diff options
author | Linus Torvalds <torvalds@g5.osdl.org> | 2006-05-02 00:43:05 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-05-02 00:43:05 -0400 |
commit | 532f57da408c5a5710075d17047e2d97bdfd22f3 (patch) | |
tree | 3fb378bea1816f637aeeed0df805d0c30969cfc3 | |
parent | 46c5ea3c9ae7fbc6e52a13c92e59d4fc7f4ca80a (diff) | |
parent | 2ad312d2093ae506ae0fa184d8d026b559083087 (diff) |
Merge branch 'audit.b10' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b10' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:
[PATCH] Audit Filter Performance
[PATCH] Rework of IPC auditing
[PATCH] More user space subject labels
[PATCH] Reworked patch for labels on user space messages
[PATCH] change lspp ipc auditing
[PATCH] audit inode patch
[PATCH] support for context based audit filtering, part 2
[PATCH] support for context based audit filtering
[PATCH] no need to wank with task_lock() and pinning task down in audit_syscall_exit()
[PATCH] drop task argument of audit_syscall_{entry,exit}
[PATCH] drop gfp_mask in audit_log_exit()
[PATCH] move call of audit_free() into do_exit()
[PATCH] sockaddr patch
[PATCH] deal with deadlocks in audit_free()
33 files changed, 1142 insertions, 275 deletions
diff --git a/arch/i386/kernel/ptrace.c b/arch/i386/kernel/ptrace.c index 506462ef36a0..fd7eaf7866e0 100644 --- a/arch/i386/kernel/ptrace.c +++ b/arch/i386/kernel/ptrace.c | |||
@@ -671,7 +671,7 @@ int do_syscall_trace(struct pt_regs *regs, int entryexit) | |||
671 | 671 | ||
672 | if (unlikely(current->audit_context)) { | 672 | if (unlikely(current->audit_context)) { |
673 | if (entryexit) | 673 | if (entryexit) |
674 | audit_syscall_exit(current, AUDITSC_RESULT(regs->eax), | 674 | audit_syscall_exit(AUDITSC_RESULT(regs->eax), |
675 | regs->eax); | 675 | regs->eax); |
676 | /* Debug traps, when using PTRACE_SINGLESTEP, must be sent only | 676 | /* Debug traps, when using PTRACE_SINGLESTEP, must be sent only |
677 | * on the syscall exit path. Normally, when TIF_SYSCALL_AUDIT is | 677 | * on the syscall exit path. Normally, when TIF_SYSCALL_AUDIT is |
@@ -720,14 +720,13 @@ int do_syscall_trace(struct pt_regs *regs, int entryexit) | |||
720 | ret = is_sysemu; | 720 | ret = is_sysemu; |
721 | out: | 721 | out: |
722 | if (unlikely(current->audit_context) && !entryexit) | 722 | if (unlikely(current->audit_context) && !entryexit) |
723 | audit_syscall_entry(current, AUDIT_ARCH_I386, regs->orig_eax, | 723 | audit_syscall_entry(AUDIT_ARCH_I386, regs->orig_eax, |
724 | regs->ebx, regs->ecx, regs->edx, regs->esi); | 724 | regs->ebx, regs->ecx, regs->edx, regs->esi); |
725 | if (ret == 0) | 725 | if (ret == 0) |
726 | return 0; | 726 | return 0; |
727 | 727 | ||
728 | regs->orig_eax = -1; /* force skip of syscall restarting */ | 728 | regs->orig_eax = -1; /* force skip of syscall restarting */ |
729 | if (unlikely(current->audit_context)) | 729 | if (unlikely(current->audit_context)) |
730 | audit_syscall_exit(current, AUDITSC_RESULT(regs->eax), | 730 | audit_syscall_exit(AUDITSC_RESULT(regs->eax), regs->eax); |
731 | regs->eax); | ||
732 | return 1; | 731 | return 1; |
733 | } | 732 | } |
diff --git a/arch/i386/kernel/vm86.c b/arch/i386/kernel/vm86.c index aee14fafd13d..00e0118e717c 100644 --- a/arch/i386/kernel/vm86.c +++ b/arch/i386/kernel/vm86.c | |||
@@ -312,7 +312,7 @@ static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk | |||
312 | 312 | ||
313 | /*call audit_syscall_exit since we do not exit via the normal paths */ | 313 | /*call audit_syscall_exit since we do not exit via the normal paths */ |
314 | if (unlikely(current->audit_context)) | 314 | if (unlikely(current->audit_context)) |
315 | audit_syscall_exit(current, AUDITSC_RESULT(eax), eax); | 315 | audit_syscall_exit(AUDITSC_RESULT(eax), eax); |
316 | 316 | ||
317 | __asm__ __volatile__( | 317 | __asm__ __volatile__( |
318 | "movl %0,%%esp\n\t" | 318 | "movl %0,%%esp\n\t" |
diff --git a/arch/ia64/kernel/ptrace.c b/arch/ia64/kernel/ptrace.c index 9887c8787e7a..e61e15e28d8b 100644 --- a/arch/ia64/kernel/ptrace.c +++ b/arch/ia64/kernel/ptrace.c | |||
@@ -1644,7 +1644,7 @@ syscall_trace_enter (long arg0, long arg1, long arg2, long arg3, | |||
1644 | arch = AUDIT_ARCH_IA64; | 1644 | arch = AUDIT_ARCH_IA64; |
1645 | } | 1645 | } |
1646 | 1646 | ||
1647 | audit_syscall_entry(current, arch, syscall, arg0, arg1, arg2, arg3); | 1647 | audit_syscall_entry(arch, syscall, arg0, arg1, arg2, arg3); |
1648 | } | 1648 | } |
1649 | 1649 | ||
1650 | } | 1650 | } |
@@ -1662,7 +1662,7 @@ syscall_trace_leave (long arg0, long arg1, long arg2, long arg3, | |||
1662 | 1662 | ||
1663 | if (success != AUDITSC_SUCCESS) | 1663 | if (success != AUDITSC_SUCCESS) |
1664 | result = -result; | 1664 | result = -result; |
1665 | audit_syscall_exit(current, success, result); | 1665 | audit_syscall_exit(success, result); |
1666 | } | 1666 | } |
1667 | 1667 | ||
1668 | if (test_thread_flag(TIF_SYSCALL_TRACE) | 1668 | if (test_thread_flag(TIF_SYSCALL_TRACE) |
diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c index f3106d0771b0..9b4733c12395 100644 --- a/arch/mips/kernel/ptrace.c +++ b/arch/mips/kernel/ptrace.c | |||
@@ -483,7 +483,7 @@ static inline int audit_arch(void) | |||
483 | asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit) | 483 | asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit) |
484 | { | 484 | { |
485 | if (unlikely(current->audit_context) && entryexit) | 485 | if (unlikely(current->audit_context) && entryexit) |
486 | audit_syscall_exit(current, AUDITSC_RESULT(regs->regs[2]), | 486 | audit_syscall_exit(AUDITSC_RESULT(regs->regs[2]), |
487 | regs->regs[2]); | 487 | regs->regs[2]); |
488 | 488 | ||
489 | if (!(current->ptrace & PT_PTRACED)) | 489 | if (!(current->ptrace & PT_PTRACED)) |
@@ -507,7 +507,7 @@ asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit) | |||
507 | } | 507 | } |
508 | out: | 508 | out: |
509 | if (unlikely(current->audit_context) && !entryexit) | 509 | if (unlikely(current->audit_context) && !entryexit) |
510 | audit_syscall_entry(current, audit_arch(), regs->regs[2], | 510 | audit_syscall_entry(audit_arch(), regs->regs[2], |
511 | regs->regs[4], regs->regs[5], | 511 | regs->regs[4], regs->regs[5], |
512 | regs->regs[6], regs->regs[7]); | 512 | regs->regs[6], regs->regs[7]); |
513 | } | 513 | } |
diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c index bcb83574335b..4a677d1bd4ef 100644 --- a/arch/powerpc/kernel/ptrace.c +++ b/arch/powerpc/kernel/ptrace.c | |||
@@ -538,7 +538,7 @@ void do_syscall_trace_enter(struct pt_regs *regs) | |||
538 | do_syscall_trace(); | 538 | do_syscall_trace(); |
539 | 539 | ||
540 | if (unlikely(current->audit_context)) | 540 | if (unlikely(current->audit_context)) |
541 | audit_syscall_entry(current, | 541 | audit_syscall_entry( |
542 | #ifdef CONFIG_PPC32 | 542 | #ifdef CONFIG_PPC32 |
543 | AUDIT_ARCH_PPC, | 543 | AUDIT_ARCH_PPC, |
544 | #else | 544 | #else |
@@ -556,8 +556,7 @@ void do_syscall_trace_leave(struct pt_regs *regs) | |||
556 | #endif | 556 | #endif |
557 | 557 | ||
558 | if (unlikely(current->audit_context)) | 558 | if (unlikely(current->audit_context)) |
559 | audit_syscall_exit(current, | 559 | audit_syscall_exit((regs->ccr&0x1000)?AUDITSC_FAILURE:AUDITSC_SUCCESS, |
560 | (regs->ccr&0x1000)?AUDITSC_FAILURE:AUDITSC_SUCCESS, | ||
561 | regs->result); | 560 | regs->result); |
562 | 561 | ||
563 | if ((test_thread_flag(TIF_SYSCALL_TRACE) | 562 | if ((test_thread_flag(TIF_SYSCALL_TRACE) |
diff --git a/arch/s390/kernel/ptrace.c b/arch/s390/kernel/ptrace.c index 37dfe33dab73..8f36504075ed 100644 --- a/arch/s390/kernel/ptrace.c +++ b/arch/s390/kernel/ptrace.c | |||
@@ -734,7 +734,7 @@ asmlinkage void | |||
734 | syscall_trace(struct pt_regs *regs, int entryexit) | 734 | syscall_trace(struct pt_regs *regs, int entryexit) |
735 | { | 735 | { |
736 | if (unlikely(current->audit_context) && entryexit) | 736 | if (unlikely(current->audit_context) && entryexit) |
737 | audit_syscall_exit(current, AUDITSC_RESULT(regs->gprs[2]), regs->gprs[2]); | 737 | audit_syscall_exit(AUDITSC_RESULT(regs->gprs[2]), regs->gprs[2]); |
738 | 738 | ||
739 | if (!test_thread_flag(TIF_SYSCALL_TRACE)) | 739 | if (!test_thread_flag(TIF_SYSCALL_TRACE)) |
740 | goto out; | 740 | goto out; |
@@ -761,8 +761,7 @@ syscall_trace(struct pt_regs *regs, int entryexit) | |||
761 | } | 761 | } |
762 | out: | 762 | out: |
763 | if (unlikely(current->audit_context) && !entryexit) | 763 | if (unlikely(current->audit_context) && !entryexit) |
764 | audit_syscall_entry(current, | 764 | audit_syscall_entry(test_thread_flag(TIF_31BIT)?AUDIT_ARCH_S390:AUDIT_ARCH_S390X, |
765 | test_thread_flag(TIF_31BIT)?AUDIT_ARCH_S390:AUDIT_ARCH_S390X, | ||
766 | regs->gprs[2], regs->orig_gpr2, regs->gprs[3], | 765 | regs->gprs[2], regs->orig_gpr2, regs->gprs[3], |
767 | regs->gprs[4], regs->gprs[5]); | 766 | regs->gprs[4], regs->gprs[5]); |
768 | } | 767 | } |
diff --git a/arch/sparc64/kernel/ptrace.c b/arch/sparc64/kernel/ptrace.c index 49e6dedd027d..d31975e6d6f6 100644 --- a/arch/sparc64/kernel/ptrace.c +++ b/arch/sparc64/kernel/ptrace.c | |||
@@ -653,7 +653,7 @@ asmlinkage void syscall_trace(struct pt_regs *regs, int syscall_exit_p) | |||
653 | if (unlikely(tstate & (TSTATE_XCARRY | TSTATE_ICARRY))) | 653 | if (unlikely(tstate & (TSTATE_XCARRY | TSTATE_ICARRY))) |
654 | result = AUDITSC_FAILURE; | 654 | result = AUDITSC_FAILURE; |
655 | 655 | ||
656 | audit_syscall_exit(current, result, regs->u_regs[UREG_I0]); | 656 | audit_syscall_exit(result, regs->u_regs[UREG_I0]); |
657 | } | 657 | } |
658 | 658 | ||
659 | if (!(current->ptrace & PT_PTRACED)) | 659 | if (!(current->ptrace & PT_PTRACED)) |
@@ -677,8 +677,7 @@ asmlinkage void syscall_trace(struct pt_regs *regs, int syscall_exit_p) | |||
677 | 677 | ||
678 | out: | 678 | out: |
679 | if (unlikely(current->audit_context) && !syscall_exit_p) | 679 | if (unlikely(current->audit_context) && !syscall_exit_p) |
680 | audit_syscall_entry(current, | 680 | audit_syscall_entry((test_thread_flag(TIF_32BIT) ? |
681 | (test_thread_flag(TIF_32BIT) ? | ||
682 | AUDIT_ARCH_SPARC : | 681 | AUDIT_ARCH_SPARC : |
683 | AUDIT_ARCH_SPARC64), | 682 | AUDIT_ARCH_SPARC64), |
684 | regs->u_regs[UREG_G1], | 683 | regs->u_regs[UREG_G1], |
diff --git a/arch/um/kernel/ptrace.c b/arch/um/kernel/ptrace.c index 60d2eda995c1..9a77fb3c269d 100644 --- a/arch/um/kernel/ptrace.c +++ b/arch/um/kernel/ptrace.c | |||
@@ -275,15 +275,13 @@ void syscall_trace(union uml_pt_regs *regs, int entryexit) | |||
275 | 275 | ||
276 | if (unlikely(current->audit_context)) { | 276 | if (unlikely(current->audit_context)) { |
277 | if (!entryexit) | 277 | if (!entryexit) |
278 | audit_syscall_entry(current, | 278 | audit_syscall_entry(HOST_AUDIT_ARCH, |
279 | HOST_AUDIT_ARCH, | ||
280 | UPT_SYSCALL_NR(regs), | 279 | UPT_SYSCALL_NR(regs), |
281 | UPT_SYSCALL_ARG1(regs), | 280 | UPT_SYSCALL_ARG1(regs), |
282 | UPT_SYSCALL_ARG2(regs), | 281 | UPT_SYSCALL_ARG2(regs), |
283 | UPT_SYSCALL_ARG3(regs), | 282 | UPT_SYSCALL_ARG3(regs), |
284 | UPT_SYSCALL_ARG4(regs)); | 283 | UPT_SYSCALL_ARG4(regs)); |
285 | else audit_syscall_exit(current, | 284 | else audit_syscall_exit(AUDITSC_RESULT(UPT_SYSCALL_RET(regs)), |
286 | AUDITSC_RESULT(UPT_SYSCALL_RET(regs)), | ||
287 | UPT_SYSCALL_RET(regs)); | 285 | UPT_SYSCALL_RET(regs)); |
288 | } | 286 | } |
289 | 287 | ||
diff --git a/arch/x86_64/kernel/ptrace.c b/arch/x86_64/kernel/ptrace.c index da8e7903d817..2d50024c9f30 100644 --- a/arch/x86_64/kernel/ptrace.c +++ b/arch/x86_64/kernel/ptrace.c | |||
@@ -600,12 +600,12 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs) | |||
600 | 600 | ||
601 | if (unlikely(current->audit_context)) { | 601 | if (unlikely(current->audit_context)) { |
602 | if (test_thread_flag(TIF_IA32)) { | 602 | if (test_thread_flag(TIF_IA32)) { |
603 | audit_syscall_entry(current, AUDIT_ARCH_I386, | 603 | audit_syscall_entry(AUDIT_ARCH_I386, |
604 | regs->orig_rax, | 604 | regs->orig_rax, |
605 | regs->rbx, regs->rcx, | 605 | regs->rbx, regs->rcx, |
606 | regs->rdx, regs->rsi); | 606 | regs->rdx, regs->rsi); |
607 | } else { | 607 | } else { |
608 | audit_syscall_entry(current, AUDIT_ARCH_X86_64, | 608 | audit_syscall_entry(AUDIT_ARCH_X86_64, |
609 | regs->orig_rax, | 609 | regs->orig_rax, |
610 | regs->rdi, regs->rsi, | 610 | regs->rdi, regs->rsi, |
611 | regs->rdx, regs->r10); | 611 | regs->rdx, regs->r10); |
@@ -616,7 +616,7 @@ asmlinkage void syscall_trace_enter(struct pt_regs *regs) | |||
616 | asmlinkage void syscall_trace_leave(struct pt_regs *regs) | 616 | asmlinkage void syscall_trace_leave(struct pt_regs *regs) |
617 | { | 617 | { |
618 | if (unlikely(current->audit_context)) | 618 | if (unlikely(current->audit_context)) |
619 | audit_syscall_exit(current, AUDITSC_RESULT(regs->rax), regs->rax); | 619 | audit_syscall_exit(AUDITSC_RESULT(regs->rax), regs->rax); |
620 | 620 | ||
621 | if ((test_thread_flag(TIF_SYSCALL_TRACE) | 621 | if ((test_thread_flag(TIF_SYSCALL_TRACE) |
622 | || test_thread_flag(TIF_SINGLESTEP)) | 622 | || test_thread_flag(TIF_SINGLESTEP)) |
diff --git a/include/linux/audit.h b/include/linux/audit.h index 1c47c59058c1..b74c148f14e3 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -83,6 +83,7 @@ | |||
83 | #define AUDIT_CONFIG_CHANGE 1305 /* Audit system configuration change */ | 83 | #define AUDIT_CONFIG_CHANGE 1305 /* Audit system configuration change */ |
84 | #define AUDIT_SOCKADDR 1306 /* sockaddr copied as syscall arg */ | 84 | #define AUDIT_SOCKADDR 1306 /* sockaddr copied as syscall arg */ |
85 | #define AUDIT_CWD 1307 /* Current working directory */ | 85 | #define AUDIT_CWD 1307 /* Current working directory */ |
86 | #define AUDIT_IPC_SET_PERM 1311 /* IPC new permissions record type */ | ||
86 | 87 | ||
87 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ | 88 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ |
88 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ | 89 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ |
@@ -145,6 +146,11 @@ | |||
145 | #define AUDIT_PERS 10 | 146 | #define AUDIT_PERS 10 |
146 | #define AUDIT_ARCH 11 | 147 | #define AUDIT_ARCH 11 |
147 | #define AUDIT_MSGTYPE 12 | 148 | #define AUDIT_MSGTYPE 12 |
149 | #define AUDIT_SE_USER 13 /* security label user */ | ||
150 | #define AUDIT_SE_ROLE 14 /* security label role */ | ||
