diff options
author | David Woodhouse <dwmw2@infradead.org> | 2005-12-15 13:33:52 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2006-03-20 14:08:54 -0500 |
commit | fe7752bab26a9ac0651b695ad4f55659761f68f7 (patch) | |
tree | b2e516a52232c978fc824b226418d8a28460b8a8 | |
parent | ee436dc46a762f430e37952d375a23d87735f73f (diff) |
[PATCH] Fix audit record filtering with !CONFIG_AUDITSYSCALL
This fixes the per-user and per-message-type filtering when syscall
auditing isn't enabled.
[AV: folded followup fix from the same author]
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | include/linux/audit.h | 18 | ||||
-rw-r--r-- | kernel/Makefile | 2 | ||||
-rw-r--r-- | kernel/audit.c | 1 | ||||
-rw-r--r-- | kernel/audit.h | 70 | ||||
-rw-r--r-- | kernel/auditfilter.c | 378 | ||||
-rw-r--r-- | kernel/auditsc.c | 380 |
6 files changed, 459 insertions, 390 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 1912d8e8ae90..fbc21d6267f3 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -278,8 +278,6 @@ static inline void audit_inode_child(const char *dname, | |||
278 | } | 278 | } |
279 | 279 | ||
280 | /* Private API (for audit.c only) */ | 280 | /* Private API (for audit.c only) */ |
281 | extern int audit_receive_filter(int type, int pid, int uid, int seq, | ||
282 | void *data, uid_t loginuid); | ||
283 | extern unsigned int audit_serial(void); | 281 | extern unsigned int audit_serial(void); |
284 | extern void auditsc_get_stamp(struct audit_context *ctx, | 282 | extern void auditsc_get_stamp(struct audit_context *ctx, |
285 | struct timespec *t, unsigned int *serial); | 283 | struct timespec *t, unsigned int *serial); |
@@ -290,8 +288,6 @@ extern int audit_socketcall(int nargs, unsigned long *args); | |||
290 | extern int audit_sockaddr(int len, void *addr); | 288 | extern int audit_sockaddr(int len, void *addr); |
291 | extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); | 289 | extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); |
292 | extern void audit_signal_info(int sig, struct task_struct *t); | 290 | extern void audit_signal_info(int sig, struct task_struct *t); |
293 | extern int audit_filter_user(struct netlink_skb_parms *cb, int type); | ||
294 | extern int audit_filter_type(int type); | ||
295 | extern int audit_set_macxattr(const char *name); | 291 | extern int audit_set_macxattr(const char *name); |
296 | #else | 292 | #else |
297 | #define audit_alloc(t) ({ 0; }) | 293 | #define audit_alloc(t) ({ 0; }) |
@@ -304,7 +300,6 @@ extern int audit_set_macxattr(const char *name); | |||
304 | #define __audit_inode_child(d,i,p) do { ; } while (0) | 300 | #define __audit_inode_child(d,i,p) do { ; } while (0) |
305 | #define audit_inode(n,i,f) do { ; } while (0) | 301 | #define audit_inode(n,i,f) do { ; } while (0) |
306 | #define audit_inode_child(d,i,p) do { ; } while (0) | 302 | #define audit_inode_child(d,i,p) do { ; } while (0) |
307 | #define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; }) | ||
308 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) | 303 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) |
309 | #define audit_get_loginuid(c) ({ -1; }) | 304 | #define audit_get_loginuid(c) ({ -1; }) |
310 | #define audit_ipc_perms(q,u,g,m,i) ({ 0; }) | 305 | #define audit_ipc_perms(q,u,g,m,i) ({ 0; }) |
@@ -312,7 +307,6 @@ extern int audit_set_macxattr(const char *name); | |||
312 | #define audit_sockaddr(len, addr) ({ 0; }) | 307 | #define audit_sockaddr(len, addr) ({ 0; }) |
313 | #define audit_avc_path(dentry, mnt) ({ 0; }) | 308 | #define audit_avc_path(dentry, mnt) ({ 0; }) |
314 | #define audit_signal_info(s,t) do { ; } while (0) | 309 | #define audit_signal_info(s,t) do { ; } while (0) |
315 | #define audit_filter_user(cb,t) ({ 1; }) | ||
316 | #define audit_set_macxattr(n) do { ; } while (0) | 310 | #define audit_set_macxattr(n) do { ; } while (0) |
317 | #endif | 311 | #endif |
318 | 312 | ||
@@ -337,13 +331,11 @@ extern void audit_log_d_path(struct audit_buffer *ab, | |||
337 | const char *prefix, | 331 | const char *prefix, |
338 | struct dentry *dentry, | 332 | struct dentry *dentry, |
339 | struct vfsmount *vfsmnt); | 333 | struct vfsmount *vfsmnt); |
340 | /* Private API (for auditsc.c only) */ | 334 | /* Private API (for audit.c only) */ |
341 | extern void audit_send_reply(int pid, int seq, int type, | 335 | extern int audit_filter_user(struct netlink_skb_parms *cb, int type); |
342 | int done, int multi, | 336 | extern int audit_filter_type(int type); |
343 | void *payload, int size); | 337 | extern int audit_receive_filter(int type, int pid, int uid, int seq, |
344 | extern void audit_log_lost(const char *message); | 338 | void *data, uid_t loginuid); |
345 | extern void audit_panic(const char *message); | ||
