aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@g5.osdl.org>2006-03-25 12:24:53 -0500
committerLinus Torvalds <torvalds@g5.osdl.org>2006-03-25 12:24:53 -0500
commit1b9a3917366028cc451a98dd22e3bcd537d4e5c1 (patch)
treed911058720e0a9aeeaf9f407ccdc6fbf4047f47d
parent3661f00e2097676847deb01add1a0918044bd816 (diff)
parent71e1c784b24a026a490b3de01541fc5ee14ebc09 (diff)
Merge branch 'audit.b3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b3' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: (22 commits) [PATCH] fix audit_init failure path [PATCH] EXPORT_SYMBOL patch for audit_log, audit_log_start, audit_log_end and audit_format [PATCH] sem2mutex: audit_netlink_sem [PATCH] simplify audit_free() locking [PATCH] Fix audit operators [PATCH] promiscuous mode [PATCH] Add tty to syscall audit records [PATCH] add/remove rule update [PATCH] audit string fields interface + consumer [PATCH] SE Linux audit events [PATCH] Minor cosmetic cleanups to the code moved into auditfilter.c [PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL [PATCH] Fix IA64 success/failure indication in syscall auditing. [PATCH] Miscellaneous bug and warning fixes [PATCH] Capture selinux subject/object context information. [PATCH] Exclude messages by message type [PATCH] Collect more inode information during syscall processing. [PATCH] Pass dentry, not just name, in fsnotify creation hooks. [PATCH] Define new range of userspace messages. [PATCH] Filter rule comparators ... Fixed trivial conflict in security/selinux/hooks.c
-rw-r--r--arch/i386/kernel/vm86.c12
-rw-r--r--arch/ia64/kernel/ptrace.c10
-rw-r--r--fs/namei.c11
-rw-r--r--fs/open.c8
-rw-r--r--fs/xattr.c11
-rw-r--r--include/linux/audit.h130
-rw-r--r--include/linux/fsnotify.h14
-rw-r--r--include/linux/security.h33
-rw-r--r--ipc/msg.c5
-rw-r--r--ipc/sem.c5
-rw-r--r--ipc/shm.c4
-rw-r--r--kernel/Makefile2
-rw-r--r--kernel/audit.c175
-rw-r--r--kernel/audit.h88
-rw-r--r--kernel/auditfilter.c630
-rw-r--r--kernel/auditsc.c834
-rw-r--r--net/core/dev.c7
-rw-r--r--security/dummy.c14
-rw-r--r--security/selinux/hooks.c98
-rw-r--r--security/selinux/nlmsgtab.c9
-rw-r--r--security/selinux/selinuxfs.c11
-rw-r--r--security/selinux/ss/services.c15
22 files changed, 1580 insertions, 546 deletions
diff --git a/arch/i386/kernel/vm86.c b/arch/i386/kernel/vm86.c
index f51c894a7da5..aee14fafd13d 100644
--- a/arch/i386/kernel/vm86.c
+++ b/arch/i386/kernel/vm86.c
@@ -43,6 +43,7 @@
43#include <linux/smp_lock.h> 43#include <linux/smp_lock.h>
44#include <linux/highmem.h> 44#include <linux/highmem.h>
45#include <linux/ptrace.h> 45#include <linux/ptrace.h>
46#include <linux/audit.h>
46 47
47#include <asm/uaccess.h> 48#include <asm/uaccess.h>
48#include <asm/io.h> 49#include <asm/io.h>
@@ -252,6 +253,7 @@ out:
252static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk) 253static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk)
253{ 254{
254 struct tss_struct *tss; 255 struct tss_struct *tss;
256 long eax;
255/* 257/*
256 * make sure the vm86() system call doesn't try to do anything silly 258 * make sure the vm86() system call doesn't try to do anything silly
257 */ 259 */
@@ -305,13 +307,19 @@ static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk
305 tsk->thread.screen_bitmap = info->screen_bitmap; 307 tsk->thread.screen_bitmap = info->screen_bitmap;
306 if (info->flags & VM86_SCREEN_BITMAP) 308 if (info->flags & VM86_SCREEN_BITMAP)
307 mark_screen_rdonly(tsk->mm); 309 mark_screen_rdonly(tsk->mm);
310 __asm__ __volatile__("xorl %eax,%eax; movl %eax,%fs; movl %eax,%gs\n\t");
311 __asm__ __volatile__("movl %%eax, %0\n" :"=r"(eax));
312
313 /*call audit_syscall_exit since we do not exit via the normal paths */
314 if (unlikely(current->audit_context))
315 audit_syscall_exit(current, AUDITSC_RESULT(eax), eax);
316
308 __asm__ __volatile__( 317 __asm__ __volatile__(
309 "xorl %%eax,%%eax; movl %%eax,%%fs; movl %%eax,%%gs\n\t"
310 "movl %0,%%esp\n\t" 318 "movl %0,%%esp\n\t"
311 "movl %1,%%ebp\n\t" 319 "movl %1,%%ebp\n\t"
312 "jmp resume_userspace" 320 "jmp resume_userspace"
313 : /* no outputs */ 321 : /* no outputs */
314 :"r" (&info->regs), "r" (task_thread_info(tsk)) : "ax"); 322 :"r" (&info->regs), "r" (task_thread_info(tsk)));
315 /* we never return here */ 323 /* we never return here */
316} 324}
317 325
diff --git a/arch/ia64/kernel/ptrace.c b/arch/ia64/kernel/ptrace.c
index eaed14aac6aa..9887c8787e7a 100644
--- a/arch/ia64/kernel/ptrace.c
+++ b/arch/ia64/kernel/ptrace.c
@@ -1656,8 +1656,14 @@ syscall_trace_leave (long arg0, long arg1, long arg2, long arg3,
1656 long arg4, long arg5, long arg6, long arg7, 1656 long arg4, long arg5, long arg6, long arg7,
1657 struct pt_regs regs) 1657 struct pt_regs regs)
1658{ 1658{
1659 if (unlikely(current->audit_context)) 1659 if (unlikely(current->audit_context)) {
1660 audit_syscall_exit(current, AUDITSC_RESULT(regs.r10), regs.r8); 1660 int success = AUDITSC_RESULT(regs.r10);
1661 long result = regs.r8;
1662
1663 if (success != AUDITSC_SUCCESS)
1664 result = -result;
1665 audit_syscall_exit(current, success, result);
1666 }
1661 1667
1662 if (test_thread_flag(TIF_SYSCALL_TRACE) 1668 if (test_thread_flag(TIF_SYSCALL_TRACE)
1663 && (current->ptrace & PT_PTRACED)) 1669 && (current->ptrace & PT_PTRACED))
diff --git a/fs/namei.c b/fs/namei.c
index 712dfc77793b..98dc2e134362 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1353,6 +1353,7 @@ static int may_delete(struct inode *dir,struct dentry *victim,int isdir)
1353 return -ENOENT; 1353 return -ENOENT;
1354 1354
1355 BUG_ON(victim->d_parent->d_inode != dir); 1355 BUG_ON(victim->d_parent->d_inode != dir);
1356 audit_inode_child(victim->d_name.name, victim->d_inode, dir->i_ino);
1356 1357
1357 error = permission(dir,MAY_WRITE | MAY_EXEC, NULL); 1358 error = permission(dir,MAY_WRITE | MAY_EXEC, NULL);
1358 if (error) 1359 if (error)
@@ -1472,7 +1473,7 @@ int vfs_create(struct inode *dir, struct dentry *dentry, int mode,
1472 DQUOT_INIT(dir); 1473 DQUOT_INIT(dir);
1473 error = dir->i_op->create(dir, dentry, mode, nd); 1474 error = dir->i_op->create(dir, dentry, mode, nd);
1474 if (!error) 1475 if (!error)
1475 fsnotify_create(dir, dentry->d_name.name); 1476 fsnotify_create(dir, dentry);
1476 return error; 1477 return error;
1477} 1478}
1478 1479
@@ -1799,7 +1800,7 @@ int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
1799 DQUOT_INIT(dir); 1800 DQUOT_INIT(dir);
1800 error = dir->i_op->mknod(dir, dentry, mode, dev); 1801 error = dir->i_op->mknod(dir, dentry, mode, dev);
1801 if (!error) 1802 if (!error)
1802 fsnotify_create(dir, dentry->d_name.name); 1803 fsnotify_create(dir, dentry);
1803 return error; 1804 return error;
1804} 1805}
1805 1806
@@ -1876,7 +1877,7 @@ int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
1876 DQUOT_INIT(dir); 1877 DQUOT_INIT(dir);
1877 error = dir->i_op->mkdir(dir, dentry, mode); 1878 error = dir->i_op->mkdir(dir, dentry, mode);
1878 if (!error) 1879 if (!error)
1879 fsnotify_mkdir(dir, dentry->d_name.name); 1880 fsnotify_mkdir(dir, dentry);
1880 return error; 1881 return error;
1881} 1882}
1882 1883
@@ -2139,7 +2140,7 @@ int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname, i
2139 DQUOT_INIT(dir); 2140 DQUOT_INIT(dir);
2140 error = dir->i_op->symlink(dir, dentry, oldname); 2141 error = dir->i_op->symlink(dir, dentry, oldname);
2141 if (!error) 2142 if (!error)
2142 fsnotify_create(dir, dentry->d_name.name); 2143 fsnotify_create(dir, dentry);
2143 return error; 2144 return error;
2144} 2145}
2145 2146
@@ -2216,7 +2217,7 @@ int vfs_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_de
2216 error = dir->i_op->link(old_dentry, dir, new_dentry); 2217 error = dir->i_op->link(old_dentry, dir, new_dentry);
2217 mutex_unlock(&old_dentry->d_inode->i_mutex); 2218 mutex_unlock(&old_dentry->d_inode->i_mutex);
2218 if (!error) 2219 if (!error)
2219 fsnotify_create(dir, new_dentry->d_name.name); 2220 fsnotify_create(dir, new_dentry);
2220 return error; 2221 return error;
2221} 2222}
2222 2223
diff --git a/fs/open.c b/fs/open.c
index 7d02d19bd0a2..c32c89d6d8db 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -27,6 +27,7 @@
27#include <linux/pagemap.h> 27#include <linux/pagemap.h>
28#include <linux/syscalls.h> 28#include <linux/syscalls.h>
29#include <linux/rcupdate.h> 29#include <linux/rcupdate.h>
30#include <linux/audit.h>
30 31
31#include <asm/unistd.h> 32#include <asm/unistd.h>
32 33
@@ -626,6 +627,8 @@ asmlinkage long sys_fchmod(unsigned int fd, mode_t mode)
626 dentry = file->f_dentry; 627 dentry = file->f_dentry;
627 inode = dentry->d_inode; 628 inode = dentry->d_inode;
628 629
630 audit_inode(NULL, inode, 0);
631
629 err = -EROFS; 632 err = -EROFS;
630 if (IS_RDONLY(inode)) 633 if (IS_RDONLY(inode))
631 goto out_putf; 634 goto out_putf;
@@ -775,7 +778,10 @@ asmlinkage long sys_fchown(unsigned int fd, uid_t user, gid_t group)
775 778
776 file = fget(fd); 779 file = fget(fd);
777 if (file) { 780 if (file) {
778 error = chown_common(file->f_dentry, user, group); 781 struct dentry * dentry;
782 dentry = file->f_dentry;
783 audit_inode(NULL, dentry->d_inode, 0);
784 error = chown_common(dentry, user, group);
779 fput(file); 785 fput(file);
780 } 786 }
781 return error; 787 return error;
diff --git a/fs/xattr.c b/fs/xattr.c
index 80eca7d3d69f..e416190f5e9c 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -17,6 +17,7 @@
17#include <linux/syscalls.h> 17#include <linux/syscalls.h>
18#include <linux/module.h> 18#include <linux/module.h>
19#include <linux/fsnotify.h> 19#include <linux/fsnotify.h>
20#include <linux/audit.h>
20#include <asm/uaccess.h> 21#include <asm/uaccess.h>
21 22
22 23
@@ -234,12 +235,15 @@ sys_fsetxattr(int fd, char __user *name, void __user *value,
234 size_t size, int flags) 235 size_t size, int flags)
235{ 236{
236 struct file *f; 237 struct file *f;
238 struct dentry *dentry;
237 int error = -EBADF; 239 int error = -EBADF;
238 240
239 f = fget(fd); 241 f = fget(fd);
240 if (!f) 242 if (!f)
241 return error; 243 return error;
242 error = setxattr(f->f_dentry, name, value, size, flags); 244 dentry = f->f_dentry;
245 audit_inode(NULL, dentry->d_inode, 0);
246 error = setxattr(dentry, name, value, size, flags);
243 fput(f); 247 fput(f);
244 return error; 248 return error;
245} 249}
@@ -458,12 +462,15 @@ asmlinkage long
458sys_fremovexattr(int fd, char __user *name) 462sys_fremovexattr(int fd, char __user *name)
459{ 463{
460 struct file *f; 464 struct file *f;
465 struct dentry *dentry;
461 int error = -EBADF; 466 int error = -EBADF;
462 467
463 f = fget(fd); 468 f = fget(fd);
464 if (!f) 469 if (!f)
465 return error; 470 return error;
466 error = removexattr(f->f_dentry, name); 471 dentry = f->f_dentry;
472 audit_inode(NULL, dentry->d_inode, 0);
473 error = removexattr(dentry, name);
467 fput(f); 474 fput(f);
468 return error; 475 return error;
469} 476}
diff --git a/include/linux/audit.h b/include/linux/audit.h
index da3c01955f3d..1c47c59058c1 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -33,27 +33,42 @@
33 * 1200 - 1299 messages internal to the audit daemon 33 * 1200 - 1299 messages internal to the audit daemon
34 * 1300 - 1399 audit event messages 34 * 1300 - 1399 audit event messages
35 * 1400 - 1499 SE Linux use 35 * 1400 - 1499 SE Linux use
36 * 1500 - 1999 future use 36 * 1500 - 1599 kernel LSPP events
37 * 2000 is for otherwise unclassified kernel audit messages 37 * 1600 - 1699 kernel crypto events
38 * 1700 - 1799 kernel anomaly records
39 * 1800 - 1999 future kernel use (maybe integrity labels and related events)
40 * 2000 is for otherwise unclassified kernel audit messages (legacy)
41 * 2001 - 2099 unused (kernel)
42 * 2100 - 2199 user space anomaly records
43 * 2200 - 2299 user space actions taken in response to anomalies
44 * 2300 - 2399 user space generated LSPP events
45 * 2400 - 2499 user space crypto events
46 * 2500 - 2999 future user space (maybe integrity labels and related events)
38 * 47 *
39 * Messages from 1000-1199 are bi-directional. 1200-1299 are exclusively user 48 * Messages from 1000-1199 are bi-directional. 1200-1299 & 2100 - 2999 are
40 * space. Anything over that is kernel --> user space communication. 49 * exclusively user space. 1300-2099 is kernel --> user space
50 * communication.
41 */ 51 */
42#define AUDIT_GET 1000 /* Get status */ 52#define AUDIT_GET 1000 /* Get status */
43#define AUDIT_SET 1001 /* Set status (enable/disable/auditd) */ 53#define AUDIT_SET 1001 /* Set status (enable/disable/auditd) */
44#define AUDIT_LIST 1002 /* List syscall filtering rules */ 54#define AUDIT_LIST 1002 /* List syscall rules -- deprecated */
45#define AUDIT_ADD 1003 /* Add syscall filtering rule */ 55#define AUDIT_ADD 1003 /* Add syscall rule -- deprecated */
46#define AUDIT_DEL 1004 /* Delete syscall filtering rule */ 56#define AUDIT_DEL 1004 /* Delete syscall rule -- deprecated */
47#define AUDIT_USER 1005 /* Message from userspace -- deprecated */ 57#define AUDIT_USER 1005 /* Message from userspace -- deprecated */
48#define AUDIT_LOGIN 1006 /* Define the login id and information */ 58#define AUDIT_LOGIN 1006 /* Define the login id and information */
49#define AUDIT_WATCH_INS 1007 /* Insert file/dir watch entry */ 59#define AUDIT_WATCH_INS 1007 /* Insert file/dir watch entry */
50#define AUDIT_WATCH_REM 1008 /* Remove file/dir watch entry */ 60#define AUDIT_WATCH_REM 1008 /* Remove file/dir watch entry */
51#define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */ 61#define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */
52#define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */ 62#define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */
63#define AUDIT_ADD_RULE 1011 /* Add syscall filtering rule */
64#define AUDIT_DEL_RULE 1012 /* Delete syscall filtering rule */
65#define AUDIT_LIST_RULES 1013 /* List syscall filtering rules */
53 66
54#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */ 67#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */
55#define AUDIT_USER_AVC 1107 /* We filter this differently */ 68#define AUDIT_USER_AVC 1107 /* We filter this differently */
56#define AUDIT_LAST_USER_MSG 1199 69#define AUDIT_LAST_USER_MSG 1199
70#define AUDIT_FIRST_USER_MSG2 2100 /* More user space messages */
71#define AUDIT_LAST_USER_MSG2 2999
57 72
58#define AUDIT_DAEMON_START 1200 /* Daemon startup record */ 73#define AUDIT_DAEMON_START 1200 /* Daemon startup record */
59#define AUDIT_DAEMON_END 1201 /* Daemon normal stop record */ 74#define AUDIT_DAEMON_END 1201 /* Daemon normal stop record */
@@ -72,6 +87,13 @@
72#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ 87#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
73#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ 88#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
74#define AUDIT_AVC_PATH 1402 /* dentry, vfsmount pair from avc */ 89#define AUDIT_AVC_PATH 1402 /* dentry, vfsmount pair from avc */
90#define AUDIT_MAC_POLICY_LOAD 1403 /* Policy file load */
91#define AUDIT_MAC_STATUS 1404 /* Changed enforcing,permissive,off */
92#define AUDIT_MAC_CONFIG_CHANGE 1405 /* Changes to booleans */
93
94#define AUDIT_FIRST_KERN_ANOM_MSG 1700
95#define AUDIT_LAST_KERN_ANOM_MSG 1799
96#define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */
75 97
76#define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ 98#define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */
77 99
@@ -81,8 +103,9 @@
81#define AUDIT_FILTER_ENTRY 0x02 /* Apply rule at syscall entry */ 103#define AUDIT_FILTER_ENTRY 0x02 /* Apply rule at syscall entry */
82#define AUDIT_FILTER_WATCH 0x03 /* Apply rule to file system watches */ 104#define AUDIT_FILTER_WATCH 0x03 /* Apply rule to file system watches */
83#define AUDIT_FILTER_EXIT 0x04 /* Apply rule at syscall exit */ 105#define AUDIT_FILTER_EXIT 0x04 /* Apply rule at syscall exit */
106#define AUDIT_FILTER_TYPE 0x05 /* Apply rule at audit_log_start */
84 107
85#define AUDIT_NR_FILTERS 5 108#define AUDIT_NR_FILTERS 6
86 109
87#define AUDIT_FILTER_PREPEND 0x10 /* Prepend to front of list */ 110#define AUDIT_FILTER_PREPEND 0x10 /* Prepend to front of list */
88 111
@@ -98,6 +121,13 @@
98#define AUDIT_WORD(nr) ((__u32)((nr)/32)) 121#define AUDIT_WORD(nr) ((__u32)((nr)/32))
99#define AUDIT_BIT(nr) (1 << ((nr) - AUDIT_WORD(nr)*32)) 122#define AUDIT_BIT(nr) (1 << ((nr) - AUDIT_WORD(nr)*32))
100 123
124/* This bitmask is used to validate user input. It represents all bits that
125 * are currently used in an audit field constant understood by the kernel.
