[PATCH] audit: AUDIT_PERM support

add support for AUDIT_PERM predicate Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Al Viro <viro@zeniv.linux.org.uk> 2006-08-31 19:26:40 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> 2006-09-11 13:32:30 -0400
commit: 55669bfa141b488be865341ed12e188967d11308 (patch)
tree: efeec37a93f46c48937eb849c083da9a42ed3709
parent: dc104fb3231f11e95b5a0f09ae3ab27a8fd5b2e8 (diff)
13 files changed, 236 insertions, 0 deletions
diff --git a/arch/i386/kernel/audit.c b/arch/i386/kernel/audit.c
index 28bbc46f75c2..3b97cff41549 100644
--- a/arch/i386/kernel/audit.c
+++ b/arch/i386/kernel/audit.c
@@ -23,6 +23,22 @@ static unsigned chattr_class[] = {
 ~0U
 };
+int audit_classify_syscall(int abi, unsigned syscall)
+{
+        switch(syscall) {
+        case __NR_open:
+                return 2;
+        case __NR_openat:
+                return 3;
+        case __NR_socketcall:
+                return 4;
+        case __NR_execve:
+                return 5;
+        default:
+                return 0;
+        }
+}
 static int __init audit_classes_init(void)
 {
        audit_register_class(AUDIT_CLASS_WRITE, write_class);
diff --git a/arch/ia64/ia32/audit.c b/arch/ia64/ia32/audit.c
index 798501994bd9..92d7d0c8d93f 100644
--- a/arch/ia64/ia32/audit.c
+++ b/arch/ia64/ia32/audit.c
@@ -19,3 +19,19 @@ unsigned ia32_read_class[] = {
 #include <asm-generic/audit_read.h>
 ~0U
 };
+int ia32_classify_syscall(unsigned syscall)
+{
+        switch(syscall) {
+        case __NR_open:
+                return 2;
+        case __NR_openat:
+                return 3;
+        case __NR_socketcall:
+                return 4;
+        case __NR_execve:
+                return 5;
+        default:
+                return 1;
+        }
+}
diff --git a/arch/ia64/kernel/audit.c b/arch/ia64/kernel/audit.c
index 99488cdbf5cd..04682555a28c 100644
--- a/arch/ia64/kernel/audit.c
+++ b/arch/ia64/kernel/audit.c
@@ -23,6 +23,25 @@ static unsigned chattr_class[] = {
 ~0U
 };
+int audit_classify_syscall(int abi, unsigned syscall)
+{
+#ifdef CONFIG_IA32_SUPPORT
+        extern int ia32_classify_syscall(unsigned);
+        if (abi == AUDIT_ARCH_I386)
+                return ia32_classify_syscall(syscall);
+#endif
+        switch(syscall) {
+        case __NR_open:
+                return 2;
+        case __NR_openat:
+                return 3;
+        case __NR_execve:
+                return 5;
+        default:
+                return 0;
+        }
+}
 static int __init audit_classes_init(void)
 {
 #ifdef CONFIG_IA32_SUPPORT
diff --git a/arch/powerpc/kernel/audit.c b/arch/powerpc/kernel/audit.c
index 24a65e3724e1..7fe5e6300e9a 100644
--- a/arch/powerpc/kernel/audit.c
+++ b/arch/powerpc/kernel/audit.c
@@ -23,6 +23,27 @@ static unsigned chattr_class[] = {
 ~0U
 };
+int audit_classify_syscall(int abi, unsigned syscall)
+{
+#ifdef CONFIG_PPC64
+        extern int ppc32_classify_syscall(unsigned);
+        if (abi == AUDIT_ARCH_PPC)
+                return ppc32_classify_syscall(syscall);
+#endif
+        switch(syscall) {
+        case __NR_open:
+                return 2;
+        case __NR_openat:
+                return 3;
+        case __NR_socketcall:
+                return 4;
+        case __NR_execve:
+                return 5;
+        default:
+                return 0;