346 | extern struct semaphore audit_netlink_sem; | ||
347 | #else | 339 | #else |
348 | #define audit_log(c,g,t,f,...) do { ; } while (0) | 340 | #define audit_log(c,g,t,f,...) do { ; } while (0) |
349 | #define audit_log_start(c,g,t) ({ NULL; }) | 341 | #define audit_log_start(c,g,t) ({ NULL; }) |
diff --git a/kernel/Makefile b/kernel/Makefile index 4ae0fbde815d..58cf129e5622 100644 --- a/kernel/Makefile +++ b/kernel/Makefile | |||
@@ -26,7 +26,7 @@ obj-$(CONFIG_COMPAT) += compat.o | |||
26 | obj-$(CONFIG_CPUSETS) += cpuset.o | 26 | obj-$(CONFIG_CPUSETS) += cpuset.o |
27 | obj-$(CONFIG_IKCONFIG) += configs.o | 27 | obj-$(CONFIG_IKCONFIG) += configs.o |
28 | obj-$(CONFIG_STOP_MACHINE) += stop_machine.o | 28 | obj-$(CONFIG_STOP_MACHINE) += stop_machine.o |
29 | obj-$(CONFIG_AUDIT) += audit.o | 29 | obj-$(CONFIG_AUDIT) += audit.o auditfilter.o |
30 | obj-$(CONFIG_AUDITSYSCALL) += auditsc.o | 30 | obj-$(CONFIG_AUDITSYSCALL) += auditsc.o |
31 | obj-$(CONFIG_KPROBES) += kprobes.o | 31 | obj-$(CONFIG_KPROBES) += kprobes.o |
32 | obj-$(CONFIG_SYSFS) += ksysfs.o | 32 | obj-$(CONFIG_SYSFS) += ksysfs.o |
diff --git a/kernel/audit.c b/kernel/audit.c index 45c123ef77a7..07c5d2bdd38c 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
@@ -305,6 +305,7 @@ static int kauditd_thread(void *dummy) | |||
305 | remove_wait_queue(&kauditd_wait, &wait); | 305 | remove_wait_queue(&kauditd_wait, &wait); |
306 | } | 306 | } |
307 | } | 307 | } |
308 | return 0; | ||
308 | } | 309 | } |
309 | 310 | ||
310 | /** | 311 | /** |
diff --git a/kernel/audit.h b/kernel/audit.h new file mode 100644 index 000000000000..7643e46daeb2 --- /dev/null +++ b/kernel/audit.h | |||
@@ -0,0 +1,70 @@ | |||
1 | /* audit -- definition of audit_context structure and supporting types | ||
2 | * | ||
3 | * Copyright 2003-2004 Red Hat, Inc. | ||
4 | * Copyright 2005 Hewlett-Packard Development Company, L.P. | ||
5 | * Copyright 2005 IBM Corporation | ||
6 | * | ||
7 | * This program is free software; you can redistribute it and/or modify | ||
8 | * it under the terms of the GNU General Public License as published by | ||
9 | * the Free Software Foundation; either version 2 of the License, or | ||
10 | * (at your option) any later version. | ||
11 | * | ||
12 | * This program is distributed in the hope that it will be useful, | ||
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
15 | * GNU General Public License for more details. | ||
16 | * | ||
17 | * You should have received a copy of the GNU General Public License | ||
18 | * along with this program; if not, write to the Free Software | ||
19 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | ||
20 | */ | ||
21 | |||
22 | #include <linux/fs.h> | ||
23 | #include <linux/audit.h> | ||
24 | |||
25 | /* 0 = no checking | ||
26 | 1 = put_count checking | ||
27 | 2 = verbose put_count checking | ||
28 | */ | ||
29 | #define AUDIT_DEBUG 0 | ||
30 | |||
31 | /* At task start time, the audit_state is set in the audit_context using | ||
32 | a per-task filter. At syscall entry, the audit_state is augmented by | ||
33 | the syscall filter. */ | ||
34 | enum audit_state { | ||
35 | AUDIT_DISABLED, /* Do not create per-task audit_context. | ||
36 | * No syscall-specific audit records can | ||
37 | * be generated. */ | ||
38 | AUDIT_SETUP_CONTEXT, /* Create the per-task audit_context, | ||
39 | * but don't necessarily fill it in at | ||
40 | * syscall entry time (i.e., filter | ||
41 | * instead). */ | ||
42 | AUDIT_BUILD_CONTEXT, /* Create the per-task audit_context, | ||
43 | * and always fill it in at syscall | ||
44 | * entry time. This makes a full | ||
45 | * syscall record available if some | ||
46 | * other part of the kernel decides it | ||
47 | * should be recorded. */ | ||
48 | AUDIT_RECORD_CONTEXT /* Create the per-task audit_context, | ||
49 | * always fill it in at syscall entry | ||
50 | * time, and always write out the audit | ||
51 | * record at syscall exit time. */ | ||
52 | }; | ||
53 | |||
54 | /* Rule lists */ | ||
55 | struct audit_entry { | ||
56 | struct list_head list; | ||
57 | struct rcu_head rcu; | ||
58 | struct audit_rule rule; | ||
59 | }; | ||
60 | |||
61 | |||
62 | extern int audit_pid; | ||
63 | extern int audit_comparator(const u32 left, const u32 op, const u32 right); | ||
64 | |||
65 | extern void audit_send_reply(int pid, int seq, int type, | ||
66 | int done, int multi, | ||
67 | void *payload, int size); | ||
68 | extern void audit_log_lost(const char *message); | ||
69 | extern void audit_panic(const char *message); | ||
70 | extern struct semaphore audit_netlink_sem; | ||
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c new file mode 100644 index 000000000000..7f347c360876 --- /dev/null +++ b/kernel/auditfilter.c | |||