126 * If you are adding a new #define AUDIT_<whatever>, please ensure that
127 * AUDIT_UNUSED_BITS is updated if need be. */
128#define AUDIT_UNUSED_BITS 0x0FFFFC00
129
130
101/* Rule fields */ 131/* Rule fields */
102 /* These are useful when checking the 132 /* These are useful when checking the
103 * task structure at task creation time 133 * task structure at task creation time
@@ -114,6 +144,7 @@
114#define AUDIT_LOGINUID 9 144#define AUDIT_LOGINUID 9
115#define AUDIT_PERS 10 145#define AUDIT_PERS 10
116#define AUDIT_ARCH 11 146#define AUDIT_ARCH 11
147#define AUDIT_MSGTYPE 12
117 148
118 /* These are ONLY useful when checking 149 /* These are ONLY useful when checking
119 * at syscall exit time (AUDIT_AT_EXIT). */ 150 * at syscall exit time (AUDIT_AT_EXIT). */
@@ -128,8 +159,28 @@
128#define AUDIT_ARG2 (AUDIT_ARG0+2) 159#define AUDIT_ARG2 (AUDIT_ARG0+2)
129#define AUDIT_ARG3 (AUDIT_ARG0+3) 160#define AUDIT_ARG3 (AUDIT_ARG0+3)
130 161
131#define AUDIT_NEGATE 0x80000000 162#define AUDIT_NEGATE 0x80000000
132 163
164/* These are the supported operators.
165 * 4 2 1
166 * = > <
167 * -------
168 * 0 0 0 0 nonsense
169 * 0 0 1 1 <
170 * 0 1 0 2 >
171 * 0 1 1 3 !=
172 * 1 0 0 4 =
173 * 1 0 1 5 <=
174 * 1 1 0 6 >=
175 * 1 1 1 7 all operators
176 */
177#define AUDIT_LESS_THAN 0x10000000
178#define AUDIT_GREATER_THAN 0x20000000
179#define AUDIT_NOT_EQUAL 0x30000000
180#define AUDIT_EQUAL 0x40000000
181#define AUDIT_LESS_THAN_OR_EQUAL (AUDIT_LESS_THAN|AUDIT_EQUAL)
182#define AUDIT_GREATER_THAN_OR_EQUAL (AUDIT_GREATER_THAN|AUDIT_EQUAL)
183#define AUDIT_OPERATORS (AUDIT_EQUAL|AUDIT_NOT_EQUAL)
133 184
134/* Status symbols */ 185/* Status symbols */
135 /* Mask values */ 186 /* Mask values */
@@ -186,6 +237,26 @@ struct audit_status {
186 __u32 backlog; /* messages waiting in queue */ 237 __u32 backlog; /* messages waiting in queue */
187}; 238};
188 239
240/* audit_rule_data supports filter rules with both integer and string
241 * fields. It corresponds with AUDIT_ADD_RULE, AUDIT_DEL_RULE and
242 * AUDIT_LIST_RULES requests.
243 */
244struct audit_rule_data {
245 __u32 flags; /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */
246 __u32 action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */
247 __u32 field_count;
248 __u32 mask[AUDIT_BITMASK_SIZE]; /* syscall(s) affected */
249 __u32 fields[AUDIT_MAX_FIELDS];
250 __u32 values[AUDIT_MAX_FIELDS];
251 __u32 fieldflags[AUDIT_MAX_FIELDS];
252 __u32 buflen; /* total length of string fields */
253 char buf[0]; /* string fields buffer */
254};
255
256/* audit_rule is supported to maintain backward compatibility with
257 * userspace. It supports integer fields only and corresponds to
258 * AUDIT_ADD, AUDIT_DEL and AUDIT_LIST requests.
259 */
189struct audit_rule { /* for AUDIT_LIST, AUDIT_ADD, and AUDIT_DEL */ 260struct audit_rule { /* for AUDIT_LIST, AUDIT_ADD, and AUDIT_DEL */
190 __u32 flags; /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */ 261 __u32 flags; /* AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND */
191 __u32 action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */ 262 __u32 action; /* AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS */
@@ -222,22 +293,33 @@ extern void audit_syscall_entry(struct task_struct *task, int arch,
222extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code); 293extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code);
223extern void audit_getname(const char *name); 294extern void audit_getname(const char *name);
224extern void audit_putname(const char *name); 295extern void audit_putname(const char *name);
225extern void audit_inode(const char *name, const struct inode *inode, unsigned flags); 296extern void __audit_inode(const char *name, const struct inode *inode, unsigned flags);
297extern void __audit_inode_child(const char *dname, const struct inode *inode,
298 unsigned long pino);
299static inline void audit_inode(const char *name, const struct inode *inode,
300 unsigned flags) {
301 if (unlikely(current->audit_context))
302 __audit_inode(name, inode, flags);
303}
304static inline void audit_inode_child(const char *dname,
305 const struct inode *inode,
306 unsigned long pino) {
307 if (unlikely(current->audit_context))
308 __audit_inode_child(dname, inode, pino);
309}
226 310
227 /* Private API (for audit.c only) */ 311 /* Private API (for audit.c only) */
228extern int audit_receive_filter(int type, int pid, int uid, int seq,
229 void *data, uid_t loginuid);
230extern unsigned int audit_serial(void); 312extern unsigned int audit_serial(void);
231extern void auditsc_get_stamp(struct audit_context *ctx, 313extern void auditsc_get_stamp(struct audit_context *ctx,
232 struct timespec *t, unsigned int *serial); 314 struct timespec *t, unsigned int *serial);
233extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); 315extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid);
234extern uid_t audit_get_loginuid(struct audit_context *ctx); 316extern uid_t audit_get_loginuid(struct audit_context *ctx);
235extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); 317extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode, struct kern_ipc_perm *ipcp);
236extern int audit_socketcall(int nargs, unsigned long *args); 318extern int audit_socketcall(int nargs, unsigned long *args);
237extern int audit_sockaddr(int len, void *addr); 319extern int audit_sockaddr(int len, void *addr);
238extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); 320extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt);
239extern void audit_signal_info(int sig, struct task_struct *t); 321extern void audit_signal_info(int sig, struct task_struct *t);
240extern int audit_filter_user(struct netlink_skb_parms *cb, int type); 322extern int audit_set_macxattr(const char *name);
241#else 323#else
242#define audit_alloc(t) ({ 0; }) 324#define audit_alloc(t) ({ 0; })
243#define audit_free(t) do { ; } while (0) 325#define audit_free(t) do { ; } while (0)
@@ -245,16 +327,18 @@ extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
245#define audit_syscall_exit(t,f,r) do { ; } while (0) 327#define audit_syscall_exit(t,f,r) do { ; } while (0)
246#define audit_getname(n) do { ; } while (0) 328#define audit_getname(n) do { ; } while (0)
247#define audit_putname(n) do { ; } while (0) 329#define audit_putname(n) do { ; } while (0)
330#define __audit_inode(n,i,f) do { ; } while (0)
331#define __audit_inode_child(d,i,p) do { ; } while (0)
248#define audit_inode(n,i,f) do { ; } while (0) 332#define audit_inode(n,i,f) do { ; } while (0)
249#define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; }) 333#define audit_inode_child(d,i,p) do { ; } while (0)
250#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) 334#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
251#define audit_get_loginuid(c) ({ -1; }) 335#define audit_get_loginuid(c) ({ -1; })
252#define audit_ipc_perms(q,u,g,m) ({ 0; }) 336#define audit_ipc_perms(q,u,g,m,i) ({ 0; })
253#define audit_socketcall(n,a) ({ 0; }) 337#define audit_socketcall(n,a) ({ 0; })
254#define audit_sockaddr(len, addr) ({ 0; }) 338#define audit_sockaddr(len, addr) ({ 0; })
255#define audit_avc_path(dentry, mnt) ({ 0; }) 339#define audit_avc_path(dentry, mnt) ({ 0; })
256#define audit_signal_info(s,t) do { ; } while (0) 340#define audit_signal_info(s,t) do { ; } while (0)
257#define audit_filter_user(cb,t) ({ 1; }) 341#define audit_set_macxattr(n) do { ; } while (0)
258#endif 342#endif
259 343
260#ifdef CONFIG_AUDIT 344#ifdef CONFIG_AUDIT
@@ -278,12 +362,11 @@ extern void audit_log_d_path(struct audit_buffer *ab,
278 const char *prefix, 362 const char *prefix,
279 struct dentry *dentry, 363 struct dentry *dentry,
280 struct vfsmount *vfsmnt); 364 struct vfsmount *vfsmnt);
281 /* Private API (for auditsc.c only) */ 365 /* Private API (for audit.c only) */
282extern void audit_send_reply(int pid, int seq, int type, 366extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
283 int done, int multi, 367extern int audit_filter_type(int type);
284 void *payload, int size); 368extern int audit_receive_filter(int type, int pid, int uid, int seq,
285extern void audit_log_lost(const char *message); 369 void *data, size_t datasz, uid_t loginuid);
286extern struct semaphore audit_netlink_sem;
287#else 370#else
288#define audit_log(c,g,t,f,...) do { ; } while (0) 371#define audit_log(c,g,t,f,...) do { ; } while (0)
289#define audit_log_start(c,g,t) ({ NULL; }) 372#define audit_log_start(c,g,t) ({ NULL; })
@@ -293,6 +376,7 @@ extern struct semaphore audit_netlink_sem;
293#define audit_log_hex(a,b,l) do { ; } while (0) 376#define audit_log_hex(a,b,l) do { ; } while (0)
294#define audit_log_untrustedstring(a,s) do { ; } while (0) 377#define audit_log_untrustedstring(a,s) do { ; } while (0)
295#define audit_log_d_path(b,p,d,v) do { ; } while (0) 378#define audit_log_d_path(b,p,d,v) do { ; } while (0)
379#define audit_panic(m) do { ; } while (0)
296#endif 380#endif
297#endif 381#endif
298#endif 382#endif
diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h
index f7e517c1f1bd..11438eff4d44 100644
--- a/include/linux/fsnotify.h
+++ b/include/linux/fsnotify.h
@@ -15,6 +15,7 @@
15 15
16#include <linux/dnotify.h> 16#include <linux/dnotify.h>
17#include <linux/inotify.h> 17#include <linux/inotify.h>
18#include <linux/audit.h>
18 19
19/* 20/*
20 * fsnotify_d_instantiate - instantiate a dentry for inode 21 * fsnotify_d_instantiate - instantiate a dentry for inode
@@ -64,6 +65,8 @@ static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir,
64 if (source) { 65 if (source) {
65 inotify_inode_queue_event(source, IN_MOVE_SELF, 0, NULL); 66 inotify_inode_queue_event(source, IN_MOVE_SELF, 0, NULL);
66 } 67 }
68 audit_inode_child(old_name, source, old_dir->i_ino);
69 audit_inode_child(new_name, target, new_dir->i_ino);
67} 70}
68 71
69/* 72/*
@@ -89,19 +92,22 @@ static inline void fsnotify_inoderemove(struct inode *inode)
89/* 92/*
90 * fsnotify_create - 'name' was linked in 93 * fsnotify_create - 'name' was linked in
91 */ 94 */
92static inline void fsnotify_create(struct inode *inode, const char *name) 95static inline void fsnotify_create(struct inode *inode, struct dentry *dentry)
93{ 96{
94 inode_dir_notify(inode, DN_CREATE); 97 inode_dir_notify(inode, DN_CREATE);
95 inotify_inode_queue_event(inode, IN_CREATE, 0, name); 98 inotify_inode_queue_event(inode, IN_CREATE, 0, dentry->d_name.name);
99 audit_inode_child(dentry->d_name.name, dentry->d_inode, inode->i_ino);
96} 100}
97 101
98/* 102/*
99 * fsnotify_mkdir - directory 'name' was created 103 * fsnotify_mkdir - directory 'name' was created
100 */ 104 */
101static inline void fsnotify_mkdir(struct inode *inode, const char *name) 105static inline void fsnotify_mkdir(struct inode *inode, struct dentry *dentry)
102{ 106{
103 inode_dir_notify(inode, DN_CREATE); 107 inode_dir_notify(inode, DN_CREATE);
104 inotify_inode_queue_event(inode, IN_CREATE | IN_ISDIR, 0, name); 108 inotify_inode_queue_event(inode, IN_CREATE | IN_ISDIR, 0,
109 dentry->d_name.name);
110 audit_inode_child(dentry->d_name.name, dentry->d_inode, inode->i_ino);
105} 111}
106 112
107/* 113/*
diff --git a/include/linux/security.h b/include/linux/security.h
index 3c19be35124b..aaa0a5cdbf75 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -869,6 +869,11 @@ struct swap_info_struct;
869 * @ipcp contains the kernel IPC permission structure 869 * @ipcp contains the kernel IPC permission structure
870 * @flag contains the desired (requested) permission set 870 * @flag contains the desired (requested) permission set
871 * Return 0 if permission is granted. 871 * Return 0 if permission is granted.
872 * @ipc_getsecurity:
873 * Copy the security label associated with the ipc object into
874 * @buffer. @buffer may be NULL to request the size of the buffer
875 * required. @size indicates the size of @buffer in bytes. Return
876 * number of bytes used/required on success.
872 * 877 *
873 * Security hooks for individual messages held in System V IPC message queues 878 * Security hooks for individual messages held in System V IPC message queues
874 * @msg_msg_alloc_security: 879 * @msg_msg_alloc_security:
@@ -1168,7 +1173,8 @@ struct security_operations {
1168 int (*inode_getxattr) (struct dentry *dentry, char *name); 1173 int (*inode_getxattr) (struct dentry *dentry, char *name);
1169 int (*inode_listxattr) (struct dentry *dentry); 1174 int (*inode_listxattr) (struct dentry *dentry);
1170 int (*inode_removexattr) (struct dentry *dentry, char *name); 1175 int (*inode_removexattr) (struct dentry *dentry, char *name);
1171 int (*inode_getsecurity)(struct inode *inode, const char *name, void *buffer, size_t size, int err); 1176 const char *(*inode_xattr_getsuffix) (void);
1177 int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err);
1172 int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); 1178 int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags);
1173 int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size); 1179 int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size);
1174 1180
@@ -1217,6 +1223,7 @@ struct security_operations {
1217 void (*task_to_inode)(struct task_struct *p, struct inode *inode); 1223 void (*task_to_inode)(struct task_struct *p, struct inode *inode);
1218 1224
1219 int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); 1225 int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag);
1226 int (*ipc_getsecurity)(struct kern_ipc_perm *ipcp, void *buffer, size_t size);
1220 1227
1221 int (*msg_msg_alloc_security) (struct msg_msg * msg); 1228 int (*msg_msg_alloc_security) (struct msg_msg * msg);
1222 void (*msg_msg_free_security) (struct msg_msg * msg); 1229 void (*msg_msg_free_security) (struct msg_msg * msg);
@@ -1680,7 +1687,12 @@ static inline int security_inode_removexattr (struct dentry *dentry, char *name)
1680 return security_ops->inode_removexattr (dentry, name); 1687 return security_ops->inode_removexattr (dentry, name);
1681} 1688}
1682 1689
1683static inline int security_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) 1690static inline const char *security_inode_xattr_getsuffix(void)
1691{
1692 return security_ops->inode_xattr_getsuffix();
1693}
1694
1695static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
1684{ 1696{
1685 if (unlikely (IS_PRIVATE (inode))) 1697 if (unlikely (IS_PRIVATE (inode)))
1686 return 0; 1698 return 0;
@@ -1875,6 +1887,11 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
1875 return security_ops->ipc_permission (ipcp, flag); 1887 return security_ops->ipc_permission (ipcp, flag);
1876} 1888}
1877 1889
1890static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
1891{
1892 return security_ops->ipc_getsecurity(ipcp, buffer, size);
1893}
1894
1878static inline int security_msg_msg_alloc (struct msg_msg * msg) 1895static inline int security_msg_msg_alloc (struct msg_msg * msg)
1879{ 1896{
1880 return security_ops->msg_msg_alloc_security (msg); 1897 return security_ops->msg_msg_alloc_security (msg);
@@ -2327,7 +2344,12 @@ static inline int security_inode_removexattr (struct dentry *dentry, char *name)
2327 return cap_inode_removexattr(dentry, name); 2344 return cap_inode_removexattr(dentry, name);
2328} 2345}
2329 2346
2330static inline int security_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) 2347static inline const char *security_inode_xattr_getsuffix (void)
2348{
2349 return NULL ;
2350}
2351
2352static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
2331{ 2353{
2332 return -EOPNOTSUPP; 2354 return -EOPNOTSUPP;
2333} 2355}
@@ -2510,6 +2532,11 @@ static inline int security_ipc_permission (struct kern_ipc_perm *ipcp,
2510 return 0; 2532 return 0;
2511} 2533}
2512 2534
2535static inline int security_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
2536{
2537 return -EOPNOTSUPP;
2538}
2539
2513static inline int security_msg_msg_alloc (struct msg_msg * msg) 2540static inline int security_msg_msg_alloc (struct msg_msg * msg)
2514{ 2541{
2515 return 0; 2542 return 0;
diff --git a/ipc/msg.c b/ipc/msg.c
index 60c1e5c23418..7eec5ed32379 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
@@ -428,8 +428,6 @@ asmlinkage long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf)
428 return -EFAULT; 428 return -EFAULT;
429 if (copy_msqid_from_user (&setbuf, buf, version)) 429 if (copy_msqid_from_user (&setbuf, buf, version))
430 return -EFAULT; 430 return -EFAULT;
431 if ((err = audit_ipc_perms(setbuf.qbytes, setbuf.uid, setbuf.gid, setbuf.mode)))
432 return err;
433 break; 431 break;
434 case IPC_RMID: 432 case IPC_RMID:
435 break; 433 break;
@@ -460,6 +458,9 @@ asmlinkage long sys_msgctl (int msqid, int cmd, struct msqid_ds __user *buf)
460 switch (cmd) { 458 switch (cmd) {
461 case IPC_SET: 459 case IPC_SET:
462 { 460 {
461 if ((err = audit_ipc_perms(setbuf.qbytes, setbuf.uid, setbuf.gid, setbuf.mode, ipcp)))
462 goto out_unlock_up;
463
463 err = -EPERM; 464 err = -EPERM;
464 if (setbuf.qbytes > msg_ctlmnb && !capable(CAP_SYS_RESOURCE)) 465 if (setbuf.qbytes > msg_ctlmnb && !capable(CAP_SYS_RESOURCE))
465 goto out_unlock_up; 466 goto out_unlock_up;
diff --git a/ipc/sem.c b/ipc/sem.c
index 31fd4027d2b5..59696a840be1 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
@@ -809,8 +809,6 @@ static int semctl_down(int semid, int semnum, int cmd, int version, union semun
809 if(cmd == IPC_SET) { 809 if(cmd == IPC_SET) {
810 if(copy_semid_from_user (&setbuf, arg.buf, version)) 810 if(copy_semid_from_user (&setbuf, arg.buf, version))
811 return -EFAULT; 811 return -EFAULT;
812 if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid, setbuf.mode)))
813 return err;
