arm64: audit: Add audit hook in syscall_trace_enter/exit()

This patch adds auditing functions on entry to or exit from
every system call invocation.

Acked-by: Richard Guy Briggs <rgb@redhat.com>
Acked-by Will Deacon <will.deacon@arm.com>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>

1 files changed, 7 insertions, 0 deletions

diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c
index 9fde010c945f..70526cfda056 100644
--- a/arch/arm64/kernel/ptrace.c
+++ b/arch/arm64/kernel/ptrace.c
@@ -19,6 +19,7 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+#include <linux/audit.h>
 #include <linux/compat.h>
 #include <linux/kernel.h>
 #include <linux/sched.h>
@@ -39,6 +40,7 @@
 #include <asm/compat.h>
 #include <asm/debug-monitors.h>
 #include <asm/pgtable.h>
+#include <asm/syscall.h>
 #include <asm/traps.h>
 #include <asm/system_misc.h>
 
@@ -1113,11 +1115,16 @@ asmlinkage int syscall_trace_enter(struct pt_regs *regs)
         if (test_thread_flag(TIF_SYSCALL_TRACEPOINT))
                 trace_sys_enter(regs, regs->syscallno);
 
+        audit_syscall_entry(syscall_get_arch(), regs->syscallno,
+                regs->orig_x0, regs->regs[1], regs->regs[2], regs->regs[3]);
+
         return regs->syscallno;
 }
 
 asmlinkage void syscall_trace_exit(struct pt_regs *regs)
 {
+        audit_syscall_exit(regs);
+
         if (test_thread_flag(TIF_SYSCALL_TRACEPOINT))
                 trace_sys_exit(regs, regs_return_value(regs));