[PATCH] More user space subject labels

Hi, The patch below builds upon the patch sent earlier and adds subject label to all audit events generated via the netlink interface. It also cleans up a few other minor things. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Steve Grubb <sgrubb@redhat.com> 2006-04-01 18:29:34 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> 2006-05-01 06:10:01 -0400
commit: ce29b682e228c70cdc91a1b2935c5adb2087bab8 (patch)
tree: 39e3e5b345748bec1c2d21962407689cdb1b7dab
parent: e7c3497013a7e5496ce3d5fd3c73b5cf5af7a56e (diff)
4 files changed, 142 insertions, 40 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 740f950397b7..d5c40823e166 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -371,7 +371,7 @@ extern void		    audit_log_d_path(struct audit_buffer *ab,
 extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
 extern int audit_filter_type(int type);
 extern int  audit_receive_filter(int type, int pid, int uid, int seq,
-                                 void *data, size_t datasz, uid_t loginuid);
+                         void *data, size_t datasz, uid_t loginuid, u32 sid);
 #else
 #define audit_log(c,g,t,f,...) do { ; } while (0)
 #define audit_log_start(c,g,t) ({ NULL; })
diff --git a/kernel/audit.c b/kernel/audit.c
index 7ec9ccae1299..df57b493e1cb 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -230,49 +230,103 @@ void audit_log_lost(const char *message)
        }
 }
-static int audit_set_rate_limit(int limit, uid_t loginuid)
+static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sid)
 {
-        int old          = audit_rate_limit;
+        int old = audit_rate_limit;
-        audit_rate_limit = limit;
-        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, 
+        if (sid) {
+                char *ctx = NULL;
+                u32 len;
+                int rc;
+                if ((rc = selinux_ctxid_to_string(sid, &ctx, &len)))
+                        return rc;
+                else
+                        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                                "audit_rate_limit=%d old=%d by auid=%u subj=%s",
+                                limit, old, loginuid, ctx);
+                kfree(ctx);
+        } else
+                audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
                        "audit_rate_limit=%d old=%d by auid=%u",
-                        audit_rate_limit, old, loginuid);
+                        limit, old, loginuid);
+        audit_rate_limit = limit;
        return old;
 }
-static int audit_set_backlog_limit(int limit, uid_t loginuid)
+static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid)
 {
-        int old          = audit_backlog_limit;
+        int old = audit_backlog_limit;
-        audit_backlog_limit = limit;
-        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+        if (sid) {
+                char *ctx = NULL;
+                u32 len;
+                int rc;
+                if ((rc = selinux_ctxid_to_string(sid, &ctx, &len)))
+                        return rc;
+                else
+                        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                            "audit_backlog_limit=%d old=%d by auid=%u subj=%s",
+                                limit, old, loginuid, ctx);
+                kfree(ctx);
+        } else
+                audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
                        "audit_backlog_limit=%d old=%d by auid=%u",
-                        audit_backlog_limit, old, loginuid);
+                        limit, old, loginuid);
+        audit_backlog_limit = limit;
        return old;
 }
-static int audit_set_enabled(int state, uid_t loginuid)
+static int audit_set_enabled(int state, uid_t loginuid, u32 sid)
 {
-        int old          = audit_enabled;
+        int old = audit_enabled;
        if (state != 0 && state != 1)
                return -EINVAL;
-        audit_enabled = state;
-        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+        if (sid) {
+                char *ctx = NULL;
+                u32 len;
+                int rc;
+                if ((rc = selinux_ctxid_to_string(sid, &ctx, &len)))
+                        return rc;
+                else
+                        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                                "audit_enabled=%d old=%d by auid=%u subj=%s",
+                                state, old, loginuid, ctx);
+                kfree(ctx);
+        } else
+                audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
                        "audit_enabled=%d old=%d by auid=%u",
-                        audit_enabled, old, loginuid);
+                        state, old, loginuid);