814 } 812 }
815 sma = sem_lock(semid); 813 sma = sem_lock(semid);
816 if(sma==NULL) 814 if(sma==NULL)
@@ -821,7 +819,6 @@ static int semctl_down(int semid, int semnum, int cmd, int version, union semun
821 goto out_unlock; 819 goto out_unlock;
822 } 820 }
823 ipcp = &sma->sem_perm; 821 ipcp = &sma->sem_perm;
824
825 if (current->euid != ipcp->cuid && 822 if (current->euid != ipcp->cuid &&
826 current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN)) { 823 current->euid != ipcp->uid && !capable(CAP_SYS_ADMIN)) {
827 err=-EPERM; 824 err=-EPERM;
@@ -838,6 +835,8 @@ static int semctl_down(int semid, int semnum, int cmd, int version, union semun
838 err = 0; 835 err = 0;
839 break; 836 break;
840 case IPC_SET: 837 case IPC_SET:
838 if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid, setbuf.mode, ipcp)))
839 goto out_unlock;
841 ipcp->uid = setbuf.uid; 840 ipcp->uid = setbuf.uid;
842 ipcp->gid = setbuf.gid; 841 ipcp->gid = setbuf.gid;
843 ipcp->mode = (ipcp->mode & ~S_IRWXUGO) 842 ipcp->mode = (ipcp->mode & ~S_IRWXUGO)
diff --git a/ipc/shm.c b/ipc/shm.c
index 16fe2786087d..6f9615c09fb2 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -620,13 +620,13 @@ asmlinkage long sys_shmctl (int shmid, int cmd, struct shmid_ds __user *buf)
620 err = -EFAULT; 620 err = -EFAULT;
621 goto out; 621 goto out;
622 } 622 }
623 if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid, setbuf.mode)))
624 return err;
625 down(&shm_ids.sem); 623 down(&shm_ids.sem);
626 shp = shm_lock(shmid); 624 shp = shm_lock(shmid);
627 err=-EINVAL; 625 err=-EINVAL;
628 if(shp==NULL) 626 if(shp==NULL)
629 goto out_up; 627 goto out_up;
628 if ((err = audit_ipc_perms(0, setbuf.uid, setbuf.gid, setbuf.mode, &(shp->shm_perm))))
629 goto out_unlock_up;
630 err = shm_checkid(shp,shmid); 630 err = shm_checkid(shp,shmid);
631 if(err) 631 if(err)
632 goto out_unlock_up; 632 goto out_unlock_up;
diff --git a/kernel/Makefile b/kernel/Makefile
index aebd7a78984e..ff1c11dc12cf 100644
--- a/kernel/Makefile
+++ b/kernel/Makefile
@@ -26,7 +26,7 @@ obj-$(CONFIG_COMPAT) += compat.o
26obj-$(CONFIG_CPUSETS) += cpuset.o 26obj-$(CONFIG_CPUSETS) += cpuset.o
27obj-$(CONFIG_IKCONFIG) += configs.o 27obj-$(CONFIG_IKCONFIG) += configs.o
28obj-$(CONFIG_STOP_MACHINE) += stop_machine.o 28obj-$(CONFIG_STOP_MACHINE) += stop_machine.o
29obj-$(CONFIG_AUDIT) += audit.o 29obj-$(CONFIG_AUDIT) += audit.o auditfilter.o
30obj-$(CONFIG_AUDITSYSCALL) += auditsc.o 30obj-$(CONFIG_AUDITSYSCALL) += auditsc.o
31obj-$(CONFIG_KPROBES) += kprobes.o 31obj-$(CONFIG_KPROBES) += kprobes.o
32obj-$(CONFIG_SYSFS) += ksysfs.o 32obj-$(CONFIG_SYSFS) += ksysfs.o
diff --git a/kernel/audit.c b/kernel/audit.c
index 0a813d2883e5..04fe2e301b61 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -52,6 +52,7 @@
52#include <linux/audit.h> 52#include <linux/audit.h>
53 53
54#include <net/sock.h> 54#include <net/sock.h>
55#include <net/netlink.h>
55#include <linux/skbuff.h> 56#include <linux/skbuff.h>
56#include <linux/netlink.h> 57#include <linux/netlink.h>
57 58
@@ -72,7 +73,7 @@ static int audit_failure = AUDIT_FAIL_PRINTK;
72 * contains the (non-zero) pid. */ 73 * contains the (non-zero) pid. */
73int audit_pid; 74int audit_pid;
74 75
75/* If audit_limit is non-zero, limit the rate of sending audit records 76/* If audit_rate_limit is non-zero, limit the rate of sending audit records
76 * to that number per second. This prevents DoS attacks, but results in 77 * to that number per second. This prevents DoS attacks, but results in
77 * audit records being dropped. */ 78 * audit records being dropped. */
78static int audit_rate_limit; 79static int audit_rate_limit;
@@ -102,7 +103,7 @@ static struct sock *audit_sock;
102 * than AUDIT_MAXFREE are in use, the audit buffer is freed instead of 103 * than AUDIT_MAXFREE are in use, the audit buffer is freed instead of
103 * being placed on the freelist). */ 104 * being placed on the freelist). */
104static DEFINE_SPINLOCK(audit_freelist_lock); 105static DEFINE_SPINLOCK(audit_freelist_lock);
105static int audit_freelist_count = 0; 106static int audit_freelist_count;
106static LIST_HEAD(audit_freelist); 107static LIST_HEAD(audit_freelist);
107 108
108static struct sk_buff_head audit_skb_queue; 109static struct sk_buff_head audit_skb_queue;
@@ -113,7 +114,7 @@ static DECLARE_WAIT_QUEUE_HEAD(audit_backlog_wait);
113/* The netlink socket is only to be read by 1 CPU, which lets us assume 114/* The netlink socket is only to be read by 1 CPU, which lets us assume
114 * that list additions and deletions never happen simultaneously in 115 * that list additions and deletions never happen simultaneously in
115 * auditsc.c */ 116 * auditsc.c */
116DECLARE_MUTEX(audit_netlink_sem); 117DEFINE_MUTEX(audit_netlink_mutex);
117 118
118/* AUDIT_BUFSIZ is the size of the temporary buffer used for formatting 119/* AUDIT_BUFSIZ is the size of the temporary buffer used for formatting
119 * audit records. Since printk uses a 1024 byte buffer, this buffer 120 * audit records. Since printk uses a 1024 byte buffer, this buffer
@@ -142,7 +143,7 @@ static void audit_set_pid(struct audit_buffer *ab, pid_t pid)
142 nlh->nlmsg_pid = pid; 143 nlh->nlmsg_pid = pid;
143} 144}
144 145
145static void audit_panic(const char *message) 146void audit_panic(const char *message)
146{ 147{
147 switch (audit_failure) 148 switch (audit_failure)
148 { 149 {
@@ -186,8 +187,14 @@ static inline int audit_rate_check(void)
186 return retval; 187 return retval;
187} 188}
188 189
189/* Emit at least 1 message per second, even if audit_rate_check is 190/**
190 * throttling. */ 191 * audit_log_lost - conditionally log lost audit message event
192 * @message: the message stating reason for lost audit message
193 *
194 * Emit at least 1 message per second, even if audit_rate_check is
195 * throttling.
196 * Always increment the lost messages counter.
197*/
191void audit_log_lost(const char *message) 198void audit_log_lost(const char *message)
192{ 199{
193 static unsigned long last_msg = 0; 200 static unsigned long last_msg = 0;
@@ -218,7 +225,6 @@ void audit_log_lost(const char *message)
218 audit_backlog_limit); 225 audit_backlog_limit);
219 audit_panic(message); 226 audit_panic(message);
220 } 227 }
221
222} 228}
223 229
224static int audit_set_rate_limit(int limit, uid_t loginuid) 230static int audit_set_rate_limit(int limit, uid_t loginuid)
@@ -300,8 +306,22 @@ static int kauditd_thread(void *dummy)
300 remove_wait_queue(&kauditd_wait, &wait); 306 remove_wait_queue(&kauditd_wait, &wait);
301 } 307 }
302 } 308 }
309 return 0;
303} 310}
304 311
312/**
313 * audit_send_reply - send an audit reply message via netlink
314 * @pid: process id to send reply to
315 * @seq: sequence number
316 * @type: audit message type
317 * @done: done (last) flag
318 * @multi: multi-part message flag
319 * @payload: payload data
320 * @size: payload size
321 *
322 * Allocates an skb, builds the netlink message, and sends it to the pid.
323 * No failure notifications.
324 */
305void audit_send_reply(int pid, int seq, int type, int done, int multi, 325void audit_send_reply(int pid, int seq, int type, int done, int multi,
306 void *payload, int size) 326 void *payload, int size)
307{ 327{
@@ -342,15 +362,19 @@ static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type)
342 switch (msg_type) { 362 switch (msg_type) {
343 case AUDIT_GET: 363 case AUDIT_GET:
344 case AUDIT_LIST: 364 case AUDIT_LIST:
365 case AUDIT_LIST_RULES:
345 case AUDIT_SET: 366 case AUDIT_SET:
346 case AUDIT_ADD: 367 case AUDIT_ADD:
368 case AUDIT_ADD_RULE:
347 case AUDIT_DEL: 369 case AUDIT_DEL:
370 case AUDIT_DEL_RULE:
348 case AUDIT_SIGNAL_INFO: 371 case AUDIT_SIGNAL_INFO:
349 if (!cap_raised(eff_cap, CAP_AUDIT_CONTROL)) 372 if (!cap_raised(eff_cap, CAP_AUDIT_CONTROL))
350 err = -EPERM; 373 err = -EPERM;
351 break; 374 break;
352 case AUDIT_USER: 375 case AUDIT_USER:
353 case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: 376 case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
377 case AUDIT_FIRST_USER_MSG2...AUDIT_LAST_USER_MSG2:
354 if (!cap_raised(eff_cap, CAP_AUDIT_WRITE)) 378 if (!cap_raised(eff_cap, CAP_AUDIT_WRITE))
355 err = -EPERM; 379 err = -EPERM;
356 break; 380 break;
@@ -376,7 +400,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
376 if (err) 400 if (err)
377 return err; 401 return err;
378 402
379 /* As soon as there's any sign of userspace auditd, start kauditd to talk to it */ 403 /* As soon as there's any sign of userspace auditd,
404 * start kauditd to talk to it */
380 if (!kauditd_task) 405 if (!kauditd_task)
381 kauditd_task = kthread_run(kauditd_thread, NULL, "kauditd"); 406 kauditd_task = kthread_run(kauditd_thread, NULL, "kauditd");
382 if (IS_ERR(kauditd_task)) { 407 if (IS_ERR(kauditd_task)) {
@@ -430,6 +455,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
430 break; 455 break;
431 case AUDIT_USER: 456 case AUDIT_USER:
432 case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: 457 case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
458 case AUDIT_FIRST_USER_MSG2...AUDIT_LAST_USER_MSG2:
433 if (!audit_enabled && msg_type != AUDIT_USER_AVC) 459 if (!audit_enabled && msg_type != AUDIT_USER_AVC)
434 return 0; 460 return 0;
435 461
@@ -448,12 +474,23 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
448 break; 474 break;
449 case AUDIT_ADD: 475 case AUDIT_ADD:
450 case AUDIT_DEL: 476 case AUDIT_DEL:
451 if (nlh->nlmsg_len < sizeof(struct audit_rule)) 477 if (nlmsg_len(nlh) < sizeof(struct audit_rule))
452 return -EINVAL; 478 return -EINVAL;
453 /* fallthrough */ 479 /* fallthrough */
454 case AUDIT_LIST: 480 case AUDIT_LIST:
455 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, 481 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
456 uid, seq, data, loginuid); 482 uid, seq, data, nlmsg_len(nlh),
483 loginuid);
484 break;
485 case AUDIT_ADD_RULE:
486 case AUDIT_DEL_RULE:
487 if (nlmsg_len(nlh) < sizeof(struct audit_rule_data))
488 return -EINVAL;
489 /* fallthrough */
490 case AUDIT_LIST_RULES:
491 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
492 uid, seq, data, nlmsg_len(nlh),
493 loginuid);
457 break; 494 break;
458 case AUDIT_SIGNAL_INFO: 495 case AUDIT_SIGNAL_INFO:
459 sig_data.uid = audit_sig_uid; 496 sig_data.uid = audit_sig_uid;
@@ -469,9 +506,11 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
469 return err < 0 ? err : 0; 506 return err < 0 ? err : 0;
470} 507}
471 508
472/* Get message from skb (based on rtnetlink_rcv_skb). Each message is 509/*
510 * Get message from skb (based on rtnetlink_rcv_skb). Each message is
473 * processed by audit_receive_msg. Malformed skbs with wrong length are 511 * processed by audit_receive_msg. Malformed skbs with wrong length are
474 * discarded silently. */ 512 * discarded silently.
513 */
475static void audit_receive_skb(struct sk_buff *skb) 514static void audit_receive_skb(struct sk_buff *skb)
476{ 515{
477 int err; 516 int err;
@@ -499,14 +538,14 @@ static void audit_receive(struct sock *sk, int length)
499 struct sk_buff *skb; 538 struct sk_buff *skb;
500 unsigned int qlen; 539 unsigned int qlen;
501 540
502 down(&audit_netlink_sem); 541 mutex_lock(&audit_netlink_mutex);
503 542
504 for (qlen = skb_queue_len(&sk->sk_receive_queue); qlen; qlen--) { 543 for (qlen = skb_queue_len(&sk->sk_receive_queue); qlen; qlen--) {
505 skb = skb_dequeue(&sk->sk_receive_queue); 544 skb = skb_dequeue(&sk->sk_receive_queue);
506 audit_receive_skb(skb); 545 audit_receive_skb(skb);
507 kfree_skb(skb); 546 kfree_skb(skb);
508 } 547 }
509 up(&audit_netlink_sem); 548 mutex_unlock(&audit_netlink_mutex);
510} 549}
511 550
512 551
@@ -519,8 +558,9 @@ static int __init audit_init(void)
519 THIS_MODULE); 558 THIS_MODULE);
520 if (!audit_sock) 559 if (!audit_sock)
521 audit_panic("cannot initialize netlink socket"); 560 audit_panic("cannot initialize netlink socket");
561 else
562 audit_sock->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
522 563
523 audit_sock->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
524 skb_queue_head_init(&audit_skb_queue); 564 skb_queue_head_init(&audit_skb_queue);
525 audit_initialized = 1; 565 audit_initialized = 1;
526 audit_enabled = audit_default; 566 audit_enabled = audit_default;
@@ -600,7 +640,10 @@ err:
600 return NULL; 640 return NULL;
601} 641}
602 642
603/* Compute a serial number for the audit record. Audit records are 643/**
644 * audit_serial - compute a serial number for the audit record
645 *
646 * Compute a serial number for the audit record. Audit records are
604 * written to user-space as soon as they are generated, so a complete 647 * written to user-space as soon as they are generated, so a complete
605 * audit record may be written in several pieces. The timestamp of the 648 * audit record may be written in several pieces. The timestamp of the
606 * record and this serial number are used by the user-space tools to 649 * record and this serial number are used by the user-space tools to
@@ -612,8 +655,8 @@ err:
612 * audit context (for those records that have a context), and emit them 655 * audit context (for those records that have a context), and emit them
613 * all at syscall exit. However, this could delay the reporting of 656 * all at syscall exit. However, this could delay the reporting of
614 * significant errors until syscall exit (or never, if the system 657 * significant errors until syscall exit (or never, if the system
615 * halts). */ 658 * halts).
616 659 */
617unsigned int audit_serial(void) 660unsigned int audit_serial(void)
618{ 661{
619 static spinlock_t serial_lock = SPIN_LOCK_UNLOCKED; 662 static spinlock_t serial_lock = SPIN_LOCK_UNLOCKED;
@@ -649,6 +692,21 @@ static inline void audit_get_stamp(struct audit_context *ctx,
649 * will be written at syscall exit. If there is no associated task, tsk 692 * will be written at syscall exit. If there is no associated task, tsk
650 * should be NULL. */ 693 * should be NULL. */
651 694
695/**
696 * audit_log_start - obtain an audit buffer
697 * @ctx: audit_context (may be NULL)
698 * @gfp_mask: type of allocation
699 * @type: audit message type
700 *
701 * Returns audit_buffer pointer on success or NULL on error.
702 *
703 * Obtain an audit buffer. This routine does locking to obtain the
704 * audit buffer, but then no locking is required for calls to
705 * audit_log_*format. If the task (ctx) is a task that is currently in a
706 * syscall, then the syscall is marked as auditable and an audit record
707 * will be written at syscall exit. If there is no associated task, then
708 * task context (ctx) should be NULL.
709 */
652struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, 710struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
653 int type) 711 int type)
654{ 712{
@@ -661,6 +719,9 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
661 if (!audit_initialized) 719 if (!audit_initialized)
662 return NULL; 720 return NULL;
663 721
722 if (unlikely(audit_filter_type(type)))
723 return NULL;
724
664 if (gfp_mask & __GFP_WAIT) 725 if (gfp_mask & __GFP_WAIT)
665 reserve = 0; 726 reserve = 0;
666 else 727 else
@@ -713,6 +774,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
713/** 774/**
714 * audit_expand - expand skb in the audit buffer 775 * audit_expand - expand skb in the audit buffer
715 * @ab: audit_buffer 776 * @ab: audit_buffer
777 * @extra: space to add at tail of the skb
716 * 778 *
717 * Returns 0 (no space) on failed expansion, or available space if 779 * Returns 0 (no space) on failed expansion, or available space if
718 * successful. 780 * successful.
@@ -729,10 +791,12 @@ static inline int audit_expand(struct audit_buffer *ab, int extra)
729 return skb_tailroom(skb); 791 return skb_tailroom(skb);
730} 792}
731 793
732/* Format an audit message into the audit buffer. If there isn't enough 794/*
795 * Format an audit message into the audit buffer. If there isn't enough
733 * room in the audit buffer, more room will be allocated and vsnprint 796 * room in the audit buffer, more room will be allocated and vsnprint
734 * will be called a second time. Currently, we assume that a printk 797 * will be called a second time. Currently, we assume that a printk
735 * can't format message larger than 1024 bytes, so we don't either. */ 798 * can't format message larger than 1024 bytes, so we don't either.
799 */
736static void audit_log_vformat(struct audit_buffer *ab, const char *fmt, 800static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
737 va_list args) 801 va_list args)
738{ 802{
@@ -757,7 +821,8 @@ static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
757 /* The printk buffer is 1024 bytes long, so if we get 821 /* The printk buffer is 1024 bytes long, so if we get
758 * here and AUDIT_BUFSIZ is at least 1024, then we can 822 * here and AUDIT_BUFSIZ is at least 1024, then we can
759 * log everything that printk could have logged. */ 823 * log everything that printk could have logged. */
760 avail = audit_expand(ab, max_t(unsigned, AUDIT_BUFSIZ, 1+len-avail)); 824 avail = audit_expand(ab,
825 max_t(unsigned, AUDIT_BUFSIZ, 1+len-avail));
761 if (!avail) 826 if (!avail)
762 goto out; 827 goto out;
763 len = vsnprintf(skb->tail, avail, fmt, args2); 828 len = vsnprintf(skb->tail, avail, fmt, args2);
@@ -768,8 +833,14 @@ out:
768 return; 833 return;
769} 834}
770 835
771/* Format a message into the audit buffer. All the work is done in 836/**
772 * audit_log_vformat. */ 837 * audit_log_format - format a message into the audit buffer.
838 * @ab: audit_buffer
839 * @fmt: format string
840 * @...: optional parameters matching @fmt string
841 *
842 * All the work is done in audit_log_vformat.
