diff options
author | Eric Paris <eparis@redhat.com> | 2013-04-19 13:56:11 -0400 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2013-04-30 15:31:28 -0400 |
commit | 152f497b9b5940f81de3205465840a5eb316458e (patch) | |
tree | fb226da0e460bb912350478cbbb87b24a6343d31 /drivers/tty | |
parent | dc9eb698f441889f2d7926b1cc6f1e14f0787f00 (diff) |
audit: push loginuid and sessionid processing down
Since we are always current, we can push a lot of this stuff to the
bottom and get rid of useless interfaces and arguments.
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'drivers/tty')
-rw-r--r-- | drivers/tty/tty_audit.c | 72 |
1 files changed, 24 insertions, 48 deletions
diff --git a/drivers/tty/tty_audit.c b/drivers/tty/tty_audit.c index 1e4e9f30ea09..ea2e5ad71731 100644 --- a/drivers/tty/tty_audit.c +++ b/drivers/tty/tty_audit.c | |||
@@ -60,24 +60,22 @@ static void tty_audit_buf_put(struct tty_audit_buf *buf) | |||
60 | tty_audit_buf_free(buf); | 60 | tty_audit_buf_free(buf); |
61 | } | 61 | } |
62 | 62 | ||
63 | static void tty_audit_log(const char *description, struct task_struct *tsk, | 63 | static void tty_audit_log(const char *description, int major, int minor, |
64 | kuid_t loginuid, unsigned sessionid, int major, | 64 | unsigned char *data, size_t size) |
65 | int minor, unsigned char *data, size_t size) | ||
66 | { | 65 | { |
67 | struct audit_buffer *ab; | 66 | struct audit_buffer *ab; |
67 | struct task_struct *tsk = current; | ||
68 | uid_t uid = from_kuid(&init_user_ns, task_uid(tsk)); | ||
69 | uid_t loginuid = from_kuid(&init_user_ns, audit_get_loginuid(tsk)); | ||
70 | u32 sessionid = audit_get_sessionid(tsk); | ||
68 | 71 | ||
69 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY); | 72 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY); |
70 | if (ab) { | 73 | if (ab) { |
71 | char name[sizeof(tsk->comm)]; | 74 | char name[sizeof(tsk->comm)]; |
72 | kuid_t uid = task_uid(tsk); | 75 | |
73 | 76 | audit_log_format(ab, "%s pid=%u uid=%u auid=%u ses=%u major=%d" | |
74 | audit_log_format(ab, "%s pid=%u uid=%u auid=%u ses=%u " | 77 | " minor=%d comm=", description, tsk->pid, uid, |
75 | "major=%d minor=%d comm=", description, | 78 | loginuid, sessionid, major, minor); |
76 | tsk->pid, | ||
77 | from_kuid(&init_user_ns, uid), | ||
78 | from_kuid(&init_user_ns, loginuid), | ||
79 | sessionid, | ||
80 | major, minor); | ||
81 | get_task_comm(name, tsk); | 79 | get_task_comm(name, tsk); |
82 | audit_log_untrustedstring(ab, name); | 80 | audit_log_untrustedstring(ab, name); |
83 | audit_log_format(ab, " data="); | 81 | audit_log_format(ab, " data="); |
@@ -90,11 +88,9 @@ static void tty_audit_log(const char *description, struct task_struct *tsk, | |||
90 | * tty_audit_buf_push - Push buffered data out | 88 | * tty_audit_buf_push - Push buffered data out |
91 | * | 89 | * |
92 | * Generate an audit message from the contents of @buf, which is owned by | 90 | * Generate an audit message from the contents of @buf, which is owned by |
93 | * @tsk with @loginuid. @buf->mutex must be locked. | 91 | * the current task. @buf->mutex must be locked. |
94 | */ | 92 | */ |
95 | static void tty_audit_buf_push(struct task_struct *tsk, kuid_t loginuid, | 93 | static void tty_audit_buf_push(struct tty_audit_buf *buf) |