151 | #define AUDIT_SE_TYPE 15 /* security label type */ | ||
152 | #define AUDIT_SE_SEN 16 /* security label sensitivity label */ | ||
153 | #define AUDIT_SE_CLR 17 /* security label clearance label */ | ||
148 | 154 | ||
149 | /* These are ONLY useful when checking | 155 | /* These are ONLY useful when checking |
150 | * at syscall exit time (AUDIT_AT_EXIT). */ | 156 | * at syscall exit time (AUDIT_AT_EXIT). */ |
@@ -287,10 +293,10 @@ struct netlink_skb_parms; | |||
287 | /* Public API */ | 293 | /* Public API */ |
288 | extern int audit_alloc(struct task_struct *task); | 294 | extern int audit_alloc(struct task_struct *task); |
289 | extern void audit_free(struct task_struct *task); | 295 | extern void audit_free(struct task_struct *task); |
290 | extern void audit_syscall_entry(struct task_struct *task, int arch, | 296 | extern void audit_syscall_entry(int arch, |
291 | int major, unsigned long a0, unsigned long a1, | 297 | int major, unsigned long a0, unsigned long a1, |
292 | unsigned long a2, unsigned long a3); | 298 | unsigned long a2, unsigned long a3); |
293 | extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code); | 299 | extern void audit_syscall_exit(int failed, long return_code); |
294 | extern void audit_getname(const char *name); | 300 | extern void audit_getname(const char *name); |
295 | extern void audit_putname(const char *name); | 301 | extern void audit_putname(const char *name); |
296 | extern void __audit_inode(const char *name, const struct inode *inode, unsigned flags); | 302 | extern void __audit_inode(const char *name, const struct inode *inode, unsigned flags); |
@@ -314,7 +320,8 @@ extern void auditsc_get_stamp(struct audit_context *ctx, | |||
314 | struct timespec *t, unsigned int *serial); | 320 | struct timespec *t, unsigned int *serial); |
315 | extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); | 321 | extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); |
316 | extern uid_t audit_get_loginuid(struct audit_context *ctx); | 322 | extern uid_t audit_get_loginuid(struct audit_context *ctx); |
317 | extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode, struct kern_ipc_perm *ipcp); | 323 | extern int audit_ipc_obj(struct kern_ipc_perm *ipcp); |
324 | extern int audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode, struct kern_ipc_perm *ipcp); | ||
318 | extern int audit_socketcall(int nargs, unsigned long *args); | 325 | extern int audit_socketcall(int nargs, unsigned long *args); |
319 | extern int audit_sockaddr(int len, void *addr); | 326 | extern int audit_sockaddr(int len, void *addr); |
320 | extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); | 327 | extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); |
@@ -323,8 +330,8 @@ extern int audit_set_macxattr(const char *name); | |||
323 | #else | 330 | #else |
324 | #define audit_alloc(t) ({ 0; }) | 331 | #define audit_alloc(t) ({ 0; }) |
325 | #define audit_free(t) do { ; } while (0) | 332 | #define audit_free(t) do { ; } while (0) |
326 | #define audit_syscall_entry(t,ta,a,b,c,d,e) do { ; } while (0) | 333 | #define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0) |
327 | #define audit_syscall_exit(t,f,r) do { ; } while (0) | 334 | #define audit_syscall_exit(f,r) do { ; } while (0) |
328 | #define audit_getname(n) do { ; } while (0) | 335 | #define audit_getname(n) do { ; } while (0) |
329 | #define audit_putname(n) do { ; } while (0) | 336 | #define audit_putname(n) do { ; } while (0) |
330 | #define __audit_inode(n,i,f) do { ; } while (0) | 337 | #define __audit_inode(n,i,f) do { ; } while (0) |
@@ -333,7 +340,8 @@ extern int audit_set_macxattr(const char *name); | |||
333 | #define audit_inode_child(d,i,p) do { ; } while (0) | 340 | #define audit_inode_child(d,i,p) do { ; } while (0) |
334 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) | 341 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) |
335 | #define audit_get_loginuid(c) ({ -1; }) | 342 | #define audit_get_loginuid(c) ({ -1; }) |
336 | #define audit_ipc_perms(q,u,g,m,i) ({ 0; }) | 343 | #define audit_ipc_obj(i) ({ 0; }) |
344 | #define audit_ipc_set_perm(q,u,g,m,i) ({ 0; }) | ||
337 | #define audit_socketcall(n,a) ({ 0; }) | 345 | #define audit_socketcall(n,a) ({ 0; }) |
338 | #define audit_sockaddr(len, addr) ({ 0; }) | 346 | #define audit_sockaddr(len, addr) ({ 0; }) |
339 | #define audit_avc_path(dentry, mnt) ({ 0; }) | 347 | #define audit_avc_path(dentry, mnt) ({ 0; }) |
@@ -366,7 +374,7 @@ extern void audit_log_d_path(struct audit_buffer *ab, | |||
366 | extern int audit_filter_user(struct netlink_skb_parms *cb, int type); | 374 | extern int audit_filter_user(struct netlink_skb_parms *cb, int type); |
367 | extern int audit_filter_type(int type); | 375 | extern int audit_filter_type(int type); |
368 | extern int audit_receive_filter(int type, int pid, int uid, int seq, | 376 | extern int audit_receive_filter(int type, int pid, int uid, int seq, |
369 | void *data, size_t datasz, uid_t loginuid); | 377 | void *data, size_t datasz, uid_t loginuid, u32 sid); |
370 | #else | 378 | #else |
371 | #define audit_log(c,g,t,f,...) do { ; } while (0) | 379 | #define audit_log(c,g,t,f,...) do { ; } while (0) |
372 | #define audit_log_start(c,g,t) ({ NULL; }) | 380 | #define audit_log_start(c,g,t) ({ NULL; }) |
diff --git a/include/linux/netlink.h b/include/linux/netlink.h index f8f3d1c927f8..87b8a5703ebc 100644 --- a/include/linux/netlink.h +++ b/include/linux/netlink.h | |||
@@ -143,6 +143,7 @@ struct netlink_skb_parms | |||
143 | __u32 dst_group; | 143 | __u32 dst_group; |
144 | kernel_cap_t eff_cap; | 144 | kernel_cap_t eff_cap; |
145 | __u32 loginuid; /* Login (audit) uid */ | 145 | __u32 loginuid; /* Login (audit) uid */ |
146 | __u32 sid; /* SELinux security id */ | ||
146 | }; | 147 | }; |
147 | 148 | ||
148 | #define NETLINK_CB(skb) (*(struct netlink_skb_parms*)&((skb)->cb)) | 149 | #define NETLINK_CB(skb) (*(struct netlink_skb_parms*)&((skb)->cb)) |
diff --git a/include/linux/security.h b/include/linux/security.h index aaa0a5cdbf75..1bab48f6aeac 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -869,11 +869,6 @@ struct swap_info_struct; | |||
869 | * @ipcp contains the kernel IPC permission structure | 869 | * @ipcp contains the kernel IPC permission structure |
870 | * @flag contains the desired (requested) permission set | 870 | * @flag contains the desired (requested) permission set |
871 | * Return 0 if permission is granted. | 871 | * Return 0 if permission is granted. |
872 | * @ipc_getsecurity: | ||
873 | * Copy the security label associated with the ipc object into | ||
874 | * @buffer. @buffer may be NULL to request the size of the buffer | ||
875 | * required. @size indicates the size of @buffer in bytes. Return | ||
876 | * number of bytes used/required on success. | ||
877 | * | 872 | * |
878 | * Security hooks for individual messages held in System V IPC message queues | 873 | * Security hooks for individual messages held in System V IPC message queues |
879 | * @msg_msg_alloc_security: | 874 | * @msg_msg_alloc_security: |
@@ -1223,7 +1218,6 @@ struct security_operations { | |||
1223 | void (*task_to_inode)(struct task_struct *p, struct inode *inode); | 1218 | void (*task_to_inode)(struct task_struct *p, struct inode *inode); |
1224 | 1219 | ||
1225 | int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); | 1220 | int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); |
1226 | int (*ipc_getsecurity)(struct kern_ipc_perm *ipcp, void *buffer, size_t size); | ||
1227 | 1221 | ||
1228 | int (*msg_msg_alloc_security) (struct msg_msg * msg); | 1222 | int (*msg_msg_alloc_security) (struct msg_msg * msg); |
1229 | void (*msg_msg_free_security) (struct msg_msg * msg); | 1223 | void (*msg_msg_free_security) (struct msg_msg * msg); |
@@ -1887,11 +1881,6 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp, | |||
1887 | return security_ops->ipc_permission (ipcp, flag); | 1881 | return security_ops->ipc_permission (ipcp, flag); |
1888 | } | 1882 | } |
1889 | 1883 | ||
1890 | static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size) | ||
1891 | { | ||
1892 | return security_ops->ipc_getsecurity(ipcp, buffer, size); | ||
1893 | } | ||
1894 | |||
1895 | static inline int security_msg_msg_alloc (struct msg_msg * msg) | 1884 | static inline int security_msg_msg_alloc (struct msg_msg * msg) |
1896 | { | 1885 | { |
1897 | return security_ops->msg_msg_alloc_security (msg); | 1886 | return security_ops->msg_msg_alloc_security (msg); |
@@ -2532,11 +2521,6 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp, | |||
2532 | return 0; | 2521 | return 0; |
2533 | } | 2522 | } |
2534 | 2523 | ||
2535 | static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size) | ||
2536 | { | ||
2537 | return -EOPNOTSUPP; | ||
2538 | } | ||
2539 | |||
2540 | static inline int security_msg_msg_alloc (struct msg_msg * msg) | 2524 | static inline int security_msg_msg_alloc (struct msg_msg * msg) |
2541 | { | 2525 | { |
2542 | return 0; | 2526 | return 0; |
diff --git a/include/linux/selinux.h b/include/linux/selinux.h new file mode 100644 index 000000000000..4047bcde4484 --- /dev/null +++ b/include/linux/selinux.h | |||
@@ -0,0 +1,177 @@ | |||
1 | /* | ||
2 | * SELinux services exported to the rest of the kernel. | ||
3 | * | ||
4 | * Author: James Morris <jmorris@redhat.com> | ||
5 | * | ||
6 | * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com> | ||
7 | * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> | ||
8 | * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com> | ||
9 | * | ||
10 | * This program is free software; you can redistribute it and/or modify | ||
11 | * it under the terms of the GNU General Public License version 2, | ||
12 | * as published by the Free Software Foundation. | ||
13 | */ | ||
14 | #ifndef _LINUX_SELINUX_H | ||
15 | #define _LINUX_SELINUX_H | ||
16 | |||
17 | struct selinux_audit_rule; | ||
18 | struct audit_context; | ||
19 | struct inode; | ||
20 | struct kern_ipc_perm; | ||
21 | |||
22 | #ifdef CONFIG_SECURITY_SELINUX | ||
23 | |||
24 | /** | ||
25 | * selinux_audit_rule_init - alloc/init an selinux audit rule structure. | ||
26 | * @field: the field this rule refers to | ||
27 | * @op: the operater the rule uses | ||
28 | * @rulestr: the text "target" of the rule | ||
29 | * @rule: pointer to the new rule structure returned via this | ||
30 | * | ||
31 | * Returns 0 if successful, -errno if not. On success, the rule structure | ||
32 | * will be allocated internally. The caller must free this structure with | ||
33 | * selinux_audit_rule_free() after use. | ||
34 | */ | ||
35 | int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, | ||
36 | struct selinux_audit_rule **rule); | ||
37 | |||
38 | /** | ||
39 | * selinux_audit_rule_free - free an selinux audit rule structure. | ||
40 | * @rule: pointer to the audit rule to be freed | ||
41 | * | ||
42 | * This will free all memory associated with the given rule. | ||
43 | * If @rule is NULL, no operation is performed. | ||
44 | */ | ||
45 | void selinux_audit_rule_free(struct selinux_audit_rule *rule); | ||
46 | |||
47 | /** | ||
48 | * selinux_audit_rule_match - determine if a context ID matches a rule. | ||
49 | * @ctxid: the context ID to check | ||
50 | * @field: the field this rule refers to | ||
51 | * @op: the operater the rule uses | ||
52 | * @rule: pointer to the audit rule to check against | ||
53 | * @actx: the audit context (can be NULL) associated with the check | ||
54 | * | ||
55 | * Returns 1 if the context id matches the rule, 0 if it does not, and | ||
56 | * -errno on failure. | ||
57 | */ | ||
58 | int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op, | ||
59 | struct selinux_audit_rule *rule, | ||
60 | struct audit_context *actx); | ||
61 | |||
62 | /** | ||
63 | * selinux_audit_set_callback - set the callback for policy reloads. | ||
64 | * @callback: the function to call when the policy is reloaded | ||
65 | * | ||
66 | * This sets the function callback function that will update the rules | ||
67 | * upon policy reloads. This callback should rebuild all existing rules | ||
68 | * using selinux_audit_rule_init(). | ||
69 | */ | ||
70 | void selinux_audit_set_callback(int (*callback)(void)); | ||
71 | |||
72 | /** | ||
73 | * selinux_task_ctxid - determine a context ID for a process. | ||
74 | * @tsk: the task object | ||
75 | * @ctxid: ID value returned via this | ||
76 | * | ||
77 | * On return, ctxid will contain an ID for the context. This value | ||
78 | * should only be used opaquely. | ||
79 | */ | ||
80 | void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid); | ||
81 | |||
82 | /** | ||
83 | * selinux_ctxid_to_string - map a security context ID to a string | ||
84 | * @ctxid: security context ID to be converted. | ||
85 | * @ctx: address of context string to be returned | ||
86 | * @ctxlen: length of returned context string. | ||
87 | * | ||
88 | * Returns 0 if successful, -errno if not. On success, the context | ||
89 | * string will be allocated internally, and the caller must call | ||
90 | * kfree() on it after use. | ||
91 | */ | ||
92 | int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen); | ||
93 | |||
94 | /** | ||
95 | * selinux_get_inode_sid - get the inode's security context ID | ||
96 | * @inode: inode structure to get the sid from. | ||
97 | * @sid: pointer to security context ID to be filled in. | ||
98 | * | ||
99 | * Returns nothing | ||
100 | */ | ||
101 | void selinux_get_inode_sid(const struct inode *inode, u32 *sid); | ||
102 | |||
103 | /** | ||
104 | * selinux_get_ipc_sid - get the ipc security context ID | ||
105 | * @ipcp: ipc structure to get the sid from. | ||
106 | * @sid: pointer to security context ID to be filled in. | ||
107 | * | ||
108 | * Returns nothing | ||
109 | */ | ||
110 | void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid); | ||
111 | |||
112 | /** | ||
113 | * selinux_get_task_sid - return the SID of task | ||
114 | * @tsk: the task whose SID will be returned | ||
115 | * @sid: pointer to security context ID to be filled in. | ||
116 | * | ||
117 | * Returns nothing | ||
118 | */ | ||
119 | void selinux_get_task_sid(struct task_struct *tsk, u32 *sid); | ||
120 | |||
121 | |||
122 | #else | ||
123 | |||
124 | static inline int selinux_audit_rule_init(u32 field, u32 op, | ||