843 */
773void audit_log_format(struct audit_buffer *ab, const char *fmt, ...) 844void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
774{ 845{
775 va_list args; 846 va_list args;
@@ -781,9 +852,18 @@ void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
781 va_end(args); 852 va_end(args);
782} 853}
783 854
784/* This function will take the passed buf and convert it into a string of 855/**
785 * ascii hex digits. The new string is placed onto the skb. */ 856 * audit_log_hex - convert a buffer to hex and append it to the audit skb
786void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf, 857 * @ab: the audit_buffer
858 * @buf: buffer to convert to hex
859 * @len: length of @buf to be converted
860 *
861 * No return value; failure to expand is silently ignored.
862 *
863 * This function will take the passed buf and convert it into a string of
864 * ascii hex digits. The new string is placed onto the skb.
865 */
866void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf,
787 size_t len) 867 size_t len)
788{ 868{
789 int i, avail, new_len; 869 int i, avail, new_len;
@@ -812,10 +892,16 @@ void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf,
812 skb_put(skb, len << 1); /* new string is twice the old string */ 892 skb_put(skb, len << 1); /* new string is twice the old string */
813} 893}
814 894
815/* This code will escape a string that is passed to it if the string 895/**
816 * contains a control character, unprintable character, double quote mark, 896 * audit_log_unstrustedstring - log a string that may contain random characters
897 * @ab: audit_buffer
898 * @string: string to be logged
899 *
900 * This code will escape a string that is passed to it if the string
901 * contains a control character, unprintable character, double quote mark,
817 * or a space. Unescaped strings will start and end with a double quote mark. 902 * or a space. Unescaped strings will start and end with a double quote mark.
818 * Strings that are escaped are printed in hex (2 digits per char). */ 903 * Strings that are escaped are printed in hex (2 digits per char).
904 */
819void audit_log_untrustedstring(struct audit_buffer *ab, const char *string) 905void audit_log_untrustedstring(struct audit_buffer *ab, const char *string)
820{ 906{
821 const unsigned char *p = string; 907 const unsigned char *p = string;
@@ -854,10 +940,15 @@ void audit_log_d_path(struct audit_buffer *ab, const char *prefix,
854 kfree(path); 940 kfree(path);
855} 941}
856 942
857/* The netlink_* functions cannot be called inside an irq context, so 943/**
858 * the audit buffer is places on a queue and a tasklet is scheduled to 944 * audit_log_end - end one audit record
945 * @ab: the audit_buffer
946 *
947 * The netlink_* functions cannot be called inside an irq context, so
948 * the audit buffer is placed on a queue and a tasklet is scheduled to
859 * remove them from the queue outside the irq context. May be called in 949 * remove them from the queue outside the irq context. May be called in
860 * any context. */ 950 * any context.
951 */
861void audit_log_end(struct audit_buffer *ab) 952void audit_log_end(struct audit_buffer *ab)
862{ 953{
863 if (!ab) 954 if (!ab)
@@ -878,9 +969,18 @@ void audit_log_end(struct audit_buffer *ab)
878 audit_buffer_free(ab); 969 audit_buffer_free(ab);
879} 970}
880 971
881/* Log an audit record. This is a convenience function that calls 972/**
882 * audit_log_start, audit_log_vformat, and audit_log_end. It may be 973 * audit_log - Log an audit record
883 * called in any context. */ 974 * @ctx: audit context
975 * @gfp_mask: type of allocation
976 * @type: audit message type
977 * @fmt: format string to use
978 * @...: variable parameters matching the format string
979 *
980 * This is a convenience function that calls audit_log_start,
981 * audit_log_vformat, and audit_log_end. It may be called
982 * in any context.
983 */
884void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, 984void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
885 const char *fmt, ...) 985 const char *fmt, ...)
886{ 986{
@@ -895,3 +995,8 @@ void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
895 audit_log_end(ab); 995 audit_log_end(ab);
896 } 996 }
897} 997}
998
999EXPORT_SYMBOL(audit_log_start);
1000EXPORT_SYMBOL(audit_log_end);
1001EXPORT_SYMBOL(audit_log_format);
1002EXPORT_SYMBOL(audit_log);
diff --git a/kernel/audit.h b/kernel/audit.h
new file mode 100644
index 000000000000..bc5392076e2b
--- /dev/null
+++ b/kernel/audit.h
@@ -0,0 +1,88 @@
1/* audit -- definition of audit_context structure and supporting types
2 *
3 * Copyright 2003-2004 Red Hat, Inc.
4 * Copyright 2005 Hewlett-Packard Development Company, L.P.
5 * Copyright 2005 IBM Corporation
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
21
22#include <linux/mutex.h>
23#include <linux/fs.h>
24#include <linux/audit.h>
25
26/* 0 = no checking
27 1 = put_count checking
28 2 = verbose put_count checking
29*/
30#define AUDIT_DEBUG 0
31
32/* At task start time, the audit_state is set in the audit_context using
33 a per-task filter. At syscall entry, the audit_state is augmented by
34 the syscall filter. */
35enum audit_state {
36 AUDIT_DISABLED, /* Do not create per-task audit_context.
37 * No syscall-specific audit records can
38 * be generated. */
39 AUDIT_SETUP_CONTEXT, /* Create the per-task audit_context,
40 * but don't necessarily fill it in at
41 * syscall entry time (i.e., filter
42 * instead). */
43 AUDIT_BUILD_CONTEXT, /* Create the per-task audit_context,
44 * and always fill it in at syscall
45 * entry time. This makes a full
46 * syscall record available if some
47 * other part of the kernel decides it
48 * should be recorded. */
49 AUDIT_RECORD_CONTEXT /* Create the per-task audit_context,
50 * always fill it in at syscall entry
51 * time, and always write out the audit
52 * record at syscall exit time. */
53};
54
55/* Rule lists */
56struct audit_field {
57 u32 type;
58 u32 val;
59 u32 op;
60};
61
62struct audit_krule {
63 int vers_ops;
64 u32 flags;
65 u32 listnr;
66 u32 action;
67 u32 mask[AUDIT_BITMASK_SIZE];
68 u32 buflen; /* for data alloc on list rules */
69 u32 field_count;
70 struct audit_field *fields;
71};
72
73struct audit_entry {
74 struct list_head list;
75 struct rcu_head rcu;
76 struct audit_krule rule;
77};
78
79
80extern int audit_pid;
81extern int audit_comparator(const u32 left, const u32 op, const u32 right);
82
83extern void audit_send_reply(int pid, int seq, int type,
84 int done, int multi,
85 void *payload, int size);
86extern void audit_log_lost(const char *message);
87extern void audit_panic(const char *message);
88extern struct mutex audit_netlink_mutex;
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
new file mode 100644
index 000000000000..d3a8539f3a83
--- /dev/null
+++ b/kernel/auditfilter.c
@@ -0,0 +1,630 @@
1/* auditfilter.c -- filtering of audit events
2 *
3 * Copyright 2003-2004 Red Hat, Inc.
4 * Copyright 2005 Hewlett-Packard Development Company, L.P.
5 * Copyright 2005 IBM Corporation
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
21
22#include <linux/kernel.h>
23#include <linux/audit.h>
24#include <linux/kthread.h>
25#include <linux/netlink.h>
26#include "audit.h"
27
28/* There are three lists of rules -- one to search at task creation
29 * time, one to search at syscall entry time, and another to search at
30 * syscall exit time. */
31struct list_head audit_filter_list[AUDIT_NR_FILTERS] = {
32 LIST_HEAD_INIT(audit_filter_list[0]),
33 LIST_HEAD_INIT(audit_filter_list[1]),
34 LIST_HEAD_INIT(audit_filter_list[2]),
35 LIST_HEAD_INIT(audit_filter_list[3]),
36 LIST_HEAD_INIT(audit_filter_list[4]),
37 LIST_HEAD_INIT(audit_filter_list[5]),
38#if AUDIT_NR_FILTERS != 6
39#error Fix audit_filter_list initialiser
40#endif
41};
42
43static inline void audit_free_rule(struct audit_entry *e)
44{
45 kfree(e->rule.fields);
46 kfree(e);
47}
48
49static inline void audit_free_rule_rcu(struct rcu_head *head)
50{
51 struct audit_entry *e = container_of(head, struct audit_entry, rcu);
52 audit_free_rule(e);
53}
54
55/* Unpack a filter field's string representation from user-space
56 * buffer. */
57static __attribute__((unused)) char *audit_unpack_string(void **bufp, size_t *remain, size_t len)
58{
59 char *str;
60
61 if (!*bufp || (len == 0) || (len > *remain))
62 return ERR_PTR(-EINVAL);
63
64 /* Of the currently implemented string fields, PATH_MAX
65 * defines the longest valid length.
66 */
67 if (len > PATH_MAX)
68 return ERR_PTR(-ENAMETOOLONG);
69
70 str = kmalloc(len + 1, GFP_KERNEL);
71 if (unlikely(!str))
72 return ERR_PTR(-ENOMEM);
73
74 memcpy(str, *bufp, len);
75 str[len] = 0;
76 *bufp += len;
77 *remain -= len;
78
79 return str;
80}
81
82/* Common user-space to kernel rule translation. */
83static inline struct audit_entry *audit_to_entry_common(struct audit_rule *rule)
84{
85 unsigned listnr;
86 struct audit_entry *entry;
87 struct audit_field *fields;
88 int i, err;
89
90 err = -EINVAL;
91 listnr = rule->flags & ~AUDIT_FILTER_PREPEND;
92 switch(listnr) {
93 default:
94 goto exit_err;
95 case AUDIT_FILTER_USER:
96 case AUDIT_FILTER_TYPE:
97#ifdef CONFIG_AUDITSYSCALL
98 case AUDIT_FILTER_ENTRY:
99 case AUDIT_FILTER_EXIT:
100 case AUDIT_FILTER_TASK:
101#endif
102 ;
103 }
104 if (rule->action != AUDIT_NEVER && rule->action != AUDIT_POSSIBLE &&
105 rule->action != AUDIT_ALWAYS)
106 goto exit_err;
107 if (rule->field_count > AUDIT_MAX_FIELDS)
108 goto exit_err;
109
110 err = -ENOMEM;
111 entry = kmalloc(sizeof(*entry), GFP_KERNEL);
112 if (unlikely(!entry))
113 goto exit_err;
114 fields = kmalloc(sizeof(*fields) * rule->field_count, GFP_KERNEL);
115 if (unlikely(!fields)) {
116 kfree(entry);
117 goto exit_err;
118 }
119
120 memset(&entry->rule, 0, sizeof(struct audit_krule));
121 memset(fields, 0, sizeof(struct audit_field));
122
123 entry->rule.flags = rule->flags & AUDIT_FILTER_PREPEND;
124 entry->rule.listnr = listnr;
125 entry->rule.action = rule->action;
126 entry->rule.field_count = rule->field_count;
127 entry->rule.fields = fields;
128
129 for (i = 0; i < AUDIT_BITMASK_SIZE; i++)
130 entry->rule.mask[i] = rule->mask[i];
131
132 return entry;
133
134exit_err:
135 return ERR_PTR(err);
136}
137
138/* Translate struct audit_rule to kernel's rule respresentation.
139 * Exists for backward compatibility with userspace. */
140static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule)
141{
142 struct audit_entry *entry;
143 int err = 0;
144 int i;
145
146 entry = audit_to_entry_common(rule);
147 if (IS_ERR(entry))
148 goto exit_nofree;
149
150 for (i = 0; i < rule->field_count; i++) {
151 struct audit_field *f = &entry->rule.fields[i];
152
153 if (rule->fields[i] & AUDIT_UNUSED_BITS) {
154 err = -EINVAL;
155 goto exit_free;
156 }
157
158 f->op = rule->fields[i] & (AUDIT_NEGATE|AUDIT_OPERATORS);
159 f->type = rule->fields[i] & ~(AUDIT_NEGATE|AUDIT_OPERATORS);
160 f->val = rule->values[i];
161
162 entry->rule.vers_ops = (f->op & AUDIT_OPERATORS) ? 2 : 1;
163
164 /* Support for legacy operators where
165 * AUDIT_NEGATE bit signifies != and otherwise assumes == */
166 if (f->op & AUDIT_NEGATE)
167 f->op = AUDIT_NOT_EQUAL;
168 else if (!f->op)
169 f->op = AUDIT_EQUAL;
170 else if (f->op == AUDIT_OPERATORS) {
171 err = -EINVAL;
172 goto exit_free;
173 }
174 }
175
176exit_nofree:
177 return entry;
178
179exit_free:
180 audit_free_rule(entry);
181 return ERR_PTR(err);
182}
183
184/* Translate struct audit_rule_data to kernel's rule respresentation. */
185static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
186 size_t datasz)
187{
188 int err = 0;
189 struct audit_entry *entry;
190 void *bufp;
191 /* size_t remain = datasz - sizeof(struct audit_rule_data); */
192 int i;
193
194 entry = audit_to_entry_common((struct audit_rule *)data);
195 if (IS_ERR(entry))
196 goto exit_nofree;
197
198 bufp = data->buf;
199 entry->rule.vers_ops = 2;
200 for (i = 0; i < data->field_count; i++) {
201 struct audit_field *f = &entry->rule.fields[i];
202
203 err = -EINVAL;
204 if (!(data->fieldflags[i] & AUDIT_OPERATORS) ||
205 data->fieldflags[i] & ~AUDIT_OPERATORS)
206 goto exit_free;
207
208 f->op = data->fieldflags[i] & AUDIT_OPERATORS;
209 f->type = data->fields[i];
210 switch(f->type) {
211 /* call type-specific conversion routines here */
212 default:
213 f->val = data->values[i];
214 }
215 }
216
217exit_nofree:
218 return entry;
219
220exit_free:
221 audit_free_rule(entry);
222 return ERR_PTR(err);
223}
224
225/* Pack a filter field's string representation into data block. */
226static inline size_t audit_pack_string(void **bufp, char *str)
227{
228 size_t len = strlen(str);
229
230 memcpy(*bufp, str, len);
231 *bufp += len;
232
233 return len;
234}
235
236/* Translate kernel rule respresentation to struct audit_rule.