+        }
+}
 static int __init audit_classes_init(void)
 {
 #ifdef CONFIG_PPC64
diff --git a/arch/powerpc/kernel/compat_audit.c b/arch/powerpc/kernel/compat_audit.c
index ddc0a64896a2..640d4bb29321 100644
--- a/arch/powerpc/kernel/compat_audit.c
+++ b/arch/powerpc/kernel/compat_audit.c
@@ -20,3 +20,19 @@ unsigned ppc32_read_class[] = {
 #include <asm-generic/audit_read.h>
 ~0U
 };
+int ppc32_classify_syscall(unsigned syscall)
+{
+        switch(syscall) {
+        case __NR_open:
+                return 2;
+        case __NR_openat:
+                return 3;
+        case __NR_socketcall:
+                return 4;
+        case __NR_execve:
+                return 5;
+        default:
+                return 1;
+        }
+}
diff --git a/arch/s390/kernel/audit.c b/arch/s390/kernel/audit.c
index cde57039334c..0741d9193390 100644
--- a/arch/s390/kernel/audit.c
+++ b/arch/s390/kernel/audit.c
@@ -23,6 +23,27 @@ static unsigned chattr_class[] = {
 ~0U
 };
+int audit_classify_syscall(int abi, unsigned syscall)
+{
+#ifdef CONFIG_COMPAT
+        extern int s390_classify_syscall(unsigned);
+        if (abi == AUDIT_ARCH_S390)
+                return s390_classify_syscall(syscall);
+#endif
+        switch(syscall) {
+        case __NR_open:
+                return 2;
+        case __NR_openat:
+                return 3;
+        case __NR_socketcall:
+                return 4;
+        case __NR_execve:
+                return 5;
+        default:
+                return 0;
+        }
+}
 static int __init audit_classes_init(void)
 {
 #ifdef CONFIG_COMPAT
diff --git a/arch/s390/kernel/compat_audit.c b/arch/s390/kernel/compat_audit.c
index d9e5f3540d48..16d9436bfa91 100644
--- a/arch/s390/kernel/compat_audit.c
+++ b/arch/s390/kernel/compat_audit.c
@@ -20,3 +20,19 @@ unsigned s390_read_class[] = {
 #include <asm-generic/audit_read.h>
 ~0U
 };
+int s390_classify_syscall(unsigned syscall)
+{
+        switch(syscall) {
+        case __NR_open:
+                return 2;
+        case __NR_openat:
+                return 3;
+        case __NR_socketcall:
+                return 4;
+        case __NR_execve:
+                return 5;
+        default:
+                return 1;
+        }
+}
diff --git a/arch/x86_64/ia32/audit.c b/arch/x86_64/ia32/audit.c
index 798501994bd9..92d7d0c8d93f 100644
--- a/arch/x86_64/ia32/audit.c
+++ b/arch/x86_64/ia32/audit.c
@@ -19,3 +19,19 @@ unsigned ia32_read_class[] = {
 #include <asm-generic/audit_read.h>
 ~0U
 };
+int ia32_classify_syscall(unsigned syscall)
+{
+        switch(syscall) {
+        case __NR_open:
+                return 2;
+        case __NR_openat:
+                return 3;
+        case __NR_socketcall:
+                return 4;
+        case __NR_execve:
+                return 5;
+        default:
+                return 1;
+        }
+}
diff --git a/arch/x86_64/kernel/audit.c b/arch/x86_64/kernel/audit.c
index 36840acb6513..21f33387bef3 100644
--- a/arch/x86_64/kernel/audit.c
+++ b/arch/x86_64/kernel/audit.c
@@ -23,6 +23,25 @@ static unsigned chattr_class[] = {
 ~0U
 };
+int audit_classify_syscall(int abi, unsigned syscall)
+{
+#ifdef CONFIG_IA32_EMULATION
+        extern int ia32_classify_syscall(unsigned);
+        if (abi == AUDIT_ARCH_I386)
+                return ia32_classify_syscall(syscall);
+#endif