125 | char *rulestr, | ||
126 | struct selinux_audit_rule **rule) | ||
127 | { | ||
128 | return -ENOTSUPP; | ||
129 | } | ||
130 | |||
131 | static inline void selinux_audit_rule_free(struct selinux_audit_rule *rule) | ||
132 | { | ||
133 | return; | ||
134 | } | ||
135 | |||
136 | static inline int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op, | ||
137 | struct selinux_audit_rule *rule, | ||
138 | struct audit_context *actx) | ||
139 | { | ||
140 | return 0; | ||
141 | } | ||
142 | |||
143 | static inline void selinux_audit_set_callback(int (*callback)(void)) | ||
144 | { | ||
145 | return; | ||
146 | } | ||
147 | |||
148 | static inline void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid) | ||
149 | { | ||
150 | *ctxid = 0; | ||
151 | } | ||
152 | |||
153 | static inline int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen) | ||
154 | { | ||
155 | *ctx = NULL; | ||
156 | *ctxlen = 0; | ||
157 | return 0; | ||
158 | } | ||
159 | |||
160 | static inline void selinux_get_inode_sid(const struct inode *inode, u32 *sid) | ||
161 | { | ||
162 | *sid = 0; | ||
163 | } | ||
164 | |||
165 | static inline void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid) | ||
166 | { | ||
167 | *sid = 0; | ||
168 | } | ||
169 | |||
170 | static inline void selinux_get_task_sid(struct task_struct *tsk, u32 *sid) | ||
171 | { | ||
172 | *sid = 0; | ||
173 | } | ||
174 | |||
175 | #endif /* CONFIG_SECURITY_SELINUX */ | ||
176 | |||
177 | #endif /* _LINUX_SELINUX_H */ | ||
@@ -13,6 +13,9 @@ | |||
13 | * mostly rewritten, threaded and wake-one semantics added | 13 | * mostly rewritten, threaded and wake-one semantics added |
14 | * MSGMAX limit removed, sysctl's added | 14 | * MSGMAX limit removed, sysctl's added |
15 | * (c) 1999 Manfred Spraul <manfred@colorfullife.com> | 15 | * (c) 1999 Manfred Spraul <manfred@colorfullife.com> |
16 | * | ||
17 | * support for audit of ipc object properties and permission changes | ||
18 | * Dustin Kirkland <dustin.kirkland@us.ibm.com> | ||
16 | */ | 19 | */ |
17 | 20 | ||
18 | #include <linux/capability.h> | 21 | #include <linux/capability.h> |
@@ -447,6 +450,11 @@ asmlinkage long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf) | |||
447 | if (msg_checkid(msq,msqid)) | 450 | if (msg_checkid(msq,msqid)) |
448 | goto out_unlock_up; | 451 | goto out_unlock_up; |
449 | ipcp = &msq->q_perm; | 452 | ipcp = &msq->q_perm; |
453 | |||
454 | err = audit_ipc_obj(ipcp); | ||
455 | if (err) | ||
456 | goto out_unlock_up; | ||
457 | |||
450 | err = -EPERM; | 458 | err = -EPERM; |
451 | if (current->euid != ipcp->cuid && | 459 | if (current->euid != ipcp->cuid && |
452 | current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN)) | 460 | current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN)) |
@@ -460,7 +468,8 @@ asmlinkage long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf) | |||
460 | switch (cmd) { | 468 | switch (cmd) { |
461 | case IPC_SET: | 469 | case IPC_SET: |
462 | { | 470 | { |
463 | if ((err = audit_ipc_perms(setbuf.qbytes, setbuf.uid, setbuf.gid, setbuf.mode, ipcp))) | 471 | err = audit_ipc_set_perm(setbuf.qbytes, setbuf.uid, setbuf.gid, setbuf.mode, ipcp); |
472 | if (err) | ||
464 | goto out_unlock_up; | 473 | goto out_unlock_up; |
465 | 474 | ||
466 | err = -EPERM; | 475 | err = -EPERM; |
@@ -61,6 +61,9 @@ | |||
61 | * (c) 2001 Red Hat Inc <alan@redhat.com> | 61 | * (c) 2001 Red Hat Inc <alan@redhat.com> |
62 | * Lockless wakeup | 62 | * Lockless wakeup |
63 | * (c) 2003 Manfred Spraul <manfred@colorfullife.com> | 63 | * (c) 2003 Manfred Spraul <manfred@colorfullife.com> |
64 | * | ||
65 | * support for audit of ipc object properties and permission changes | ||
66 | * Dustin Kirkland <dustin.kirkland@us.ibm.com> | ||
64 | */ | 67 | */ |
65 | 68 | ||
66 | #include <linux/config.h> | 69 | #include <linux/config.h> |
@@ -820,6 +823,11 @@ static int semctl_down(int semid, int semnum, int cmd, int version, union semun | |||
820 | goto out_unlock; | 823 | goto out_unlock; |
821 | } | 824 | } |
822 | ipcp = &sma->sem_perm; | 825 | ipcp = &sma->sem_perm; |
826 | |||
827 | err = audit_ipc_obj(ipcp); | ||
828 | if (err) | ||
829 | goto out_unlock; | ||
830 | |||
823 | if (current->euid != ipcp->cuid && | 831 | if (current->euid != ipcp->cuid && |
824 | current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN)) { | 832 | current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN)) { |
825 | err=-EPERM; | 833 | err=-EPERM; |
@@ -836,7 +844,8 @@ static int semctl_down(int semid, int semnum, int cmd, int version, union semun | |||
836 | err = 0; | 844 | err = 0; |
837 | break; | 845 | break; |
838 | case IPC_SET: | 846 | case IPC_SET: |
839 | if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid, setbuf.mode, ipcp))) | 847 | err = audit_ipc_set_perm(0, setbuf.uid, setbuf.gid, setbuf.mode, ipcp); |
848 | if (err) | ||
840 | goto out_unlock; | 849 | goto out_unlock; |
841 | ipcp->uid = setbuf.uid; | 850 | ipcp->uid = setbuf.uid; |
842 | ipcp->gid = setbuf.gid; | 851 | ipcp->gid = setbuf.gid; |
@@ -13,6 +13,8 @@ | |||
13 | * Shared /dev/zero support, Kanoj Sarcar <kanoj@sgi.com> | 13 | * Shared /dev/zero support, Kanoj Sarcar <kanoj@sgi.com> |
14 | * Move the mm functionality over to mm/shmem.c, Christoph Rohland <cr@sap.com> | 14 | * Move the mm functionality over to mm/shmem.c, Christoph Rohland <cr@sap.com> |
15 | * | 15 | * |
16 | * support for audit of ipc object properties and permission changes | ||
17 | * Dustin Kirkland <dustin.kirkland@us.ibm.com> | ||
16 | */ | 18 | */ |
17 | 19 | ||
18 | #include <linux/config.h> | 20 | #include <linux/config.h> |
@@ -542,6 +544,10 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf) | |||
542 | if(err) | 544 | if(err) |
543 | goto out_unlock; | 545 | goto out_unlock; |
544 | 546 | ||
547 | err = audit_ipc_obj(&(shp->shm_perm)); | ||
548 | if (err) | ||
549 | goto out_unlock; | ||
550 | |||
545 | if (!capable(CAP_IPC_LOCK)) { | 551 | if (!capable(CAP_IPC_LOCK)) { |
546 | err = -EPERM; | 552 | err = -EPERM; |
547 | if (current->euid != shp->shm_perm.uid && | 553 | if (current->euid != shp->shm_perm.uid && |
@@ -594,6 +600,10 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf) | |||
594 | if(err) | 600 | if(err) |
595 | goto out_unlock_up; | 601 | goto out_unlock_up; |
596 | 602 | ||
603 | err = audit_ipc_obj(&(shp->shm_perm)); | ||
604 | if (err) | ||
605 | goto out_unlock_up; | ||
606 | |||
597 | if (current->euid != shp->shm_perm.uid && | 607 | if (current->euid != shp->shm_perm.uid && |
598 | current->euid != shp->shm_perm.cuid && | 608 | current->euid != shp->shm_perm.cuid && |
599 | !capable(CAP_SYS_ADMIN)) { | 609 | !capable(CAP_SYS_ADMIN)) { |
@@ -627,12 +637,15 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf) | |||
627 | err=-EINVAL; | 637 | err=-EINVAL; |
628 | if(shp==NULL) | 638 | if(shp==NULL) |
629 | goto out_up; | 639 | goto out_up; |
630 | if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid, | ||
631 | setbuf.mode, &(shp->shm_perm)))) | ||
632 | goto out_unlock_up; | ||
633 | err = shm_checkid(shp,shmid); | 640 | err = shm_checkid(shp,shmid); |
634 | if(err) | 641 | if(err) |
635 | goto out_unlock_up; | 642 | goto out_unlock_up; |
643 | err = audit_ipc_obj(&(shp->shm_perm)); | ||
644 | if (err) | ||
645 | goto out_unlock_up; | ||
646 | err = audit_ipc_set_perm(0, setbuf.uid, setbuf.gid, setbuf.mode, &(shp->shm_perm)); | ||
647 | if (err) | ||
648 | goto out_unlock_up; | ||
636 | err=-EPERM; | 649 | err=-EPERM; |
637 | if (current->euid != shp->shm_perm.uid && | 650 | if (current->euid != shp->shm_perm.uid && |
638 | current->euid != shp->shm_perm.cuid && | 651 | current->euid != shp->shm_perm.cuid && |
diff --git a/ipc/util.c b/ipc/util.c index b3dcfad3b4f7..8193299f45f6 100644 --- a/ipc/util.c +++ b/ipc/util.c | |||
@@ -10,6 +10,8 @@ | |||
10 | * Manfred Spraul <manfred@colorfullife.com> | 10 | * Manfred Spraul <manfred@colorfullife.com> |
11 | * Oct 2002 - One lock per IPC id. RCU ipc_free for lock-free grow_ary(). | 11 | * Oct 2002 - One lock per IPC id. RCU ipc_free for lock-free grow_ary(). |
12 | * Mingming Cao <cmm@us.ibm.com> | 12 | * Mingming Cao <cmm@us.ibm.com> |
13 | * Mar 2006 - support for audit of ipc object properties | ||
14 | * Dustin Kirkland <dustin.kirkland@us.ibm.com> | ||
13 | */ | 15 | */ |
14 | 16 | ||
15 | #include <linux/config.h> | 17 | #include <linux/config.h> |
@@ -27,6 +29,7 @@ | |||
27 | #include <linux/workqueue.h> | 29 | #include <linux/workqueue.h> |
28 | #include <linux/seq_file.h> | 30 | #include <linux/seq_file.h> |
29 | #include <linux/proc_fs.h> | 31 | #include <linux/proc_fs.h> |
32 | #include <linux/audit.h> | ||
30 | 33 | ||
31 | #include <asm/unistd.h> | 34 | #include <asm/unistd.h> |
32 | 35 | ||
@@ -464,8 +467,10 @@ void ipc_rcu_putref(void *ptr) | |||
464 | 467 | ||
465 | int ipcperms (struct kern_ipc_perm *ipcp, short flag) | 468 | int ipcperms (struct kern_ipc_perm *ipcp, short flag) |
466 | { /* flag will most probably be 0 or S_...UGO from <linux/stat.h> */ | 469 | { /* flag will most probably be 0 or S_...UGO from <linux/stat.h> */ |
467 | int requested_mode, granted_mode; | 470 | int requested_mode, granted_mode, err; |
468 | 471 | ||
472 | if (unlikely((err = audit_ipc_obj(ipcp)))) | ||
473 | return err; | ||
469 | requested_mode = (flag >> 6) | (flag >> 3) | flag; | 474 | requested_mode = (flag >> 6) | (flag >> 3) | flag; |
470 | granted_mode = ipcp->mode; | 475 | granted_mode = ipcp->mode; |
471 | if (current->euid == ipcp->cuid || current->euid == ipcp->uid) | 476 | if (current->euid == ipcp->cuid || current->euid == ipcp->uid) |
diff --git a/kernel/audit.c b/kernel/audit.c index c8ccbd09048f..df57b493e1cb 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
@@ -55,6 +55,9 @@ | |||
55 | #include <net/netlink.h> | 55 | #include <net/netlink.h> |
56 | #include <linux/skbuff.h> | 56 | #include <linux/skbuff.h> |
57 | #include <linux/netlink.h> | 57 | #include <linux/netlink.h> |
58 | #include <linux/selinux.h> | ||
59 | |||
60 | #include "audit.h" | ||
58 | 61 | ||
59 | /* No auditing will take place until audit_initialized != 0. | 62 | /* No auditing will take place until audit_initialized != 0. |
60 | * (Initialization happens after skb_init is called.) */ | 63 | * (Initialization happens after skb_init is called.) */ |
@@ -227,49 +230,103 @@ void audit_log_lost(const char *message) | |||
227 | } | 230 | } |
228 | } | 231 | } |
229 | 232 | ||
230 | static int audit_set_rate_limit(int limit, uid_t loginuid) | 233 | static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sid) |
231 | { | 234 | { |
232 | int old = audit_rate_limit; | 235 | int old = audit_rate_limit; |
233 | audit_rate_limit = limit; | 236 | |
234 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | 237 | if (sid) { |
238 | char *ctx = NULL; | ||
239 | u32 len; | ||
240 | int rc; | ||
241 | if ((rc = selinux_ctxid_to_string(sid, &ctx, &len))) | ||
242 | return rc; | ||
243 | else | ||
244 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
245 | "audit_rate_limit=%d old=%d by auid=%u subj=%s", | ||
246 | limit, old, loginuid, ctx); | ||
247 | kfree(ctx); | ||
248 | } else | ||
249 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
235 | "audit_rate_limit=%d old=%d by auid=%u", | 250 | "audit_rate_limit=%d old=%d by auid=%u", |
236 | audit_rate_limit, old, loginuid); | 251 | limit, old, loginuid); |
252 | audit_rate_limit = limit; | ||
237 | return old; | 253 | return old; |
238 | } | 254 | } |
239 | 255 | ||
240 | static int audit_set_backlog_limit(int limit, uid_t loginuid) | 256 | static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid) |
241 | { | 257 | { |
242 | int old = audit_backlog_limit; | 258 | int old = audit_backlog_limit; |
243 | audit_backlog_limit = limit; | 259 | |
244 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | 260 | if (sid) { |
261 | char *ctx = NULL; | ||
262 | u32 len; | ||
263 | int rc; | ||
264 | if ((rc = selinux_ctxid_to_string(sid, &ctx, &len))) | ||
265 | return rc; | ||
266 | else | ||
267 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
268 | "audit_backlog_limit=%d old=%d by auid=%u subj=%s", | ||
269 | limit, old, loginuid, ctx); | ||
270 | kfree(ctx); | ||
271 | } else | ||
272 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
245 | "audit_backlog_limit=%d old=%d by auid=%u", | 273 | "audit_backlog_limit=%d old=%d by auid=%u", |
246 | audit_backlog_limit, old, loginuid); | 274 | limit, old, loginuid); |
275 | audit_backlog_limit = limit; | ||
247 | return old; | 276 | return old; |
248 | } | 277 | } |
249 | 278 | ||
250 | static int audit_set_enabled(int state, uid_t loginuid) | 279 | static int audit_set_enabled(int state, uid_t loginuid, u32 sid) |
251 | { | 280 | { |
252 | int old = audit_enabled; | 281 | int old = audit_enabled; |
282 | |||
253 | if (state != 0 && state != 1) | 283 | if (state != 0 && state != 1) |
254 | return -EINVAL; | 284 | return -EINVAL; |
255 | audit_enabled = state; | 285 | |
256 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | 286 | if (sid) { |
287 | char *ctx = NULL; | ||
288 | u32 len; | ||
289 | int rc; | ||
290 | if ((rc = selinux_ctxid_to_string(sid, &ctx, &len))) | ||
291 | return rc; | ||
292 | else | ||
293 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
294 | "audit_enabled=%d old=%d by auid=%u subj=%s", | ||
295 | state, old, loginuid, ctx); | ||
296 | kfree(ctx); | ||
297 | } else | ||
298 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
257 | "audit_enabled=%d old=%d by auid=%u", | 299 | "audit_enabled=%d old=%d by auid=%u", |
258 | audit_enabled, old, loginuid); | 300 | state, old, loginuid); |
301 | audit_enabled = state; | ||
259 | return old; | 302 | return old; |
260 | } | 303 | } |
261 | 304 | ||
262 | static int audit_set_failure(int state, uid_t loginuid) | 305 | static int audit_set_failure(int state, uid_t loginuid, u32 sid) |
263 | { | 306 | { |
264 | int old = audit_failure; | 307 | int old = audit_failure; |
308 | |||
265 | if (state != AUDIT_FAIL_SILENT | 309 | if (state != AUDIT_FAIL_SILENT |
266 | && state != AUDIT_FAIL_PRINTK | 310 | && state != AUDIT_FAIL_PRINTK |
267 | && state != AUDIT_FAIL_PANIC) | 311 | && state != AUDIT_FAIL_PANIC) |
268 | return -EINVAL; | 312 | return -EINVAL; |
269 | audit_failure = state; | 313 | |