237 * Exists for backward compatibility with userspace. */
238static struct audit_rule *audit_krule_to_rule(struct audit_krule *krule)
239{
240 struct audit_rule *rule;
241 int i;
242
243 rule = kmalloc(sizeof(*rule), GFP_KERNEL);
244 if (unlikely(!rule))
245 return ERR_PTR(-ENOMEM);
246 memset(rule, 0, sizeof(*rule));
247
248 rule->flags = krule->flags | krule->listnr;
249 rule->action = krule->action;
250 rule->field_count = krule->field_count;
251 for (i = 0; i < rule->field_count; i++) {
252 rule->values[i] = krule->fields[i].val;
253 rule->fields[i] = krule->fields[i].type;
254
255 if (krule->vers_ops == 1) {
256 if (krule->fields[i].op & AUDIT_NOT_EQUAL)
257 rule->fields[i] |= AUDIT_NEGATE;
258 } else {
259 rule->fields[i] |= krule->fields[i].op;
260 }
261 }
262 for (i = 0; i < AUDIT_BITMASK_SIZE; i++) rule->mask[i] = krule->mask[i];
263
264 return rule;
265}
266
267/* Translate kernel rule respresentation to struct audit_rule_data. */
268static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule)
269{
270 struct audit_rule_data *data;
271 void *bufp;
272 int i;
273
274 data = kmalloc(sizeof(*data) + krule->buflen, GFP_KERNEL);
275 if (unlikely(!data))
276 return ERR_PTR(-ENOMEM);
277 memset(data, 0, sizeof(*data));
278
279 data->flags = krule->flags | krule->listnr;
280 data->action = krule->action;
281 data->field_count = krule->field_count;
282 bufp = data->buf;
283 for (i = 0; i < data->field_count; i++) {
284 struct audit_field *f = &krule->fields[i];
285
286 data->fields[i] = f->type;
287 data->fieldflags[i] = f->op;
288 switch(f->type) {
289 /* call type-specific conversion routines here */
290 default:
291 data->values[i] = f->val;
292 }
293 }
294 for (i = 0; i < AUDIT_BITMASK_SIZE; i++) data->mask[i] = krule->mask[i];
295
296 return data;
297}
298
299/* Compare two rules in kernel format. Considered success if rules
300 * don't match. */
301static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b)
302{
303 int i;
304
305 if (a->flags != b->flags ||
306 a->listnr != b->listnr ||
307 a->action != b->action ||
308 a->field_count != b->field_count)
309 return 1;
310
311 for (i = 0; i < a->field_count; i++) {
312 if (a->fields[i].type != b->fields[i].type ||
313 a->fields[i].op != b->fields[i].op)
314 return 1;
315
316 switch(a->fields[i].type) {
317 /* call type-specific comparison routines here */
318 default:
319 if (a->fields[i].val != b->fields[i].val)
320 return 1;
321 }
322 }
323
324 for (i = 0; i < AUDIT_BITMASK_SIZE; i++)
325 if (a->mask[i] != b->mask[i])
326 return 1;
327
328 return 0;
329}
330
331/* Add rule to given filterlist if not a duplicate. Protected by
332 * audit_netlink_mutex. */
333static inline int audit_add_rule(struct audit_entry *entry,
334 struct list_head *list)
335{
336 struct audit_entry *e;
337
338 /* Do not use the _rcu iterator here, since this is the only
339 * addition routine. */
340 list_for_each_entry(e, list, list) {
341 if (!audit_compare_rule(&entry->rule, &e->rule))
342 return -EEXIST;
343 }
344
345 if (entry->rule.flags & AUDIT_FILTER_PREPEND) {
346 list_add_rcu(&entry->list, list);
347 } else {
348 list_add_tail_rcu(&entry->list, list);
349 }
350
351 return 0;
352}
353
354/* Remove an existing rule from filterlist. Protected by
355 * audit_netlink_mutex. */
356static inline int audit_del_rule(struct audit_entry *entry,
357 struct list_head *list)
358{
359 struct audit_entry *e;
360
361 /* Do not use the _rcu iterator here, since this is the only
362 * deletion routine. */
363 list_for_each_entry(e, list, list) {
364 if (!audit_compare_rule(&entry->rule, &e->rule)) {
365 list_del_rcu(&e->list);
366 call_rcu(&e->rcu, audit_free_rule_rcu);
367 return 0;
368 }
369 }
370 return -ENOENT; /* No matching rule */
371}
372
373/* List rules using struct audit_rule. Exists for backward
374 * compatibility with userspace. */
375static int audit_list(void *_dest)
376{
377 int pid, seq;
378 int *dest = _dest;
379 struct audit_entry *entry;
380 int i;
381
382 pid = dest[0];
383 seq = dest[1];
384 kfree(dest);
385
386 mutex_lock(&audit_netlink_mutex);
387
388 /* The *_rcu iterators not needed here because we are
389 always called with audit_netlink_mutex held. */
390 for (i=0; i<AUDIT_NR_FILTERS; i++) {
391 list_for_each_entry(entry, &audit_filter_list[i], list) {
392 struct audit_rule *rule;
393
394 rule = audit_krule_to_rule(&entry->rule);
395 if (unlikely(!rule))
396 break;
397 audit_send_reply(pid, seq, AUDIT_LIST, 0, 1,
398 rule, sizeof(*rule));
399 kfree(rule);
400 }
401 }
402 audit_send_reply(pid, seq, AUDIT_LIST, 1, 1, NULL, 0);
403
404 mutex_unlock(&audit_netlink_mutex);
405 return 0;
406}
407
408/* List rules using struct audit_rule_data. */
409static int audit_list_rules(void *_dest)
410{
411 int pid, seq;
412 int *dest = _dest;
413 struct audit_entry *e;
414 int i;
415
416 pid = dest[0];
417 seq = dest[1];
418 kfree(dest);
419
420 mutex_lock(&audit_netlink_mutex);
421
422 /* The *_rcu iterators not needed here because we are
423 always called with audit_netlink_mutex held. */
424 for (i=0; i<AUDIT_NR_FILTERS; i++) {
425 list_for_each_entry(e, &audit_filter_list[i], list) {
426 struct audit_rule_data *data;
427
428 data = audit_krule_to_data(&e->rule);
429 if (unlikely(!data))
430 break;
431 audit_send_reply(pid, seq, AUDIT_LIST_RULES, 0, 1,
432 data, sizeof(*data));
433 kfree(data);
434 }
435 }
436 audit_send_reply(pid, seq, AUDIT_LIST_RULES, 1, 1, NULL, 0);
437
438 mutex_unlock(&audit_netlink_mutex);
439 return 0;
440}
441
442/**
443 * audit_receive_filter - apply all rules to the specified message type
444 * @type: audit message type
445 * @pid: target pid for netlink audit messages
446 * @uid: target uid for netlink audit messages
447 * @seq: netlink audit message sequence (serial) number
448 * @data: payload data
449 * @datasz: size of payload data
450 * @loginuid: loginuid of sender
451 */
452int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
453 size_t datasz, uid_t loginuid)
454{
455 struct task_struct *tsk;
456 int *dest;
457 int err = 0;
458 struct audit_entry *entry;
459
460 switch (type) {
461 case AUDIT_LIST:
462 case AUDIT_LIST_RULES:
463 /* We can't just spew out the rules here because we might fill
464 * the available socket buffer space and deadlock waiting for
465 * auditctl to read from it... which isn't ever going to
466 * happen if we're actually running in the context of auditctl
467 * trying to _send_ the stuff */
468
469 dest = kmalloc(2 * sizeof(int), GFP_KERNEL);
470 if (!dest)
471 return -ENOMEM;
472 dest[0] = pid;
473 dest[1] = seq;
474
475 if (type == AUDIT_LIST)
476 tsk = kthread_run(audit_list, dest, "audit_list");
477 else
478 tsk = kthread_run(audit_list_rules, dest,
479 "audit_list_rules");
480 if (IS_ERR(tsk)) {
481 kfree(dest);
482 err = PTR_ERR(tsk);
483 }
484 break;
485 case AUDIT_ADD:
486 case AUDIT_ADD_RULE:
487 if (type == AUDIT_ADD)
488 entry = audit_rule_to_entry(data);
489 else
490 entry = audit_data_to_entry(data, datasz);
491 if (IS_ERR(entry))
492 return PTR_ERR(entry);
493
494 err = audit_add_rule(entry,
495 &audit_filter_list[entry->rule.listnr]);
496 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
497 "auid=%u add rule to list=%d res=%d\n",
498 loginuid, entry->rule.listnr, !err);
499
500 if (err)
501 audit_free_rule(entry);
502 break;
503 case AUDIT_DEL:
504 case AUDIT_DEL_RULE:
505 if (type == AUDIT_DEL)
506 entry = audit_rule_to_entry(data);
507 else
508 entry = audit_data_to_entry(data, datasz);
509 if (IS_ERR(entry))
510 return PTR_ERR(entry);
511
512 err = audit_del_rule(entry,
513 &audit_filter_list[entry->rule.listnr]);
514 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
515 "auid=%u remove rule from list=%d res=%d\n",
516 loginuid, entry->rule.listnr, !err);
517
518 audit_free_rule(entry);
519 break;
520 default:
521 return -EINVAL;
522 }
523
524 return err;
525}
526
527int audit_comparator(const u32 left, const u32 op, const u32 right)
528{
529 switch (op) {
530 case AUDIT_EQUAL:
531 return (left == right);
532 case AUDIT_NOT_EQUAL:
533 return (left != right);
534 case AUDIT_LESS_THAN:
535 return (left < right);
536 case AUDIT_LESS_THAN_OR_EQUAL:
537 return (left <= right);
538 case AUDIT_GREATER_THAN:
539 return (left > right);
540 case AUDIT_GREATER_THAN_OR_EQUAL:
541 return (left >= right);
542 }
543 BUG();
544 return 0;
545}
546
547
548
549static int audit_filter_user_rules(struct netlink_skb_parms *cb,
550 struct audit_krule *rule,
551 enum audit_state *state)
552{
553 int i;
554
555 for (i = 0; i < rule->field_count; i++) {
556 struct audit_field *f = &rule->fields[i];
557 int result = 0;
558
559 switch (f->type) {
560 case AUDIT_PID:
561 result = audit_comparator(cb->creds.pid, f->op, f->val);
562 break;
563 case AUDIT_UID:
564 result = audit_comparator(cb->creds.uid, f->op, f->val);
565 break;
566 case AUDIT_GID:
567 result = audit_comparator(cb->creds.gid, f->op, f->val);
568 break;
569 case AUDIT_LOGINUID:
570 result = audit_comparator(cb->loginuid, f->op, f->val);
571 break;
572 }
573
574 if (!result)
575 return 0;
576 }
577 switch (rule->action) {
578 case AUDIT_NEVER: *state = AUDIT_DISABLED; break;
579 case AUDIT_POSSIBLE: *state = AUDIT_BUILD_CONTEXT; break;
580 case AUDIT_ALWAYS: *state = AUDIT_RECORD_CONTEXT; break;
581 }
582 return 1;
583}
584
585int audit_filter_user(struct netlink_skb_parms *cb, int type)
586{
587 struct audit_entry *e;
588 enum audit_state state;
589 int ret = 1;
590
591 rcu_read_lock();
592 list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) {
593 if (audit_filter_user_rules(cb, &e->rule, &state)) {
594 if (state == AUDIT_DISABLED)
595 ret = 0;
596 break;
597 }
598 }
599 rcu_read_unlock();
600
601 return ret; /* Audit by default */
602}
603
604int audit_filter_type(int type)
605{
606 struct audit_entry *e;
607 int result = 0;
608
609 rcu_read_lock();
610 if (list_empty(&audit_filter_list[AUDIT_FILTER_TYPE]))
611 goto unlock_and_return;
612
613 list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TYPE],
614 list) {
615 int i;
616 for (i = 0; i < e->rule.field_count; i++) {
617 struct audit_field *f = &e->rule.fields[i];
618 if (f->type == AUDIT_MSGTYPE) {
619 result = audit_comparator(type, f->op, f->val);
620 if (!result)
621 break;
622 }
623 }
624 if (result)
625 goto unlock_and_return;
626 }
627unlock_and_return:
628 rcu_read_unlock();
629 return result;
630}
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index c4394abcd5e6..7f160df21a23 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2,6 +2,8 @@
2 * Handles all system-call specific auditing features. 2 * Handles all system-call specific auditing features.
3 * 3 *
4 * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina. 4 * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina.
5 * Copyright 2005 Hewlett-Packard Development Company, L.P.
6 * Copyright (C) 2005 IBM Corporation
5 * All Rights Reserved. 7 * All Rights Reserved.
6 * 8 *
7 * This program is free software; you can redistribute it and/or modify 9 * This program is free software; you can redistribute it and/or modify
@@ -27,11 +29,22 @@
27 * this file -- see entry.S) is based on a GPL'd patch written by 29 * this file -- see entry.S) is based on a GPL'd patch written by
28 * okir@suse.de and Copyright 2003 SuSE Linux AG. 30 * okir@suse.de and Copyright 2003 SuSE Linux AG.
29 * 31 *
32 * The support of additional filter rules compares (>, <, >=, <=) was
33 * added by Dustin Kirkland <dustin.kirkland@us.ibm.com>, 2005.
34 *
35 * Modified by Amy Griffis <amy.griffis@hp.com> to collect additional
36 * filesystem information.
37 *
38 * Subject and object context labeling support added by <danjones@us.ibm.com>
39 * and <dustin.kirkland@us.ibm.com> for LSPP certification compliance.
30 */ 40 */
31 41
32#include <linux/init.h> 42#include <linux/init.h>
33#include <asm/types.h> 43#include <asm/types.h>
34#include <asm/atomic.h> 44#include <asm/atomic.h>
45#include <asm/types.h>
46#include <linux/fs.h>
47#include <linux/namei.h>
35#include <linux/mm.h> 48#include <linux/mm.h>
36#include <linux/module.h> 49#include <linux/module.h>
37#include <linux/mount.h> 50#include <linux/mount.h>
@@ -39,16 +52,16 @@
39#include <linux/audit.h> 52#include <linux/audit.h>
40#include <linux/personality.h> 53#include <linux/personality.h>
41#include <linux/time.h> 54#include <linux/time.h>
42#include <linux/kthread.h>
43#include <linux/netlink.h> 55#include <linux/netlink.h>
44#include <linux/compiler.h> 56#include <linux/compiler.h>
45#include <asm/unistd.h> 57#include <asm/unistd.h>
58#include <linux/security.h>
59#include <linux/list.h>
60#include <linux/tty.h>
61
62#include "audit.h"
46 63
47/* 0 = no checking 64extern struct list_head audit_filter_list[];
48 1 = put_count checking
49 2 = verbose put_count checking
50*/
51#define AUDIT_DEBUG 0
52 65
53/* No syscall auditing will take place unless audit_enabled != 0. */ 66/* No syscall auditing will take place unless audit_enabled != 0. */
54extern int audit_enabled; 67extern int audit_enabled;
@@ -62,29 +75,6 @@ extern int audit_enabled;
62 * path_lookup. */ 75 * path_lookup. */
63#define AUDIT_NAMES_RESERVED 7 76#define AUDIT_NAMES_RESERVED 7
64 77
65/* At task start time, the audit_state is set in the audit_context using
66 a per-task filter. At syscall entry, the audit_state is augmented by
67 the syscall filter. */
68enum audit_state {
69 AUDIT_DISABLED, /* Do not create per-task audit_context.
70 * No syscall-specific audit records can
71 * be generated. */
72 AUDIT_SETUP_CONTEXT, /* Create the per-task audit_context,
73 * but don't necessarily fill it in at
74 * syscall entry time (i.e., filter
75 * instead). */
76 AUDIT_BUILD_CONTEXT, /* Create the per-task audit_context,
77 * and always fill it in at syscall
78 * entry time. This makes a full
79 * syscall record available if some
80 * other part of the kernel decides it
81 * should be recorded. */
82 AUDIT_RECORD_CONTEXT /* Create the per-task audit_context,
83 * always fill it in at syscall entry
84 * time, and always write out the audit
85 * record at syscall exit time. */
86};
87
88/* When fs/namei.c:getname() is called, we store the pointer in name and 78/* When fs/namei.c:getname() is called, we store the pointer in name and
89 * we don't let putname() free it (instead we free all of the saved 79 * we don't let putname() free it (instead we free all of the saved
90 * pointers at syscall exit time). 80 * pointers at syscall exit time).
@@ -93,12 +83,13 @@ enum audit_state {
93struct audit_names { 83struct audit_names {
94 const char *name; 84 const char *name;
95 unsigned long ino; 85 unsigned long ino;
86 unsigned long pino;
96 dev_t dev; 87 dev_t dev;
97 umode_t mode; 88 umode_t mode;
98 uid_t uid; 89 uid_t uid;
99 gid_t gid; 90 gid_t gid;
100 dev_t rdev; 91 dev_t rdev;
101 unsigned flags; 92 char *ctx;
102}; 93};
103 94
104struct audit_aux_data { 95struct audit_aux_data {
@@ -115,6 +106,7 @@ struct audit_aux_data_ipcctl {
115 uid_t uid; 106 uid_t uid;
116 gid_t gid; 107 gid_t gid;
117 mode_t mode; 108 mode_t mode;
109 char *ctx;
118}; 110};
119 111
120struct audit_aux_data_socketcall { 112struct audit_aux_data_socketcall {
@@ -167,290 +159,72 @@ struct audit_context {
167#endif 159#endif
168}; 160};
169 161
170 /* Public API */
171/* There are three lists of rules -- one to search at task creation
172 * time, one to search at syscall entry time, and another to search at
173 * syscall exit time. */
174static struct list_head audit_filter_list[AUDIT_NR_FILTERS] = {
175 LIST_HEAD_INIT(audit_filter_list[0]),
176 LIST_HEAD_INIT(audit_filter_list[1]),
177 LIST_HEAD_INIT(audit_filter_list[2]),
178 LIST_HEAD_INIT(audit_filter_list[3]),
179 LIST_HEAD_INIT(audit_filter_list[4]),
180#if AUDIT_NR_FILTERS != 5
181#error Fix audit_filter_list initialiser
182#endif
183};
184
185struct audit_entry {
186 struct list_head list;
187 struct rcu_head rcu;
188 struct audit_rule rule;
189};
190
191extern int audit_pid;
192
193/* Copy rule from user-space to kernel-space. Called from
194 * audit_add_rule during AUDIT_ADD. */
195static inline int audit_copy_rule(struct audit_rule *d, struct audit_rule *s)
196{
197 int i;
198
199 if (s->action != AUDIT_NEVER
200 && s->action != AUDIT_POSSIBLE
201 && s->action != AUDIT_ALWAYS)
202 return -1;
203 if (s->field_count < 0 || s->field_count > AUDIT_MAX_FIELDS)
204 return -1;
205 if ((s->flags & ~AUDIT_FILTER_PREPEND) >= AUDIT_NR_FILTERS)
206 return -1;
207
208 d->flags = s->flags;
209 d->action = s->action;
210 d->field_count = s->field_count;
211 for (i = 0; i < d->field_count; i++) {
212 d->fields[i] = s->fields[i];
213 d->values[i] = s->values[i];
214 }
215 for (i = 0; i < AUDIT_BITMASK_SIZE; i++) d->mask[i] = s->mask[i];
216 return 0;
217}
218
219/* Check to see if two rules are identical. It is called from
220 * audit_add_rule during AUDIT_ADD and
221 * audit_del_rule during AUDIT_DEL. */
222static inline int audit_compare_rule(struct audit_rule *a, struct audit_rule *b)
223{
224 int i;
225
226 if (a->flags != b->flags)
227 return 1;
228
229 if (a->action != b->action)
230 return 1;
231
232 if (a->field_count != b->field_count)
233 return 1;
234
235 for (i = 0; i < a->field_count; i++) {
236 if (a->fields[i] != b->fields[i]
237 || a->values[i] != b->values[i])
238 return 1;
239 }
240
241 for (i = 0; i < AUDIT_BITMASK_SIZE; i++)
242 if (a->mask[i] != b->mask[i])
243 return 1;
244
245 return 0;
246}
247
248/* Note that audit_add_rule and audit_del_rule are called via
249 * audit_receive() in audit.c, and are protected by
250 * audit_netlink_sem. */
251static inline int audit_add_rule(struct audit_rule *rule,
252 struct list_head *list)
253{
254 struct audit_entry *entry;
255
256 /* Do not use the _rcu iterator here, since this is the only
257 * addition routine. */
258 list_for_each_entry(entry, list, list) {
259 if (!audit_compare_rule(rule, &entry->rule)) {
260 return -EEXIST;
261 }
262 }
263
264 if (!(entry = kmalloc(sizeof(*entry), GFP_KERNEL)))
265 return -ENOMEM;
266 if (audit_copy_rule(&entry->rule, rule)) {
267 kfree(entry);
268 return -EINVAL;
269 }
270
271 if (entry->rule.flags & AUDIT_FILTER_PREPEND) {
272 entry->rule.flags &= ~AUDIT_FILTER_PREPEND;
273 list_add_rcu(&entry->list, list);
274 } else {
275 list_add_tail_rcu(&entry->list, list);
276 }
277
278 return 0;
279}
280
281static inline void audit_free_rule(struct rcu_head *head)
282{
283 struct audit_entry *e = container_of(head, struct audit_entry, rcu);
284 kfree(e);
285}
286
287/* Note that audit_add_rule and audit_del_rule are called via
288 * audit_receive() in audit.c, and are protected by
289 * audit_netlink_sem. */
290static inline int audit_del_rule(struct audit_rule *rule,
291 struct list_head *list)
292{
293 struct audit_entry *e;
294
295 /* Do not use the _rcu iterator here, since this is the only
296 * deletion routine. */
297 list_for_each_entry(e, list, list) {
298 if (!audit_compare_rule(rule, &e->rule)) {
299 list_del_rcu(&e->list);
300 call_rcu(&e->rcu, audit_free_rule);
301 return 0;
302 }
303 }
304 return -ENOENT; /* No matching rule */
305}
306
307static int audit_list_rules(void *_dest)
308{
309 int pid, seq;
310 int *dest = _dest;
311 struct audit_entry *entry;
312 int i;
313
314 pid = dest[0];
315 seq = dest[1];
316 kfree(dest);
317
318 down(&audit_netlink_sem);
319
320 /* The *_rcu iterators not needed here because we are
321 always called with audit_netlink_sem held. */
322 for (i=0; i<AUDIT_NR_FILTERS; i++) {
323 list_for_each_entry(entry, &audit_filter_list[i], list)
324 audit_send_reply(pid, seq, AUDIT_LIST, 0, 1,
325 &entry->rule, sizeof(entry->rule));
326 }
327 audit_send_reply(pid, seq, AUDIT_LIST, 1, 1, NULL, 0);
328
329 up(&audit_netlink_sem);
330 return 0;
331}
332
333int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
334 uid_t loginuid)
335{
336 struct task_struct *tsk;
337 int *dest;
338 int err = 0;
339 unsigned listnr;
340
341 switch (type) {
342 case AUDIT_LIST:
343 /* We can't just spew out the rules here because we might fill