96 | unsigned int sessionid, | ||
97 | struct tty_audit_buf *buf) | ||
98 | { | 94 | { |
99 | if (buf->valid == 0) | 95 | if (buf->valid == 0) |
100 | return; | 96 | return; |
@@ -102,25 +98,11 @@ static void tty_audit_buf_push(struct task_struct *tsk, kuid_t loginuid, | |||
102 | buf->valid = 0; | 98 | buf->valid = 0; |
103 | return; | 99 | return; |
104 | } | 100 | } |
105 | tty_audit_log("tty", tsk, loginuid, sessionid, buf->major, buf->minor, | 101 | tty_audit_log("tty", buf->major, buf->minor, buf->data, buf->valid); |
106 | buf->data, buf->valid); | ||
107 | buf->valid = 0; | 102 | buf->valid = 0; |
108 | } | 103 | } |
109 | 104 | ||
110 | /** | 105 | /** |
111 | * tty_audit_buf_push_current - Push buffered data out | ||
112 | * | ||
113 | * Generate an audit message from the contents of @buf, which is owned by | ||
114 | * the current task. @buf->mutex must be locked. | ||
115 | */ | ||
116 | static void tty_audit_buf_push_current(struct tty_audit_buf *buf) | ||
117 | { | ||
118 | kuid_t auid = audit_get_loginuid(current); | ||
119 | unsigned int sessionid = audit_get_sessionid(current); | ||
120 | tty_audit_buf_push(current, auid, sessionid, buf); | ||
121 | } | ||
122 | |||
123 | /** | ||
124 | * tty_audit_exit - Handle a task exit | 106 | * tty_audit_exit - Handle a task exit |
125 | * | 107 | * |
126 | * Make sure all buffered data is written out and deallocate the buffer. | 108 | * Make sure all buffered data is written out and deallocate the buffer. |
@@ -138,7 +120,7 @@ void tty_audit_exit(void) | |||
138 | return; | 120 | return; |
139 | 121 | ||
140 | mutex_lock(&buf->mutex); | 122 | mutex_lock(&buf->mutex); |
141 | tty_audit_buf_push_current(buf); | 123 | tty_audit_buf_push(buf); |
142 | mutex_unlock(&buf->mutex); | 124 | mutex_unlock(&buf->mutex); |
143 | 125 | ||
144 | tty_audit_buf_put(buf); | 126 | tty_audit_buf_put(buf); |
@@ -176,7 +158,7 @@ void tty_audit_tiocsti(struct tty_struct *tty, char ch) | |||
176 | if (buf) { | 158 | if (buf) { |
177 | mutex_lock(&buf->mutex); | 159 | mutex_lock(&buf->mutex); |
178 | if (buf->major == major && buf->minor == minor) | 160 | if (buf->major == major && buf->minor == minor) |
179 | tty_audit_buf_push_current(buf); | 161 | tty_audit_buf_push(buf); |
180 | mutex_unlock(&buf->mutex); | 162 | mutex_unlock(&buf->mutex); |
181 | tty_audit_buf_put(buf); | 163 | tty_audit_buf_put(buf); |
182 | } | 164 | } |
@@ -187,27 +169,21 @@ void tty_audit_tiocsti(struct tty_struct *tty, char ch) | |||
187 | 169 | ||
188 | auid = audit_get_loginuid(current); | 170 | auid = audit_get_loginuid(current); |
189 | sessionid = audit_get_sessionid(current); | 171 | sessionid = audit_get_sessionid(current); |
190 | tty_audit_log("ioctl=TIOCSTI", current, auid, sessionid, major, | 172 | tty_audit_log("ioctl=TIOCSTI", major, minor, &ch, 1); |
191 | minor, &ch, 1); | ||
192 | } | 173 | } |
193 | } | 174 | } |
194 | 175 | ||
195 | /** | 176 | /** |
196 | * tty_audit_push_task - Flush task's pending audit data | 177 | * tty_audit_push_current - Flush current's pending audit data |
197 | * @tsk: task pointer | ||
198 | * @loginuid: sender login uid | ||