270 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | 314 | if (sid) { |
315 | char *ctx = NULL; | ||
316 | u32 len; | ||
317 | int rc; | ||
318 | if ((rc = selinux_ctxid_to_string(sid, &ctx, &len))) | ||
319 | return rc; | ||
320 | else | ||
321 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
322 | "audit_failure=%d old=%d by auid=%u subj=%s", | ||
323 | state, old, loginuid, ctx); | ||
324 | kfree(ctx); | ||
325 | } else | ||
326 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
271 | "audit_failure=%d old=%d by auid=%u", | 327 | "audit_failure=%d old=%d by auid=%u", |
272 | audit_failure, old, loginuid); | 328 | state, old, loginuid); |
329 | audit_failure = state; | ||
273 | return old; | 330 | return old; |
274 | } | 331 | } |
275 | 332 | ||
@@ -387,7 +444,7 @@ static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type) | |||
387 | 444 | ||
388 | static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | 445 | static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) |
389 | { | 446 | { |
390 | u32 uid, pid, seq; | 447 | u32 uid, pid, seq, sid; |
391 | void *data; | 448 | void *data; |
392 | struct audit_status *status_get, status_set; | 449 | struct audit_status *status_get, status_set; |
393 | int err; | 450 | int err; |
@@ -413,6 +470,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
413 | pid = NETLINK_CREDS(skb)->pid; | 470 | pid = NETLINK_CREDS(skb)->pid; |
414 | uid = NETLINK_CREDS(skb)->uid; | 471 | uid = NETLINK_CREDS(skb)->uid; |
415 | loginuid = NETLINK_CB(skb).loginuid; | 472 | loginuid = NETLINK_CB(skb).loginuid; |
473 | sid = NETLINK_CB(skb).sid; | ||
416 | seq = nlh->nlmsg_seq; | 474 | seq = nlh->nlmsg_seq; |
417 | data = NLMSG_DATA(nlh); | 475 | data = NLMSG_DATA(nlh); |
418 | 476 | ||
@@ -433,25 +491,43 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
433 | return -EINVAL; | 491 | return -EINVAL; |
434 | status_get = (struct audit_status *)data; | 492 | status_get = (struct audit_status *)data; |
435 | if (status_get->mask & AUDIT_STATUS_ENABLED) { | 493 | if (status_get->mask & AUDIT_STATUS_ENABLED) { |
436 | err = audit_set_enabled(status_get->enabled, loginuid); | 494 | err = audit_set_enabled(status_get->enabled, |
495 | loginuid, sid); | ||
437 | if (err < 0) return err; | 496 | if (err < 0) return err; |
438 | } | 497 | } |
439 | if (status_get->mask & AUDIT_STATUS_FAILURE) { | 498 | if (status_get->mask & AUDIT_STATUS_FAILURE) { |
440 | err = audit_set_failure(status_get->failure, loginuid); | 499 | err = audit_set_failure(status_get->failure, |
500 | loginuid, sid); | ||
441 | if (err < 0) return err; | 501 | if (err < 0) return err; |
442 | } | 502 | } |
443 | if (status_get->mask & AUDIT_STATUS_PID) { | 503 | if (status_get->mask & AUDIT_STATUS_PID) { |
444 | int old = audit_pid; | 504 | int old = audit_pid; |
505 | if (sid) { | ||
506 | char *ctx = NULL; | ||
507 | u32 len; | ||
508 | int rc; | ||
509 | if ((rc = selinux_ctxid_to_string( | ||
510 | sid, &ctx, &len))) | ||
511 | return rc; | ||
512 | else | ||
513 | audit_log(NULL, GFP_KERNEL, | ||
514 | AUDIT_CONFIG_CHANGE, | ||
515 | "audit_pid=%d old=%d by auid=%u subj=%s", | ||
516 | status_get->pid, old, | ||
517 | loginuid, ctx); | ||
518 | kfree(ctx); | ||
519 | } else | ||
520 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
521 | "audit_pid=%d old=%d by auid=%u", | ||
522 | status_get->pid, old, loginuid); | ||
445 | audit_pid = status_get->pid; | 523 | audit_pid = status_get->pid; |
446 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
447 | "audit_pid=%d old=%d by auid=%u", | ||
448 | audit_pid, old, loginuid); | ||
449 | } | 524 | } |
450 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) | 525 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) |
451 | audit_set_rate_limit(status_get->rate_limit, loginuid); | 526 | audit_set_rate_limit(status_get->rate_limit, |
527 | loginuid, sid); | ||
452 | if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) | 528 | if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) |
453 | audit_set_backlog_limit(status_get->backlog_limit, | 529 | audit_set_backlog_limit(status_get->backlog_limit, |
454 | loginuid); | 530 | loginuid, sid); |
455 | break; | 531 | break; |
456 | case AUDIT_USER: | 532 | case AUDIT_USER: |
457 | case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: | 533 | case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: |
@@ -465,8 +541,23 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
465 | ab = audit_log_start(NULL, GFP_KERNEL, msg_type); | 541 | ab = audit_log_start(NULL, GFP_KERNEL, msg_type); |
466 | if (ab) { | 542 | if (ab) { |
467 | audit_log_format(ab, | 543 | audit_log_format(ab, |
468 | "user pid=%d uid=%u auid=%u msg='%.1024s'", | 544 | "user pid=%d uid=%u auid=%u", |
469 | pid, uid, loginuid, (char *)data); | 545 | pid, uid, loginuid); |
546 | if (sid) { | ||
547 | char *ctx = NULL; | ||
548 | u32 len; | ||
549 | if (selinux_ctxid_to_string( | ||
550 | sid, &ctx, &len)) { | ||
551 | audit_log_format(ab, | ||
552 | " ssid=%u", sid); | ||
553 | /* Maybe call audit_panic? */ | ||
554 | } else | ||
555 | audit_log_format(ab, | ||
556 | " subj=%s", ctx); | ||
557 | kfree(ctx); | ||
558 | } | ||
559 | audit_log_format(ab, " msg='%.1024s'", | ||
560 | (char *)data); | ||
470 | audit_set_pid(ab, pid); | 561 | audit_set_pid(ab, pid); |
471 | audit_log_end(ab); | 562 | audit_log_end(ab); |
472 | } | 563 | } |
@@ -480,7 +571,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
480 | case AUDIT_LIST: | 571 | case AUDIT_LIST: |
481 | err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, | 572 | err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, |
482 | uid, seq, data, nlmsg_len(nlh), | 573 | uid, seq, data, nlmsg_len(nlh), |
483 | loginuid); | 574 | loginuid, sid); |
484 | break; | 575 | break; |
485 | case AUDIT_ADD_RULE: | 576 | case AUDIT_ADD_RULE: |
486 | case AUDIT_DEL_RULE: | 577 | case AUDIT_DEL_RULE: |
@@ -490,7 +581,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
490 | case AUDIT_LIST_RULES: | 581 | case AUDIT_LIST_RULES: |
491 | err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, | 582 | err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, |
492 | uid, seq, data, nlmsg_len(nlh), | 583 | uid, seq, data, nlmsg_len(nlh), |
493 | loginuid); | 584 | loginuid, sid); |
494 | break; | 585 | break; |
495 | case AUDIT_SIGNAL_INFO: | 586 | case AUDIT_SIGNAL_INFO: |
496 | sig_data.uid = audit_sig_uid; | 587 | sig_data.uid = audit_sig_uid; |
@@ -564,6 +655,11 @@ static int __init audit_init(void) | |||
564 | skb_queue_head_init(&audit_skb_queue); | 655 | skb_queue_head_init(&audit_skb_queue); |
565 | audit_initialized = 1; | 656 | audit_initialized = 1; |
566 | audit_enabled = audit_default; | 657 | audit_enabled = audit_default; |
658 | |||
659 | /* Register the callback with selinux. This callback will be invoked | ||
660 | * when a new policy is loaded. */ | ||
661 | selinux_audit_set_callback(&selinux_audit_rule_update); | ||
662 | |||
567 | audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized"); | 663 | audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized"); |
568 | return 0; | 664 | return 0; |
569 | } | 665 | } |
diff --git a/kernel/audit.h b/kernel/audit.h index bc5392076e2b..6f733920fd32 100644 --- a/kernel/audit.h +++ b/kernel/audit.h | |||
@@ -54,9 +54,11 @@ enum audit_state { | |||
54 | 54 | ||
55 | /* Rule lists */ | 55 | /* Rule lists */ |
56 | struct audit_field { | 56 | struct audit_field { |
57 | u32 type; | 57 | u32 type; |
58 | u32 val; | 58 | u32 val; |
59 | u32 op; | 59 | u32 op; |
60 | char *se_str; | ||
61 | struct selinux_audit_rule *se_rule; | ||
60 | }; | 62 | }; |
61 | 63 | ||
62 | struct audit_krule { | 64 | struct audit_krule { |
@@ -86,3 +88,5 @@ extern void audit_send_reply(int pid, int seq, int type, | |||
86 | extern void audit_log_lost(const char *message); | 88 | extern void audit_log_lost(const char *message); |
87 | extern void audit_panic(const char *message); | 89 | extern void audit_panic(const char *message); |
88 | extern struct mutex audit_netlink_mutex; | 90 | extern struct mutex audit_netlink_mutex; |
91 | |||
92 | extern int selinux_audit_rule_update(void); | ||
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index d3a8539f3a83..7c134906d689 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
@@ -23,6 +23,7 @@ | |||
23 | #include <linux/audit.h> | 23 | #include <linux/audit.h> |
24 | #include <linux/kthread.h> | 24 | #include <linux/kthread.h> |
25 | #include <linux/netlink.h> | 25 | #include <linux/netlink.h> |
26 | #include <linux/selinux.h> | ||
26 | #include "audit.h" | 27 | #include "audit.h" |
27 | 28 | ||
28 | /* There are three lists of rules -- one to search at task creation | 29 | /* There are three lists of rules -- one to search at task creation |
@@ -42,6 +43,13 @@ struct list_head audit_filter_list[AUDIT_NR_FILTERS] = { | |||
42 | 43 | ||
43 | static inline void audit_free_rule(struct audit_entry *e) | 44 | static inline void audit_free_rule(struct audit_entry *e) |
44 | { | 45 | { |
46 | int i; | ||
47 | if (e->rule.fields) | ||
48 | for (i = 0; i < e->rule.field_count; i++) { | ||
49 | struct audit_field *f = &e->rule.fields[i]; | ||
50 | kfree(f->se_str); | ||
51 | selinux_audit_rule_free(f->se_rule); | ||
52 | } | ||
45 | kfree(e->rule.fields); | 53 | kfree(e->rule.fields); |
46 | kfree(e); | 54 | kfree(e); |
47 | } | 55 | } |
@@ -52,9 +60,29 @@ static inline void audit_free_rule_rcu(struct rcu_head *head) | |||
52 | audit_free_rule(e); | 60 | audit_free_rule(e); |
53 | } | 61 | } |
54 | 62 | ||
63 | /* Initialize an audit filterlist entry. */ | ||
64 | static inline struct audit_entry *audit_init_entry(u32 field_count) | ||
65 | { | ||
66 | struct audit_entry *entry; | ||
67 | struct audit_field *fields; | ||
68 | |||
69 | entry = kzalloc(sizeof(*entry), GFP_KERNEL); | ||
70 | if (unlikely(!entry)) | ||
71 | return NULL; | ||
72 | |||
73 | fields = kzalloc(sizeof(*fields) * field_count, GFP_KERNEL); | ||
74 | if (unlikely(!fields)) { | ||
75 | kfree(entry); | ||
76 | return NULL; | ||
77 | } | ||
78 | entry->rule.fields = fields; | ||
79 | |||
80 | return entry; | ||
81 | } | ||
82 | |||
55 | /* Unpack a filter field's string representation from user-space | 83 | /* Unpack a filter field's string representation from user-space |
56 | * buffer. */ | 84 | * buffer. */ |
57 | static __attribute__((unused)) char *audit_unpack_string(void **bufp, size_t *remain, size_t len) | 85 | static char *audit_unpack_string(void **bufp, size_t *remain, size_t len) |
58 | { | 86 | { |
59 | char *str; | 87 | char *str; |
60 | 88 | ||
@@ -84,7 +112,6 @@ static inline struct audit_entry *audit_to_entry_common(struct audit_rule *rule) | |||
84 | { | 112 | { |
85 | unsigned listnr; | 113 | unsigned listnr; |
86 | struct audit_entry *entry; | 114 | struct audit_entry *entry; |
87 | struct audit_field *fields; | ||
88 | int i, err; | 115 | int i, err; |
89 | 116 | ||
90 | err = -EINVAL; | 117 | err = -EINVAL; |
@@ -108,23 +135,14 @@ static inline struct audit_entry *audit_to_entry_common(struct audit_rule *rule) | |||
108 | goto exit_err; | 135 | goto exit_err; |
109 | 136 | ||
110 | err = -ENOMEM; | 137 | err = -ENOMEM; |
111 | entry = kmalloc(sizeof(*entry), GFP_KERNEL); | 138 | entry = audit_init_entry(rule->field_count); |
112 | if (unlikely(!entry)) | 139 | if (!entry) |
113 | goto exit_err; | ||
114 | fields = kmalloc(sizeof(*fields) * rule->field_count, GFP_KERNEL); | ||
115 | if (unlikely(!fields)) { | ||
116 | kfree(entry); | ||
117 | goto exit_err; | 140 | goto exit_err; |
118 | } | ||
119 | |||
120 | memset(&entry->rule, 0, sizeof(struct audit_krule)); | ||
121 | memset(fields, 0, sizeof(struct audit_field)); | ||
122 | 141 | ||
123 | entry->rule.flags = rule->flags & AUDIT_FILTER_PREPEND; | 142 | entry->rule.flags = rule->flags & AUDIT_FILTER_PREPEND; |
124 | entry->rule.listnr = listnr; | 143 | entry->rule.listnr = listnr; |
125 | entry->rule.action = rule->action; | 144 | entry->rule.action = rule->action; |
126 | entry->rule.field_count = rule->field_count; | 145 | entry->rule.field_count = rule->field_count; |
127 | entry->rule.fields = fields; | ||
128 | 146 | ||
129 | for (i = 0; i < AUDIT_BITMASK_SIZE; i++) | 147 | for (i = 0; i < AUDIT_BITMASK_SIZE; i++) |
130 | entry->rule.mask[i] = rule->mask[i]; | 148 | entry->rule.mask[i] = rule->mask[i]; |
@@ -150,15 +168,20 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule) | |||
150 | for (i = 0; i < rule->field_count; i++) { | 168 | for (i = 0; i < rule->field_count; i++) { |
151 | struct audit_field *f = &entry->rule.fields[i]; | 169 | struct audit_field *f = &entry->rule.fields[i]; |
152 | 170 | ||
153 | if (rule->fields[i] & AUDIT_UNUSED_BITS) { | ||
154 | err = -EINVAL; | ||
155 | goto exit_free; | ||
156 | } | ||
157 | |||
158 | f->op = rule->fields[i] & (AUDIT_NEGATE|AUDIT_OPERATORS); | 171 | f->op = rule->fields[i] & (AUDIT_NEGATE|AUDIT_OPERATORS); |
159 | f->type = rule->fields[i] & ~(AUDIT_NEGATE|AUDIT_OPERATORS); | 172 | f->type = rule->fields[i] & ~(AUDIT_NEGATE|AUDIT_OPERATORS); |
160 | f->val = rule->values[i]; | 173 | f->val = rule->values[i]; |
161 | 174 | ||
175 | if (f->type & AUDIT_UNUSED_BITS || | ||
176 | f->type == AUDIT_SE_USER || | ||
177 | f->type == AUDIT_SE_ROLE || | ||
178 | f->type == AUDIT_SE_TYPE || | ||
179 | f->type == AUDIT_SE_SEN || | ||
180 | f->type == AUDIT_SE_CLR) { | ||
181 | err = -EINVAL; | ||
182 | goto exit_free; | ||
183 | } | ||
184 | |||
162 | entry->rule.vers_ops = (f->op & AUDIT_OPERATORS) ? 2 : 1; | 185 | entry->rule.vers_ops = (f->op & AUDIT_OPERATORS) ? 2 : 1; |
163 | 186 | ||
164 | /* Support for legacy operators where | 187 | /* Support for legacy operators where |
@@ -188,8 +211,9 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, | |||
188 | int err = 0; | 211 | int err = 0; |
189 | struct audit_entry *entry; | 212 | struct audit_entry *entry; |
190 | void *bufp; | 213 | void *bufp; |
191 | /* size_t remain = datasz - sizeof(struct audit_rule_data); */ | 214 | size_t remain = datasz - sizeof(struct audit_rule_data); |
192 | int i; | 215 | int i; |
216 | char *str; | ||
193 | 217 | ||
194 | entry = audit_to_entry_common((struct audit_rule *)data); | 218 | entry = audit_to_entry_common((struct audit_rule *)data); |