+        audit_enabled = state;
        return old;
 }
-static int audit_set_failure(int state, uid_t loginuid)
+static int audit_set_failure(int state, uid_t loginuid, u32 sid)
 {
-        int old          = audit_failure;
+        int old = audit_failure;
        if (state != AUDIT_FAIL_SILENT
            && state != AUDIT_FAIL_PRINTK
            && state != AUDIT_FAIL_PANIC)
                return -EINVAL;
-        audit_failure = state;
-        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+        if (sid) {
+                char *ctx = NULL;
+                u32 len;
+                int rc;
+                if ((rc = selinux_ctxid_to_string(sid, &ctx, &len)))
+                        return rc;
+                else
+                        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                                "audit_failure=%d old=%d by auid=%u subj=%s",
+                                state, old, loginuid, ctx);
+                kfree(ctx);
+        } else
+                audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
                        "audit_failure=%d old=%d by auid=%u",
-                        audit_failure, old, loginuid);
+                        state, old, loginuid);
+        audit_failure = state;
        return old;
 }
@@ -437,25 +491,43 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                        return -EINVAL;
                status_get   = (struct audit_status *)data;
                if (status_get->mask & AUDIT_STATUS_ENABLED) {
-                        err = audit_set_enabled(status_get->enabled, loginuid);
+                        err = audit_set_enabled(status_get->enabled,
+                                                        loginuid, sid);
                        if (err < 0) return err;
                }
                if (status_get->mask & AUDIT_STATUS_FAILURE) {
-                        err = audit_set_failure(status_get->failure, loginuid);
+                        err = audit_set_failure(status_get->failure,
+                                                         loginuid, sid);
                        if (err < 0) return err;
                }
                if (status_get->mask & AUDIT_STATUS_PID) {
                        int old   = audit_pid;
+                        if (sid) {
+                                char *ctx = NULL;
+                                u32 len;
+                                int rc;
+                                if ((rc = selinux_ctxid_to_string(
+                                                sid, &ctx, &len)))
+                                        return rc;
+                                else
+                                        audit_log(NULL, GFP_KERNEL,
+                                                AUDIT_CONFIG_CHANGE,
+                                                "audit_pid=%d old=%d by auid=%u subj=%s",
+                                                status_get->pid, old,
+                                                loginuid, ctx);
+                                kfree(ctx);
+                        } else
+                                audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                                        "audit_pid=%d old=%d by auid=%u",
+                                          status_get->pid, old, loginuid);
                        audit_pid = status_get->pid;
-                        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
-                                "audit_pid=%d old=%d by auid=%u",
-                                  audit_pid, old, loginuid);
                }
                if (status_get->mask & AUDIT_STATUS_RATE_LIMIT)
-                        audit_set_rate_limit(status_get->rate_limit, loginuid);
+                        audit_set_rate_limit(status_get->rate_limit,
+                                                         loginuid, sid);
                if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT)
                        audit_set_backlog_limit(status_get->backlog_limit,
-                                                        loginuid);
+                                                        loginuid, sid);
                break;
        case AUDIT_USER:
        case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
@@ -477,7 +549,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                                        if (selinux_ctxid_to_string(
                                                        sid, &ctx, &len)) {
                                                audit_log_format(ab, 
-                                                        " subj=%u", sid);
+                                                        " ssid=%u", sid);
                                                /* Maybe call audit_panic? */