+        switch(syscall) {
+        case __NR_open:
+                return 2;
+        case __NR_openat:
+                return 3;
+        case __NR_execve:
+                return 5;
+        default:
+                return 0;
+        }
+}
 static int __init audit_classes_init(void)
 {
 #ifdef CONFIG_IA32_EMULATION
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 1077362a2efb..40a6c26294ae 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -181,6 +181,7 @@
 #define AUDIT_EXIT      103
 #define AUDIT_SUCCESS   104     /* exit >= 0; value ignored */
 #define AUDIT_WATCH     105
+#define AUDIT_PERM      106
 #define AUDIT_ARG0      200
 #define AUDIT_ARG1      (AUDIT_ARG0+1)
@@ -256,6 +257,11 @@
 #define AUDIT_ARCH_V850         (EM_V850|__AUDIT_ARCH_LE)
 #define AUDIT_ARCH_X86_64       (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
+#define AUDIT_PERM_EXEC         1
+#define AUDIT_PERM_WRITE        2
+#define AUDIT_PERM_READ         4
+#define AUDIT_PERM_ATTR         8
 struct audit_status {
        __u32           mask;           /* Bit mask for valid entries */
        __u32           enabled;        /* 1 = enabled, 0 = disabled */
@@ -318,6 +324,7 @@ struct mqstat;
 #define AUDITSC_FAILURE 2
 #define AUDITSC_RESULT(x) ( ((long)(x))<0?AUDITSC_FAILURE:AUDITSC_SUCCESS )
 extern int __init audit_register_class(int class, unsigned *list);
+extern int audit_classify_syscall(int abi, unsigned syscall);
 #ifdef CONFIG_AUDITSYSCALL
 /* These are defined in auditsc.c */
                                /* Public API */
diff --git a/kernel/audit.h b/kernel/audit.h
index 6aa33b848cf2..a3370232a390 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -104,6 +104,7 @@ static inline int audit_hash_ino(u32 ino)
        return (ino & (AUDIT_INODE_BUCKETS-1));
 }
+extern int audit_match_class(int class, unsigned syscall);
 extern int audit_comparator(const u32 left, const u32 op, const u32 right);
 extern int audit_compare_dname_path(const char *dname, const char *path,
                                    int *dirlen);
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index e4cafc11c510..a44879b0c72f 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -302,6 +302,15 @@ int __init audit_register_class(int class, unsigned *list)
        return 0;
 }
+int audit_match_class(int class, unsigned syscall)
+{
+        if (unlikely(syscall >= AUDIT_BITMASK_SIZE * sizeof(__u32)))
+                return 0;
+        if (unlikely(class >= AUDIT_SYSCALL_CLASSES || !classes[class]))
+                return 0;
+        return classes[class][AUDIT_WORD(syscall)] & AUDIT_BIT(syscall);
+}
 /* Common user-space to kernel rule translation. */
 static inline struct audit_entry *audit_to_entry_common(struct audit_rule *rule)
 {
@@ -414,6 +423,10 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule)
                case AUDIT_ARG2:
                case AUDIT_ARG3:
                        break;
+                case AUDIT_PERM:
+                        if (f->val & ~15)
+                                goto exit_free;
+                        break;
                case AUDIT_INODE:
                        err = audit_to_inode(&entry->rule, f);
                        if (err)
@@ -568,6 +581,10 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
                        entry->rule.buflen += f->val;