195 | if (IS_ERR(entry)) | 219 | if (IS_ERR(entry)) |
@@ -207,10 +231,35 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, | |||
207 | 231 | ||
208 | f->op = data->fieldflags[i] & AUDIT_OPERATORS; | 232 | f->op = data->fieldflags[i] & AUDIT_OPERATORS; |
209 | f->type = data->fields[i]; | 233 | f->type = data->fields[i]; |
234 | f->val = data->values[i]; | ||
235 | f->se_str = NULL; | ||
236 | f->se_rule = NULL; | ||
210 | switch(f->type) { | 237 | switch(f->type) { |
211 | /* call type-specific conversion routines here */ | 238 | case AUDIT_SE_USER: |
212 | default: | 239 | case AUDIT_SE_ROLE: |
213 | f->val = data->values[i]; | 240 | case AUDIT_SE_TYPE: |
241 | case AUDIT_SE_SEN: | ||
242 | case AUDIT_SE_CLR: | ||
243 | str = audit_unpack_string(&bufp, &remain, f->val); | ||
244 | if (IS_ERR(str)) | ||
245 | goto exit_free; | ||
246 | entry->rule.buflen += f->val; | ||
247 | |||
248 | err = selinux_audit_rule_init(f->type, f->op, str, | ||
249 | &f->se_rule); | ||
250 | /* Keep currently invalid fields around in case they | ||
251 | * become valid after a policy reload. */ | ||
252 | if (err == -EINVAL) { | ||
253 | printk(KERN_WARNING "audit rule for selinux " | ||
254 | "\'%s\' is invalid\n", str); | ||
255 | err = 0; | ||
256 | } | ||
257 | if (err) { | ||
258 | kfree(str); | ||
259 | goto exit_free; | ||
260 | } else | ||
261 | f->se_str = str; | ||
262 | break; | ||
214 | } | 263 | } |
215 | } | 264 | } |
216 | 265 | ||
@@ -286,7 +335,14 @@ static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule) | |||
286 | data->fields[i] = f->type; | 335 | data->fields[i] = f->type; |
287 | data->fieldflags[i] = f->op; | 336 | data->fieldflags[i] = f->op; |
288 | switch(f->type) { | 337 | switch(f->type) { |
289 | /* call type-specific conversion routines here */ | 338 | case AUDIT_SE_USER: |
339 | case AUDIT_SE_ROLE: | ||
340 | case AUDIT_SE_TYPE: | ||
341 | case AUDIT_SE_SEN: | ||
342 | case AUDIT_SE_CLR: | ||
343 | data->buflen += data->values[i] = | ||
344 | audit_pack_string(&bufp, f->se_str); | ||
345 | break; | ||
290 | default: | 346 | default: |
291 | data->values[i] = f->val; | 347 | data->values[i] = f->val; |
292 | } | 348 | } |
@@ -314,7 +370,14 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b) | |||
314 | return 1; | 370 | return 1; |
315 | 371 | ||
316 | switch(a->fields[i].type) { | 372 | switch(a->fields[i].type) { |
317 | /* call type-specific comparison routines here */ | 373 | case AUDIT_SE_USER: |
374 | case AUDIT_SE_ROLE: | ||
375 | case AUDIT_SE_TYPE: | ||
376 | case AUDIT_SE_SEN: | ||
377 | case AUDIT_SE_CLR: | ||
378 | if (strcmp(a->fields[i].se_str, b->fields[i].se_str)) | ||
379 | return 1; | ||
380 | break; | ||
318 | default: | 381 | default: |
319 | if (a->fields[i].val != b->fields[i].val) | 382 | if (a->fields[i].val != b->fields[i].val) |
320 | return 1; | 383 | return 1; |
@@ -328,6 +391,81 @@ static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b) | |||
328 | return 0; | 391 | return 0; |
329 | } | 392 | } |
330 | 393 | ||
394 | /* Duplicate selinux field information. The se_rule is opaque, so must be | ||
395 | * re-initialized. */ | ||
396 | static inline int audit_dupe_selinux_field(struct audit_field *df, | ||
397 | struct audit_field *sf) | ||
398 | { | ||
399 | int ret = 0; | ||
400 | char *se_str; | ||
401 | |||
402 | /* our own copy of se_str */ | ||
403 | se_str = kstrdup(sf->se_str, GFP_KERNEL); | ||
404 | if (unlikely(IS_ERR(se_str))) | ||
405 | return -ENOMEM; | ||
406 | df->se_str = se_str; | ||
407 | |||
408 | /* our own (refreshed) copy of se_rule */ | ||
409 | ret = selinux_audit_rule_init(df->type, df->op, df->se_str, | ||
410 | &df->se_rule); | ||
411 | /* Keep currently invalid fields around in case they | ||
412 | * become valid after a policy reload. */ | ||
413 | if (ret == -EINVAL) { | ||
414 | printk(KERN_WARNING "audit rule for selinux \'%s\' is " | ||
415 | "invalid\n", df->se_str); | ||
416 | ret = 0; | ||
417 | } | ||
418 | |||
419 | return ret; | ||
420 | } | ||
421 | |||
422 | /* Duplicate an audit rule. This will be a deep copy with the exception | ||
423 | * of the watch - that pointer is carried over. The selinux specific fields | ||
424 | * will be updated in the copy. The point is to be able to replace the old | ||
425 | * rule with the new rule in the filterlist, then free the old rule. */ | ||
426 | static struct audit_entry *audit_dupe_rule(struct audit_krule *old) | ||
427 | { | ||
428 | u32 fcount = old->field_count; | ||
429 | struct audit_entry *entry; | ||
430 | struct audit_krule *new; | ||
431 | int i, err = 0; | ||
432 | |||
433 | entry = audit_init_entry(fcount); | ||
434 | if (unlikely(!entry)) | ||
435 | return ERR_PTR(-ENOMEM); | ||
436 | |||
437 | new = &entry->rule; | ||
438 | new->vers_ops = old->vers_ops; | ||
439 | new->flags = old->flags; | ||
440 | new->listnr = old->listnr; | ||
441 | new->action = old->action; | ||
442 | for (i = 0; i < AUDIT_BITMASK_SIZE; i++) | ||
443 | new->mask[i] = old->mask[i]; | ||
444 | new->buflen = old->buflen; | ||
445 | new->field_count = old->field_count; | ||
446 | memcpy(new->fields, old->fields, sizeof(struct audit_field) * fcount); | ||
447 | |||
448 | /* deep copy this information, updating the se_rule fields, because | ||
449 | * the originals will all be freed when the old rule is freed. */ | ||
450 | for (i = 0; i < fcount; i++) { | ||
451 | switch (new->fields[i].type) { | ||
452 | case AUDIT_SE_USER: | ||
453 | case AUDIT_SE_ROLE: | ||
454 | case AUDIT_SE_TYPE: | ||
455 | case AUDIT_SE_SEN: | ||
456 | case AUDIT_SE_CLR: | ||
457 | err = audit_dupe_selinux_field(&new->fields[i], | ||
458 | &old->fields[i]); | ||
459 | } | ||
460 | if (err) { | ||
461 | audit_free_rule(entry); | ||
462 | return ERR_PTR(err); | ||
463 | } | ||
464 | } | ||
465 | |||
466 | return entry; | ||
467 | } | ||
468 | |||
331 | /* Add rule to given filterlist if not a duplicate. Protected by | 469 | /* Add rule to given filterlist if not a duplicate. Protected by |
332 | * audit_netlink_mutex. */ | 470 | * audit_netlink_mutex. */ |
333 | static inline int audit_add_rule(struct audit_entry *entry, | 471 | static inline int audit_add_rule(struct audit_entry *entry, |
@@ -448,9 +586,10 @@ static int audit_list_rules(void *_dest) | |||
448 | * @data: payload data | 586 | * @data: payload data |
449 | * @datasz: size of payload data | 587 | * @datasz: size of payload data |
450 | * @loginuid: loginuid of sender | 588 | * @loginuid: loginuid of sender |
589 | * @sid: SE Linux Security ID of sender | ||
451 | */ | 590 | */ |
452 | int audit_receive_filter(int type, int pid, int uid, int seq, void *data, | 591 | int audit_receive_filter(int type, int pid, int uid, int seq, void *data, |
453 | size_t datasz, uid_t loginuid) | 592 | size_t datasz, uid_t loginuid, u32 sid) |
454 | { | 593 | { |
455 | struct task_struct *tsk; | 594 | struct task_struct *tsk; |
456 | int *dest; | 595 | int *dest; |
@@ -493,9 +632,23 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data, | |||
493 | 632 | ||
494 | err = audit_add_rule(entry, | 633 | err = audit_add_rule(entry, |
495 | &audit_filter_list[entry->rule.listnr]); | 634 | &audit_filter_list[entry->rule.listnr]); |
496 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | 635 | if (sid) { |
497 | "auid=%u add rule to list=%d res=%d\n", | 636 | char *ctx = NULL; |
498 | loginuid, entry->rule.listnr, !err); | 637 | u32 len; |
638 | if (selinux_ctxid_to_string(sid, &ctx, &len)) { | ||
639 | /* Maybe call audit_panic? */ | ||
640 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
641 | "auid=%u ssid=%u add rule to list=%d res=%d", | ||
642 | loginuid, sid, entry->rule.listnr, !err); | ||
643 | } else | ||
644 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
645 | "auid=%u subj=%s add rule to list=%d res=%d", | ||
646 | loginuid, ctx, entry->rule.listnr, !err); | ||
647 | kfree(ctx); | ||
648 | } else | ||
649 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
650 | "auid=%u add rule to list=%d res=%d", | ||
651 | loginuid, entry->rule.listnr, !err); | ||
499 | 652 | ||
500 | if (err) | 653 | if (err) |
501 | audit_free_rule(entry); | 654 | audit_free_rule(entry); |
@@ -511,9 +664,24 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data, | |||
511 | 664 | ||
512 | err = audit_del_rule(entry, | 665 | err = audit_del_rule(entry, |
513 | &audit_filter_list[entry->rule.listnr]); | 666 | &audit_filter_list[entry->rule.listnr]); |
514 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | 667 | |
515 | "auid=%u remove rule from list=%d res=%d\n", | 668 | if (sid) { |
516 | loginuid, entry->rule.listnr, !err); | 669 | char *ctx = NULL; |
670 | u32 len; | ||
671 | if (selinux_ctxid_to_string(sid, &ctx, &len)) { | ||
672 | /* Maybe call audit_panic? */ | ||
673 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
674 | "auid=%u ssid=%u remove rule from list=%d res=%d", | ||
675 | loginuid, sid, entry->rule.listnr, !err); | ||
676 | } else | ||
677 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
678 | "auid=%u subj=%s remove rule from list=%d res=%d", | ||
679 | loginuid, ctx, entry->rule.listnr, !err); | ||
680 | kfree(ctx); | ||
681 | } else | ||
682 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
683 | "auid=%u remove rule from list=%d res=%d", | ||
684 | loginuid, entry->rule.listnr, !err); | ||
517 | 685 | ||
518 | audit_free_rule(entry); | 686 | audit_free_rule(entry); |
519 | break; | 687 | break; |
@@ -628,3 +796,62 @@ unlock_and_return: | |||
628 | rcu_read_unlock(); | 796 | rcu_read_unlock(); |
629 | return result; | 797 | return result; |
630 | } | 798 | } |
799 | |||
800 | /* Check to see if the rule contains any selinux fields. Returns 1 if there | ||
801 | are selinux fields specified in the rule, 0 otherwise. */ | ||
802 | static inline int audit_rule_has_selinux(struct audit_krule *rule) | ||
803 | { | ||
804 | int i; | ||
805 | |||
806 | for (i = 0; i < rule->field_count; i++) { | ||
807 | struct audit_field *f = &rule->fields[i]; | ||
808 | switch (f->type) { | ||
809 | case AUDIT_SE_USER: | ||
810 | case AUDIT_SE_ROLE: | ||
811 | case AUDIT_SE_TYPE: | ||
812 | case AUDIT_SE_SEN: | ||
813 | case AUDIT_SE_CLR: | ||
814 | return 1; | ||
815 | } | ||
816 | } | ||
817 | |||
818 | return 0; | ||
819 | } | ||
820 | |||
821 | /* This function will re-initialize the se_rule field of all applicable rules. | ||
822 | * It will traverse the filter lists serarching for rules that contain selinux | ||
823 | * specific filter fields. When such a rule is found, it is copied, the | ||
824 | * selinux field is re-initialized, and the old rule is replaced with the | ||
825 | * updated rule. */ | ||
826 | int selinux_audit_rule_update(void) | ||
827 | { | ||
828 | struct audit_entry *entry, *n, *nentry; | ||
829 | int i, err = 0; | ||
830 | |||
831 | /* audit_netlink_mutex synchronizes the writers */ | ||
832 | mutex_lock(&audit_netlink_mutex); | ||
833 | |||
834 | for (i = 0; i < AUDIT_NR_FILTERS; i++) { | ||
835 | list_for_each_entry_safe(entry, n, &audit_filter_list[i], list) { | ||
836 | if (!audit_rule_has_selinux(&entry->rule)) | ||
837 | continue; | ||
838 | |||
839 | nentry = audit_dupe_rule(&entry->rule); | ||
840 | if (unlikely(IS_ERR(nentry))) { | ||
841 | /* save the first error encountered for the | ||
842 | * return value */ | ||
843 | if (!err) | ||
844 | err = PTR_ERR(nentry); | ||
845 | audit_panic("error updating selinux filters"); | ||
846 | list_del_rcu(&entry->list); | ||
847 | } else { | ||
848 | list_replace_rcu(&entry->list, &nentry->list); | ||
849 | } | ||
850 | call_rcu(&entry->rcu, audit_free_rule_rcu); | ||
851 | } | ||
852 | } | ||
853 | |||
854 | mutex_unlock(&audit_netlink_mutex); | ||
855 | |||
856 | return err; | ||
857 | } | ||
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 7f160df21a23..1c03a4ed1b27 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -58,6 +58,7 @@ | |||
58 | #include <linux/security.h> | 58 | #include <linux/security.h> |
59 | #include <linux/list.h> | 59 | #include <linux/list.h> |
60 | #include <linux/tty.h> | 60 | #include <linux/tty.h> |
61 | #include <linux/selinux.h> | ||
61 | 62 | ||
62 | #include "audit.h" | 63 | #include "audit.h" |
63 | 64 | ||
@@ -89,7 +90,7 @@ struct audit_names { | |||
89 | uid_t uid; | 90 | uid_t uid; |
90 | gid_t gid; | 91 | gid_t gid; |
91 | dev_t rdev; | 92 | dev_t rdev; |
92 | char *ctx; | 93 | u32 osid; |
93 | }; | 94 | }; |
94 | 95 | ||
95 | struct audit_aux_data { | 96 | struct audit_aux_data { |
@@ -106,7 +107,7 @@ struct audit_aux_data_ipcctl { | |||
106 | uid_t uid; | 107 | uid_t uid; |
107 | gid_t gid; | 108 | gid_t gid; |
108 | mode_t mode; | 109 | mode_t mode; |
109 | char *ctx; | 110 | u32 osid; |
110 | }; | 111 | }; |
111 | 112 | ||
112 | struct audit_aux_data_socketcall { | 113 | struct audit_aux_data_socketcall { |
@@ -167,7 +168,8 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
167 | struct audit_context *ctx, | 168 | struct audit_context *ctx, |
168 | enum audit_state *state) | 169 | enum audit_state *state) |
169 | { | 170 | { |
170 | int i, j; | 171 | int i, j, need_sid = 1; |
172 | u32 sid; | ||
171 | 173 | ||
172 | for (i = 0; i < rule->field_count; i++) { | 174 | for (i = 0; i < rule->field_count; i++) { |
173 | struct audit_field *f = &rule->fields[i]; | 175 | struct audit_field *f = &rule->fields[i]; |
@@ -257,6 +259,27 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
257 | if (ctx) | 259 | if (ctx) |
258 | result = audit_comparator(ctx->loginuid, f->op, f->val); | 260 | result = audit_comparator(ctx->loginuid, f->op, f->val); |
259 | break; | 261 | break; |
262 | case AUDIT_SE_USER: | ||
263 | case AUDIT_SE_ROLE: | ||
264 | case AUDIT_SE_TYPE: | ||
265 | case AUDIT_SE_SEN: | ||
266 | case AUDIT_SE_CLR: | ||
267 | /* NOTE: this may return negative values indicating | ||
268 | a temporary error. We simply treat this as a | ||
269 | match for now to avoid losing information that | ||
270 | may be wanted. An error message will also be | ||
271 | logged upon error */ | ||
272 | if (f->se_rule) { | ||
273 | if (need_sid) { | ||
274 | selinux_task_ctxid(tsk, &sid); | ||
275 | need_sid = 0; | ||
276 | } | ||
277 | result = selinux_audit_rule_match(sid, f->type, | ||
278 | f->op, | ||
279 | f->se_rule, | ||
280 | ctx); | ||