                                        } else
                                                audit_log_format(ab, 
@@ -499,7 +571,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
        case AUDIT_LIST:
                err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
                                           uid, seq, data, nlmsg_len(nlh),
-                                           loginuid);
+                                           loginuid, sid);
                break;
        case AUDIT_ADD_RULE:
        case AUDIT_DEL_RULE:
@@ -509,7 +581,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
        case AUDIT_LIST_RULES:
                err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
                                           uid, seq, data, nlmsg_len(nlh),
-                                           loginuid);
+                                           loginuid, sid);
                break;
        case AUDIT_SIGNAL_INFO:
                sig_data.uid = audit_sig_uid;
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 85a7862143a1..7c134906d689 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -586,9 +586,10 @@ static int audit_list_rules(void *_dest)
 * @data: payload data
 * @datasz: size of payload data
 * @loginuid: loginuid of sender
+ * @sid: SE Linux Security ID of sender
 */
 int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
-                         size_t datasz, uid_t loginuid)
+                         size_t datasz, uid_t loginuid, u32 sid)
 {
        struct task_struct *tsk;
        int *dest;
@@ -631,9 +632,23 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
                err = audit_add_rule(entry,
                                     &audit_filter_list[entry->rule.listnr]);
-                audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                if (sid) {
-                        "auid=%u add rule to list=%d res=%d\n",
+                        char *ctx = NULL;
-                        loginuid, entry->rule.listnr, !err);
+                        u32 len;
+                        if (selinux_ctxid_to_string(sid, &ctx, &len)) {
+                                /* Maybe call audit_panic? */
+                                audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                                 "auid=%u ssid=%u add rule to list=%d res=%d",
+                                 loginuid, sid, entry->rule.listnr, !err);
+                        } else
+                                audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                                 "auid=%u subj=%s add rule to list=%d res=%d",
+                                 loginuid, ctx, entry->rule.listnr, !err);
+                        kfree(ctx);
+                } else
+                        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                                "auid=%u add rule to list=%d res=%d",
+                                loginuid, entry->rule.listnr, !err);
                if (err)
                        audit_free_rule(entry);
@@ -649,9 +664,24 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
                err = audit_del_rule(entry,
                                     &audit_filter_list[entry->rule.listnr]);
-                audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
-                        "auid=%u remove rule from list=%d res=%d\n",
+                if (sid) {
-                        loginuid, entry->rule.listnr, !err);
+                        char *ctx = NULL;
+                        u32 len;
+                        if (selinux_ctxid_to_string(sid, &ctx, &len)) {
+                                /* Maybe call audit_panic? */
+                                audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                                        "auid=%u ssid=%u remove rule from list=%d res=%d",
+                                         loginuid, sid, entry->rule.listnr, !err);
+                        } else
+                                audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                                        "auid=%u subj=%s remove rule from list=%d res=%d",
+                                         loginuid, ctx, entry->rule.listnr, !err);
+                        kfree(ctx);
+                } else
+                        audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
+                                "auid=%u remove rule from list=%d res=%d",
+                                loginuid, entry->rule.listnr, !err);
                audit_free_rule(entry);
                break;
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index b4f7223811fe..d94e0404113c 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -637,7 +637,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