344 * the available socket buffer space and deadlock waiting for
345 * auditctl to read from it... which isn't ever going to
346 * happen if we're actually running in the context of auditctl
347 * trying to _send_ the stuff */
348
349 dest = kmalloc(2 * sizeof(int), GFP_KERNEL);
350 if (!dest)
351 return -ENOMEM;
352 dest[0] = pid;
353 dest[1] = seq;
354
355 tsk = kthread_run(audit_list_rules, dest, "audit_list_rules");
356 if (IS_ERR(tsk)) {
357 kfree(dest);
358 err = PTR_ERR(tsk);
359 }
360 break;
361 case AUDIT_ADD:
362 listnr =((struct audit_rule *)data)->flags & ~AUDIT_FILTER_PREPEND;
363 if (listnr >= AUDIT_NR_FILTERS)
364 return -EINVAL;
365
366 err = audit_add_rule(data, &audit_filter_list[listnr]);
367 if (!err)
368 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
369 "auid=%u added an audit rule\n", loginuid);
370 break;
371 case AUDIT_DEL:
372 listnr =((struct audit_rule *)data)->flags & ~AUDIT_FILTER_PREPEND;
373 if (listnr >= AUDIT_NR_FILTERS)
374 return -EINVAL;
375
376 err = audit_del_rule(data, &audit_filter_list[listnr]);
377 if (!err)
378 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
379 "auid=%u removed an audit rule\n", loginuid);
380 break;
381 default:
382 return -EINVAL;
383 }
384
385 return err;
386}
387 162
388/* Compare a task_struct with an audit_rule. Return 1 on match, 0 163/* Compare a task_struct with an audit_rule. Return 1 on match, 0
389 * otherwise. */ 164 * otherwise. */
390static int audit_filter_rules(struct task_struct *tsk, 165static int audit_filter_rules(struct task_struct *tsk,
391 struct audit_rule *rule, 166 struct audit_krule *rule,
392 struct audit_context *ctx, 167 struct audit_context *ctx,
393 enum audit_state *state) 168 enum audit_state *state)
394{ 169{
395 int i, j; 170 int i, j;
396 171
397 for (i = 0; i < rule->field_count; i++) { 172 for (i = 0; i < rule->field_count; i++) {
398 u32 field = rule->fields[i] & ~AUDIT_NEGATE; 173 struct audit_field *f = &rule->fields[i];
399 u32 value = rule->values[i];
400 int result = 0; 174 int result = 0;
401 175
402 switch (field) { 176 switch (f->type) {
403 case AUDIT_PID: 177 case AUDIT_PID:
404 result = (tsk->pid == value); 178 result = audit_comparator(tsk->pid, f->op, f->val);
405 break; 179 break;
406 case AUDIT_UID: 180 case AUDIT_UID:
407 result = (tsk->uid == value); 181 result = audit_comparator(tsk->uid, f->op, f->val);
408 break; 182 break;
409 case AUDIT_EUID: 183 case AUDIT_EUID:
410 result = (tsk->euid == value); 184 result = audit_comparator(tsk->euid, f->op, f->val);
411 break; 185 break;
412 case AUDIT_SUID: 186 case AUDIT_SUID:
413 result = (tsk->suid == value); 187 result = audit_comparator(tsk->suid, f->op, f->val);
414 break; 188 break;
415 case AUDIT_FSUID: 189 case AUDIT_FSUID:
416 result = (tsk->fsuid == value); 190 result = audit_comparator(tsk->fsuid, f->op, f->val);
417 break; 191 break;
418 case AUDIT_GID: 192 case AUDIT_GID:
419 result = (tsk->gid == value); 193 result = audit_comparator(tsk->gid, f->op, f->val);
420 break; 194 break;
421 case AUDIT_EGID: 195 case AUDIT_EGID:
422 result = (tsk->egid == value); 196 result = audit_comparator(tsk->egid, f->op, f->val);
423 break; 197 break;
424 case AUDIT_SGID: 198 case AUDIT_SGID:
425 result = (tsk->sgid == value); 199 result = audit_comparator(tsk->sgid, f->op, f->val);
426 break; 200 break;
427 case AUDIT_FSGID: 201 case AUDIT_FSGID:
428 result = (tsk->fsgid == value); 202 result = audit_comparator(tsk->fsgid, f->op, f->val);
429 break; 203 break;
430 case AUDIT_PERS: 204 case AUDIT_PERS:
431 result = (tsk->personality == value); 205 result = audit_comparator(tsk->personality, f->op, f->val);
432 break; 206 break;
433 case AUDIT_ARCH: 207 case AUDIT_ARCH:
434 if (ctx) 208 if (ctx)
435 result = (ctx->arch == value); 209 result = audit_comparator(ctx->arch, f->op, f->val);
436 break; 210 break;
437 211
438 case AUDIT_EXIT: 212 case AUDIT_EXIT:
439 if (ctx && ctx->return_valid) 213 if (ctx && ctx->return_valid)
440 result = (ctx->return_code == value); 214 result = audit_comparator(ctx->return_code, f->op, f->val);
441 break; 215 break;
442 case AUDIT_SUCCESS: 216 case AUDIT_SUCCESS:
443 if (ctx && ctx->return_valid) { 217 if (ctx && ctx->return_valid) {
444 if (value) 218 if (f->val)
445 result = (ctx->return_valid == AUDITSC_SUCCESS); 219 result = audit_comparator(ctx->return_valid, f->op, AUDITSC_SUCCESS);
446 else 220 else
447 result = (ctx->return_valid == AUDITSC_FAILURE); 221 result = audit_comparator(ctx->return_valid, f->op, AUDITSC_FAILURE);
448 } 222 }
449 break; 223 break;
450 case AUDIT_DEVMAJOR: 224 case AUDIT_DEVMAJOR:
451 if (ctx) { 225 if (ctx) {
452 for (j = 0; j < ctx->name_count; j++) { 226 for (j = 0; j < ctx->name_count; j++) {
453 if (MAJOR(ctx->names[j].dev)==value) { 227 if (audit_comparator(MAJOR(ctx->names[j].dev), f->op, f->val)) {
454 ++result; 228 ++result;
455 break; 229 break;
456 } 230 }
@@ -460,7 +234,7 @@ static int audit_filter_rules(struct task_struct *tsk,
460 case AUDIT_DEVMINOR: 234 case AUDIT_DEVMINOR:
461 if (ctx) { 235 if (ctx) {
462 for (j = 0; j < ctx->name_count; j++) { 236 for (j = 0; j < ctx->name_count; j++) {
463 if (MINOR(ctx->names[j].dev)==value) { 237 if (audit_comparator(MINOR(ctx->names[j].dev), f->op, f->val)) {
464 ++result; 238 ++result;
465 break; 239 break;
466 } 240 }
@@ -470,7 +244,8 @@ static int audit_filter_rules(struct task_struct *tsk,
470 case AUDIT_INODE: 244 case AUDIT_INODE:
471 if (ctx) { 245 if (ctx) {
472 for (j = 0; j < ctx->name_count; j++) { 246 for (j = 0; j < ctx->name_count; j++) {
473 if (ctx->names[j].ino == value) { 247 if (audit_comparator(ctx->names[j].ino, f->op, f->val) ||
248 audit_comparator(ctx->names[j].pino, f->op, f->val)) {
474 ++result; 249 ++result;
475 break; 250 break;
476 } 251 }
@@ -480,19 +255,17 @@ static int audit_filter_rules(struct task_struct *tsk,
480 case AUDIT_LOGINUID: 255 case AUDIT_LOGINUID:
481 result = 0; 256 result = 0;
482 if (ctx) 257 if (ctx)
483 result = (ctx->loginuid == value); 258 result = audit_comparator(ctx->loginuid, f->op, f->val);
484 break; 259 break;
485 case AUDIT_ARG0: 260 case AUDIT_ARG0:
486 case AUDIT_ARG1: 261 case AUDIT_ARG1:
487 case AUDIT_ARG2: 262 case AUDIT_ARG2:
488 case AUDIT_ARG3: 263 case AUDIT_ARG3:
489 if (ctx) 264 if (ctx)
490 result = (ctx->argv[field-AUDIT_ARG0]==value); 265 result = audit_comparator(ctx->argv[f->type-AUDIT_ARG0], f->op, f->val);
491 break; 266 break;
492 } 267 }
493 268
494 if (rule->fields[i] & AUDIT_NEGATE)
495 result = !result;
496 if (!result) 269 if (!result)
497 return 0; 270 return 0;
498 } 271 }
@@ -527,7 +300,7 @@ static enum audit_state audit_filter_task(struct task_struct *tsk)
527/* At syscall entry and exit time, this filter is called if the 300/* At syscall entry and exit time, this filter is called if the
528 * audit_state is not low enough that auditing cannot take place, but is 301 * audit_state is not low enough that auditing cannot take place, but is
529 * also not high enough that we already know we have to write an audit 302 * also not high enough that we already know we have to write an audit
530 * record (i.e., the state is AUDIT_SETUP_CONTEXT or AUDIT_BUILD_CONTEXT). 303 * record (i.e., the state is AUDIT_SETUP_CONTEXT or AUDIT_BUILD_CONTEXT).
531 */ 304 */
532static enum audit_state audit_filter_syscall(struct task_struct *tsk, 305static enum audit_state audit_filter_syscall(struct task_struct *tsk,
533 struct audit_context *ctx, 306 struct audit_context *ctx,
@@ -541,77 +314,19 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
541 314
542 rcu_read_lock(); 315 rcu_read_lock();
543 if (!list_empty(list)) { 316 if (!list_empty(list)) {
544 int word = AUDIT_WORD(ctx->major); 317 int word = AUDIT_WORD(ctx->major);
545 int bit = AUDIT_BIT(ctx->major); 318 int bit = AUDIT_BIT(ctx->major);
546 319
547 list_for_each_entry_rcu(e, list, list) { 320 list_for_each_entry_rcu(e, list, list) {
548 if ((e->rule.mask[word] & bit) == bit 321 if ((e->rule.mask[word] & bit) == bit
549 && audit_filter_rules(tsk, &e->rule, ctx, &state)) { 322 && audit_filter_rules(tsk, &e->rule, ctx, &state)) {
550 rcu_read_unlock(); 323 rcu_read_unlock();
551 return state; 324 return state;
552 } 325 }
553 }
554 }
555 rcu_read_unlock();
556 return AUDIT_BUILD_CONTEXT;
557}
558
559static int audit_filter_user_rules(struct netlink_skb_parms *cb,
560 struct audit_rule *rule,
561 enum audit_state *state)
562{
563 int i;
564
565 for (i = 0; i < rule->field_count; i++) {
566 u32 field = rule->fields[i] & ~AUDIT_NEGATE;
567 u32 value = rule->values[i];
568 int result = 0;
569
570 switch (field) {
571 case AUDIT_PID:
572 result = (cb->creds.pid == value);
573 break;
574 case AUDIT_UID:
575 result = (cb->creds.uid == value);
576 break;
577 case AUDIT_GID:
578 result = (cb->creds.gid == value);
579 break;
580 case AUDIT_LOGINUID:
581 result = (cb->loginuid == value);
582 break;
583 }
584
585 if (rule->fields[i] & AUDIT_NEGATE)
586 result = !result;
587 if (!result)
588 return 0;
589 }
590 switch (rule->action) {
591 case AUDIT_NEVER: *state = AUDIT_DISABLED; break;
592 case AUDIT_POSSIBLE: *state = AUDIT_BUILD_CONTEXT; break;
593 case AUDIT_ALWAYS: *state = AUDIT_RECORD_CONTEXT; break;
594 }
595 return 1;
596}
597
598int audit_filter_user(struct netlink_skb_parms *cb, int type)
599{
600 struct audit_entry *e;
601 enum audit_state state;
602 int ret = 1;
603
604 rcu_read_lock();
605 list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) {
606 if (audit_filter_user_rules(cb, &e->rule, &state)) {
607 if (state == AUDIT_DISABLED)
608 ret = 0;
609 break;
610 } 326 }
611 } 327 }
612 rcu_read_unlock(); 328 rcu_read_unlock();
613 329 return AUDIT_BUILD_CONTEXT;
614 return ret; /* Audit by default */
615} 330}
616 331
617/* This should be called with task_lock() held. */ 332/* This should be called with task_lock() held. */
@@ -654,17 +369,18 @@ static inline void audit_free_names(struct audit_context *context)
654#if AUDIT_DEBUG == 2 369#if AUDIT_DEBUG == 2
655 if (context->auditable 370 if (context->auditable
656 ||context->put_count + context->ino_count != context->name_count) { 371 ||context->put_count + context->ino_count != context->name_count) {
657 printk(KERN_ERR "audit.c:%d(:%d): major=%d in_syscall=%d" 372 printk(KERN_ERR "%s:%d(:%d): major=%d in_syscall=%d"
658 " name_count=%d put_count=%d" 373 " name_count=%d put_count=%d"
659 " ino_count=%d [NOT freeing]\n", 374 " ino_count=%d [NOT freeing]\n",
660 __LINE__, 375 __FILE__, __LINE__,
661 context->serial, context->major, context->in_syscall, 376 context->serial, context->major, context->in_syscall,
662 context->name_count, context->put_count, 377 context->name_count, context->put_count,
663 context->ino_count); 378 context->ino_count);
664 for (i = 0; i < context->name_count; i++) 379 for (i = 0; i < context->name_count; i++) {
665 printk(KERN_ERR "names[%d] = %p = %s\n", i, 380 printk(KERN_ERR "names[%d] = %p = %s\n", i,
666 context->names[i].name, 381 context->names[i].name,
667 context->names[i].name); 382 context->names[i].name ?: "(null)");
383 }
668 dump_stack(); 384 dump_stack();
669 return; 385 return;
670 } 386 }
@@ -674,9 +390,13 @@ static inline void audit_free_names(struct audit_context *context)
674 context->ino_count = 0; 390 context->ino_count = 0;
675#endif 391#endif
676 392
677 for (i = 0; i < context->name_count; i++) 393 for (i = 0; i < context->name_count; i++) {
394 char *p = context->names[i].ctx;
395 context->names[i].ctx = NULL;
396 kfree(p);
678 if (context->names[i].name) 397 if (context->names[i].name)
679 __putname(context->names[i].name); 398 __putname(context->names[i].name);
399 }
680 context->name_count = 0; 400 context->name_count = 0;
681 if (context->pwd) 401 if (context->pwd)
682 dput(context->pwd); 402 dput(context->pwd);
@@ -696,6 +416,12 @@ static inline void audit_free_aux(struct audit_context *context)
696 dput(axi->dentry); 416 dput(axi->dentry);
697 mntput(axi->mnt); 417 mntput(axi->mnt);
698 } 418 }
419 if ( aux->type == AUDIT_IPC ) {
420 struct audit_aux_data_ipcctl *axi = (void *)aux;
421 if (axi->ctx)
422 kfree(axi->ctx);
423 }
424
699 context->aux = aux->next; 425 context->aux = aux->next;
700 kfree(aux); 426 kfree(aux);
701 } 427 }
@@ -721,10 +447,15 @@ static inline struct audit_context *audit_alloc_context(enum audit_state state)
721 return context; 447 return context;
722} 448}
723 449
724/* Filter on the task information and allocate a per-task audit context 450/**
451 * audit_alloc - allocate an audit context block for a task
452 * @tsk: task
453 *
454 * Filter on the task information and allocate a per-task audit context
725 * if necessary. Doing so turns on system call auditing for the 455 * if necessary. Doing so turns on system call auditing for the
726 * specified task. This is called from copy_process, so no lock is 456 * specified task. This is called from copy_process, so no lock is
727 * needed. */ 457 * needed.
458 */
728int audit_alloc(struct task_struct *tsk) 459int audit_alloc(struct task_struct *tsk)
729{ 460{
730 struct audit_context *context; 461 struct audit_context *context;
@@ -775,7 +506,37 @@ static inline void audit_free_context(struct audit_context *context)
775 printk(KERN_ERR "audit: freed %d contexts\n", count); 506 printk(KERN_ERR "audit: freed %d contexts\n", count);
776} 507}
777 508
778static void audit_log_task_info(struct audit_buffer *ab) 509static void audit_log_task_context(struct audit_buffer *ab, gfp_t gfp_mask)
510{
511 char *ctx = NULL;
512 ssize_t len = 0;
513
514 len = security_getprocattr(current, "current", NULL, 0);
515 if (len < 0) {
516 if (len != -EINVAL)
517 goto error_path;
518 return;
519 }
520
521 ctx = kmalloc(len, gfp_mask);
522 if (!ctx)
523 goto error_path;
524
525 len = security_getprocattr(current, "current", ctx, len);
526 if (len < 0 )
527 goto error_path;
528
529 audit_log_format(ab, " subj=%s", ctx);
530 return;
531
532error_path:
533 if (ctx)
534 kfree(ctx);
535 audit_panic("error in audit_log_task_context");
536 return;
537}
538
539static void audit_log_task_info(struct audit_buffer *ab, gfp_t gfp_mask)
779{ 540{
780 char name[sizeof(current->comm)]; 541 char name[sizeof(current->comm)];
781 struct mm_struct *mm = current->mm; 542 struct mm_struct *mm = current->mm;
@@ -788,6 +549,10 @@ static void audit_log_task_info(struct audit_buffer *ab)
788 if (!mm) 549 if (!mm)
789 return; 550 return;
790 551
552 /*
553 * this is brittle; all callers that pass GFP_ATOMIC will have
554 * NULL current->mm and we won't get here.
555 */
791 down_read(&mm->mmap_sem); 556 down_read(&mm->mmap_sem);
792 vma = mm->mmap; 557 vma = mm->mmap;
793 while (vma) { 558 while (vma) {
@@ -801,6 +566,7 @@ static void audit_log_task_info(struct audit_buffer *ab)
801 vma = vma->vm_next; 566 vma = vma->vm_next;
802 } 567 }
803 up_read(&mm->mmap_sem); 568 up_read(&mm->mmap_sem);
569 audit_log_task_context(ab, gfp_mask);
804} 570}
805 571
806static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask) 572static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
@@ -808,6 +574,7 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
808 int i; 574 int i;
809 struct audit_buffer *ab; 575 struct audit_buffer *ab;
810 struct audit_aux_data *aux; 576 struct audit_aux_data *aux;
577 const char *tty;
811 578
812 ab = audit_log_start(context, gfp_mask, AUDIT_SYSCALL); 579 ab = audit_log_start(context, gfp_mask, AUDIT_SYSCALL);
813 if (!ab) 580 if (!ab)
@@ -820,11 +587,15 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
820 audit_log_format(ab, " success=%s exit=%ld", 587 audit_log_format(ab, " success=%s exit=%ld",
821 (context->return_valid==AUDITSC_SUCCESS)?"yes":"no", 588 (context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
822 context->return_code); 589 context->return_code);
590 if (current->signal->tty && current->signal->tty->name)
591 tty = current->signal->tty->name;
592 else
593 tty = "(none)";
823 audit_log_format(ab, 594 audit_log_format(ab,
824 " a0=%lx a1=%lx a2=%lx a3=%lx items=%d" 595 " a0=%lx a1=%lx a2=%lx a3=%lx items=%d"
825 " pid=%d auid=%u uid=%u gid=%u" 596 " pid=%d auid=%u uid=%u gid=%u"
826 " euid=%u suid=%u fsuid=%u" 597 " euid=%u suid=%u fsuid=%u"
827 " egid=%u sgid=%u fsgid=%u", 598 " egid=%u sgid=%u fsgid=%u tty=%s",
828 context->argv[0], 599 context->argv[0],
829 context->argv[1], 600 context->argv[1],
830 context->argv[2], 601 context->argv[2],
@@ -835,8 +606,8 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
835 context->uid, 606 context->uid,
836 context->gid, 607 context->gid,
837 context->euid, context->suid, context->fsuid, 608 context->euid, context->suid, context->fsuid,
838 context->egid, context->sgid, context->fsgid); 609 context->egid, context->sgid, context->fsgid, tty);
839 audit_log_task_info(ab); 610 audit_log_task_info(ab, gfp_mask);
840 audit_log_end(ab); 611 audit_log_end(ab);
841 612
842 for (aux = context->aux; aux; aux = aux->next) { 613 for (aux = context->aux; aux; aux = aux->next) {
@@ -849,8 +620,8 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
849 case AUDIT_IPC: { 620 case AUDIT_IPC: {
850 struct audit_aux_data_ipcctl *axi = (void *)aux; 621 struct audit_aux_data_ipcctl *axi = (void *)aux;
851 audit_log_format(ab, 622 audit_log_format(ab,
852 " qbytes=%lx iuid=%u igid=%u mode=%x", 623 " qbytes=%lx iuid=%u igid=%u mode=%x obj=%s",
853 axi->qbytes, axi->uid, axi->gid, axi->mode); 624 axi->qbytes, axi->uid, axi->gid, axi->mode, axi->ctx);
854 break; } 625 break; }
855 626
856 case AUDIT_SOCKETCALL: { 627 case AUDIT_SOCKETCALL: {
@@ -885,42 +656,62 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
885 } 656 }
886 } 657 }
887 for (i = 0; i < context->name_count; i++) { 658 for (i = 0; i < context->name_count; i++) {
659 unsigned long ino = context->names[i].ino;
660 unsigned long pino = context->names[i].pino;
661
888 ab = audit_log_start(context, gfp_mask, AUDIT_PATH); 662 ab = audit_log_start(context, gfp_mask, AUDIT_PATH);
889 if (!ab) 663 if (!ab)
890 continue; /* audit_panic has been called */ 664 continue; /* audit_panic has been called */
891 665
892 audit_log_format(ab, "item=%d", i); 666 audit_log_format(ab, "item=%d", i);
893 if (context->names[i].name) { 667
894 audit_log_format(ab, " name="); 668 audit_log_format(ab, " name=");
669 if (context->names[i].name)
895 audit_log_untrustedstring(ab, context->names[i].name); 670 audit_log_untrustedstring(ab, context->names[i].name);
896 } 671 else
897 audit_log_format(ab, " flags=%x\n", context->names[i].flags); 672 audit_log_format(ab, "(null)");
898 673
899 if (context->names[i].ino != (unsigned long)-1) 674 if (pino != (unsigned long)-1)
900 audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#o" 675 audit_log_format(ab, " parent=%lu", pino);
901 " ouid=%u ogid=%u rdev=%02x:%02x", 676 if (ino != (unsigned long)-1)
902 context->names[i].ino, 677 audit_log_format(ab, " inode=%lu", ino);
903 MAJOR(context->names[i].dev), 678 if ((pino != (unsigned long)-1) || (ino != (unsigned long)-1))
904 MINOR(context->names[i].dev), 679 audit_log_format(ab, " dev=%02x:%02x mode=%#o"
905 context->names[i].mode, 680 " ouid=%u ogid=%u rdev=%02x:%02x",
906 context->names[i].uid, 681 MAJOR(context->names[i].dev),
907 context->names[i].gid, 682 MINOR(context->names[i].dev),
908 MAJOR(context->names[i].rdev), 683 context->names[i].mode,
684 context->names[i].uid,
685 context->names[i].gid,
686 MAJOR(context->names[i].rdev),
909 MINOR(context->names[i].rdev)); 687 MINOR(context->names[i].rdev));
688 if (context->names[i].ctx) {
689 audit_log_format(ab, " obj=%s",
690 context->names[i].ctx);
691 }
692
910 audit_log_end(ab); 693 audit_log_end(ab);
911 } 694 }
912} 695}
913 696
914/* Free a per-task audit context. Called from copy_process and 697/**
915 * __put_task_struct. */ 698 * audit_free - free a per-task audit context
699 * @tsk: task whose audit context block to free
700 *
701 * Called from copy_process and __put_task_struct.
