNLOCK;
1812 return rc; 1813 return rc;
1813} 1814}
1815
1816struct selinux_audit_rule {
1817 u32 au_seqno;
1818 struct context au_ctxt;
1819};
1820
1821void selinux_audit_rule_free(struct selinux_audit_rule *rule)
1822{
1823 if (rule) {
1824 context_destroy(&rule->au_ctxt);
1825 kfree(rule);
1826 }
1827}
1828
1829int selinux_audit_rule_init(u32 field, u32 op, char *rulestr,
1830 struct selinux_audit_rule **rule)
1831{
1832 struct selinux_audit_rule *tmprule;
1833 struct role_datum *roledatum;
1834 struct type_datum *typedatum;
1835 struct user_datum *userdatum;
1836 int rc = 0;
1837
1838 *rule = NULL;
1839
1840 if (!ss_initialized)
1841 return -ENOTSUPP;
1842
1843 switch (field) {
1844 case AUDIT_SE_USER:
1845 case AUDIT_SE_ROLE:
1846 case AUDIT_SE_TYPE:
1847 /* only 'equals' and 'not equals' fit user, role, and type */
1848 if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL)
1849 return -EINVAL;
1850 break;
1851 case AUDIT_SE_SEN:
1852 case AUDIT_SE_CLR:
1853 /* we do not allow a range, indicated by the presense of '-' */
1854 if (strchr(rulestr, '-'))
1855 return -EINVAL;
1856 break;
1857 default:
1858 /* only the above fields are valid */
1859 return -EINVAL;
1860 }
1861
1862 tmprule = kzalloc(sizeof(struct selinux_audit_rule), GFP_KERNEL);
1863 if (!tmprule)
1864 return -ENOMEM;
1865
1866 context_init(&tmprule->au_ctxt);
1867
1868 POLICY_RDLOCK;
1869
1870 tmprule->au_seqno = latest_granting;
1871
1872 switch (field) {
1873 case AUDIT_SE_USER:
1874 userdatum = hashtab_search(policydb.p_users.table, rulestr);
1875 if (!userdatum)
1876 rc = -EINVAL;
1877 else
1878 tmprule->au_ctxt.user = userdatum->value;
1879 break;
1880 case AUDIT_SE_ROLE:
1881 roledatum = hashtab_search(policydb.p_roles.table, rulestr);
1882 if (!roledatum)
1883 rc = -EINVAL;
1884 else
1885 tmprule->au_ctxt.role = roledatum->value;
1886 break;
1887 case AUDIT_SE_TYPE:
1888 typedatum = hashtab_search(policydb.p_types.table, rulestr);
1889 if (!typedatum)
1890 rc = -EINVAL;
1891 else
1892 tmprule->au_ctxt.type = typedatum->value;
1893 break;
1894 case AUDIT_SE_SEN:
1895 case AUDIT_SE_CLR:
1896 rc = mls_from_string(rulestr, &tmprule->au_ctxt, GFP_ATOMIC);
1897 break;
1898 }
1899
1900 POLICY_RDUNLOCK;
1901
1902 if (rc) {
1903 selinux_audit_rule_free(tmprule);
1904 tmprule = NULL;
1905 }
1906
1907 *rule = tmprule;
1908
1909 return rc;
1910}
1911
1912int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op,
1913 struct selinux_audit_rule *rule,
1914 struct audit_context *actx)
1915{
1916 struct context *ctxt;
1917 struct mls_level *level;
1918 int match = 0;
1919
1920 if (!rule) {
1921 audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
1922 "selinux_audit_rule_match: missing rule\n");
1923 return -ENOENT;
1924 }
1925
1926 POLICY_RDLOCK;
1927
1928 if (rule->au_seqno < latest_granting) {
1929 audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
1930 "selinux_audit_rule_match: stale rule\n");
1931 match = -ESTALE;
1932 goto out;
1933 }
1934
1935 ctxt = sidtab_search(&sidtab, ctxid);
1936 if (!ctxt) {
1937 audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR,
1938 "selinux_audit_rule_match: unrecognized SID %d\n",
1939 ctxid);
1940 match = -ENOENT;
1941 goto out;
1942 }
1943
1944 /* a field/op pair that is not caught here will simply fall through
1945 without a match */
1946 switch (field) {
1947 case AUDIT_SE_USER:
1948 switch (op) {
1949 case AUDIT_EQUAL:
1950 match = (ctxt->user == rule->au_ctxt.user);
1951 break;
1952 case AUDIT_NOT_EQUAL:
1953 match = (ctxt->user != rule->au_ctxt.user);
1954 break;
1955 }
1956 break;
1957 case AUDIT_SE_ROLE:
1958 switch (op) {
1959 case AUDIT_EQUAL:
1960 match = (ctxt->role == rule->au_ctxt.role);
1961 break;
1962 case AUDIT_NOT_EQUAL:
1963 match = (ctxt->role != rule->au_ctxt.role);
1964 break;
1965 }
1966 break;
1967 case AUDIT_SE_TYPE:
1968 switch (op) {
1969 case AUDIT_EQUAL:
1970 match = (ctxt->type == rule->au_ctxt.type);
1971 break;
1972 case AUDIT_NOT_EQUAL:
1973 match = (ctxt->type != rule->au_ctxt.type);
1974 break;
1975 }
1976 break;
1977 case AUDIT_SE_SEN:
1978 case AUDIT_SE_CLR:
1979 level = (op == AUDIT_SE_SEN ?
1980 &ctxt->range.level[0] : &ctxt->range.level[1]);
1981 switch (op) {
1982 case AUDIT_EQUAL:
1983 match = mls_level_eq(&rule->au_ctxt.range.level[0],
1984 level);
1985 break;
1986 case AUDIT_NOT_EQUAL:
1987 match = !mls_level_eq(&rule->au_ctxt.range.level[0],
1988 level);
1989 break;
1990 case AUDIT_LESS_THAN:
1991 match = (mls_level_dom(&rule->au_ctxt.range.level[0],
1992 level) &&
1993 !mls_level_eq(&rule->au_ctxt.range.level[0],
1994 level));
1995 break;
1996 case AUDIT_LESS_THAN_OR_EQUAL:
1997 match = mls_level_dom(&rule->au_ctxt.range.level[0],
1998 level);
1999 break;
2000 case AUDIT_GREATER_THAN:
2001 match = (mls_level_dom(level,
2002 &rule->au_ctxt.range.level[0]) &&
2003 !mls_level_eq(level,
2004 &rule->au_ctxt.range.level[0]));
2005 break;
2006 case AUDIT_GREATER_THAN_OR_EQUAL:
2007 match = mls_level_dom(level,
2008 &rule->au_ctxt.range.level[0]);
2009 break;
2010 }
2011 }
2012
2013out:
2014 POLICY_RDUNLOCK;
2015 return match;
2016}
2017
2018static int (*aurule_callback)(void) = NULL;
2019
2020static int aurule_avc_callback(u32 event, u32 ssid, u32 tsid,
2021 u16 class, u32 perms, u32 *retained)
2022{
2023 int err = 0;
2024
2025 if (event == AVC_CALLBACK_RESET && aurule_callback)
2026 err = aurule_callback();
2027 return err;
2028}
2029
2030static int __init aurule_init(void)
2031{
2032 int err;
2033
2034 err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET,
2035 SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0);
2036 if (err)
2037 panic("avc_add_callback() failed, error %d\n", err);
2038
2039 return err;
2040}
2041__initcall(aurule_init);
2042
2043void selinux_audit_set_callback(int (*callback)(void))
2044{
2045 aurule_callback = callback;
2046}