                                u32 len;
                                if (selinux_ctxid_to_string(
                                                axi->osid, &ctx, &len)) {
-                                        audit_log_format(ab, " obj=%u",
+                                        audit_log_format(ab, " osid=%u",
                                                        axi->osid);
                                        call_panic = 1;
                                } else
@@ -712,7 +712,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
                        u32 len;
                        if (selinux_ctxid_to_string(
                                context->names[i].osid, &ctx, &len)) {
-                                audit_log_format(ab, " obj=%u",
+                                audit_log_format(ab, " osid=%u",
                                                context->names[i].osid);
                                call_panic = 2;
                        } else
author	Steve Grubb <sgrubb@redhat.com>	2006-04-01 18:29:34 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	2006-05-01 06:10:01 -0400
commit	ce29b682e228c70cdc91a1b2935c5adb2087bab8 (patch)
tree	39e3e5b345748bec1c2d21962407689cdb1b7dab
parent	e7c3497013a7e5496ce3d5fd3c73b5cf5af7a56e (diff)

diff --git a/include/linux/audit.h b/include/linux/audit.h index 740f950397b7..d5c40823e166 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h
@@ -371,7 +371,7 @@ extern void audit_log_d_path(struct audit_buffer *ab,
371	extern int audit_filter_user(struct netlink_skb_parms *cb, int type);	371	extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
372	extern int audit_filter_type(int type);	372	extern int audit_filter_type(int type);
373	extern int audit_receive_filter(int type, int pid, int uid, int seq,	373	extern int audit_receive_filter(int type, int pid, int uid, int seq,
374	void *data, size_t datasz, uid_t loginuid);	374	void *data, size_t datasz, uid_t loginuid, u32 sid);
375	#else	375	#else
376	#define audit_log(c,g,t,f,...) do { ; } while (0)	376	#define audit_log(c,g,t,f,...) do { ; } while (0)
377	#define audit_log_start(c,g,t) ({ NULL; })	377	#define audit_log_start(c,g,t) ({ NULL; })


diff --git a/kernel/audit.c b/kernel/audit.c index 7ec9ccae1299..df57b493e1cb 100644 --- a/kernel/audit.c +++ b/kernel/audit.c
@@ -230,49 +230,103 @@ void audit_log_lost(const char *message)
230	}	230	}
231	}	231	}
232		232
233	static int audit_set_rate_limit(int limit, uid_t loginuid)	233	static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sid)
234	{	234	{
235	int old = audit_rate_limit;	235	int old = audit_rate_limit;
236	audit_rate_limit = limit;	236
237	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,	237	if (sid) {
		238	char *ctx = NULL;
		239	u32 len;
		240	int rc;
		241	if ((rc = selinux_ctxid_to_string(sid, &ctx, &len)))
		242	return rc;
		243	else
		244	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
		245	"audit_rate_limit=%d old=%d by auid=%u subj=%s",
		246	limit, old, loginuid, ctx);
		247	kfree(ctx);
		248	} else
		249	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
238	"audit_rate_limit=%d old=%d by auid=%u",	250	"audit_rate_limit=%d old=%d by auid=%u",
239	audit_rate_limit, old, loginuid);	251	limit, old, loginuid);
		252	audit_rate_limit = limit;
240	return old;	253	return old;
241	}	254	}
242		255
243	static int audit_set_backlog_limit(int limit, uid_t loginuid)	256	static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid)
244	{	257	{
245	int old = audit_backlog_limit;	258	int old = audit_backlog_limit;
246	audit_backlog_limit = limit;	259
247	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,	260	if (sid) {
		261	char *ctx = NULL;
		262	u32 len;
		263	int rc;
		264	if ((rc = selinux_ctxid_to_string(sid, &ctx, &len)))
		265	return rc;
		266	else
		267	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
		268	"audit_backlog_limit=%d old=%d by auid=%u subj=%s",
		269	limit, old, loginuid, ctx);
		270	kfree(ctx);
		271	} else
		272	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
248	"audit_backlog_limit=%d old=%d by auid=%u",	273	"audit_backlog_limit=%d old=%d by auid=%u",
249	audit_backlog_limit, old, loginuid);	274	limit, old, loginuid);
		275	audit_backlog_limit = limit;
250	return old;	276	return old;
251	}	277	}
252		278
253	static int audit_set_enabled(int state, uid_t loginuid)	279	static int audit_set_enabled(int state, uid_t loginuid, u32 sid)
254	{	280	{
255	int old = audit_enabled;	281	int old = audit_enabled;
		282
256	if (state != 0 && state != 1)	283	if (state != 0 && state != 1)
257	return -EINVAL;	284	return -EINVAL;
258	audit_enabled = state;	285
259	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,	286	if (sid) {