199 | * @sessionid: sender session id | ||
200 | * | 178 | * |
201 | * Called with a ref on @tsk held. Try to lock sighand and get a | 179 | * Try to lock sighand and get a reference to the tty audit buffer if available. |
202 | * reference to the tty audit buffer if available. | ||
203 | * Flush the buffer or return an appropriate error code. | 180 | * Flush the buffer or return an appropriate error code. |
204 | */ | 181 | */ |
205 | int tty_audit_push_task(struct task_struct *tsk) | 182 | int tty_audit_push_current(void) |
206 | { | 183 | { |
207 | struct tty_audit_buf *buf = ERR_PTR(-EPERM); | 184 | struct tty_audit_buf *buf = ERR_PTR(-EPERM); |
185 | struct task_struct *tsk = current; | ||
208 | unsigned long flags; | 186 | unsigned long flags; |
209 | kuid_t loginuid = audit_get_loginuid(tsk); | ||
210 | u32 sessionid = audit_get_sessionid(tsk); | ||
211 | 187 | ||
212 | if (!lock_task_sighand(tsk, &flags)) | 188 | if (!lock_task_sighand(tsk, &flags)) |
213 | return -ESRCH; | 189 | return -ESRCH; |
@@ -227,7 +203,7 @@ int tty_audit_push_task(struct task_struct *tsk) | |||
227 | return PTR_ERR(buf); | 203 | return PTR_ERR(buf); |
228 | 204 | ||
229 | mutex_lock(&buf->mutex); | 205 | mutex_lock(&buf->mutex); |
230 | tty_audit_buf_push(tsk, loginuid, sessionid, buf); | 206 | tty_audit_buf_push(buf); |
231 | mutex_unlock(&buf->mutex); | 207 | mutex_unlock(&buf->mutex); |
232 | 208 | ||
233 | tty_audit_buf_put(buf); | 209 | tty_audit_buf_put(buf); |
@@ -311,7 +287,7 @@ void tty_audit_add_data(struct tty_struct *tty, unsigned char *data, | |||
311 | minor = tty->driver->minor_start + tty->index; | 287 | minor = tty->driver->minor_start + tty->index; |
312 | if (buf->major != major || buf->minor != minor | 288 | if (buf->major != major || buf->minor != minor |
313 | || buf->icanon != icanon) { | 289 | || buf->icanon != icanon) { |
314 | tty_audit_buf_push_current(buf); | 290 | tty_audit_buf_push(buf); |
315 | buf->major = major; | 291 | buf->major = major; |
316 | buf->minor = minor; | 292 | buf->minor = minor; |
317 | buf->icanon = icanon; | 293 | buf->icanon = icanon; |
@@ -327,7 +303,7 @@ void tty_audit_add_data(struct tty_struct *tty, unsigned char *data, | |||
327 | data += run; | 303 | data += run; |
328 | size -= run; | 304 | size -= run; |
329 | if (buf->valid == N_TTY_BUF_SIZE) | 305 | if (buf->valid == N_TTY_BUF_SIZE) |
330 | tty_audit_buf_push_current(buf); | 306 | tty_audit_buf_push(buf); |
331 | } while (size != 0); | 307 | } while (size != 0); |
332 | mutex_unlock(&buf->mutex); | 308 | mutex_unlock(&buf->mutex); |
333 | tty_audit_buf_put(buf); | 309 | tty_audit_buf_put(buf); |
@@ -359,7 +335,7 @@ void tty_audit_push(struct tty_struct *tty) | |||
359 | minor = tty->driver->minor_start + tty->index; | 335 | minor = tty->driver->minor_start + tty->index; |
360 | mutex_lock(&buf->mutex); | 336 | mutex_lock(&buf->mutex); |
361 | if (buf->major == major && buf->minor == minor) | 337 | if (buf->major == major && buf->minor == minor) |
362 | tty_audit_buf_push_current(buf); | 338 | tty_audit_buf_push(buf); |
363 | mutex_unlock(&buf->mutex); | 339 | mutex_unlock(&buf->mutex); |
364 | tty_audit_buf_put(buf); | 340 | tty_audit_buf_put(buf); |
365 | } | 341 | } |