281 | } | ||
282 | break; | ||
260 | case AUDIT_ARG0: | 283 | case AUDIT_ARG0: |
261 | case AUDIT_ARG1: | 284 | case AUDIT_ARG1: |
262 | case AUDIT_ARG2: | 285 | case AUDIT_ARG2: |
@@ -329,7 +352,6 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, | |||
329 | return AUDIT_BUILD_CONTEXT; | 352 | return AUDIT_BUILD_CONTEXT; |
330 | } | 353 | } |
331 | 354 | ||
332 | /* This should be called with task_lock() held. */ | ||
333 | static inline struct audit_context *audit_get_context(struct task_struct *tsk, | 355 | static inline struct audit_context *audit_get_context(struct task_struct *tsk, |
334 | int return_valid, | 356 | int return_valid, |
335 | int return_code) | 357 | int return_code) |
@@ -391,9 +413,6 @@ static inline void audit_free_names(struct audit_context *context) | |||
391 | #endif | 413 | #endif |
392 | 414 | ||
393 | for (i = 0; i < context->name_count; i++) { | 415 | for (i = 0; i < context->name_count; i++) { |
394 | char *p = context->names[i].ctx; | ||
395 | context->names[i].ctx = NULL; | ||
396 | kfree(p); | ||
397 | if (context->names[i].name) | 416 | if (context->names[i].name) |
398 | __putname(context->names[i].name); | 417 | __putname(context->names[i].name); |
399 | } | 418 | } |
@@ -416,11 +435,6 @@ static inline void audit_free_aux(struct audit_context *context) | |||
416 | dput(axi->dentry); | 435 | dput(axi->dentry); |
417 | mntput(axi->mnt); | 436 | mntput(axi->mnt); |
418 | } | 437 | } |
419 | if ( aux->type == AUDIT_IPC ) { | ||
420 | struct audit_aux_data_ipcctl *axi = (void *)aux; | ||
421 | if (axi->ctx) | ||
422 | kfree(axi->ctx); | ||
423 | } | ||
424 | 438 | ||
425 | context->aux = aux->next; | 439 | context->aux = aux->next; |
426 | kfree(aux); | 440 | kfree(aux); |
@@ -506,7 +520,7 @@ static inline void audit_free_context(struct audit_context *context) | |||
506 | printk(KERN_ERR "audit: freed %d contexts\n", count); | 520 | printk(KERN_ERR "audit: freed %d contexts\n", count); |
507 | } | 521 | } |
508 | 522 | ||
509 | static void audit_log_task_context(struct audit_buffer *ab, gfp_t gfp_mask) | 523 | static void audit_log_task_context(struct audit_buffer *ab) |
510 | { | 524 | { |
511 | char *ctx = NULL; | 525 | char *ctx = NULL; |
512 | ssize_t len = 0; | 526 | ssize_t len = 0; |
@@ -518,7 +532,7 @@ static void audit_log_task_context(struct audit_buffer *ab, gfp_t gfp_mask) | |||
518 | return; | 532 | return; |
519 | } | 533 | } |
520 | 534 | ||
521 | ctx = kmalloc(len, gfp_mask); | 535 | ctx = kmalloc(len, GFP_KERNEL); |
522 | if (!ctx) | 536 | if (!ctx) |
523 | goto error_path; | 537 | goto error_path; |
524 | 538 | ||
@@ -536,47 +550,46 @@ error_path: | |||
536 | return; | 550 | return; |
537 | } | 551 | } |
538 | 552 | ||
539 | static void audit_log_task_info(struct audit_buffer *ab, gfp_t gfp_mask) | 553 | static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) |
540 | { | 554 | { |
541 | char name[sizeof(current->comm)]; | 555 | char name[sizeof(tsk->comm)]; |
542 | struct mm_struct *mm = current->mm; | 556 | struct mm_struct *mm = tsk->mm; |
543 | struct vm_area_struct *vma; | 557 | struct vm_area_struct *vma; |
544 | 558 | ||
545 | get_task_comm(name, current); | 559 | /* tsk == current */ |
560 | |||
561 | get_task_comm(name, tsk); | ||
546 | audit_log_format(ab, " comm="); | 562 | audit_log_format(ab, " comm="); |
547 | audit_log_untrustedstring(ab, name); | 563 | audit_log_untrustedstring(ab, name); |
548 | 564 | ||
549 | if (!mm) | 565 | if (mm) { |
550 | return; | 566 | down_read(&mm->mmap_sem); |
551 | 567 | vma = mm->mmap; | |
552 | /* | 568 | while (vma) { |
553 | * this is brittle; all callers that pass GFP_ATOMIC will have | 569 | if ((vma->vm_flags & VM_EXECUTABLE) && |
554 | * NULL current->mm and we won't get here. | 570 | vma->vm_file) { |
555 | */ | 571 | audit_log_d_path(ab, "exe=", |
556 | down_read(&mm->mmap_sem); | 572 | vma->vm_file->f_dentry, |
557 | vma = mm->mmap; | 573 | vma->vm_file->f_vfsmnt); |
558 | while (vma) { | 574 | break; |
559 | if ((vma->vm_flags & VM_EXECUTABLE) && | 575 | } |
560 | vma->vm_file) { | 576 | vma = vma->vm_next; |
561 | audit_log_d_path(ab, "exe=", | ||
562 | vma->vm_file->f_dentry, | ||
563 | vma->vm_file->f_vfsmnt); | ||
564 | break; | ||
565 | } | 577 | } |
566 | vma = vma->vm_next; | 578 | up_read(&mm->mmap_sem); |
567 | } | 579 | } |
568 | up_read(&mm->mmap_sem); | 580 | audit_log_task_context(ab); |
569 | audit_log_task_context(ab, gfp_mask); | ||
570 | } | 581 | } |
571 | 582 | ||
572 | static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask) | 583 | static void audit_log_exit(struct audit_context *context, struct task_struct *tsk) |
573 | { | 584 | { |
574 | int i; | 585 | int i, call_panic = 0; |
575 | struct audit_buffer *ab; | 586 | struct audit_buffer *ab; |
576 | struct audit_aux_data *aux; | 587 | struct audit_aux_data *aux; |
577 | const char *tty; | 588 | const char *tty; |
578 | 589 | ||
579 | ab = audit_log_start(context, gfp_mask, AUDIT_SYSCALL); | 590 | /* tsk == current */ |
591 | |||
592 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL); | ||
580 | if (!ab) | 593 | if (!ab) |
581 | return; /* audit_panic has been called */ | 594 | return; /* audit_panic has been called */ |
582 | audit_log_format(ab, "arch=%x syscall=%d", | 595 | audit_log_format(ab, "arch=%x syscall=%d", |
@@ -587,8 +600,8 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask) | |||
587 | audit_log_format(ab, " success=%s exit=%ld", | 600 | audit_log_format(ab, " success=%s exit=%ld", |
588 | (context->return_valid==AUDITSC_SUCCESS)?"yes":"no", | 601 | (context->return_valid==AUDITSC_SUCCESS)?"yes":"no", |
589 | context->return_code); | 602 | context->return_code); |
590 | if (current->signal->tty && current->signal->tty->name) | 603 | if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name) |
591 | tty = current->signal->tty->name; | 604 | tty = tsk->signal->tty->name; |
592 | else | 605 | else |
593 | tty = "(none)"; | 606 | tty = "(none)"; |
594 | audit_log_format(ab, | 607 | audit_log_format(ab, |
@@ -607,12 +620,12 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask) | |||
607 | context->gid, | 620 | context->gid, |
608 | context->euid, context->suid, context->fsuid, | 621 | context->euid, context->suid, context->fsuid, |
609 | context->egid, context->sgid, context->fsgid, tty); | 622 | context->egid, context->sgid, context->fsgid, tty); |
610 | audit_log_task_info(ab, gfp_mask); | 623 | audit_log_task_info(ab, tsk); |
611 | audit_log_end(ab); | 624 | audit_log_end(ab); |
612 | 625 | ||
613 | for (aux = context->aux; aux; aux = aux->next) { | 626 | for (aux = context->aux; aux; aux = aux->next) { |
614 | 627 | ||
615 | ab = audit_log_start(context, gfp_mask, aux->type); | 628 | ab = audit_log_start(context, GFP_KERNEL, aux->type); |
616 | if (!ab) | 629 | if (!ab) |
617 | continue; /* audit_panic has been called */ | 630 | continue; /* audit_panic has been called */ |
618 | 631 | ||
@@ -620,8 +633,39 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask) | |||
620 | case AUDIT_IPC: { | 633 | case AUDIT_IPC: { |
621 | struct audit_aux_data_ipcctl *axi = (void *)aux; | 634 | struct audit_aux_data_ipcctl *axi = (void *)aux; |
622 | audit_log_format(ab, | 635 | audit_log_format(ab, |
623 | " qbytes=%lx iuid=%u igid=%u mode=%x obj=%s", | 636 | " qbytes=%lx iuid=%u igid=%u mode=%x", |
624 | axi->qbytes, axi->uid, axi->gid, axi->mode, axi->ctx); | 637 | axi->qbytes, axi->uid, axi->gid, axi->mode); |
638 | if (axi->osid != 0) { | ||
639 | char *ctx = NULL; | ||
640 | u32 len; | ||
641 | if (selinux_ctxid_to_string( | ||
642 | axi->osid, &ctx, &len)) { | ||
643 | audit_log_format(ab, " osid=%u", | ||
644 | axi->osid); | ||
645 | call_panic = 1; | ||
646 | } else | ||
647 | audit_log_format(ab, " obj=%s", ctx); | ||
648 | kfree(ctx); | ||
649 | } | ||
650 | break; } | ||
651 | |||
652 | case AUDIT_IPC_SET_PERM: { | ||
653 | struct audit_aux_data_ipcctl *axi = (void *)aux; | ||
654 | audit_log_format(ab, | ||
655 | " new qbytes=%lx new iuid=%u new igid=%u new mode=%x", | ||
656 | axi->qbytes, axi->uid, axi->gid, axi->mode); | ||
657 | if (axi->osid != 0) { | ||
658 | char *ctx = NULL; | ||
659 | u32 len; | ||
660 | if (selinux_ctxid_to_string( | ||
661 | axi->osid, &ctx, &len)) { | ||
662 | audit_log_format(ab, " osid=%u", | ||
663 | axi->osid); | ||
664 | call_panic = 1; | ||
665 | } else | ||
666 | audit_log_format(ab, " obj=%s", ctx); | ||
667 | kfree(ctx); | ||
668 | } | ||
625 | break; } | 669 | break; } |
626 | 670 | ||
627 | case AUDIT_SOCKETCALL: { | 671 | case AUDIT_SOCKETCALL: { |
@@ -649,7 +693,7 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask) | |||
649 | } | 693 | } |
650 | 694 | ||
651 | if (context->pwd && context->pwdmnt) { | 695 | if (context->pwd && context->pwdmnt) { |
652 | ab = audit_log_start(context, gfp_mask, AUDIT_CWD); | 696 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD); |
653 | if (ab) { | 697 | if (ab) { |
654 | audit_log_d_path(ab, "cwd=", context->pwd, context->pwdmnt); | 698 | audit_log_d_path(ab, "cwd=", context->pwd, context->pwdmnt); |
655 | audit_log_end(ab); | 699 | audit_log_end(ab); |
@@ -659,7 +703,7 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask) | |||
659 | unsigned long ino = context->names[i].ino; | 703 | unsigned long ino = context->names[i].ino; |
660 | unsigned long pino = context->names[i].pino; | 704 | unsigned long pino = context->names[i].pino; |
661 | 705 | ||
662 | ab = audit_log_start(context, gfp_mask, AUDIT_PATH); | 706 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_PATH); |
663 | if (!ab) | 707 | if (!ab) |
664 | continue; /* audit_panic has been called */ | 708 | continue; /* audit_panic has been called */ |
665 | 709 | ||
@@ -685,32 +729,35 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask) | |||
685 | context->names[i].gid, | 729 | context->names[i].gid, |
686 | MAJOR(context->names[i].rdev), | 730 | MAJOR(context->names[i].rdev), |
687 | MINOR(context->names[i].rdev)); | 731 | MINOR(context->names[i].rdev)); |
688 | if (context->names[i].ctx) { | 732 | if (context->names[i].osid != 0) { |
689 | audit_log_format(ab, " obj=%s", | 733 | char *ctx = NULL; |
690 | context->names[i].ctx); | 734 | u32 len; |
735 | if (selinux_ctxid_to_string( | ||
736 | context->names[i].osid, &ctx, &len)) { | ||
737 | audit_log_format(ab, " osid=%u", | ||
738 | context->names[i].osid); | ||
739 | call_panic = 2; | ||
740 | } else | ||
741 | audit_log_format(ab, " obj=%s", ctx); | ||
742 | kfree(ctx); | ||
691 | } | 743 | } |
692 | 744 | ||
693 | audit_log_end(ab); | 745 | audit_log_end(ab); |
694 | } | 746 | } |
747 | if (call_panic) | ||
748 | audit_panic("error converting sid to string"); | ||
695 | } | 749 | } |
696 | 750 | ||
697 | /** | 751 | /** |
698 | * audit_free - free a per-task audit context | 752 | * audit_free - free a per-task audit context |
699 | * @tsk: task whose audit context block to free | 753 | * @tsk: task whose audit context block to free |
700 | * | 754 | * |
701 | * Called from copy_process and __put_task_struct. | 755 | * Called from copy_process and do_exit |
702 | */ | 756 | */ |
703 | void audit_free(struct task_struct *tsk) | 757 | void audit_free(struct task_struct *tsk) |
704 | { | 758 | { |
705 | struct audit_context *context; | 759 | struct audit_context *context; |
706 | 760 | ||
707 | /* | ||
708 | * No need to lock the task - when we execute audit_free() | ||
709 | * then the task has no external references anymore, and | ||
710 | * we are tearing it down. (The locking also confuses | ||
711 | * DEBUG_LOCKDEP - this freeing may occur in softirq | ||
712 | * contexts as well, via RCU.) | ||
713 | */ | ||
714 | context = audit_get_context(tsk, 0, 0); | 761 | context = audit_get_context(tsk, 0, 0); |
715 | if (likely(!context)) | 762 | if (likely(!context)) |
716 | return; | 763 | return; |
@@ -719,8 +766,9 @@ void audit_free(struct task_struct *tsk) | |||
719 | * function (e.g., exit_group), then free context block. | 766 | * function (e.g., exit_group), then free context block. |
720 | * We use GFP_ATOMIC here because we might be doing this | 767 | * We use GFP_ATOMIC here because we might be doing this |
721 | * in the context of the idle thread */ | 768 | * in the context of the idle thread */ |
769 | /* that can happen only if we are called from do_exit() */ | ||
722 | if (context->in_syscall && context->auditable) | 770 | if (context->in_syscall && context->auditable) |
723 | audit_log_exit(context, GFP_ATOMIC); | 771 | audit_log_exit(context, tsk); |
724 | 772 | ||
725 | audit_free_context(context); | 773 | audit_free_context(context); |
726 | } | 774 | } |
@@ -743,10 +791,11 @@ void audit_free(struct task_struct *tsk) | |||
743 | * will only be written if another part of the kernel requests that it | 791 | * will only be written if another part of the kernel requests that it |
744 | * be written). | 792 | * be written). |
745 | */ | 793 | */ |
746 | void audit_syscall_entry(struct task_struct *tsk, int arch, int major, | 794 | void audit_syscall_entry(int arch, int major, |
747 | unsigned long a1, unsigned long a2, | 795 | unsigned long a1, unsigned long a2, |
748 | unsigned long a3, unsigned long a4) | 796 | unsigned long a3, unsigned long a4) |
749 | { | 797 | { |
798 | struct task_struct *tsk = current; | ||
750 | struct audit_context *context = tsk->audit_context; | 799 | struct audit_context *context = tsk->audit_context; |
751 | enum audit_state state; | 800 | enum audit_state state; |
752 | 801 | ||
@@ -824,22 +873,18 @@ void audit_syscall_entry(struct task_struct *tsk, int arch, int major, | |||
824 | * message), then write out the syscall information. In call cases, | 873 | * message), then write out the syscall information. In call cases, |
825 | * free the names stored from getname(). | 874 | * free the names stored from getname(). |
826 | */ | 875 | */ |
827 | void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code) | 876 | void audit_syscall_exit(int valid, long return_code) |
828 | { | 877 | { |
878 | struct task_struct *tsk = current; | ||
829 | struct audit_context *context; | 879 | struct audit_context *context; |
830 | 880 | ||
831 | get_task_struct(tsk); | ||
832 | task_lock(tsk); | ||
833 | context = audit_get_context(tsk, valid, return_code); | 881 | context = audit_get_context(tsk, valid, return_code); |