                        entry->rule.filterkey = str;
                        break;
+                case AUDIT_PERM:
+                        if (f->val & ~15)
+                                goto exit_free;
+                        break;
                default:
                        goto exit_free;
                }
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index efc1b74bebf3..1bd8827a0102 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -209,6 +209,54 @@ struct audit_context {
 #endif
 };
+#define ACC_MODE(x) ("\004\002\006\006"[(x)&O_ACCMODE])
+static inline int open_arg(int flags, int mask)
+{
+        int n = ACC_MODE(flags);
+        if (flags & (O_TRUNC | O_CREAT))
+                n |= AUDIT_PERM_WRITE;
+        return n & mask;
+}
+static int audit_match_perm(struct audit_context *ctx, int mask)
+{
+        unsigned n = ctx->major;
+        switch (audit_classify_syscall(ctx->arch, n)) {
+        case 0: /* native */
+                if ((mask & AUDIT_PERM_WRITE) &&
+                     audit_match_class(AUDIT_CLASS_WRITE, n))
+                        return 1;
+                if ((mask & AUDIT_PERM_READ) &&
+                     audit_match_class(AUDIT_CLASS_READ, n))
+                        return 1;
+                if ((mask & AUDIT_PERM_ATTR) &&
+                     audit_match_class(AUDIT_CLASS_CHATTR, n))
+                        return 1;
+                return 0;
+        case 1: /* 32bit on biarch */
+                if ((mask & AUDIT_PERM_WRITE) &&
+                     audit_match_class(AUDIT_CLASS_WRITE_32, n))
+                        return 1;
+                if ((mask & AUDIT_PERM_READ) &&
+                     audit_match_class(AUDIT_CLASS_READ_32, n))
+                        return 1;
+                if ((mask & AUDIT_PERM_ATTR) &&
+                     audit_match_class(AUDIT_CLASS_CHATTR_32, n))
+                        return 1;
+                return 0;
+        case 2: /* open */
+                return mask & ACC_MODE(ctx->argv[1]);
+        case 3: /* openat */
+                return mask & ACC_MODE(ctx->argv[2]);
+        case 4: /* socketcall */
+                return ((mask & AUDIT_PERM_WRITE) && ctx->argv[0] == SYS_BIND);
+        case 5: /* execve */
+                return mask & AUDIT_PERM_EXEC;
+        default:
+                return 0;
+        }
+}
 /* Determine if any context name data matches a rule's watch data */
 /* Compare a task_struct with an audit_rule.  Return 1 on match, 0
 * otherwise. */
@@ -397,6 +445,9 @@ static int audit_filter_rules(struct task_struct *tsk,
                        /* ignore this field for filtering */
                        result = 1;
                        break;
+                case AUDIT_PERM:
+                        result = audit_match_perm(ctx, f->val);
+                        break;
                }
                if (!result)
author	Al Viro <viro@zeniv.linux.org.uk>	2006-08-31 19:26:40 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	2006-09-11 13:32:30 -0400
commit	55669bfa141b488be865341ed12e188967d11308 (patch)
tree	efeec37a93f46c48937eb849c083da9a42ed3709
parent	dc104fb3231f11e95b5a0f09ae3ab27a8fd5b2e8 (diff)

diff --git a/arch/i386/kernel/audit.c b/arch/i386/kernel/audit.c index 28bbc46f75c2..3b97cff41549 100644 --- a/arch/i386/kernel/audit.c +++ b/arch/i386/kernel/audit.c