702 */
916void audit_free(struct task_struct *tsk) 703void audit_free(struct task_struct *tsk)
917{ 704{
918 struct audit_context *context; 705 struct audit_context *context;
919 706
920 task_lock(tsk); 707 /*
708 * No need to lock the task - when we execute audit_free()
709 * then the task has no external references anymore, and
710 * we are tearing it down. (The locking also confuses
711 * DEBUG_LOCKDEP - this freeing may occur in softirq
712 * contexts as well, via RCU.)
713 */
921 context = audit_get_context(tsk, 0, 0); 714 context = audit_get_context(tsk, 0, 0);
922 task_unlock(tsk);
923
924 if (likely(!context)) 715 if (likely(!context))
925 return; 716 return;
926 717
@@ -934,13 +725,24 @@ void audit_free(struct task_struct *tsk)
934 audit_free_context(context); 725 audit_free_context(context);
935} 726}
936 727
937/* Fill in audit context at syscall entry. This only happens if the 728/**
729 * audit_syscall_entry - fill in an audit record at syscall entry
730 * @tsk: task being audited
731 * @arch: architecture type
732 * @major: major syscall type (function)
733 * @a1: additional syscall register 1
734 * @a2: additional syscall register 2
735 * @a3: additional syscall register 3
736 * @a4: additional syscall register 4
737 *
738 * Fill in audit context at syscall entry. This only happens if the
938 * audit context was created when the task was created and the state or 739 * audit context was created when the task was created and the state or
939 * filters demand the audit context be built. If the state from the 740 * filters demand the audit context be built. If the state from the
940 * per-task filter or from the per-syscall filter is AUDIT_RECORD_CONTEXT, 741 * per-task filter or from the per-syscall filter is AUDIT_RECORD_CONTEXT,
941 * then the record will be written at syscall exit time (otherwise, it 742 * then the record will be written at syscall exit time (otherwise, it
942 * will only be written if another part of the kernel requests that it 743 * will only be written if another part of the kernel requests that it
943 * be written). */ 744 * be written).
745 */
944void audit_syscall_entry(struct task_struct *tsk, int arch, int major, 746void audit_syscall_entry(struct task_struct *tsk, int arch, int major,
945 unsigned long a1, unsigned long a2, 747 unsigned long a1, unsigned long a2,
946 unsigned long a3, unsigned long a4) 748 unsigned long a3, unsigned long a4)
@@ -950,7 +752,8 @@ void audit_syscall_entry(struct task_struct *tsk, int arch, int major,
950 752
951 BUG_ON(!context); 753 BUG_ON(!context);
952 754
953 /* This happens only on certain architectures that make system 755 /*
756 * This happens only on certain architectures that make system
954 * calls in kernel_thread via the entry.S interface, instead of 757 * calls in kernel_thread via the entry.S interface, instead of
955 * with direct calls. (If you are porting to a new 758 * with direct calls. (If you are porting to a new
956 * architecture, hitting this condition can indicate that you 759 * architecture, hitting this condition can indicate that you
@@ -966,11 +769,6 @@ void audit_syscall_entry(struct task_struct *tsk, int arch, int major,
966 if (context->in_syscall) { 769 if (context->in_syscall) {
967 struct audit_context *newctx; 770 struct audit_context *newctx;
968 771
969#if defined(__NR_vm86) && defined(__NR_vm86old)
970 /* vm86 mode should only be entered once */
971 if (major == __NR_vm86 || major == __NR_vm86old)
972 return;
973#endif
974#if AUDIT_DEBUG 772#if AUDIT_DEBUG
975 printk(KERN_ERR 773 printk(KERN_ERR
976 "audit(:%d) pid=%d in syscall=%d;" 774 "audit(:%d) pid=%d in syscall=%d;"
@@ -1014,11 +812,18 @@ void audit_syscall_entry(struct task_struct *tsk, int arch, int major,
1014 context->auditable = !!(state == AUDIT_RECORD_CONTEXT); 812 context->auditable = !!(state == AUDIT_RECORD_CONTEXT);
1015} 813}
1016 814
1017/* Tear down after system call. If the audit context has been marked as 815/**
816 * audit_syscall_exit - deallocate audit context after a system call
817 * @tsk: task being audited
818 * @valid: success/failure flag
819 * @return_code: syscall return value
820 *
821 * Tear down after system call. If the audit context has been marked as
1018 * auditable (either because of the AUDIT_RECORD_CONTEXT state from 822 * auditable (either because of the AUDIT_RECORD_CONTEXT state from
1019 * filtering, or because some other part of the kernel write an audit 823 * filtering, or because some other part of the kernel write an audit
1020 * message), then write out the syscall information. In call cases, 824 * message), then write out the syscall information. In call cases,
1021 * free the names stored from getname(). */ 825 * free the names stored from getname().
826 */
1022void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code) 827void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code)
1023{ 828{
1024 struct audit_context *context; 829 struct audit_context *context;
@@ -1053,7 +858,13 @@ void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code)
1053 put_task_struct(tsk); 858 put_task_struct(tsk);
1054} 859}
1055 860
1056/* Add a name to the list. Called from fs/namei.c:getname(). */ 861/**
862 * audit_getname - add a name to the list
863 * @name: name to add
864 *
865 * Add a name to the list of audit names for this context.
866 * Called from fs/namei.c:getname().
867 */
1057void audit_getname(const char *name) 868void audit_getname(const char *name)
1058{ 869{
1059 struct audit_context *context = current->audit_context; 870 struct audit_context *context = current->audit_context;
@@ -1082,10 +893,13 @@ void audit_getname(const char *name)
1082 893
1083} 894}
1084 895
1085/* Intercept a putname request. Called from 896/* audit_putname - intercept a putname request
1086 * include/linux/fs.h:putname(). If we have stored the name from 897 * @name: name to intercept and delay for putname
1087 * getname in the audit context, then we delay the putname until syscall 898 *
1088 * exit. */ 899 * If we have stored the name from getname in the audit context,
900 * then we delay the putname until syscall exit.
901 * Called from include/linux/fs.h:putname().
902 */
1089void audit_putname(const char *name) 903void audit_putname(const char *name)
1090{ 904{
1091 struct audit_context *context = current->audit_context; 905 struct audit_context *context = current->audit_context;
@@ -1100,7 +914,7 @@ void audit_putname(const char *name)
1100 for (i = 0; i < context->name_count; i++) 914 for (i = 0; i < context->name_count; i++)
1101 printk(KERN_ERR "name[%d] = %p = %s\n", i, 915 printk(KERN_ERR "name[%d] = %p = %s\n", i,
1102 context->names[i].name, 916 context->names[i].name,
1103 context->names[i].name); 917 context->names[i].name ?: "(null)");
1104 } 918 }
1105#endif 919#endif
1106 __putname(name); 920 __putname(name);
@@ -1122,9 +936,52 @@ void audit_putname(const char *name)
1122#endif 936#endif
1123} 937}
1124 938
1125/* Store the inode and device from a lookup. Called from 939void audit_inode_context(int idx, const struct inode *inode)
1126 * fs/namei.c:path_lookup(). */ 940{
1127void audit_inode(const char *name, const struct inode *inode, unsigned flags) 941 struct audit_context *context = current->audit_context;
942 const char *suffix = security_inode_xattr_getsuffix();
943 char *ctx = NULL;
944 int len = 0;
945
946 if (!suffix)
947 goto ret;
948
949 len = security_inode_getsecurity(inode, suffix, NULL, 0, 0);
950 if (len == -EOPNOTSUPP)
951 goto ret;
952 if (len < 0)
953 goto error_path;
954
955 ctx = kmalloc(len, GFP_KERNEL);
956 if (!ctx)
957 goto error_path;
958
959 len = security_inode_getsecurity(inode, suffix, ctx, len, 0);
960 if (len < 0)
961 goto error_path;
962
963 kfree(context->names[idx].ctx);
964 context->names[idx].ctx = ctx;
965 goto ret;
966
967error_path:
968 if (ctx)
969 kfree(ctx);
970 audit_panic("error in audit_inode_context");
971ret:
972 return;
973}
974
975
976/**
977 * audit_inode - store the inode and device from a lookup
978 * @name: name being audited
979 * @inode: inode being audited
980 * @flags: lookup flags (as used in path_lookup())
981 *
982 * Called from fs/namei.c:path_lookup().
983 */
984void __audit_inode(const char *name, const struct inode *inode, unsigned flags)
1128{ 985{
1129 int idx; 986 int idx;
1130 struct audit_context *context = current->audit_context; 987 struct audit_context *context = current->audit_context;
@@ -1150,15 +1007,105 @@ void audit_inode(const char *name, const struct inode *inode, unsigned flags)
1150 ++context->ino_count; 1007 ++context->ino_count;
1151#endif 1008#endif
1152 } 1009 }
1153 context->names[idx].flags = flags;
1154 context->names[idx].ino = inode->i_ino;
1155 context->names[idx].dev = inode->i_sb->s_dev; 1010 context->names[idx].dev = inode->i_sb->s_dev;
1156 context->names[idx].mode = inode->i_mode; 1011 context->names[idx].mode = inode->i_mode;
1157 context->names[idx].uid = inode->i_uid; 1012 context->names[idx].uid = inode->i_uid;
1158 context->names[idx].gid = inode->i_gid; 1013 context->names[idx].gid = inode->i_gid;
1159 context->names[idx].rdev = inode->i_rdev; 1014 context->names[idx].rdev = inode->i_rdev;
1015 audit_inode_context(idx, inode);
1016 if ((flags & LOOKUP_PARENT) && (strcmp(name, "/") != 0) &&
1017 (strcmp(name, ".") != 0)) {
1018 context->names[idx].ino = (unsigned long)-1;
1019 context->names[idx].pino = inode->i_ino;
1020 } else {
1021 context->names[idx].ino = inode->i_ino;
1022 context->names[idx].pino = (unsigned long)-1;
1023 }
1024}
1025
1026/**
1027 * audit_inode_child - collect inode info for created/removed objects
1028 * @dname: inode's dentry name
1029 * @inode: inode being audited
1030 * @pino: inode number of dentry parent
1031 *
1032 * For syscalls that create or remove filesystem objects, audit_inode
1033 * can only collect information for the filesystem object's parent.
1034 * This call updates the audit context with the child's information.
1035 * Syscalls that create a new filesystem object must be hooked after
1036 * the object is created. Syscalls that remove a filesystem object
1037 * must be hooked prior, in order to capture the target inode during
1038 * unsuccessful attempts.
1039 */
1040void __audit_inode_child(const char *dname, const struct inode *inode,
1041 unsigned long pino)
1042{
1043 int idx;
1044 struct audit_context *context = current->audit_context;
1045
1046 if (!context->in_syscall)
1047 return;
1048
1049 /* determine matching parent */
1050 if (dname)
1051 for (idx = 0; idx < context->name_count; idx++)
1052 if (context->names[idx].pino == pino) {
1053 const char *n;
1054 const char *name = context->names[idx].name;
1055 int dlen = strlen(dname);
1056 int nlen = name ? strlen(name) : 0;
1057
1058 if (nlen < dlen)
1059 continue;
1060
1061 /* disregard trailing slashes */
1062 n = name + nlen - 1;
1063 while ((*n == '/') && (n > name))
1064 n--;
1065
1066 /* find last path component */
1067 n = n - dlen + 1;
1068 if (n < name)
1069 continue;
1070 else if (n > name) {
1071 if (*--n != '/')
1072 continue;
1073 else
1074 n++;
1075 }
1076
1077 if (strncmp(n, dname, dlen) == 0)
1078 goto update_context;
1079 }
1080
1081 /* catch-all in case match not found */
1082 idx = context->name_count++;
1083 context->names[idx].name = NULL;
1084 context->names[idx].pino = pino;
1085#if AUDIT_DEBUG
1086 context->ino_count++;
1087#endif
1088
1089update_context:
1090 if (inode) {
1091 context->names[idx].ino = inode->i_ino;
1092 context->names[idx].dev = inode->i_sb->s_dev;
1093 context->names[idx].mode = inode->i_mode;
1094 context->names[idx].uid = inode->i_uid;
1095 context->names[idx].gid = inode->i_gid;
1096 context->names[idx].rdev = inode->i_rdev;
1097 audit_inode_context(idx, inode);
1098 }
1160} 1099}
1161 1100
1101/**
1102 * auditsc_get_stamp - get local copies of audit_context values
1103 * @ctx: audit_context for the task
1104 * @t: timespec to store time recorded in the audit_context
1105 * @serial: serial value that is recorded in the audit_context
1106 *
1107 * Also sets the context as auditable.
1108 */
1162void auditsc_get_stamp(struct audit_context *ctx, 1109void auditsc_get_stamp(struct audit_context *ctx,
1163 struct timespec *t, unsigned int *serial) 1110 struct timespec *t, unsigned int *serial)
1164{ 1111{
@@ -1170,6 +1117,15 @@ void auditsc_get_stamp(struct audit_context *ctx,
1170 ctx->auditable = 1; 1117 ctx->auditable = 1;
1171} 1118}
1172 1119
1120/**
1121 * audit_set_loginuid - set a task's audit_context loginuid
1122 * @task: task whose audit context is being modified
1123 * @loginuid: loginuid value
1124 *
1125 * Returns 0.
1126 *
1127 * Called (set) from fs/proc/base.c::proc_loginuid_write().
1128 */
1173int audit_set_loginuid(struct task_struct *task, uid_t loginuid) 1129int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
1174{ 1130{
1175 if (task->audit_context) { 1131 if (task->audit_context) {
@@ -1188,12 +1144,59 @@ int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
1188 return 0; 1144 return 0;
1189} 1145}
1190 1146
1147/**
1148 * audit_get_loginuid - get the loginuid for an audit_context
1149 * @ctx: the audit_context
1150 *
1151 * Returns the context's loginuid or -1 if @ctx is NULL.
1152 */
1191uid_t audit_get_loginuid(struct audit_context *ctx) 1153uid_t audit_get_loginuid(struct audit_context *ctx)
1192{ 1154{
1193 return ctx ? ctx->loginuid : -1; 1155 return ctx ? ctx->loginuid : -1;
1194} 1156}
1195 1157
1196int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode) 1158static char *audit_ipc_context(struct kern_ipc_perm *ipcp)
1159{
1160 struct audit_context *context = current->audit_context;
1161 char *ctx = NULL;
1162 int len = 0;
1163
1164 if (likely(!context))
1165 return NULL;
1166
1167 len = security_ipc_getsecurity(ipcp, NULL, 0);
1168 if (len == -EOPNOTSUPP)
1169 goto ret;
1170 if (len < 0)
1171 goto error_path;
1172
1173 ctx = kmalloc(len, GFP_ATOMIC);
1174 if (!ctx)
1175 goto error_path;
1176
1177 len = security_ipc_getsecurity(ipcp, ctx, len);
1178 if (len < 0)
1179 goto error_path;
1180
1181 return ctx;
1182
1183error_path:
1184 kfree(ctx);
1185 audit_panic("error in audit_ipc_context");
1186ret:
1187 return NULL;
1188}
1189
1190/**
1191 * audit_ipc_perms - record audit data for ipc
1192 * @qbytes: msgq bytes
1193 * @uid: msgq user id
1194 * @gid: msgq group id
1195 * @mode: msgq mode (permissions)
1196 *
1197 * Returns 0 for success or NULL context or < 0 on error.
1198 */
1199int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode, struct kern_ipc_perm *ipcp)
1197{ 1200{
1198 struct audit_aux_data_ipcctl *ax; 1201 struct audit_aux_data_ipcctl *ax;
1199 struct audit_context *context = current->audit_context; 1202 struct audit_context *context = current->audit_context;
@@ -1201,7 +1204,7 @@ int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode)
1201 if (likely(!context)) 1204 if (likely(!context))
1202 return 0; 1205 return 0;
1203 1206
1204 ax = kmalloc(sizeof(*ax), GFP_KERNEL); 1207 ax = kmalloc(sizeof(*ax), GFP_ATOMIC);
1205 if (!ax) 1208 if (!ax)
1206 return -ENOMEM; 1209 return -ENOMEM;
1207 1210
@@ -1209,6 +1212,7 @@ int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode)
1209 ax->uid = uid; 1212 ax->uid = uid;
1210 ax->gid = gid; 1213 ax->gid = gid;
1211 ax->mode = mode; 1214 ax->mode = mode;
1215 ax->ctx = audit_ipc_context(ipcp);
1212 1216
1213 ax->d.type = AUDIT_IPC; 1217 ax->d.type = AUDIT_IPC;
1214 ax->d.next = context->aux; 1218 ax->d.next = context->aux;
@@ -1216,6 +1220,13 @@ int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode)
1216 return 0; 1220 return 0;
1217} 1221}
1218 1222
1223/**
1224 * audit_socketcall - record audit data for sys_socketcall
1225 * @nargs: number of args
1226 * @args: args array
1227 *
1228 * Returns 0 for success or NULL context or < 0 on error.