@@ -0,0 +1,378 @@ | |||
1 | /* auditfilter.c -- filtering of audit events | ||
2 | * | ||
3 | * Copyright 2003-2004 Red Hat, Inc. | ||
4 | * Copyright 2005 Hewlett-Packard Development Company, L.P. | ||
5 | * Copyright 2005 IBM Corporation | ||
6 | * | ||
7 | * This program is free software; you can redistribute it and/or modify | ||
8 | * it under the terms of the GNU General Public License as published by | ||
9 | * the Free Software Foundation; either version 2 of the License, or | ||
10 | * (at your option) any later version. | ||
11 | * | ||
12 | * This program is distributed in the hope that it will be useful, | ||
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
15 | * GNU General Public License for more details. | ||
16 | * | ||
17 | * You should have received a copy of the GNU General Public License | ||
18 | * along with this program; if not, write to the Free Software | ||
19 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | ||
20 | */ | ||
21 | |||
22 | #include <linux/kernel.h> | ||
23 | #include <linux/audit.h> | ||
24 | #include <linux/kthread.h> | ||
25 | #include <linux/netlink.h> | ||
26 | #include "audit.h" | ||
27 | |||
28 | /* There are three lists of rules -- one to search at task creation | ||
29 | * time, one to search at syscall entry time, and another to search at | ||
30 | * syscall exit time. */ | ||
31 | struct list_head audit_filter_list[AUDIT_NR_FILTERS] = { | ||
32 | LIST_HEAD_INIT(audit_filter_list[0]), | ||
33 | LIST_HEAD_INIT(audit_filter_list[1]), | ||
34 | LIST_HEAD_INIT(audit_filter_list[2]), | ||
35 | LIST_HEAD_INIT(audit_filter_list[3]), | ||
36 | LIST_HEAD_INIT(audit_filter_list[4]), | ||
37 | LIST_HEAD_INIT(audit_filter_list[5]), | ||
38 | #if AUDIT_NR_FILTERS != 6 | ||
39 | #error Fix audit_filter_list initialiser | ||
40 | #endif | ||
41 | }; | ||
42 | |||
43 | /* Copy rule from user-space to kernel-space. Called from | ||
44 | * audit_add_rule during AUDIT_ADD. */ | ||
45 | static inline int audit_copy_rule(struct audit_rule *d, struct audit_rule *s) | ||
46 | { | ||
47 | int i; | ||
48 | |||
49 | if (s->action != AUDIT_NEVER | ||
50 | && s->action != AUDIT_POSSIBLE | ||
51 | && s->action != AUDIT_ALWAYS) | ||
52 | return -1; | ||
53 | if (s->field_count < 0 || s->field_count > AUDIT_MAX_FIELDS) | ||
54 | return -1; | ||
55 | if ((s->flags & ~AUDIT_FILTER_PREPEND) >= AUDIT_NR_FILTERS) | ||
56 | return -1; | ||
57 | |||
58 | d->flags = s->flags; | ||
59 | d->action = s->action; | ||
60 | d->field_count = s->field_count; | ||
61 | for (i = 0; i < d->field_count; i++) { | ||
62 | d->fields[i] = s->fields[i]; | ||
63 | d->values[i] = s->values[i]; | ||
64 | } | ||
65 | for (i = 0; i < AUDIT_BITMASK_SIZE; i++) d->mask[i] = s->mask[i]; | ||
66 | return 0; | ||
67 | } | ||
68 | |||
69 | /* Check to see if two rules are identical. It is called from | ||
70 | * audit_add_rule during AUDIT_ADD and | ||
71 | * audit_del_rule during AUDIT_DEL. */ | ||
72 | static inline int audit_compare_rule(struct audit_rule *a, struct audit_rule *b) | ||
73 | { | ||
74 | int i; | ||
75 | |||
76 | if (a->flags != b->flags) | ||
77 | return 1; | ||
78 | |||
79 | if (a->action != b->action) | ||
80 | return 1; | ||
81 | |||
82 | if (a->field_count != b->field_count) | ||
83 | return 1; | ||
84 | |||
85 | for (i = 0; i < a->field_count; i++) { | ||
86 | if (a->fields[i] != b->fields[i] | ||
87 | || a->values[i] != b->values[i]) | ||
88 | return 1; | ||
89 | } | ||
90 | |||
91 | for (i = 0; i < AUDIT_BITMASK_SIZE; i++) | ||
92 | if (a->mask[i] != b->mask[i]) | ||
93 | return 1; | ||
94 | |||
95 | return 0; | ||
96 | } | ||
97 | |||
98 | /* Note that audit_add_rule and audit_del_rule are called via | ||
99 | * audit_receive() in audit.c, and are protected by | ||
100 | * audit_netlink_sem. */ | ||
101 | static inline int audit_add_rule(struct audit_rule *rule, | ||
102 | struct list_head *list) | ||
103 | { | ||
104 | struct audit_entry *entry; | ||
105 | int i; | ||
106 | |||
107 | /* Do not use the _rcu iterator here, since this is the only | ||
108 | * addition routine. */ | ||
109 | list_for_each_entry(entry, list, list) { | ||
110 | if (!audit_compare_rule(rule, &entry->rule)) { | ||
111 | return -EEXIST; | ||
112 | } | ||
113 | } | ||
114 | |||
115 | for (i = 0; i < rule->field_count; i++) { | ||
116 | if (rule->fields[i] & AUDIT_UNUSED_BITS) | ||
117 | return -EINVAL; | ||
118 | if ( rule->fields[i] & AUDIT_NEGATE ) | ||
119 | rule->fields[i] |= AUDIT_NOT_EQUAL; | ||
120 | else if ( (rule->fields[i] & AUDIT_OPERATORS) == 0 ) | ||
121 | rule->fields[i] |= AUDIT_EQUAL; | ||
122 | rule->fields[i] &= (~AUDIT_NEGATE); | ||
123 | } | ||
124 | |||
125 | if (!(entry = kmalloc(sizeof(*entry), GFP_KERNEL))) | ||
126 | return -ENOMEM; | ||