@@ -23,6 +23,22 @@ static unsigned chattr_class[] = {
23	~0U	23	~0U
24	};	24	};
25		25
		26	int audit_classify_syscall(int abi, unsigned syscall)
		27	{
		28	switch(syscall) {
		29	case __NR_open:
		30	return 2;
		31	case __NR_openat:
		32	return 3;
		33	case __NR_socketcall:
		34	return 4;
		35	case __NR_execve:
		36	return 5;
		37	default:
		38	return 0;
		39	}
		40	}
		41
26	static int __init audit_classes_init(void)	42	static int __init audit_classes_init(void)
27	{	43	{
28	audit_register_class(AUDIT_CLASS_WRITE, write_class);	44	audit_register_class(AUDIT_CLASS_WRITE, write_class);


diff --git a/arch/ia64/ia32/audit.c b/arch/ia64/ia32/audit.c index 798501994bd9..92d7d0c8d93f 100644 --- a/arch/ia64/ia32/audit.c +++ b/arch/ia64/ia32/audit.c
@@ -19,3 +19,19 @@ unsigned ia32_read_class[] = {
19	#include <asm-generic/audit_read.h>	19	#include <asm-generic/audit_read.h>
20	~0U	20	~0U
21	};	21	};
		22
		23	int ia32_classify_syscall(unsigned syscall)
		24	{
		25	switch(syscall) {
		26	case __NR_open:
		27	return 2;
		28	case __NR_openat:
		29	return 3;
		30	case __NR_socketcall:
		31	return 4;
		32	case __NR_execve:
		33	return 5;
		34	default:
		35	return 1;
		36	}
		37	}


diff --git a/arch/ia64/kernel/audit.c b/arch/ia64/kernel/audit.c index 99488cdbf5cd..04682555a28c 100644 --- a/arch/ia64/kernel/audit.c +++ b/arch/ia64/kernel/audit.c
@@ -23,6 +23,25 @@ static unsigned chattr_class[] = {
23	~0U	23	~0U
24	};	24	};
25		25
		26	int audit_classify_syscall(int abi, unsigned syscall)
		27	{
		28	#ifdef CONFIG_IA32_SUPPORT
		29	extern int ia32_classify_syscall(unsigned);
		30	if (abi == AUDIT_ARCH_I386)
		31	return ia32_classify_syscall(syscall);
		32	#endif
		33	switch(syscall) {
		34	case __NR_open:
		35	return 2;
		36	case __NR_openat:
		37	return 3;
		38	case __NR_execve:
		39	return 5;
		40	default:
		41	return 0;
		42	}
		43	}
		44
26	static int __init audit_classes_init(void)	45	static int __init audit_classes_init(void)
27	{	46	{
28	#ifdef CONFIG_IA32_SUPPORT	47	#ifdef CONFIG_IA32_SUPPORT


diff --git a/arch/powerpc/kernel/audit.c b/arch/powerpc/kernel/audit.c index 24a65e3724e1..7fe5e6300e9a 100644 --- a/arch/powerpc/kernel/audit.c +++ b/arch/powerpc/kernel/audit.c
@@ -23,6 +23,27 @@ static unsigned chattr_class[] = {
23	~0U	23	~0U
24	};	24	};
25		25
		26	int audit_classify_syscall(int abi, unsigned syscall)
		27	{
		28	#ifdef CONFIG_PPC64
		29	extern int ppc32_classify_syscall(unsigned);
		30	if (abi == AUDIT_ARCH_PPC)
		31	return ppc32_classify_syscall(syscall);
		32	#endif
		33	switch(syscall) {
		34	case __NR_open:
		35	return 2;
		36	case __NR_openat:
		37	return 3;
		38	case __NR_socketcall:
		39	return 4;
		40	case __NR_execve:
		41	return 5;
		42	default:
		43	return 0;
		44	}
		45	}
		46
26	static int __init audit_classes_init(void)	47	static int __init audit_classes_init(void)
27	{	48	{
28	#ifdef CONFIG_PPC64	49	#ifdef CONFIG_PPC64


diff --git a/arch/powerpc/kernel/compat_audit.c b/arch/powerpc/kernel/compat_audit.c index ddc0a64896a2..640d4bb29321 100644 --- a/arch/powerpc/kernel/compat_audit.c +++ b/arch/powerpc/kernel/compat_audit.c
@@ -20,3 +20,19 @@ unsigned ppc32_read_class[] = {
20	#include <asm-generic/audit_read.h>	20	#include <asm-generic/audit_read.h>
21	~0U	21	~0U
22	};	22	};