1229 */
1219int audit_socketcall(int nargs, unsigned long *args) 1230int audit_socketcall(int nargs, unsigned long *args)
1220{ 1231{
1221 struct audit_aux_data_socketcall *ax; 1232 struct audit_aux_data_socketcall *ax;
@@ -1237,6 +1248,13 @@ int audit_socketcall(int nargs, unsigned long *args)
1237 return 0; 1248 return 0;
1238} 1249}
1239 1250
1251/**
1252 * audit_sockaddr - record audit data for sys_bind, sys_connect, sys_sendto
1253 * @len: data length in user space
1254 * @a: data address in kernel space
1255 *
1256 * Returns 0 for success or NULL context or < 0 on error.
1257 */
1240int audit_sockaddr(int len, void *a) 1258int audit_sockaddr(int len, void *a)
1241{ 1259{
1242 struct audit_aux_data_sockaddr *ax; 1260 struct audit_aux_data_sockaddr *ax;
@@ -1258,6 +1276,15 @@ int audit_sockaddr(int len, void *a)
1258 return 0; 1276 return 0;
1259} 1277}
1260 1278
1279/**
1280 * audit_avc_path - record the granting or denial of permissions
1281 * @dentry: dentry to record
1282 * @mnt: mnt to record
1283 *
1284 * Returns 0 for success or NULL context or < 0 on error.
1285 *
1286 * Called from security/selinux/avc.c::avc_audit()
1287 */
1261int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt) 1288int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt)
1262{ 1289{
1263 struct audit_aux_data_path *ax; 1290 struct audit_aux_data_path *ax;
@@ -1279,6 +1306,14 @@ int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt)
1279 return 0; 1306 return 0;
1280} 1307}
1281 1308
1309/**
1310 * audit_signal_info - record signal info for shutting down audit subsystem
1311 * @sig: signal value
1312 * @t: task being signaled
1313 *
1314 * If the audit subsystem is being terminated, record the task (pid)
1315 * and uid that is doing that.
1316 */
1282void audit_signal_info(int sig, struct task_struct *t) 1317void audit_signal_info(int sig, struct task_struct *t)
1283{ 1318{
1284 extern pid_t audit_sig_pid; 1319 extern pid_t audit_sig_pid;
@@ -1295,4 +1330,3 @@ void audit_signal_info(int sig, struct task_struct *t)
1295 } 1330 }
1296 } 1331 }
1297} 1332}
1298
diff --git a/net/core/dev.c b/net/core/dev.c
index e0489ca731c5..8e1dc3051222 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -114,6 +114,7 @@
114#include <linux/wireless.h> 114#include <linux/wireless.h>
115#include <net/iw_handler.h> 115#include <net/iw_handler.h>
116#include <asm/current.h> 116#include <asm/current.h>
117#include <linux/audit.h>
117 118
118/* 119/*
119 * The list of packet types we will receive (as opposed to discard) 120 * The list of packet types we will receive (as opposed to discard)
@@ -2147,6 +2148,12 @@ void dev_set_promiscuity(struct net_device *dev, int inc)
2147 printk(KERN_INFO "device %s %s promiscuous mode\n", 2148 printk(KERN_INFO "device %s %s promiscuous mode\n",
2148 dev->name, (dev->flags & IFF_PROMISC) ? "entered" : 2149 dev->name, (dev->flags & IFF_PROMISC) ? "entered" :
2149 "left"); 2150 "left");
2151 audit_log(current->audit_context, GFP_ATOMIC,
2152 AUDIT_ANOM_PROMISCUOUS,
2153 "dev=%s prom=%d old_prom=%d auid=%u",
2154 dev->name, (dev->flags & IFF_PROMISC),
2155 (old_flags & IFF_PROMISC),
2156 audit_get_loginuid(current->audit_context));
2150 } 2157 }
2151} 2158}
2152 2159
diff --git a/security/dummy.c b/security/dummy.c
index a678f094b72d..fd99429278e9 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -378,7 +378,7 @@ static int dummy_inode_removexattr (struct dentry *dentry, char *name)
378 return 0; 378 return 0;
379} 379}
380 380
381static int dummy_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) 381static int dummy_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
382{ 382{
383 return -EOPNOTSUPP; 383 return -EOPNOTSUPP;
384} 384}
@@ -393,6 +393,11 @@ static int dummy_inode_listsecurity(struct inode *inode, char *buffer, size_t bu
393 return 0; 393 return 0;
394} 394}
395 395
396static const char *dummy_inode_xattr_getsuffix(void)
397{
398 return NULL;
399}
400
396static int dummy_file_permission (struct file *file, int mask) 401static int dummy_file_permission (struct file *file, int mask)
397{ 402{
398 return 0; 403 return 0;
@@ -558,6 +563,11 @@ static int dummy_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
558 return 0; 563 return 0;
559} 564}
560 565
566static int dummy_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
567{
568 return -EOPNOTSUPP;
569}
570
561static int dummy_msg_msg_alloc_security (struct msg_msg *msg) 571static int dummy_msg_msg_alloc_security (struct msg_msg *msg)
562{ 572{
563 return 0; 573 return 0;
@@ -931,6 +941,7 @@ void security_fixup_ops (struct security_operations *ops)
931 set_to_dummy_if_null(ops, inode_getxattr); 941 set_to_dummy_if_null(ops, inode_getxattr);
932 set_to_dummy_if_null(ops, inode_listxattr); 942 set_to_dummy_if_null(ops, inode_listxattr);
933 set_to_dummy_if_null(ops, inode_removexattr); 943 set_to_dummy_if_null(ops, inode_removexattr);
944 set_to_dummy_if_null(ops, inode_xattr_getsuffix);
934 set_to_dummy_if_null(ops, inode_getsecurity); 945 set_to_dummy_if_null(ops, inode_getsecurity);
935 set_to_dummy_if_null(ops, inode_setsecurity); 946 set_to_dummy_if_null(ops, inode_setsecurity);
936 set_to_dummy_if_null(ops, inode_listsecurity); 947 set_to_dummy_if_null(ops, inode_listsecurity);
@@ -965,6 +976,7 @@ void security_fixup_ops (struct security_operations *ops)
965 set_to_dummy_if_null(ops, task_reparent_to_init); 976 set_to_dummy_if_null(ops, task_reparent_to_init);
966 set_to_dummy_if_null(ops, task_to_inode); 977 set_to_dummy_if_null(ops, task_to_inode);
967 set_to_dummy_if_null(ops, ipc_permission); 978 set_to_dummy_if_null(ops, ipc_permission);
979 set_to_dummy_if_null(ops, ipc_getsecurity);
968 set_to_dummy_if_null(ops, msg_msg_alloc_security); 980 set_to_dummy_if_null(ops, msg_msg_alloc_security);
969 set_to_dummy_if_null(ops, msg_msg_free_security); 981 set_to_dummy_if_null(ops, msg_msg_free_security);
970 set_to_dummy_if_null(ops, msg_queue_alloc_security); 982 set_to_dummy_if_null(ops, msg_queue_alloc_security);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index ccaf988f3729..b61b9554bc27 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -119,6 +119,32 @@ static DEFINE_SPINLOCK(sb_security_lock);
119 119
120static kmem_cache_t *sel_inode_cache; 120static kmem_cache_t *sel_inode_cache;
121 121
122/* Return security context for a given sid or just the context
123 length if the buffer is null or length is 0 */
124static int selinux_getsecurity(u32 sid, void *buffer, size_t size)
125{
126 char *context;
127 unsigned len;
128 int rc;
129
130 rc = security_sid_to_context(sid, &context, &len);
131 if (rc)
132 return rc;
133
134 if (!buffer || !size)
135 goto getsecurity_exit;
136
137 if (size < len) {
138 len = -ERANGE;
139 goto getsecurity_exit;
140 }
141 memcpy(buffer, context, len);
142
143getsecurity_exit:
144 kfree(context);
145 return len;
146}
147
122/* Allocate and free functions for each kind of security blob. */ 148/* Allocate and free functions for each kind of security blob. */
123 149
124static int task_alloc_security(struct task_struct *task) 150static int task_alloc_security(struct task_struct *task)
@@ -2210,6 +2236,11 @@ static int selinux_inode_removexattr (struct dentry *dentry, char *name)
2210 return -EACCES; 2236 return -EACCES;
2211} 2237}
2212 2238
2239static const char *selinux_inode_xattr_getsuffix(void)
2240{
2241 return XATTR_SELINUX_SUFFIX;
2242}
2243
2213/* 2244/*
2214 * Copy the in-core inode security context value to the user. If the 2245 * Copy the in-core inode security context value to the user. If the
2215 * getxattr() prior to this succeeded, check to see if we need to 2246 * getxattr() prior to this succeeded, check to see if we need to
@@ -2217,47 +2248,14 @@ static int selinux_inode_removexattr (struct dentry *dentry, char *name)
2217 * 2248 *
2218 * Permission check is handled by selinux_inode_getxattr hook. 2249 * Permission check is handled by selinux_inode_getxattr hook.
2219 */ 2250 */
2220static int selinux_inode_getsecurity(struct inode *inode, const char *name, void *buffer, size_t size, int err) 2251static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
2221{ 2252{
2222 struct inode_security_struct *isec = inode->i_security; 2253 struct inode_security_struct *isec = inode->i_security;
2223 char *context;
2224 unsigned len;
2225 int rc;
2226
2227 if (strcmp(name, XATTR_SELINUX_SUFFIX)) {
2228 rc = -EOPNOTSUPP;
2229 goto out;
2230 }
2231
2232 rc = security_sid_to_context(isec->sid, &context, &len);
2233 if (rc)
2234 goto out;
2235
2236 /* Probe for required buffer size */
2237 if (!buffer || !size) {
2238 rc = len;
2239 goto out_free;
2240 }
2241 2254
2242 if (size < len) { 2255 if (strcmp(name, XATTR_SELINUX_SUFFIX))
2243 rc = -ERANGE; 2256 return -EOPNOTSUPP;
2244 goto out_free;
2245 }
2246 2257
2247 if (err > 0) { 2258 return selinux_getsecurity(isec->sid, buffer, size);
2248 if ((len == err) && !(memcmp(context, buffer, len))) {
2249 /* Don't need to canonicalize value */
2250 rc = err;
2251 goto out_free;
2252 }
2253 memset(buffer, 0, size);
2254 }
2255 memcpy(buffer, context, len);
2256 rc = len;
2257out_free:
2258 kfree(context);
2259out:
2260 return rc;
2261} 2259}
2262 2260
2263static int selinux_inode_setsecurity(struct inode *inode, const char *name, 2261static int selinux_inode_setsecurity(struct inode *inode, const char *name,
@@ -4054,6 +4052,13 @@ static int selinux_ipc_permission(struct kern_ipc_perm *ipcp, short flag)
4054 return ipc_has_perm(ipcp, av); 4052 return ipc_has_perm(ipcp, av);
4055} 4053}
4056 4054
4055static int selinux_ipc_getsecurity(struct kern_ipc_perm *ipcp, void *buffer, size_t size)
4056{
4057 struct ipc_security_struct *isec = ipcp->security;
4058
4059 return selinux_getsecurity(isec->sid, buffer, size);
4060}
4061
4057/* module stacking operations */ 4062/* module stacking operations */
4058static int selinux_register_security (const char *name, struct security_operations *ops) 4063static int selinux_register_security (const char *name, struct security_operations *ops)
4059{ 4064{
@@ -4095,8 +4100,7 @@ static int selinux_getprocattr(struct task_struct *p,
4095 char *name, void *value, size_t size) 4100 char *name, void *value, size_t size)
4096{ 4101{
4097 struct task_security_struct *tsec; 4102 struct task_security_struct *tsec;
4098 u32 sid, len; 4103 u32 sid;
4099 char *context;
4100 int error; 4104 int error;
4101 4105
4102 if (current != p) { 4106 if (current != p) {
@@ -4105,9 +4109,6 @@ static int selinux_getprocattr(struct task_struct *p,
4105 return error; 4109 return error;
4106 } 4110 }
4107 4111
4108 if (!size)
4109 return -ERANGE;
4110
4111 tsec = p->security; 4112 tsec = p->security;
4112 4113
4113 if (!strcmp(name, "current")) 4114 if (!strcmp(name, "current"))
@@ -4124,16 +4125,7 @@ static int selinux_getprocattr(struct task_struct *p,
4124 if (!sid) 4125 if (!sid)
4125 return 0; 4126 return 0;
4126 4127
4127 error = security_sid_to_context(sid, &context, &len); 4128 return selinux_getsecurity(sid, value, size);
4128 if (error)
4129 return error;
4130 if (len > size) {
4131 kfree(context);
4132 return -ERANGE;
4133 }
4134 memcpy(value, context, len);
4135 kfree(context);
4136 return len;
4137} 4129}
4138 4130
4139static int selinux_setprocattr(struct task_struct *p, 4131static int selinux_setprocattr(struct task_struct *p,
@@ -4291,6 +4283,7 @@ static struct security_operations selinux_ops = {
4291 .inode_getxattr = selinux_inode_getxattr, 4283 .inode_getxattr = selinux_inode_getxattr,
4292 .inode_listxattr = selinux_inode_listxattr, 4284 .inode_listxattr = selinux_inode_listxattr,
4293 .inode_removexattr = selinux_inode_removexattr, 4285 .inode_removexattr = selinux_inode_removexattr,
4286 .inode_xattr_getsuffix = selinux_inode_xattr_getsuffix,
4294 .inode_getsecurity = selinux_inode_getsecurity, 4287 .inode_getsecurity = selinux_inode_getsecurity,
4295 .inode_setsecurity = selinux_inode_setsecurity, 4288 .inode_setsecurity = selinux_inode_setsecurity,
4296 .inode_listsecurity = selinux_inode_listsecurity, 4289 .inode_listsecurity = selinux_inode_listsecurity,
@@ -4328,6 +4321,7 @@ static struct security_operations selinux_ops = {
4328 .task_to_inode = selinux_task_to_inode, 4321 .task_to_inode = selinux_task_to_inode,
4329 4322
4330 .ipc_permission = selinux_ipc_permission, 4323 .ipc_permission = selinux_ipc_permission,
4324 .ipc_getsecurity = selinux_ipc_getsecurity,
4331 4325
4332 .msg_msg_alloc_security = selinux_msg_msg_alloc_security, 4326 .msg_msg_alloc_security = selinux_msg_msg_alloc_security,
4333 .msg_msg_free_security = selinux_msg_msg_free_security, 4327 .msg_msg_free_security = selinux_msg_msg_free_security,
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index 85e399259832..b8f4d25cf335 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -106,6 +106,9 @@ static struct nlmsg_perm nlmsg_audit_perms[] =
106 { AUDIT_LIST, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV }, 106 { AUDIT_LIST, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV },
107 { AUDIT_ADD, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, 107 { AUDIT_ADD, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
108 { AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, 108 { AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
109 { AUDIT_LIST_RULES, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV },
110 { AUDIT_ADD_RULE, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
111 { AUDIT_DEL_RULE, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
109 { AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, 112 { AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
110 { AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ }, 113 { AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ },
111}; 114};
@@ -152,8 +155,10 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
152 break; 155 break;
153 156
154 case SECCLASS_NETLINK_AUDIT_SOCKET: 157 case SECCLASS_NETLINK_AUDIT_SOCKET:
155 if (nlmsg_type >= AUDIT_FIRST_USER_MSG && 158 if ((nlmsg_type >= AUDIT_FIRST_USER_MSG &&
156 nlmsg_type <= AUDIT_LAST_USER_MSG) { 159 nlmsg_type <= AUDIT_LAST_USER_MSG) ||
160 (nlmsg_type >= AUDIT_FIRST_USER_MSG2 &&
161 nlmsg_type <= AUDIT_LAST_USER_MSG2)) {
157 *perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY; 162 *perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY;
158 } else { 163 } else {
159 err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms, 164 err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index f5d78365488f..a4efc966f065 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -22,6 +22,7 @@
22#include <linux/major.h> 22#include <linux/major.h>
23#include <linux/seq_file.h> 23#include <linux/seq_file.h>
24#include <linux/percpu.h> 24#include <linux/percpu.h>
25#include <linux/audit.h>
25#include <asm/uaccess.h> 26#include <asm/uaccess.h>
26#include <asm/semaphore.h> 27#include <asm/semaphore.h>
27 28
@@ -127,6 +128,10 @@ static ssize_t sel_write_enforce(struct file * file, const char __user * buf,
127 length = task_has_security(current, SECURITY__SETENFORCE); 128 length = task_has_security(current, SECURITY__SETENFORCE);
128 if (length) 129 if (length)
129 goto out; 130 goto out;
131 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
132 "enforcing=%d old_enforcing=%d auid=%u", new_value,
133 selinux_enforcing,
134 audit_get_loginuid(current->audit_context));
130 selinux_enforcing = new_value; 135 selinux_enforcing = new_value;
131 if (selinux_enforcing) 136 if (selinux_enforcing)
132 avc_ss_reset(0); 137 avc_ss_reset(0);
@@ -177,6 +182,9 @@ static ssize_t sel_write_disable(struct file * file, const char __user * buf,
177 length = selinux_disable(); 182 length = selinux_disable();
178 if (length < 0) 183 if (length < 0)
179 goto out; 184 goto out;
185 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
186 "selinux=0 auid=%u",
187 audit_get_loginuid(current->audit_context));
180 } 188 }
181 189
182 length = count; 190 length = count;
@@ -262,6 +270,9 @@ static ssize_t sel_write_load(struct file * file, const char __user * buf,
262 length = ret; 270 length = ret;
263 else 271 else
264 length = count; 272 length = count;
273 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
274 "policy loaded auid=%u",
275 audit_get_loginuid(current->audit_context));
265out: 276out:
266 mutex_unlock(&sel_mutex); 277 mutex_unlock(&sel_mutex);
267 vfree(data); 278 vfree(data);
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 63e0b7f29cb5..61492485de84 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1759,19 +1759,22 @@ int security_set_bools(int len, int *values)
1759 goto out; 1759 goto out;
1760 } 1760 }
1761 1761
1762 printk(KERN_INFO "security: committed booleans { ");
1763 for (i = 0; i < len; i++) { 1762 for (i = 0; i < len; i++) {
1763 if (!!values[i] != policydb.bool_val_to_struct[i]->state) {
1764 audit_log(current->audit_context, GFP_ATOMIC,
1765 AUDIT_MAC_CONFIG_CHANGE,
1766 "bool=%s val=%d old_val=%d auid=%u",
1767 policydb.p_bool_val_to_name[i],
1768 !!values[i],
1769 policydb.bool_val_to_struct[i]->state,
1770 audit_get_loginuid(current->audit_context));
1771 }
1764 if (values[i]) { 1772 if (values[i]) {
1765 policydb.bool_val_to_struct[i]->state = 1; 1773 policydb.bool_val_to_struct[i]->state = 1;
1766 } else { 1774 } else {
1767 policydb.bool_val_to_struct[i]->state = 0; 1775 policydb.bool_val_to_struct[i]->state = 0;
1768 } 1776 }
1769 if (i != 0)
1770 printk(", ");
1771 printk("%s:%d", policydb.p_bool_val_to_name[i],
1772 policydb.bool_val_to_struct[i]->state);
1773 } 1777 }
1774 printk(" }\n");
1775 1778
1776 for (cur = policydb.cond_list; cur != NULL; cur = cur->next) { 1779 for (cur = policydb.cond_list; cur != NULL; cur = cur->next) {
1777 rc = evaluate_cond_node(&policydb, cur); 1780 rc = evaluate_cond_node(&policydb, cur);