127 | if (audit_copy_rule(&entry->rule, rule)) { | ||
128 | kfree(entry); | ||
129 | return -EINVAL; | ||
130 | } | ||
131 | |||
132 | if (entry->rule.flags & AUDIT_FILTER_PREPEND) { | ||
133 | entry->rule.flags &= ~AUDIT_FILTER_PREPEND; | ||
134 | list_add_rcu(&entry->list, list); | ||
135 | } else { | ||
136 | list_add_tail_rcu(&entry->list, list); | ||
137 | } | ||
138 | |||
139 | return 0; | ||
140 | } | ||
141 | |||
142 | static inline void audit_free_rule(struct rcu_head *head) | ||
143 | { | ||
144 | struct audit_entry *e = container_of(head, struct audit_entry, rcu); | ||
145 | kfree(e); | ||
146 | } | ||
147 | |||
148 | /* Note that audit_add_rule and audit_del_rule are called via | ||
149 | * audit_receive() in audit.c, and are protected by | ||
150 | * audit_netlink_sem. */ | ||
151 | static inline int audit_del_rule(struct audit_rule *rule, | ||
152 | struct list_head *list) | ||
153 | { | ||
154 | struct audit_entry *e; | ||
155 | |||
156 | /* Do not use the _rcu iterator here, since this is the only | ||
157 | * deletion routine. */ | ||
158 | list_for_each_entry(e, list, list) { | ||
159 | if (!audit_compare_rule(rule, &e->rule)) { | ||
160 | list_del_rcu(&e->list); | ||
161 | call_rcu(&e->rcu, audit_free_rule); | ||
162 | return 0; | ||
163 | } | ||
164 | } | ||
165 | return -ENOENT; /* No matching rule */ | ||
166 | } | ||
167 | |||
168 | static int audit_list_rules(void *_dest) | ||
169 | { | ||
170 | int pid, seq; | ||
171 | int *dest = _dest; | ||
172 | struct audit_entry *entry; | ||
173 | int i; | ||
174 | |||
175 | pid = dest[0]; | ||
176 | seq = dest[1]; | ||
177 | kfree(dest); | ||
178 | |||
179 | down(&audit_netlink_sem); | ||
180 | |||
181 | /* The *_rcu iterators not needed here because we are | ||
182 | always called with audit_netlink_sem held. */ | ||
183 | for (i=0; i<AUDIT_NR_FILTERS; i++) { | ||
184 | list_for_each_entry(entry, &audit_filter_list[i], list) | ||
185 | audit_send_reply(pid, seq, AUDIT_LIST, 0, 1, | ||
186 | &entry->rule, sizeof(entry->rule)); | ||
187 | } | ||
188 | audit_send_reply(pid, seq, AUDIT_LIST, 1, 1, NULL, 0); | ||
189 | |||
190 | up(&audit_netlink_sem); | ||
191 | return 0; | ||
192 | } | ||
193 | |||
194 | /** | ||
195 | * audit_receive_filter - apply all rules to the specified message type | ||
196 | * @type: audit message type | ||
197 | * @pid: target pid for netlink audit messages | ||
198 | * @uid: target uid for netlink audit messages | ||
199 | * @seq: netlink audit message sequence (serial) number | ||
200 | * @data: payload data | ||
201 | * @loginuid: loginuid of sender | ||
202 | */ | ||
203 | int audit_receive_filter(int type, int pid, int uid, int seq, void *data, | ||
204 | uid_t loginuid) | ||
205 | { | ||
206 | struct task_struct *tsk; | ||
207 | int *dest; | ||
208 | int err = 0; | ||
209 | unsigned listnr; | ||
210 | |||
211 | switch (type) { | ||
212 | case AUDIT_LIST: | ||
213 | /* We can't just spew out the rules here because we might fill | ||
214 | * the available socket buffer space and deadlock waiting for | ||
215 | * auditctl to read from it... which isn't ever going to | ||
216 | * happen if we're actually running in the context of auditctl | ||
217 | * trying to _send_ the stuff */ | ||
218 | |||
219 | dest = kmalloc(2 * sizeof(int), GFP_KERNEL); | ||
220 | if (!dest) | ||
221 | return -ENOMEM; | ||
222 | dest[0] = pid; | ||
223 | dest[1] = seq; | ||
224 | |||
225 | tsk = kthread_run(audit_list_rules, dest, "audit_list_rules"); | ||
226 | if (IS_ERR(tsk)) { | ||
227 | kfree(dest); | ||
228 | err = PTR_ERR(tsk); | ||
229 | } | ||
230 | break; | ||
231 | case AUDIT_ADD: | ||
232 | listnr = ((struct audit_rule *)data)->flags & ~AUDIT_FILTER_PREPEND; | ||
233 | switch(listnr) { | ||
234 | default: | ||
235 | return -EINVAL; | ||
236 | |||
237 | case AUDIT_FILTER_USER: | ||
238 | case AUDIT_FILTER_TYPE: | ||
239 | #ifdef CONFIG_AUDITSYSCALL | ||
240 | case AUDIT_FILTER_ENTRY: | ||
241 | case AUDIT_FILTER_EXIT: | ||
242 | case AUDIT_FILTER_TASK: | ||
243 | #endif | ||
244 | ; | ||
245 | } | ||
246 | err = audit_add_rule(data, &audit_filter_list[listnr]); | ||
247 | if (!err) | ||
248 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
249 | "auid=%u added an audit rule\n", loginuid); | ||
250 | break; | ||
251 | case AUDIT_DEL: | ||
252 | listnr =((struct audit_rule *)data)->flags & ~AUDIT_FILTER_PREPEND; | ||
253 | if (listnr >= AUDIT_NR_FILTERS) | ||
254 | return -EINVAL; | ||
255 | |||
256 | err = audit_del_rule(data, &audit_filter_list[listnr]); | ||
257 | if (!err) | ||
258 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
259 | "auid=%u removed an audit rule\n", loginuid); | ||
260 | break; | ||
261 | default: | ||
262 | return -EINVAL; | ||
263 | } | ||
264 | |||
265 | return err; | ||
266 | } | ||