		23
		24	int ppc32_classify_syscall(unsigned syscall)
		25	{
		26	switch(syscall) {
		27	case __NR_open:
		28	return 2;
		29	case __NR_openat:
		30	return 3;
		31	case __NR_socketcall:
		32	return 4;
		33	case __NR_execve:
		34	return 5;
		35	default:
		36	return 1;
		37	}
		38	}


diff --git a/arch/s390/kernel/audit.c b/arch/s390/kernel/audit.c index cde57039334c..0741d9193390 100644 --- a/arch/s390/kernel/audit.c +++ b/arch/s390/kernel/audit.c
@@ -23,6 +23,27 @@ static unsigned chattr_class[] = {
23	~0U	23	~0U
24	};	24	};
25		25
		26	int audit_classify_syscall(int abi, unsigned syscall)
		27	{
		28	#ifdef CONFIG_COMPAT
		29	extern int s390_classify_syscall(unsigned);
		30	if (abi == AUDIT_ARCH_S390)
		31	return s390_classify_syscall(syscall);
		32	#endif
		33	switch(syscall) {
		34	case __NR_open:
		35	return 2;
		36	case __NR_openat:
		37	return 3;
		38	case __NR_socketcall:
		39	return 4;
		40	case __NR_execve:
		41	return 5;
		42	default:
		43	return 0;
		44	}
		45	}
		46
26	static int __init audit_classes_init(void)	47	static int __init audit_classes_init(void)
27	{	48	{
28	#ifdef CONFIG_COMPAT	49	#ifdef CONFIG_COMPAT


diff --git a/arch/s390/kernel/compat_audit.c b/arch/s390/kernel/compat_audit.c index d9e5f3540d48..16d9436bfa91 100644 --- a/arch/s390/kernel/compat_audit.c +++ b/arch/s390/kernel/compat_audit.c
@@ -20,3 +20,19 @@ unsigned s390_read_class[] = {
20	#include <asm-generic/audit_read.h>	20	#include <asm-generic/audit_read.h>
21	~0U	21	~0U
22	};	22	};
		23
		24	int s390_classify_syscall(unsigned syscall)
		25	{
		26	switch(syscall) {
		27	case __NR_open:
		28	return 2;
		29	case __NR_openat:
		30	return 3;
		31	case __NR_socketcall:
		32	return 4;
		33	case __NR_execve:
		34	return 5;
		35	default:
		36	return 1;
		37	}
		38	}


diff --git a/arch/x86_64/ia32/audit.c b/arch/x86_64/ia32/audit.c index 798501994bd9..92d7d0c8d93f 100644 --- a/arch/x86_64/ia32/audit.c +++ b/arch/x86_64/ia32/audit.c
@@ -19,3 +19,19 @@ unsigned ia32_read_class[] = {
19	#include <asm-generic/audit_read.h>	19	#include <asm-generic/audit_read.h>
20	~0U	20	~0U
21	};	21	};
		22
		23	int ia32_classify_syscall(unsigned syscall)
		24	{
		25	switch(syscall) {
		26	case __NR_open:
		27	return 2;
		28	case __NR_openat:
		29	return 3;
		30	case __NR_socketcall:
		31	return 4;
		32	case __NR_execve:
		33	return 5;
		34	default:
		35	return 1;
		36	}
		37	}


diff --git a/arch/x86_64/kernel/audit.c b/arch/x86_64/kernel/audit.c index 36840acb6513..21f33387bef3 100644 --- a/arch/x86_64/kernel/audit.c +++ b/arch/x86_64/kernel/audit.c
@@ -23,6 +23,25 @@ static unsigned chattr_class[] = {
23	~0U	23	~0U
24	};	24	};
25		25
		26	int audit_classify_syscall(int abi, unsigned syscall)
		27	{
		28	#ifdef CONFIG_IA32_EMULATION
		29	extern int ia32_classify_syscall(unsigned);
		30	if (abi == AUDIT_ARCH_I386)
		31	return ia32_classify_syscall(syscall);
		32	#endif
		33	switch(syscall) {
		34	case __NR_open:
		35	return 2;
		36	case __NR_openat:
		37	return 3;
		38	case __NR_execve:
		39	return 5;
		40	default:
		41	return 0;
		42	}
		43	}
		44
26	static int __init audit_classes_init(void)	45	static int __init audit_classes_init(void)
27	{	46	{
28	#ifdef CONFIG_IA32_EMULATION	47	#ifdef CONFIG_IA32_EMULATION


diff --git a/include/linux/audit.h b/include/linux/audit.h index 1077362a2efb..40a6c26294ae 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h