		287	char *ctx = NULL;
		288	u32 len;
		289	int rc;
		290	if ((rc = selinux_ctxid_to_string(sid, &ctx, &len)))
		291	return rc;
		292	else
		293	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
		294	"audit_enabled=%d old=%d by auid=%u subj=%s",
		295	state, old, loginuid, ctx);
		296	kfree(ctx);
		297	} else
		298	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
260	"audit_enabled=%d old=%d by auid=%u",	299	"audit_enabled=%d old=%d by auid=%u",
261	audit_enabled, old, loginuid);	300	state, old, loginuid);
		301	audit_enabled = state;
262	return old;	302	return old;
263	}	303	}
264		304
265	static int audit_set_failure(int state, uid_t loginuid)	305	static int audit_set_failure(int state, uid_t loginuid, u32 sid)
266	{	306	{
267	int old = audit_failure;	307	int old = audit_failure;
		308
268	if (state != AUDIT_FAIL_SILENT	309	if (state != AUDIT_FAIL_SILENT
269	&& state != AUDIT_FAIL_PRINTK	310	&& state != AUDIT_FAIL_PRINTK
270	&& state != AUDIT_FAIL_PANIC)	311	&& state != AUDIT_FAIL_PANIC)
271	return -EINVAL;	312	return -EINVAL;
272	audit_failure = state;	313
273	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,	314	if (sid) {
		315	char *ctx = NULL;
		316	u32 len;
		317	int rc;
		318	if ((rc = selinux_ctxid_to_string(sid, &ctx, &len)))
		319	return rc;
		320	else
		321	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
		322	"audit_failure=%d old=%d by auid=%u subj=%s",
		323	state, old, loginuid, ctx);
		324	kfree(ctx);
		325	} else
		326	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
274	"audit_failure=%d old=%d by auid=%u",	327	"audit_failure=%d old=%d by auid=%u",
275	audit_failure, old, loginuid);	328	state, old, loginuid);
		329	audit_failure = state;
276	return old;	330	return old;
277	}	331	}
278		332
@@ -437,25 +491,43 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
437	return -EINVAL;	491	return -EINVAL;
438	status_get = (struct audit_status *)data;	492	status_get = (struct audit_status *)data;
439	if (status_get->mask & AUDIT_STATUS_ENABLED) {	493	if (status_get->mask & AUDIT_STATUS_ENABLED) {
440	err = audit_set_enabled(status_get->enabled, loginuid);	494	err = audit_set_enabled(status_get->enabled,
		495	loginuid, sid);
441	if (err < 0) return err;	496	if (err < 0) return err;
442	}	497	}
443	if (status_get->mask & AUDIT_STATUS_FAILURE) {	498	if (status_get->mask & AUDIT_STATUS_FAILURE) {
444	err = audit_set_failure(status_get->failure, loginuid);	499	err = audit_set_failure(status_get->failure,
		500	loginuid, sid);
445	if (err < 0) return err;	501	if (err < 0) return err;
446	}	502	}
447	if (status_get->mask & AUDIT_STATUS_PID) {	503	if (status_get->mask & AUDIT_STATUS_PID) {
448	int old = audit_pid;	504	int old = audit_pid;
		505	if (sid) {
		506	char *ctx = NULL;
		507	u32 len;
		508	int rc;
		509	if ((rc = selinux_ctxid_to_string(
		510	sid, &ctx, &len)))
		511	return rc;
		512	else
		513	audit_log(NULL, GFP_KERNEL,
		514	AUDIT_CONFIG_CHANGE,
		515	"audit_pid=%d old=%d by auid=%u subj=%s",
		516	status_get->pid, old,
		517	loginuid, ctx);
		518	kfree(ctx);
		519	} else
		520	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
		521	"audit_pid=%d old=%d by auid=%u",
		522	status_get->pid, old, loginuid);
449	audit_pid = status_get->pid;	523	audit_pid = status_get->pid;
450	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
451	"audit_pid=%d old=%d by auid=%u",
452	audit_pid, old, loginuid);
453	}	524	}
454	if (status_get->mask & AUDIT_STATUS_RATE_LIMIT)	525	if (status_get->mask & AUDIT_STATUS_RATE_LIMIT)
455	audit_set_rate_limit(status_get->rate_limit, loginuid);	526	audit_set_rate_limit(status_get->rate_limit,
		527	loginuid, sid);
456	if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT)	528	if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT)
457	audit_set_backlog_limit(status_get->backlog_limit,	529	audit_set_backlog_limit(status_get->backlog_limit,
458	loginuid);	530	loginuid, sid);
459	break;	531	break;
460	case AUDIT_USER:	532	case AUDIT_USER:
461	case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:	533	case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
@@ -477,7 +549,7 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
477	if (selinux_ctxid_to_string(	549	if (selinux_ctxid_to_string(
478	sid, &ctx, &len)) {	550	sid, &ctx, &len)) {
479	audit_log_format(ab,	551	audit_log_format(ab,
480	" subj=%u", sid);	552	" ssid=%u", sid);
481	/* Maybe call audit_panic? */	553	/* Maybe call audit_panic? */
482	} else	554	} else
483	audit_log_format(ab,	555	audit_log_format(ab,
@@ -499,7 +571,7 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
499	case AUDIT_LIST:	571	case AUDIT_LIST:
500	err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,	572	err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