834 | task_unlock(tsk); | ||
835 | 882 | ||
836 | /* Not having a context here is ok, since the parent may have | ||
837 | * called __put_task_struct. */ | ||
838 | if (likely(!context)) | 883 | if (likely(!context)) |
839 | goto out; | 884 | return; |
840 | 885 | ||
841 | if (context->in_syscall && context->auditable) | 886 | if (context->in_syscall && context->auditable) |
842 | audit_log_exit(context, GFP_KERNEL); | 887 | audit_log_exit(context, tsk); |
843 | 888 | ||
844 | context->in_syscall = 0; | 889 | context->in_syscall = 0; |
845 | context->auditable = 0; | 890 | context->auditable = 0; |
@@ -854,8 +899,6 @@ void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code) | |||
854 | audit_free_aux(context); | 899 | audit_free_aux(context); |
855 | tsk->audit_context = context; | 900 | tsk->audit_context = context; |
856 | } | 901 | } |
857 | out: | ||
858 | put_task_struct(tsk); | ||
859 | } | 902 | } |
860 | 903 | ||
861 | /** | 904 | /** |
@@ -936,40 +979,11 @@ void audit_putname(const char *name) | |||
936 | #endif | 979 | #endif |
937 | } | 980 | } |
938 | 981 | ||
939 | void audit_inode_context(int idx, const struct inode *inode) | 982 | static void audit_inode_context(int idx, const struct inode *inode) |
940 | { | 983 | { |
941 | struct audit_context *context = current->audit_context; | 984 | struct audit_context *context = current->audit_context; |
942 | const char *suffix = security_inode_xattr_getsuffix(); | ||
943 | char *ctx = NULL; | ||
944 | int len = 0; | ||
945 | |||
946 | if (!suffix) | ||
947 | goto ret; | ||
948 | |||
949 | len = security_inode_getsecurity(inode, suffix, NULL, 0, 0); | ||
950 | if (len == -EOPNOTSUPP) | ||
951 | goto ret; | ||
952 | if (len < 0) | ||
953 | goto error_path; | ||
954 | |||
955 | ctx = kmalloc(len, GFP_KERNEL); | ||
956 | if (!ctx) | ||
957 | goto error_path; | ||
958 | 985 | ||
959 | len = security_inode_getsecurity(inode, suffix, ctx, len, 0); | 986 | selinux_get_inode_sid(inode, &context->names[idx].osid); |
960 | if (len < 0) | ||
961 | goto error_path; | ||
962 | |||
963 | kfree(context->names[idx].ctx); | ||
964 | context->names[idx].ctx = ctx; | ||
965 | goto ret; | ||
966 | |||
967 | error_path: | ||
968 | if (ctx) | ||
969 | kfree(ctx); | ||
970 | audit_panic("error in audit_inode_context"); | ||
971 | ret: | ||
972 | return; | ||
973 | } | 987 | } |
974 | 988 | ||
975 | 989 | ||
@@ -1155,40 +1169,37 @@ uid_t audit_get_loginuid(struct audit_context *ctx) | |||
1155 | return ctx ? ctx->loginuid : -1; | 1169 | return ctx ? ctx->loginuid : -1; |
1156 | } | 1170 | } |
1157 | 1171 | ||
1158 | static char *audit_ipc_context(struct kern_ipc_perm *ipcp) | 1172 | /** |
1173 | * audit_ipc_obj - record audit data for ipc object | ||
1174 | * @ipcp: ipc permissions | ||
1175 | * | ||
1176 | * Returns 0 for success or NULL context or < 0 on error. | ||
1177 | */ | ||
1178 | int audit_ipc_obj(struct kern_ipc_perm *ipcp) | ||
1159 | { | 1179 | { |
1180 | struct audit_aux_data_ipcctl *ax; | ||
1160 | struct audit_context *context = current->audit_context; | 1181 | struct audit_context *context = current->audit_context; |
1161 | char *ctx = NULL; | ||
1162 | int len = 0; | ||
1163 | 1182 | ||
1164 | if (likely(!context)) | 1183 | if (likely(!context)) |
1165 | return NULL; | 1184 | return 0; |
1166 | |||
1167 | len = security_ipc_getsecurity(ipcp, NULL, 0); | ||
1168 | if (len == -EOPNOTSUPP) | ||
1169 | goto ret; | ||
1170 | if (len < 0) | ||
1171 | goto error_path; | ||
1172 | |||
1173 | ctx = kmalloc(len, GFP_ATOMIC); | ||
1174 | if (!ctx) | ||
1175 | goto error_path; | ||
1176 | 1185 | ||
1177 | len = security_ipc_getsecurity(ipcp, ctx, len); | 1186 | ax = kmalloc(sizeof(*ax), GFP_ATOMIC); |
1178 | if (len < 0) | 1187 | if (!ax) |
1179 | goto error_path; | 1188 | return -ENOMEM; |
1180 | 1189 | ||
1181 | return ctx; | 1190 | ax->uid = ipcp->uid; |
1191 | ax->gid = ipcp->gid; | ||
1192 | ax->mode = ipcp->mode; | ||
1193 | selinux_get_ipc_sid(ipcp, &ax->osid); | ||
1182 | 1194 | ||
1183 | error_path: | 1195 | ax->d.type = AUDIT_IPC; |
1184 | kfree(ctx); | 1196 | ax->d.next = context->aux; |
1185 | audit_panic("error in audit_ipc_context"); | 1197 | context->aux = (void *)ax; |
1186 | ret: | 1198 | return 0; |
1187 | return NULL; | ||
1188 | } | 1199 | } |
1189 | 1200 | ||
1190 | /** | 1201 | /** |
1191 | * audit_ipc_perms - record audit data for ipc | 1202 | * audit_ipc_set_perm - record audit data for new ipc permissions |
1192 | * @qbytes: msgq bytes | 1203 | * @qbytes: msgq bytes |
1193 | * @uid: msgq user id | 1204 | * @uid: msgq user id |
1194 | * @gid: msgq group id | 1205 | * @gid: msgq group id |
@@ -1196,7 +1207,7 @@ ret: | |||
1196 | * | 1207 | * |
1197 | * Returns 0 for success or NULL context or < 0 on error. | 1208 | * Returns 0 for success or NULL context or < 0 on error. |
1198 | */ | 1209 | */ |
1199 | int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode, struct kern_ipc_perm *ipcp) | 1210 | int audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode, struct kern_ipc_perm *ipcp) |
1200 | { | 1211 | { |
1201 | struct audit_aux_data_ipcctl *ax; | 1212 | struct audit_aux_data_ipcctl *ax; |
1202 | struct audit_context *context = current->audit_context; | 1213 | struct audit_context *context = current->audit_context; |
@@ -1212,9 +1223,9 @@ int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode, str | |||
1212 | ax->uid = uid; | 1223 | ax->uid = uid; |
1213 | ax->gid = gid; | 1224 | ax->gid = gid; |
1214 | ax->mode = mode; | 1225 | ax->mode = mode; |
1215 | ax->ctx = audit_ipc_context(ipcp); | 1226 | selinux_get_ipc_sid(ipcp, &ax->osid); |
1216 | 1227 | ||
1217 | ax->d.type = AUDIT_IPC; | 1228 | ax->d.type = AUDIT_IPC_SET_PERM; |
1218 | ax->d.next = context->aux; | 1229 | ax->d.next = context->aux; |
1219 | context->aux = (void *)ax; | 1230 | context->aux = (void *)ax; |
1220 | return 0; | 1231 | return 0; |
diff --git a/kernel/exit.c b/kernel/exit.c index f86434d7b3d1..e95b93282210 100644 --- a/kernel/exit.c +++ b/kernel/exit.c | |||
@@ -35,6 +35,7 @@ | |||
35 | #include <linux/futex.h> | 35 | #include <linux/futex.h> |
36 | #include <linux/compat.h> | 36 | #include <linux/compat.h> |
37 | #include <linux/pipe_fs_i.h> | 37 | #include <linux/pipe_fs_i.h> |
38 | #include <linux/audit.h> /* for audit_free() */ | ||
38 | 39 | ||
39 | #include <asm/uaccess.h> | 40 | #include <asm/uaccess.h> |
40 | #include <asm/unistd.h> | 41 | #include <asm/unistd.h> |
@@ -910,6 +911,8 @@ fastcall NORET_TYPE void do_exit(long code) | |||
910 | if (unlikely(tsk->compat_robust_list)) | 911 | if (unlikely(tsk->compat_robust_list)) |
911 | compat_exit_robust_list(tsk); | 912 | compat_exit_robust_list(tsk); |
912 | #endif | 913 | #endif |
914 | if (unlikely(tsk->audit_context)) | ||
915 | audit_free(tsk); | ||
913 | exit_mm(tsk); | 916 | exit_mm(tsk); |
914 | 917 | ||
915 | exit_sem(tsk); | 918 | exit_sem(tsk); |
diff --git a/kernel/fork.c b/kernel/fork.c index d2fa57d480d4..ac8100e3088a 100644 --- a/kernel/fork.c +++ b/kernel/fork.c | |||
@@ -114,8 +114,6 @@ void __put_task_struct(struct task_struct *tsk) | |||
114 | WARN_ON(atomic_read(&tsk->usage)); | 114 | WARN_ON(atomic_read(&tsk->usage)); |
115 | WARN_ON(tsk == current); | 115 | WARN_ON(tsk == current); |
116 | 116 | ||
117 | if (unlikely(tsk->audit_context)) | ||
118 | audit_free(tsk); | ||
119 | security_task_free(tsk); | 117 | security_task_free(tsk); |
120 | free_uid(tsk->user); | 118 | free_uid(tsk->user); |
121 | put_group_info(tsk->group_info); | 119 | put_group_info(tsk->group_info); |
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index b8ea61f357e6..3862e73d14d7 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c | |||
@@ -56,6 +56,7 @@ | |||
56 | #include <linux/mm.h> | 56 | #include <linux/mm.h> |
57 | #include <linux/types.h> | 57 | #include <linux/types.h> |
58 | #include <linux/audit.h> | 58 | #include <linux/audit.h> |
59 | #include <linux/selinux.h> | ||
59 | 60 | ||
60 | #include <net/sock.h> | 61 | #include <net/sock.h> |
61 | #include <net/scm.h> | 62 | #include <net/scm.h> |
@@ -1156,6 +1157,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock, | |||
1156 | NETLINK_CB(skb).dst_pid = dst_pid; | 1157 | NETLINK_CB(skb).dst_pid = dst_pid; |
1157 | NETLINK_CB(skb).dst_group = dst_group; | 1158 | NETLINK_CB(skb).dst_group = dst_group; |
1158 | NETLINK_CB(skb).loginuid = audit_get_loginuid(current->audit_context); | 1159 | NETLINK_CB(skb).loginuid = audit_get_loginuid(current->audit_context); |
1160 | selinux_get_task_sid(current, &(NETLINK_CB(skb).sid)); | ||
1159 | memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); | 1161 | memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); |
1160 | 1162 | ||
1161 | /* What can I do? Netlink is asynchronous, so that | 1163 | /* What can I do? Netlink is asynchronous, so that |
diff --git a/net/socket.c b/net/socket.c index 0ce12dfc7a71..02948b622bd2 100644 --- a/net/socket.c +++ b/net/socket.c | |||
@@ -267,6 +267,8 @@ int move_addr_to_user(void *kaddr, int klen, void __user *uaddr, int __user *ule | |||
267 | return -EINVAL; | 267 | return -EINVAL; |
268 | if(len) | 268 | if(len) |
269 | { | 269 | { |
270 | if (audit_sockaddr(klen, kaddr)) | ||
271 | return -ENOMEM; | ||
270 | if(copy_to_user(uaddr,kaddr,len)) | 272 | if(copy_to_user(uaddr,kaddr,len)) |
271 | return -EFAULT; | 273 | return -EFAULT; |
272 | } | 274 | } |
diff --git a/security/dummy.c b/security/dummy.c index fd99429278e9..8ccccccc12ac 100644 --- a/security/dummy.c +++ b/security/dummy.c | |||
@@ -563,11 +563,6 @@ static int dummy_ipc_permission (struct kern_ipc_perm *ipcp, short flag) | |||
563 | return 0; | 563 | return 0; |
564 | } | 564 | } |
565 | 565 | ||
566 | static int dummy_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size) | ||
567 | { | ||
568 | return -EOPNOTSUPP; | ||
569 | } | ||
570 | |||
571 | static int dummy_msg_msg_alloc_security (struct msg_msg *msg) | 566 | static int dummy_msg_msg_alloc_security (struct msg_msg *msg) |
572 | { | 567 | { |
573 | return 0; | 568 | return 0; |
@@ -976,7 +971,6 @@ void security_fixup_ops (struct security_operations *ops) | |||
976 | set_to_dummy_if_null(ops, task_reparent_to_init); | 971 | set_to_dummy_if_null(ops, task_reparent_to_init); |
977 | set_to_dummy_if_null(ops, task_to_inode); | 972 | set_to_dummy_if_null(ops, task_to_inode); |
978 | set_to_dummy_if_null(ops, ipc_permission); | 973 | set_to_dummy_if_null(ops, ipc_permission); |
979 | set_to_dummy_if_null(ops, ipc_getsecurity); | ||
980 | set_to_dummy_if_null(ops, msg_msg_alloc_security); | 974 | set_to_dummy_if_null(ops, msg_msg_alloc_security); |
981 | set_to_dummy_if_null(ops, msg_msg_free_security); | 975 | set_to_dummy_if_null(ops, msg_msg_free_security); |
982 | set_to_dummy_if_null(ops, msg_queue_alloc_security); | 976 | set_to_dummy_if_null(ops, msg_queue_alloc_security); |
diff --git a/security/selinux/Makefile b/security/selinux/Makefile index 688c0a267b62..faf2e02e4410 100644 --- a/security/selinux/Makefile +++ b/security/selinux/Makefile | |||
@@ -4,7 +4,7 @@ | |||
4 | 4 | ||
5 | obj-$(CONFIG_SECURITY_SELINUX) := selinux.o ss/ | 5 | obj-$(CONFIG_SECURITY_SELINUX) := selinux.o ss/ |
6 | 6 | ||
7 | selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o | 7 | selinux-y := avc.o hooks.o selinuxfs.o netlink.o nlmsgtab.o netif.o exports.o |
8 | 8 | ||
9 | selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o | 9 | selinux-$(CONFIG_SECURITY_NETWORK_XFRM) += xfrm.o |
10 | 10 | ||
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index ac5d69bb3377..a300702da527 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
@@ -800,7 +800,7 @@ out: | |||
800 | int avc_ss_reset(u32 seqno) | 800 | int avc_ss_reset(u32 seqno) |
801 | { | 801 | { |
802 | struct avc_callback_node *c; | 802 | struct avc_callback_node *c; |
803 | int i, rc = 0; | 803 | int i, rc = 0, tmprc; |
804 | unsigned long flag; | 804 | unsigned long flag; |
805 | struct avc_node *node; | 805 | struct avc_node *node; |
806 | 806 | ||
@@ -813,15 +813,16 @@ int avc_ss_reset(u32 seqno) | |||
813 | 813 | ||
814 | for (c = avc_callbacks; c; c = c->next) { | 814 | for (c = avc_callbacks; c; c = c->next) { |
815 | if (c->events & AVC_CALLBACK_RESET) { | 815 | if (c->events & AVC_CALLBACK_RESET) { |
816 | rc = c->callback(AVC_CALLBACK_RESET, | 816 | tmprc = c->callback(AVC_CALLBACK_RESET, |
817 | 0, 0, 0, 0, NULL); | 817 | 0, 0, 0, 0, NULL); |
818 | if (rc) | 818 | /* save the first error encountered for the return |
819 | goto out; | 819 | value and continue processing the callbacks */ |
820 | if (!rc) | ||
821 | rc = tmprc; | ||
820 | } | 822 | } |
821 | } | 823 | } |
822 | 824 | ||
823 | avc_latest_notif_update(seqno, 0); | 825 | avc_latest_notif_update(seqno, 0); |
824 | out: | ||
825 | return rc; | 826 | return rc; |
826 | } | 827 | } |
827 | 828 | ||
diff --git a/security/selinux/exports.c b/security/selinux/exports.c new file mode 100644 index 000000000000..ae4c73eb3085 --- /dev/null +++ b/security/selinux/exports.c | |||
@@ -0,0 +1,74 @@ | |||
1 | /* | ||
2 | * SELinux services exported to the rest of the kernel. | ||
3 | * | ||
4 | * Author: James Morris <jmorris@redhat.com> | ||
5 | * | ||
6 | * Copyright (C) 2005 Red Hat, Inc., James Morris <jmorris@redhat.com> | ||
7 | * Copyright (C) 2006 Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> | ||
8 | * Copyright (C) 2006 IBM Corporation, Timothy R. Chavez <tinytim@us.ibm.com> | ||
9 | * | ||
10 | * This program is free software; you can redistribute it and/or modify | ||
11 | * it under the terms of the GNU General Public License version 2, | ||
12 | * as published by the Free Software Foundation. | ||
13 | */ | ||
14 | #include <linux/types.h> | ||
15 | #include <linux/kernel.h> | ||
16 | #include <linux/module.h> | ||
17 | #include <linux/selinux.h> | ||
18 | #include <linux/fs.h> | ||
19 | #include <linux/ipc.h> | ||
20 | |||
21 | #include "security.h" | ||
22 | #include "objsec.h" | ||
23 | |||
24 | void selinux_task_ctxid(struct task_struct *tsk, u32 *ctxid) | ||
25 | { | ||
26 | struct task_security_struct *tsec = tsk->security; | ||
27 | if (selinux_enabled) | ||
28 | *ctxid = tsec->sid; | ||
29 | else | ||
30 | *ctxid = 0; | ||
31 | } | ||
32 | |||
33 | int selinux_ctxid_to_string(u32 ctxid, char **ctx, u32 *ctxlen) | ||