267 | |||
268 | int audit_comparator(const u32 left, const u32 op, const u32 right) | ||
269 | { | ||
270 | switch (op) { | ||
271 | case AUDIT_EQUAL: | ||
272 | return (left == right); | ||
273 | case AUDIT_NOT_EQUAL: | ||
274 | return (left != right); | ||
275 | case AUDIT_LESS_THAN: | ||
276 | return (left < right); | ||
277 | case AUDIT_LESS_THAN_OR_EQUAL: | ||
278 | return (left <= right); | ||
279 | case AUDIT_GREATER_THAN: | ||
280 | return (left > right); | ||
281 | case AUDIT_GREATER_THAN_OR_EQUAL: | ||
282 | return (left >= right); | ||
283 | default: | ||
284 | return -EINVAL; | ||
285 | } | ||
286 | } | ||
287 | |||
288 | |||
289 | |||
290 | static int audit_filter_user_rules(struct netlink_skb_parms *cb, | ||
291 | struct audit_rule *rule, | ||
292 | enum audit_state *state) | ||
293 | { | ||
294 | int i; | ||
295 | |||
296 | for (i = 0; i < rule->field_count; i++) { | ||
297 | u32 field = rule->fields[i] & ~AUDIT_OPERATORS; | ||
298 | u32 op = rule->fields[i] & AUDIT_OPERATORS; | ||
299 | u32 value = rule->values[i]; | ||
300 | int result = 0; | ||
301 | |||
302 | switch (field) { | ||
303 | case AUDIT_PID: | ||
304 | result = audit_comparator(cb->creds.pid, op, value); | ||
305 | break; | ||
306 | case AUDIT_UID: | ||
307 | result = audit_comparator(cb->creds.uid, op, value); | ||
308 | break; | ||
309 | case AUDIT_GID: | ||
310 | result = audit_comparator(cb->creds.gid, op, value); | ||
311 | break; | ||
312 | case AUDIT_LOGINUID: | ||
313 | result = audit_comparator(cb->loginuid, op, value); | ||
314 | break; | ||
315 | } | ||
316 | |||
317 | if (!result) | ||
318 | return 0; | ||
319 | } | ||
320 | switch (rule->action) { | ||
321 | case AUDIT_NEVER: *state = AUDIT_DISABLED; break; | ||
322 | case AUDIT_POSSIBLE: *state = AUDIT_BUILD_CONTEXT; break; | ||
323 | case AUDIT_ALWAYS: *state = AUDIT_RECORD_CONTEXT; break; | ||
324 | } | ||
325 | return 1; | ||
326 | } | ||
327 | |||
328 | int audit_filter_user(struct netlink_skb_parms *cb, int type) | ||
329 | { | ||
330 | struct audit_entry *e; | ||
331 | enum audit_state state; | ||
332 | int ret = 1; | ||
333 | |||
334 | rcu_read_lock(); | ||
335 | list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) { | ||
336 | if (audit_filter_user_rules(cb, &e->rule, &state)) { | ||
337 | if (state == AUDIT_DISABLED) | ||
338 | ret = 0; | ||
339 | break; | ||
340 | } | ||
341 | } | ||
342 | rcu_read_unlock(); | ||
343 | |||
344 | return ret; /* Audit by default */ | ||
345 | } | ||
346 | |||
347 | int audit_filter_type(int type) | ||
348 | { | ||
349 | struct audit_entry *e; | ||
350 | int result = 0; | ||
351 | |||
352 | rcu_read_lock(); | ||
353 | if (list_empty(&audit_filter_list[AUDIT_FILTER_TYPE])) | ||
354 | goto unlock_and_return; | ||
355 | |||
356 | list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TYPE], | ||
357 | list) { | ||
358 | struct audit_rule *rule = &e->rule; | ||
359 | int i; | ||
360 | for (i = 0; i < rule->field_count; i++) { | ||
361 | u32 field = rule->fields[i] & ~AUDIT_OPERATORS; | ||
362 | u32 op = rule->fields[i] & AUDIT_OPERATORS; | ||
363 | u32 value = rule->values[i]; | ||
364 | if ( field == AUDIT_MSGTYPE ) { | ||
365 | result = audit_comparator(type, op, value); | ||
366 | if (!result) | ||
367 | break; | ||
368 | } | ||
369 | } | ||
370 | if (result) | ||
371 | goto unlock_and_return; | ||
372 | } | ||
373 | unlock_and_return: | ||
374 | rcu_read_unlock(); | ||
375 | return result; | ||
376 | } | ||
377 | |||
378 | |||
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 4ef14515da35..17719b303638 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -52,17 +52,15 @@ | |||
52 | #include <linux/audit.h> | 52 | #include <linux/audit.h> |
53 | #include <linux/personality.h> | 53 | #include <linux/personality.h> |
54 | #include <linux/time.h> | 54 | #include <linux/time.h> |
55 | #include <linux/kthread.h> | ||
56 | #include <linux/netlink.h> | 55 | #include <linux/netlink.h> |
57 | #include <linux/compiler.h> | 56 | #include <linux/compiler.h> |
58 | #include <asm/unistd.h> | 57 | #include <asm/unistd.h> |
59 | #include <linux/security.h> | 58 | #include <linux/security.h> |
59 | #include <linux/list.h> | ||
60 | 60 | ||
61 | /* 0 = no checking | 61 | #include "audit.h" |
62 | 1 = put_count checking | 62 | |
63 | 2 = verbose put_count checking | 63 | extern struct list_head audit_filter_list[]; |
64 | */ | ||
65 | #define AUDIT_DEBUG 0 | ||
66 | 64 | ||
67 | /* No syscall auditing will take place unless audit_enabled != 0. */ | 65 | /* No syscall auditing will take place unless audit_enabled != 0. */ |
68 | extern int audit_enabled; | 66 | extern int audit_enabled; |
@@ -76,29 +74,6 @@ extern int audit_enabled; | |||
76 | * path_lookup. */ | 74 | * path_lookup. */ |