@@ -181,6 +181,7 @@
181	#define AUDIT_EXIT 103	181	#define AUDIT_EXIT 103
182	#define AUDIT_SUCCESS 104 /* exit >= 0; value ignored */	182	#define AUDIT_SUCCESS 104 /* exit >= 0; value ignored */
183	#define AUDIT_WATCH 105	183	#define AUDIT_WATCH 105
		184	#define AUDIT_PERM 106
184		185
185	#define AUDIT_ARG0 200	186	#define AUDIT_ARG0 200
186	#define AUDIT_ARG1 (AUDIT_ARG0+1)	187	#define AUDIT_ARG1 (AUDIT_ARG0+1)
@@ -256,6 +257,11 @@
256	#define AUDIT_ARCH_V850 (EM_V850\|__AUDIT_ARCH_LE)	257	#define AUDIT_ARCH_V850 (EM_V850\|__AUDIT_ARCH_LE)
257	#define AUDIT_ARCH_X86_64 (EM_X86_64\|__AUDIT_ARCH_64BIT\|__AUDIT_ARCH_LE)	258	#define AUDIT_ARCH_X86_64 (EM_X86_64\|__AUDIT_ARCH_64BIT\|__AUDIT_ARCH_LE)
258		259
		260	#define AUDIT_PERM_EXEC 1
		261	#define AUDIT_PERM_WRITE 2
		262	#define AUDIT_PERM_READ 4
		263	#define AUDIT_PERM_ATTR 8
		264
259	struct audit_status {	265	struct audit_status {
260	__u32 mask; /* Bit mask for valid entries */	266	__u32 mask; /* Bit mask for valid entries */
261	__u32 enabled; /* 1 = enabled, 0 = disabled */	267	__u32 enabled; /* 1 = enabled, 0 = disabled */
@@ -318,6 +324,7 @@ struct mqstat;
318	#define AUDITSC_FAILURE 2	324	#define AUDITSC_FAILURE 2
319	#define AUDITSC_RESULT(x) ( ((long)(x))<0?AUDITSC_FAILURE:AUDITSC_SUCCESS )	325	#define AUDITSC_RESULT(x) ( ((long)(x))<0?AUDITSC_FAILURE:AUDITSC_SUCCESS )
320	extern int __init audit_register_class(int class, unsigned *list);	326	extern int __init audit_register_class(int class, unsigned *list);
		327	extern int audit_classify_syscall(int abi, unsigned syscall);
321	#ifdef CONFIG_AUDITSYSCALL	328	#ifdef CONFIG_AUDITSYSCALL
322	/* These are defined in auditsc.c */	329	/* These are defined in auditsc.c */
323	/* Public API */	330	/* Public API */


diff --git a/kernel/audit.h b/kernel/audit.h index 6aa33b848cf2..a3370232a390 100644 --- a/kernel/audit.h +++ b/kernel/audit.h
@@ -104,6 +104,7 @@ static inline int audit_hash_ino(u32 ino)
104	return (ino & (AUDIT_INODE_BUCKETS-1));	104	return (ino & (AUDIT_INODE_BUCKETS-1));
105	}	105	}
106		106
		107	extern int audit_match_class(int class, unsigned syscall);
107	extern int audit_comparator(const u32 left, const u32 op, const u32 right);	108	extern int audit_comparator(const u32 left, const u32 op, const u32 right);
108	extern int audit_compare_dname_path(const char dname, const char path,	109	extern int audit_compare_dname_path(const char dname, const char path,
109	int *dirlen);	110	int *dirlen);


diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index e4cafc11c510..a44879b0c72f 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c
@@ -302,6 +302,15 @@ int __init audit_register_class(int class, unsigned *list)
302	return 0;	302	return 0;
303	}	303	}
304		304
		305	int audit_match_class(int class, unsigned syscall)
		306	{
		307	if (unlikely(syscall >= AUDIT_BITMASK_SIZE * sizeof(__u32)))
		308	return 0;
		309	if (unlikely(class >= AUDIT_SYSCALL_CLASSES \|\| !classes[class]))
		310	return 0;
		311	return classes[class][AUDIT_WORD(syscall)] & AUDIT_BIT(syscall);
		312	}
		313
305	/* Common user-space to kernel rule translation. */	314	/* Common user-space to kernel rule translation. */
306	static inline struct audit_entry audit_to_entry_common(struct audit_rule rule)	315	static inline struct audit_entry audit_to_entry_common(struct audit_rule rule)