34 | { | ||
35 | if (selinux_enabled) | ||
36 | return security_sid_to_context(ctxid, ctx, ctxlen); | ||
37 | else { | ||
38 | *ctx = NULL; | ||
39 | *ctxlen = 0; | ||
40 | } | ||
41 | |||
42 | return 0; | ||
43 | } | ||
44 | |||
45 | void selinux_get_inode_sid(const struct inode *inode, u32 *sid) | ||
46 | { | ||
47 | if (selinux_enabled) { | ||
48 | struct inode_security_struct *isec = inode->i_security; | ||
49 | *sid = isec->sid; | ||
50 | return; | ||
51 | } | ||
52 | *sid = 0; | ||
53 | } | ||
54 | |||
55 | void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid) | ||
56 | { | ||
57 | if (selinux_enabled) { | ||
58 | struct ipc_security_struct *isec = ipcp->security; | ||
59 | *sid = isec->sid; | ||
60 | return; | ||
61 | } | ||
62 | *sid = 0; | ||
63 | } | ||
64 | |||
65 | void selinux_get_task_sid(struct task_struct *tsk, u32 *sid) | ||
66 | { | ||
67 | if (selinux_enabled) { | ||
68 | struct task_security_struct *tsec = tsk->security; | ||
69 | *sid = tsec->sid; | ||
70 | return; | ||
71 | } | ||
72 | *sid = 0; | ||
73 | } | ||
74 | |||
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index b61b9554bc27..3cf368a16448 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -4052,13 +4052,6 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag) | |||
4052 | return ipc_has_perm(ipcp, av); | 4052 | return ipc_has_perm(ipcp, av); |
4053 | } | 4053 | } |
4054 | 4054 | ||
4055 | static int selinux_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size) | ||
4056 | { | ||
4057 | struct ipc_security_struct *isec = ipcp->security; | ||
4058 | |||
4059 | return selinux_getsecurity(isec->sid, buffer, size); | ||
4060 | } | ||
4061 | |||
4062 | /* module stacking operations */ | 4055 | /* module stacking operations */ |
4063 | static int selinux_register_security (const char *name, struct security_operations *ops) | 4056 | static int selinux_register_security (const char *name, struct security_operations *ops) |
4064 | { | 4057 | { |
@@ -4321,7 +4314,6 @@ static struct security_operations selinux_ops = { | |||
4321 | .task_to_inode = selinux_task_to_inode, | 4314 | .task_to_inode = selinux_task_to_inode, |
4322 | 4315 | ||
4323 | .ipc_permission = selinux_ipc_permission, | 4316 | .ipc_permission = selinux_ipc_permission, |
4324 | .ipc_getsecurity = selinux_ipc_getsecurity, | ||
4325 | 4317 | ||
4326 | .msg_msg_alloc_security = selinux_msg_msg_alloc_security, | 4318 | .msg_msg_alloc_security = selinux_msg_msg_alloc_security, |
4327 | .msg_msg_free_security = selinux_msg_msg_free_security, | 4319 | .msg_msg_free_security = selinux_msg_msg_free_security, |
diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index 84047f69f9c1..7bc5b6440f70 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c | |||
@@ -8,7 +8,7 @@ | |||
8 | * | 8 | * |
9 | * Support for enhanced MLS infrastructure. | 9 | * Support for enhanced MLS infrastructure. |
10 | * | 10 | * |
11 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. | 11 | * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc. |
12 | */ | 12 | */ |
13 | 13 | ||
14 | #include <linux/kernel.h> | 14 | #include <linux/kernel.h> |
@@ -385,6 +385,34 @@ out: | |||
385 | } | 385 | } |
386 | 386 | ||
387 | /* | 387 | /* |
388 | * Set the MLS fields in the security context structure | ||
389 | * `context' based on the string representation in | ||
390 | * the string `str'. This function will allocate temporary memory with the | ||
391 | * given constraints of gfp_mask. | ||
392 | */ | ||
393 | int mls_from_string(char *str, struct context *context, gfp_t gfp_mask) | ||
394 | { | ||
395 | char *tmpstr, *freestr; | ||
396 | int rc; | ||
397 | |||
398 | if (!selinux_mls_enabled) | ||
399 | return -EINVAL; | ||
400 | |||
401 | /* we need freestr because mls_context_to_sid will change | ||
402 | the value of tmpstr */ | ||
403 | tmpstr = freestr = kstrdup(str, gfp_mask); | ||
404 | if (!tmpstr) { | ||
405 | rc = -ENOMEM; | ||
406 | } else { | ||
407 | rc = mls_context_to_sid(':', &tmpstr, context, | ||
408 | NULL, SECSID_NULL); | ||
409 | kfree(freestr); | ||
410 | } | ||
411 | |||
412 | return rc; | ||
413 | } | ||
414 | |||
415 | /* | ||
388 | * Copies the effective MLS range from `src' into `dst'. | 416 | * Copies the effective MLS range from `src' into `dst'. |
389 | */ | 417 | */ |
390 | static inline int mls_scopy_context(struct context *dst, | 418 | static inline int mls_scopy_context(struct context *dst, |
diff --git a/security/selinux/ss/mls.h b/security/selinux/ss/mls.h index 03de697c8058..fbb42f07dd7c 100644 --- a/security/selinux/ss/mls.h +++ b/security/selinux/ss/mls.h | |||
@@ -8,7 +8,7 @@ | |||
8 | * | 8 | * |
9 | * Support for enhanced MLS infrastructure. | 9 | * Support for enhanced MLS infrastructure. |
10 | * | 10 | * |
11 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. | 11 | * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc. |
12 | */ | 12 | */ |
13 | 13 | ||
14 | #ifndef _SS_MLS_H_ | 14 | #ifndef _SS_MLS_H_ |
@@ -27,6 +27,8 @@ int mls_context_to_sid(char oldc, | |||
27 | struct sidtab *s, | 27 | struct sidtab *s, |
28 | u32 def_sid); | 28 | u32 def_sid); |
29 | 29 | ||
30 | int mls_from_string(char *str, struct context *context, gfp_t gfp_mask); | ||
31 | |||
30 | int mls_convert_context(struct policydb *oldp, | 32 | int mls_convert_context(struct policydb *oldp, |
31 | struct policydb *newp, | 33 | struct policydb *newp, |
32 | struct context *context); | 34 | struct context *context); |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 61492485de84..7177e98df7f3 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -7,12 +7,13 @@ | |||
7 | * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> | 7 | * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> |
8 | * | 8 | * |
9 | * Support for enhanced MLS infrastructure. | 9 | * Support for enhanced MLS infrastructure. |
10 | * Support for context based audit filters. | ||
10 | * | 11 | * |
11 | * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> | 12 | * Updated: Frank Mayer <mayerf@tresys.com> and Karl MacMillan <kmacmillan@tresys.com> |
12 | * | 13 | * |
13 | * Added conditional policy language extensions | 14 | * Added conditional policy language extensions |
14 | * | 15 | * |
15 | * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. | 16 | * Copyright (C) 2004-2006 Trusted Computer Solutions, Inc. |
16 | * Copyright (C) 2003 - 2004 Tresys Technology, LLC | 17 | * Copyright (C) 2003 - 2004 Tresys Technology, LLC |
17 | * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> | 18 | * Copyright (C) 2003 Red Hat, Inc., James Morris <jmorris@redhat.com> |
18 | * This program is free software; you can redistribute it and/or modify | 19 | * This program is free software; you can redistribute it and/or modify |
@@ -1811,3 +1812,235 @@ out: | |||
1811 | POLICY_RDUNLOCK; | 1812 | POLICY_RDUNLOCK; |
1812 | return rc; | 1813 | return rc; |
1813 | } | 1814 | } |
1815 | |||
1816 | struct selinux_audit_rule { | ||
1817 | u32 au_seqno; | ||
1818 | struct context au_ctxt; | ||
1819 | }; | ||
1820 | |||
1821 | void selinux_audit_rule_free(struct selinux_audit_rule *rule) | ||
1822 | { | ||
1823 | if (rule) { | ||
1824 | context_destroy(&rule->au_ctxt); | ||
1825 | kfree(rule); | ||
1826 | } | ||
1827 | } | ||
1828 | |||
1829 | int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, | ||
1830 | struct selinux_audit_rule **rule) | ||
1831 | { | ||
1832 | struct selinux_audit_rule *tmprule; | ||
1833 | struct role_datum *roledatum; | ||
1834 | struct type_datum *typedatum; | ||
1835 | struct user_datum *userdatum; | ||
1836 | int rc = 0; | ||
1837 | |||
1838 | *rule = NULL; | ||
1839 | |||
1840 | if (!ss_initialized) | ||
1841 | return -ENOTSUPP; | ||
1842 | |||
1843 | switch (field) { | ||
1844 | case AUDIT_SE_USER: | ||
1845 | case AUDIT_SE_ROLE: | ||
1846 | case AUDIT_SE_TYPE: | ||
1847 | /* only 'equals' and 'not equals' fit user, role, and type */ | ||
1848 | if (op != AUDIT_EQUAL && op != AUDIT_NOT_EQUAL) | ||
1849 | return -EINVAL; | ||
1850 | break; | ||
1851 | case AUDIT_SE_SEN: | ||
1852 | case AUDIT_SE_CLR: | ||
1853 | /* we do not allow a range, indicated by the presense of '-' */ | ||
1854 | if (strchr(rulestr, '-')) | ||
1855 | return -EINVAL; | ||
1856 | break; | ||
1857 | default: | ||
1858 | /* only the above fields are valid */ | ||
1859 | return -EINVAL; | ||
1860 | } | ||
1861 | |||
1862 | tmprule = kzalloc(sizeof(struct selinux_audit_rule), GFP_KERNEL); | ||
1863 | if (!tmprule) | ||
1864 | return -ENOMEM; | ||
1865 | |||
1866 | context_init(&tmprule->au_ctxt); | ||
1867 | |||
1868 | POLICY_RDLOCK; | ||
1869 | |||
1870 | tmprule->au_seqno = latest_granting; | ||
1871 | |||
1872 | switch (field) { | ||
1873 | case AUDIT_SE_USER: | ||
1874 | userdatum = hashtab_search(policydb.p_users.table, rulestr); | ||
1875 | if (!userdatum) | ||
1876 | rc = -EINVAL; | ||
1877 | else | ||
1878 | tmprule->au_ctxt.user = userdatum->value; | ||
1879 | break; | ||
1880 | case AUDIT_SE_ROLE: | ||
1881 | roledatum = hashtab_search(policydb.p_roles.table, rulestr); | ||
1882 | if (!roledatum) | ||
1883 | rc = -EINVAL; | ||
1884 | else | ||
1885 | tmprule->au_ctxt.role = roledatum->value; | ||
1886 | break; | ||
1887 | case AUDIT_SE_TYPE: | ||
1888 | typedatum = hashtab_search(policydb.p_types.table, rulestr); | ||
1889 | if (!typedatum) | ||
1890 | rc = -EINVAL; | ||
1891 | else | ||
1892 | tmprule->au_ctxt.type = typedatum->value; | ||
1893 | break; | ||
1894 | case AUDIT_SE_SEN: | ||
1895 | case AUDIT_SE_CLR: | ||
1896 | rc = mls_from_string(rulestr, &tmprule->au_ctxt, GFP_ATOMIC); | ||
1897 | break; | ||
1898 | } | ||
1899 | |||
1900 | POLICY_RDUNLOCK; | ||
1901 | |||
1902 | if (rc) { | ||
1903 | selinux_audit_rule_free(tmprule); | ||
1904 | tmprule = NULL; | ||
1905 | } | ||
1906 | |||
1907 | *rule = tmprule; | ||
1908 | |||
1909 | return rc; | ||
1910 | } | ||
1911 | |||
1912 | int selinux_audit_rule_match(u32 ctxid, u32 field, u32 op, | ||
1913 | struct selinux_audit_rule *rule, | ||
1914 | struct audit_context *actx) | ||
1915 | { | ||
1916 | struct context *ctxt; | ||
1917 | struct mls_level *level; | ||
1918 | int match = 0; | ||
1919 | |||
1920 | if (!rule) { | ||
1921 | audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR, | ||
1922 | "selinux_audit_rule_match: missing rule\n"); | ||
1923 | return -ENOENT; | ||
1924 | } | ||
1925 | |||
1926 | POLICY_RDLOCK; | ||
1927 | |||
1928 | if (rule->au_seqno < latest_granting) { | ||
1929 | audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR, | ||
1930 | "selinux_audit_rule_match: stale rule\n"); | ||
1931 | match = -ESTALE; | ||
1932 | goto out; | ||
1933 | } | ||
1934 | |||
1935 | ctxt = sidtab_search(&sidtab, ctxid); | ||
1936 | if (!ctxt) { | ||
1937 | audit_log(actx, GFP_ATOMIC, AUDIT_SELINUX_ERR, | ||
1938 | "selinux_audit_rule_match: unrecognized SID %d\n", | ||
1939 | ctxid); | ||
1940 | match = -ENOENT; | ||
1941 | goto out; | ||
1942 | } | ||
1943 | |||
1944 | /* a field/op pair that is not caught here will simply fall through | ||
1945 | without a match */ | ||
1946 | switch (field) { | ||
1947 | case AUDIT_SE_USER: | ||
1948 | switch (op) { | ||
1949 | case AUDIT_EQUAL: | ||
1950 | match = (ctxt->user == rule->au_ctxt.user); | ||
1951 | break; | ||
1952 | case AUDIT_NOT_EQUAL: | ||
1953 | match = (ctxt->user != rule->au_ctxt.user); | ||
1954 | break; | ||
1955 | } | ||
1956 | break; | ||
1957 | case AUDIT_SE_ROLE: | ||
1958 | switch (op) { | ||
1959 | case AUDIT_EQUAL: | ||
1960 | match = (ctxt->role == rule->au_ctxt.role); | ||
1961 | break; | ||
1962 | case AUDIT_NOT_EQUAL: | ||
1963 | match = (ctxt->role != rule->au_ctxt.role); | ||
1964 | break; | ||
1965 | } | ||
1966 | break; | ||
1967 | case AUDIT_SE_TYPE: | ||
1968 | switch (op) { | ||
1969 | case AUDIT_EQUAL: | ||
1970 | match = (ctxt->type == rule->au_ctxt.type); | ||
1971 | break; | ||
1972 | case AUDIT_NOT_EQUAL: | ||
1973 | match = (ctxt->type != rule->au_ctxt.type); | ||
1974 | break; | ||
1975 | } | ||
1976 | break; | ||
1977 | case AUDIT_SE_SEN: | ||
1978 | case AUDIT_SE_CLR: | ||
1979 | level = (op == AUDIT_SE_SEN ? | ||
1980 | &ctxt->range.level[0] : &ctxt->range.level[1]); | ||
1981 | switch (op) { | ||
1982 | case AUDIT_EQUAL: | ||
1983 | match = mls_level_eq(&rule->au_ctxt.range.level[0], | ||
1984 | level); | ||
1985 | break; | ||
1986 | case AUDIT_NOT_EQUAL: | ||
1987 | match = !mls_level_eq(&rule->au_ctxt.range.level[0], | ||
1988 | level); | ||
1989 | break; | ||
1990 | case AUDIT_LESS_THAN: | ||
1991 | match = (mls_level_dom(&rule->au_ctxt.range.level[0], | ||
1992 | level) && | ||
1993 | !mls_level_eq(&rule->au_ctxt.range.level[0], | ||
1994 | level)); | ||
1995 | break; | ||
1996 | case AUDIT_LESS_THAN_OR_EQUAL: | ||
1997 | match = mls_level_dom(&rule->au_ctxt.range.level[0], | ||
1998 | level); | ||
1999 | break; | ||
2000 | case AUDIT_GREATER_THAN: | ||
2001 | match = (mls_level_dom(level, | ||
2002 | &rule->au_ctxt.range.level[0]) && | ||
2003 | !mls_level_eq(level, | ||
2004 | &rule->au_ctxt.range.level[0])); | ||
2005 | break; | ||
2006 | case AUDIT_GREATER_THAN_OR_EQUAL: | ||
2007 | match = mls_level_dom(level, | ||
2008 | &rule->au_ctxt.range.level[0]); | ||
2009 | break; | ||
2010 | } | ||
2011 | } | ||
2012 | |||
2013 | out: | ||
2014 | POLICY_RDUNLOCK; | ||
2015 | return match; | ||
2016 | } | ||
2017 | |||
2018 | static int (*aurule_callback)(void) = NULL; | ||
2019 | |||
2020 | static int aurule_avc_callback(u32 event, u32 ssid, u32 tsid, | ||
2021 | u16 class, u32 perms, u32 *retained) | ||
2022 | { | ||
2023 | int err = 0; | ||
2024 | |||
2025 | if (event == AVC_CALLBACK_RESET && aurule_callback) | ||
2026 | err = aurule_callback(); | ||
2027 | return err; | ||
2028 | } | ||
2029 | |||
2030 | static int __init aurule_init(void) | ||
2031 | { | ||
2032 | int err; | ||
2033 | |||
2034 | err = avc_add_callback(aurule_avc_callback, AVC_CALLBACK_RESET, | ||
2035 | SECSID_NULL, SECSID_NULL, SECCLASS_NULL, 0); | ||
2036 | if (err) | ||
2037 | panic("avc_add_callback() failed, error %d\n", err); | ||
2038 | |||
2039 | return err; | ||
2040 | } | ||
2041 | __initcall(aurule_init); | ||
2042 | |||
2043 | void selinux_audit_set_callback(int (*callback)(void)) | ||
2044 | { | ||
2045 | aurule_callback = callback; | ||
2046 | } | ||