77 | #define AUDIT_NAMES_RESERVED 7 | 75 | #define AUDIT_NAMES_RESERVED 7 |
78 | 76 | ||
79 | /* At task start time, the audit_state is set in the audit_context using | ||
80 | a per-task filter. At syscall entry, the audit_state is augmented by | ||
81 | the syscall filter. */ | ||
82 | enum audit_state { | ||
83 | AUDIT_DISABLED, /* Do not create per-task audit_context. | ||
84 | * No syscall-specific audit records can | ||
85 | * be generated. */ | ||
86 | AUDIT_SETUP_CONTEXT, /* Create the per-task audit_context, | ||
87 | * but don't necessarily fill it in at | ||
88 | * syscall entry time (i.e., filter | ||
89 | * instead). */ | ||
90 | AUDIT_BUILD_CONTEXT, /* Create the per-task audit_context, | ||
91 | * and always fill it in at syscall | ||
92 | * entry time. This makes a full | ||
93 | * syscall record available if some | ||
94 | * other part of the kernel decides it | ||
95 | * should be recorded. */ | ||
96 | AUDIT_RECORD_CONTEXT /* Create the per-task audit_context, | ||
97 | * always fill it in at syscall entry | ||
98 | * time, and always write out the audit | ||
99 | * record at syscall exit time. */ | ||
100 | }; | ||
101 | |||
102 | /* When fs/namei.c:getname() is called, we store the pointer in name and | 77 | /* When fs/namei.c:getname() is called, we store the pointer in name and |
103 | * we don't let putname() free it (instead we free all of the saved | 78 | * we don't let putname() free it (instead we free all of the saved |
104 | * pointers at syscall exit time). | 79 | * pointers at syscall exit time). |
@@ -183,264 +158,6 @@ struct audit_context { | |||
183 | #endif | 158 | #endif |
184 | }; | 159 | }; |
185 | 160 | ||
186 | /* Public API */ | ||
187 | /* There are three lists of rules -- one to search at task creation | ||
188 | * time, one to search at syscall entry time, and another to search at | ||
189 | * syscall exit time. */ | ||
190 | static struct list_head audit_filter_list[AUDIT_NR_FILTERS] = { | ||
191 | LIST_HEAD_INIT(audit_filter_list[0]), | ||
192 | LIST_HEAD_INIT(audit_filter_list[1]), | ||
193 | LIST_HEAD_INIT(audit_filter_list[2]), | ||
194 | LIST_HEAD_INIT(audit_filter_list[3]), | ||
195 | LIST_HEAD_INIT(audit_filter_list[4]), | ||
196 | LIST_HEAD_INIT(audit_filter_list[5]), | ||
197 | #if AUDIT_NR_FILTERS != 6 | ||
198 | #error Fix audit_filter_list initialiser | ||
199 | #endif | ||
200 | }; | ||
201 | |||
202 | struct audit_entry { | ||
203 | struct list_head list; | ||
204 | struct rcu_head rcu; | ||
205 | struct audit_rule rule; | ||
206 | }; | ||
207 | |||
208 | extern int audit_pid; | ||
209 | |||
210 | /* Copy rule from user-space to kernel-space. Called from | ||
211 | * audit_add_rule during AUDIT_ADD. */ | ||
212 | static inline int audit_copy_rule(struct audit_rule *d, struct audit_rule *s) | ||
213 | { | ||
214 | int i; | ||
215 | |||
216 | if (s->action != AUDIT_NEVER | ||
217 | && s->action != AUDIT_POSSIBLE | ||
218 | && s->action != AUDIT_ALWAYS) | ||
219 | return -1; | ||
220 | if (s->field_count < 0 || s->field_count > AUDIT_MAX_FIELDS) | ||
221 | return -1; | ||
222 | if ((s->flags & ~AUDIT_FILTER_PREPEND) >= AUDIT_NR_FILTERS) | ||
223 | return -1; | ||
224 | |||
225 | d->flags = s->flags; | ||
226 | d->action = s->action; | ||
227 | d->field_count = s->field_count; | ||
228 | for (i = 0; i < d->field_count; i++) { | ||
229 | d->fields[i] = s->fields[i]; | ||
230 | d->values[i] = s->values[i]; | ||
231 | } | ||
232 | for (i = 0; i < AUDIT_BITMASK_SIZE; i++) d->mask[i] = s->mask[i]; | ||
233 | return 0; | ||
234 | } | ||
235 | |||
236 | /* Check to see if two rules are identical. It is called from | ||
237 | * audit_add_rule during AUDIT_ADD and | ||
238 | * audit_del_rule during AUDIT_DEL. */ | ||
239 | static inline int audit_compare_rule(struct audit_rule *a, struct audit_rule *b) | ||
240 | { | ||
241 | int i; | ||
242 | |||
243 | if (a->flags != b->flags) | ||
244 | return 1; | ||
245 | |||
246 | if (a->action != b->action) | ||
247 | return 1; | ||
248 | |||
249 | if (a->field_count != b->field_count) | ||
250 | return 1; | ||
251 | |||
252 | for (i = 0; i < a->field_count; i++) { | ||
253 | if (a->fields[i] != b->fields[i] | ||
254 | || a->values[i] != b->values[i]) | ||
255 | return 1; | ||
256 | } | ||
257 | |||
258 | for (i = 0; i < AUDIT_BITMASK_SIZE; i++) | ||
259 | if (a->mask[i] != b->mask[i]) | ||
260 | return 1; | ||
261 | |||
262 | return 0; | ||
263 | } | ||
264 | |||
265 | /* Note that audit_add_rule and audit_del_rule are called via | ||
266 | * audit_receive() in audit.c, and are protected by | ||
267 | * audit_netlink_sem. */ | ||
268 | static inline int audit_add_rule(struct audit_rule *rule, | ||
269 | struct list_head *list) | ||
270 | { | ||
271 | struct audit_entry *entry; | ||