307	{	316	{
@@ -414,6 +423,10 @@ static struct audit_entry audit_rule_to_entry(struct audit_rule rule)
414	case AUDIT_ARG2:	423	case AUDIT_ARG2:
415	case AUDIT_ARG3:	424	case AUDIT_ARG3:
416	break;	425	break;
		426	case AUDIT_PERM:
		427	if (f->val & ~15)
		428	goto exit_free;
		429	break;
417	case AUDIT_INODE:	430	case AUDIT_INODE:
418	err = audit_to_inode(&entry->rule, f);	431	err = audit_to_inode(&entry->rule, f);
419	if (err)	432	if (err)
@@ -568,6 +581,10 @@ static struct audit_entry audit_data_to_entry(struct audit_rule_data data,
568	entry->rule.buflen += f->val;	581	entry->rule.buflen += f->val;
569	entry->rule.filterkey = str;	582	entry->rule.filterkey = str;
570	break;	583	break;
		584	case AUDIT_PERM:
		585	if (f->val & ~15)
		586	goto exit_free;
		587	break;
571	default:	588	default:
572	goto exit_free;	589	goto exit_free;
573	}	590	}


diff --git a/kernel/auditsc.c b/kernel/auditsc.c index efc1b74bebf3..1bd8827a0102 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c
@@ -209,6 +209,54 @@ struct audit_context {
209	#endif	209	#endif
210	};	210	};
211		211
		212	#define ACC_MODE(x) ("\004\002\006\006"[(x)&O_ACCMODE])
		213	static inline int open_arg(int flags, int mask)
		214	{
		215	int n = ACC_MODE(flags);
		216	if (flags & (O_TRUNC \| O_CREAT))
		217	n \|= AUDIT_PERM_WRITE;
		218	return n & mask;
		219	}
		220
		221	static int audit_match_perm(struct audit_context *ctx, int mask)
		222	{
		223	unsigned n = ctx->major;
		224	switch (audit_classify_syscall(ctx->arch, n)) {
		225	case 0: /* native */
		226	if ((mask & AUDIT_PERM_WRITE) &&
		227	audit_match_class(AUDIT_CLASS_WRITE, n))
		228	return 1;
		229	if ((mask & AUDIT_PERM_READ) &&
		230	audit_match_class(AUDIT_CLASS_READ, n))
		231	return 1;
		232	if ((mask & AUDIT_PERM_ATTR) &&
		233	audit_match_class(AUDIT_CLASS_CHATTR, n))
		234	return 1;
		235	return 0;
		236	case 1: /* 32bit on biarch */
		237	if ((mask & AUDIT_PERM_WRITE) &&
		238	audit_match_class(AUDIT_CLASS_WRITE_32, n))
		239	return 1;
		240	if ((mask & AUDIT_PERM_READ) &&
		241	audit_match_class(AUDIT_CLASS_READ_32, n))
		242	return 1;
		243	if ((mask & AUDIT_PERM_ATTR) &&
		244	audit_match_class(AUDIT_CLASS_CHATTR_32, n))
		245	return 1;
		246	return 0;
		247	case 2: /* open */
		248	return mask & ACC_MODE(ctx->argv[1]);
		249	case 3: /* openat */
		250	return mask & ACC_MODE(ctx->argv[2]);
		251	case 4: /* socketcall */
		252	return ((mask & AUDIT_PERM_WRITE) && ctx->argv[0] == SYS_BIND);
		253	case 5: /* execve */
		254	return mask & AUDIT_PERM_EXEC;
		255	default:
		256	return 0;
		257	}
		258	}
		259
212	/* Determine if any context name data matches a rule's watch data */	260	/* Determine if any context name data matches a rule's watch data */
213	/* Compare a task_struct with an audit_rule. Return 1 on match, 0	261	/* Compare a task_struct with an audit_rule. Return 1 on match, 0
214	* otherwise. */	262	* otherwise. */
@@ -397,6 +445,9 @@ static int audit_filter_rules(struct task_struct *tsk,
397	/* ignore this field for filtering */	445	/* ignore this field for filtering */
398	result = 1;	446	result = 1;
399	break;	447	break;
		448	case AUDIT_PERM:
		449	result = audit_match_perm(ctx, f->val);
		450	break;
400	}	451	}
401		452
402	if (!result)	453	if (!result)