501	uid, seq, data, nlmsg_len(nlh),	573	uid, seq, data, nlmsg_len(nlh),
502	loginuid);	574	loginuid, sid);
503	break;	575	break;
504	case AUDIT_ADD_RULE:	576	case AUDIT_ADD_RULE:
505	case AUDIT_DEL_RULE:	577	case AUDIT_DEL_RULE:
@@ -509,7 +581,7 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)
509	case AUDIT_LIST_RULES:	581	case AUDIT_LIST_RULES:
510	err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,	582	err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
511	uid, seq, data, nlmsg_len(nlh),	583	uid, seq, data, nlmsg_len(nlh),
512	loginuid);	584	loginuid, sid);
513	break;	585	break;
514	case AUDIT_SIGNAL_INFO:	586	case AUDIT_SIGNAL_INFO:
515	sig_data.uid = audit_sig_uid;	587	sig_data.uid = audit_sig_uid;


diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 85a7862143a1..7c134906d689 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c
@@ -586,9 +586,10 @@ static int audit_list_rules(void *_dest)
586	* @data: payload data	586	* @data: payload data
587	* @datasz: size of payload data	587	* @datasz: size of payload data
588	* @loginuid: loginuid of sender	588	* @loginuid: loginuid of sender
		589	* @sid: SE Linux Security ID of sender
589	*/	590	*/
590	int audit_receive_filter(int type, int pid, int uid, int seq, void *data,	591	int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
591	size_t datasz, uid_t loginuid)	592	size_t datasz, uid_t loginuid, u32 sid)
592	{	593	{
593	struct task_struct *tsk;	594	struct task_struct *tsk;
594	int *dest;	595	int *dest;
@@ -631,9 +632,23 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
631		632
632	err = audit_add_rule(entry,	633	err = audit_add_rule(entry,
633	&audit_filter_list[entry->rule.listnr]);	634	&audit_filter_list[entry->rule.listnr]);
634	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,	635	if (sid) {
635	"auid=%u add rule to list=%d res=%d\n",	636	char *ctx = NULL;
636	loginuid, entry->rule.listnr, !err);	637	u32 len;
		638	if (selinux_ctxid_to_string(sid, &ctx, &len)) {
		639	/* Maybe call audit_panic? */
		640	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
		641	"auid=%u ssid=%u add rule to list=%d res=%d",
		642	loginuid, sid, entry->rule.listnr, !err);
		643	} else
		644	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
		645	"auid=%u subj=%s add rule to list=%d res=%d",
		646	loginuid, ctx, entry->rule.listnr, !err);
		647	kfree(ctx);
		648	} else
		649	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
		650	"auid=%u add rule to list=%d res=%d",
		651	loginuid, entry->rule.listnr, !err);
637		652
638	if (err)	653	if (err)
639	audit_free_rule(entry);	654	audit_free_rule(entry);
@@ -649,9 +664,24 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
649		664
650	err = audit_del_rule(entry,	665	err = audit_del_rule(entry,
651	&audit_filter_list[entry->rule.listnr]);	666	&audit_filter_list[entry->rule.listnr]);
652	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,	667
653	"auid=%u remove rule from list=%d res=%d\n",	668	if (sid) {
654	loginuid, entry->rule.listnr, !err);	669	char *ctx = NULL;
		670	u32 len;
		671	if (selinux_ctxid_to_string(sid, &ctx, &len)) {
		672	/* Maybe call audit_panic? */
		673	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
		674	"auid=%u ssid=%u remove rule from list=%d res=%d",
		675	loginuid, sid, entry->rule.listnr, !err);
		676	} else
		677	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
		678	"auid=%u subj=%s remove rule from list=%d res=%d",
		679	loginuid, ctx, entry->rule.listnr, !err);
		680	kfree(ctx);
		681	} else
		682	audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
		683	"auid=%u remove rule from list=%d res=%d",
		684	loginuid, entry->rule.listnr, !err);
655		685
656	audit_free_rule(entry);	686	audit_free_rule(entry);
657	break;	687	break;


diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b4f7223811fe..d94e0404113c 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c
@@ -637,7 +637,7 @@ static void audit_log_exit(struct audit_context context, struct task_struct ts
637	u32 len;	637	u32 len;
638	if (selinux_ctxid_to_string(	638	if (selinux_ctxid_to_string(
639	axi->osid, &ctx, &len)) {	639	axi->osid, &ctx, &len)) {
640	audit_log_format(ab, " obj=%u",	640	audit_log_format(ab, " osid=%u",
641	axi->osid);	641	axi->osid);
642	call_panic = 1;	642	call_panic = 1;
643	} else	643	} else
@@ -712,7 +712,7 @@ static void audit_log_exit(struct audit_context context, struct task_struct ts
712	u32 len;	712	u32 len;
713	if (selinux_ctxid_to_string(	713	if (selinux_ctxid_to_string(
714	context->names[i].osid, &ctx, &len)) {	714	context->names[i].osid, &ctx, &len)) {
715	audit_log_format(ab, " obj=%u",	715	audit_log_format(ab, " osid=%u",
716	context->names[i].osid);	716	context->names[i].osid);
717	call_panic = 2;	717	call_panic = 2;
718	} else	718	} else