272 | int i; | ||
273 | |||
274 | /* Do not use the _rcu iterator here, since this is the only | ||
275 | * addition routine. */ | ||
276 | list_for_each_entry(entry, list, list) { | ||
277 | if (!audit_compare_rule(rule, &entry->rule)) { | ||
278 | return -EEXIST; | ||
279 | } | ||
280 | } | ||
281 | |||
282 | for (i = 0; i < rule->field_count; i++) { | ||
283 | if (rule->fields[i] & AUDIT_UNUSED_BITS) | ||
284 | return -EINVAL; | ||
285 | if ( rule->fields[i] & AUDIT_NEGATE ) | ||
286 | rule->fields[i] |= AUDIT_NOT_EQUAL; | ||
287 | else if ( (rule->fields[i] & AUDIT_OPERATORS) == 0 ) | ||
288 | rule->fields[i] |= AUDIT_EQUAL; | ||
289 | rule->fields[i] &= (~AUDIT_NEGATE); | ||
290 | } | ||
291 | |||
292 | if (!(entry = kmalloc(sizeof(*entry), GFP_KERNEL))) | ||
293 | return -ENOMEM; | ||
294 | if (audit_copy_rule(&entry->rule, rule)) { | ||
295 | kfree(entry); | ||
296 | return -EINVAL; | ||
297 | } | ||
298 | |||
299 | if (entry->rule.flags & AUDIT_FILTER_PREPEND) { | ||
300 | entry->rule.flags &= ~AUDIT_FILTER_PREPEND; | ||
301 | list_add_rcu(&entry->list, list); | ||
302 | } else { | ||
303 | list_add_tail_rcu(&entry->list, list); | ||
304 | } | ||
305 | |||
306 | return 0; | ||
307 | } | ||
308 | |||
309 | static inline void audit_free_rule(struct rcu_head *head) | ||
310 | { | ||
311 | struct audit_entry *e = container_of(head, struct audit_entry, rcu); | ||
312 | kfree(e); | ||
313 | } | ||
314 | |||
315 | /* Note that audit_add_rule and audit_del_rule are called via | ||
316 | * audit_receive() in audit.c, and are protected by | ||
317 | * audit_netlink_sem. */ | ||
318 | static inline int audit_del_rule(struct audit_rule *rule, | ||
319 | struct list_head *list) | ||
320 | { | ||
321 | struct audit_entry *e; | ||
322 | |||
323 | /* Do not use the _rcu iterator here, since this is the only | ||
324 | * deletion routine. */ | ||
325 | list_for_each_entry(e, list, list) { | ||
326 | if (!audit_compare_rule(rule, &e->rule)) { | ||
327 | list_del_rcu(&e->list); | ||
328 | call_rcu(&e->rcu, audit_free_rule); | ||
329 | return 0; | ||
330 | } | ||
331 | } | ||
332 | return -ENOENT; /* No matching rule */ | ||
333 | } | ||
334 | |||
335 | static int audit_list_rules(void *_dest) | ||
336 | { | ||
337 | int pid, seq; | ||
338 | int *dest = _dest; | ||
339 | struct audit_entry *entry; | ||
340 | int i; | ||
341 | |||
342 | pid = dest[0]; | ||
343 | seq = dest[1]; | ||
344 | kfree(dest); | ||
345 | |||
346 | down(&audit_netlink_sem); | ||
347 | |||
348 | /* The *_rcu iterators not needed here because we are | ||
349 | always called with audit_netlink_sem held. */ | ||
350 | for (i=0; i<AUDIT_NR_FILTERS; i++) { | ||
351 | list_for_each_entry(entry, &audit_filter_list[i], list) | ||
352 | audit_send_reply(pid, seq, AUDIT_LIST, 0, 1, | ||
353 | &entry->rule, sizeof(entry->rule)); | ||
354 | } | ||
355 | audit_send_reply(pid, seq, AUDIT_LIST, 1, 1, NULL, 0); | ||
356 | |||
357 | up(&audit_netlink_sem); | ||
358 | return 0; | ||
359 | } | ||
360 | |||
361 | /** | ||
362 | * audit_receive_filter - apply all rules to the specified message type | ||
363 | * @type: audit message type | ||
364 | * @pid: target pid for netlink audit messages | ||
365 | * @uid: target uid for netlink audit messages | ||
366 | * @seq: netlink audit message sequence (serial) number | ||
367 | * @data: payload data | ||
368 | * @loginuid: loginuid of sender | ||
369 | */ | ||
370 | int audit_receive_filter(int type, int pid, int uid, int seq, void *data, | ||
371 | uid_t loginuid) | ||
372 | { | ||
373 | struct task_struct *tsk; | ||
374 | int *dest; | ||
375 | int err = 0; | ||
376 | unsigned listnr; | ||
377 | |||
378 | switch (type) { | ||
379 | case AUDIT_LIST: | ||
380 | /* We can't just spew out the rules here because we might fill | ||
381 | * the available socket buffer space and deadlock waiting for | ||
382 | * auditctl to read from it... which isn't ever going to | ||
383 | * happen if we're actually running in the context of auditctl | ||
384 | * trying to _send_ the stuff */ | ||
385 | |||
386 | dest = kmalloc(2 * sizeof(int), GFP_KERNEL); | ||
387 | if (!dest) | ||
388 | return -ENOMEM; | ||
389 | dest[0] = pid; | ||
390 | dest[1] = seq; | ||
391 | |||
392 | tsk = kthread_run(audit_list_rules, dest, "audit_list_rules"); | ||
393 | if (IS_ERR(tsk)) { | ||
394 | kfree(dest); | ||
395 | err = PTR_ERR(tsk); | ||
396 | } | ||
397 | break; | ||
398 | case AUDIT_ADD: | ||
399 | listnr =((struct audit_rule *)data)->flags & ~AUDIT_FILTER_PREPEND; | ||
400 | if (listnr >= AUDIT_NR_FILTERS) | ||
401 | return -EINVAL; | ||
402 | |||
403 | err = audit_add_rule(data, &audit_filter_list[listnr]); | ||
404 | if (!err) | ||
405 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
406 | "auid=%u added an audit rule\n", loginuid); | ||
407 | break; | ||
408 | case AUDIT_DEL: | ||
409 | listnr =((struct audit_rule *)data)->flags & ~AUDIT_FILTER_PREPEND; | ||
410 | if (listnr >= AUDIT_NR_FILTERS) | ||
411 | return -EINVAL; | ||
412 | |||
413 | err = audit_del_rule(data, &audit_filter_list[listnr]); | ||
414 | if (!err) | ||
415 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
416 | "auid=%u removed an audit rule\n", loginuid); | ||
417 | break; | ||
418 | default: | ||
419 | return -EINVAL; | ||
420 | } | ||
421 | |||
422 | return err; | ||
423 | } | ||
424 | |||
425 | static int audit_comparator(const u32 left, const u32 op, const u32 right) | ||
426 | { | ||
427 | switch (op) { | ||
428 | case AUDIT_EQUAL: | ||
429 | return (left == right); | ||
430 | case AUDIT_NOT_EQUAL: | ||
431 | return (left != right); | ||
432 | case AUDIT_LESS_THAN: | ||
433 | return (left < right); | ||
434 | case AUDIT_LESS_THAN_OR_EQUAL: | ||
435 | return (left <= right); | ||
436 | case AUDIT_GREATER_THAN: | ||
437 | return (left > right); | ||
438 | case AUDIT_GREATER_THAN_OR_EQUAL: | ||
439 | return (left >= right); | ||
440 | default: | ||
441 | return -EINVAL; | ||
442 | } | ||
443 | } | ||
444 | 161 | ||
445 | /* Compare a task_struct with an audit_rule. Return 1 on match, 0 | 162 | /* Compare a task_struct with an audit_rule. Return 1 on match, 0 |
446 | * otherwise. */ | 163 | * otherwise. */ |
@@ -613,95 +330,6 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, | |||
613 | return AUDIT_BUILD_CONTEXT; | 330 | return AUDIT_BUILD_CONTEXT; |
614 | } | 331 | } |
615 | 332 | ||
616 | static int audit_filter_user_rules(struct netlink_skb_parms *cb, | ||
617 | struct audit_rule *rule, | ||
618 | enum audit_state *state) | ||
619 | { | ||
620 | int i; | ||
621 | |||
622 | for (i = 0; i < rule->field_count; i++) { | ||
623 | u32 field = rule->fields[i] & ~AUDIT_OPERATORS; | ||
624 | u32 op = rule->fields[i] & AUDIT_OPERATORS; | ||
625 | u32 value = rule->values[i]; | ||
626 | int result = 0; | ||
627 | |||
628 | switch (field) { | ||
629 | case AUDIT_PID: | ||
630 | result = audit_comparator(cb->creds.pid, op, value); | ||
631 | break; | ||
632 | case AUDIT_UID: | ||
633 | result = audit_comparator(cb->creds.uid, op, value); | ||
634 | break; | ||
635 | case AUDIT_GID: | ||
636 | result = audit_comparator(cb->creds.gid, op, value); | ||
637 | break; | ||
638 | case AUDIT_LOGINUID: | ||
639 | result = audit_comparator(cb->loginuid, op, value); | ||
640 | break; | ||
641 | } | ||
642 | |||
643 | if (!result) | ||
644 | return 0; | ||
645 | } | ||
646 | switch (rule->action) { | ||
647 | case AUDIT_NEVER: *state = AUDIT_DISABLED; break; | ||
648 | case AUDIT_POSSIBLE: *state = AUDIT_BUILD_CONTEXT; break; | ||
649 | case AUDIT_ALWAYS: *state = AUDIT_RECORD_CONTEXT; break; | ||
650 | } | ||
651 | return 1; | ||
652 | } | ||
653 | |||
654 | int audit_filter_user(struct netlink_skb_parms *cb, int type) | ||
655 | { | ||
656 | struct audit_entry *e; | ||
657 | enum audit_state state; | ||
658 | int ret = 1; | ||
659 | |||
660 | rcu_read_lock(); | ||
661 | list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) { | ||
662 | if (audit_filter_user_rules(cb, &e->rule, &state)) { | ||
663 | if (state == AUDIT_DISABLED) | ||
664 | ret = 0; | ||
665 | break; | ||
666 | } | ||
667 | } | ||
668 | rcu_read_unlock(); | ||
669 | |||
670 | return ret; /* Audit by default */ | ||
671 | } | ||
672 | |||
673 | int audit_filter_type(int type) | ||
674 | { | ||
675 | struct audit_entry *e; | ||
676 | int result = 0; | ||
677 | |||
678 | rcu_read_lock(); | ||
679 | if (list_empty(&audit_filter_list[AUDIT_FILTER_TYPE])) | ||
680 | goto unlock_and_return; | ||
681 | |||
682 | list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TYPE], | ||
683 | list) { | ||
684 | struct audit_rule *rule = &e->rule; | ||
685 | int i; | ||
686 | for (i = 0; i < rule->field_count; i++) { | ||
687 | u32 field = rule->fields[i] & ~AUDIT_OPERATORS; | ||
688 | u32 op = rule->fields[i] & AUDIT_OPERATORS; | ||
689 | u32 value = rule->values[i]; | ||
690 | if ( field == AUDIT_MSGTYPE ) { | ||
691 | result = audit_comparator(type, op, value); | ||
692 | if (!result) | ||
693 | break; | ||
694 | } | ||
695 | } | ||
696 | if (result) | ||
697 | goto unlock_and_return; | ||
698 | } | ||
699 | unlock_and_return: | ||
700 | rcu_read_unlock(); | ||
701 | return result; | ||
702 | } | ||
703 | |||
704 | |||
705 | /* This should be called with task_lock() held. */ | 333 | /* This should be called with task_lock() held. */ |
706 | static inline struct audit_context *audit_get_context(struct task_struct *tsk, | 334 | static inline struct audit_context *audit_get_context(struct task_struct *tsk, |
707 | int return_valid, | 335 | int return_valid, |