Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit: (29 commits) audit: no leading space in audit_log_d_path prefix audit: treat s_id as an untrusted string audit: fix signedness bug in audit_log_execve_info() audit: comparison on interprocess fields audit: implement all object interfield comparisons audit: allow interfield comparison between gid and ogid audit: complex interfield comparison helper audit: allow interfield comparison in audit rules Kernel: Audit Support For The ARM Platform audit: do not call audit_getname on error audit: only allow tasks to set their loginuid if it is -1 audit: remove task argument to audit_set_loginuid audit: allow audit matching on inode gid audit: allow matching on obj_uid audit: remove audit_finish_fork as it can't be called audit: reject entry,always rules audit: inline audit_free to simplify the look of generic code audit: drop audit_set_macxattr as it doesn't do anything audit: inline checks for not needing to collect aux records audit: drop some potentially inadvisable likely notations ... Use evil merge to fix up grammar mistakes in Kconfig file. Bad speling and horrible grammar (and copious swearing) is to be expected, but let's keep it to commit messages and comments, rather than expose it to users in config help texts or printouts.
author: Linus Torvalds <torvalds@linux-foundation.org> 2012-01-17 19:06:51 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2012-01-17 19:41:31 -0500
commit: f429ee3b808118591d1f3cdf3c0d0793911a5677 (patch)
tree: 96d848f5f677d96758ecd2aee5eb6931b75bf218 /include/linux
parent: 22b4eb5e3174efb49791c62823d0cccc35394c36 (diff)
parent: c158a35c8a681cf68d36f22f058f9f5466386c71 (diff)
2 files changed, 106 insertions, 20 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 426ab9f4dd85..9ff7a2c48b50 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -26,6 +26,7 @@
 #include <linux/types.h>
 #include <linux/elf-em.h>
+#include <linux/ptrace.h>
 /* The netlink messages for the audit system is divided into blocks:
 * 1000 - 1099 are for commanding the audit system
@@ -181,6 +182,40 @@
 * AUDIT_UNUSED_BITS is updated if need be. */
 #define AUDIT_UNUSED_BITS       0x07FFFC00
+/* AUDIT_FIELD_COMPARE rule list */
+#define AUDIT_COMPARE_UID_TO_OBJ_UID    1
+#define AUDIT_COMPARE_GID_TO_OBJ_GID    2
+#define AUDIT_COMPARE_EUID_TO_OBJ_UID   3
+#define AUDIT_COMPARE_EGID_TO_OBJ_GID   4
+#define AUDIT_COMPARE_AUID_TO_OBJ_UID   5
+#define AUDIT_COMPARE_SUID_TO_OBJ_UID   6
+#define AUDIT_COMPARE_SGID_TO_OBJ_GID   7
+#define AUDIT_COMPARE_FSUID_TO_OBJ_UID  8
+#define AUDIT_COMPARE_FSGID_TO_OBJ_GID  9
+#define AUDIT_COMPARE_UID_TO_AUID       10
+#define AUDIT_COMPARE_UID_TO_EUID       11
+#define AUDIT_COMPARE_UID_TO_FSUID      12
+#define AUDIT_COMPARE_UID_TO_SUID       13
+#define AUDIT_COMPARE_AUID_TO_FSUID     14
+#define AUDIT_COMPARE_AUID_TO_SUID      15
+#define AUDIT_COMPARE_AUID_TO_EUID      16
+#define AUDIT_COMPARE_EUID_TO_SUID      17
+#define AUDIT_COMPARE_EUID_TO_FSUID     18
+#define AUDIT_COMPARE_SUID_TO_FSUID     19
+#define AUDIT_COMPARE_GID_TO_EGID       20
+#define AUDIT_COMPARE_GID_TO_FSGID      21
+#define AUDIT_COMPARE_GID_TO_SGID       22
+#define AUDIT_COMPARE_EGID_TO_FSGID     23
+#define AUDIT_COMPARE_EGID_TO_SGID      24
+#define AUDIT_COMPARE_SGID_TO_FSGID     25
+#define AUDIT_MAX_FIELD_COMPARE         AUDIT_COMPARE_SGID_TO_FSGID
 /* Rule fields */
                                /* These are useful when checking the
@@ -222,6 +257,9 @@
 #define AUDIT_PERM      106
 #define AUDIT_DIR       107
 #define AUDIT_FILETYPE  108
+#define AUDIT_OBJ_UID   109
+#define AUDIT_OBJ_GID   110
+#define AUDIT_FIELD_COMPARE     111
 #define AUDIT_ARG0      200
 #define AUDIT_ARG1      (AUDIT_ARG0+1)
@@ -408,28 +446,24 @@ struct audit_field {
        void                            *lsm_rule;
 };
-#define AUDITSC_INVALID 0
-#define AUDITSC_SUCCESS 1
-#define AUDITSC_FAILURE 2
-#define AUDITSC_RESULT(x) ( ((long)(x))<0?AUDITSC_FAILURE:AUDITSC_SUCCESS )
 extern int __init audit_register_class(int class, unsigned *list);
 extern int audit_classify_syscall(int abi, unsigned syscall);
 extern int audit_classify_arch(int arch);
 #ifdef CONFIG_AUDITSYSCALL
 /* These are defined in auditsc.c */
                                /* Public API */
-extern void audit_finish_fork(struct task_struct *child);
 extern int  audit_alloc(struct task_struct *task);
-extern void audit_free(struct task_struct *task);
+extern void __audit_free(struct task_struct *task);
-extern void audit_syscall_entry(int arch,
+extern void __audit_syscall_entry(int arch,
-                                int major, unsigned long a0, unsigned long a1,
+                                  int major, unsigned long a0, unsigned long a1,
-                                unsigned long a2, unsigned long a3);
+                                  unsigned long a2, unsigned long a3);
-extern void audit_syscall_exit(int failed, long return_code);
+extern void __audit_syscall_exit(int ret_success, long ret_value);
 extern void __audit_getname(const char *name);
 extern void audit_putname(const char *name);
 extern void __audit_inode(const char *name, const struct dentry *dentry);
 extern void __audit_inode_child(const struct dentry *dentry,
                                const struct inode *parent);
+extern void __audit_seccomp(unsigned long syscall);
 extern void __audit_ptrace(struct task_struct *t);
 static inline int audit_dummy_context(void)
@@ -437,6 +471,27 @@ static inline int audit_dummy_context(void)
        void *p = current->audit_context;
        return !p || *(int *)p;
 }
+static inline void audit_free(struct task_struct *task)
+{
+        if (unlikely(task->audit_context))
+                __audit_free(task);
+}
+static inline void audit_syscall_entry(int arch, int major, unsigned long a0,
+                                       unsigned long a1, unsigned long a2,
+                                       unsigned long a3)
+{
+        if (unlikely(!audit_dummy_context()))
+                __audit_syscall_entry(arch, major, a0, a1, a2, a3);
+}
+static inline void audit_syscall_exit(void *pt_regs)
+{
+        if (unlikely(current->audit_context)) {
+                int success = is_syscall_success(pt_regs);
+                int return_code = regs_return_value(pt_regs);
+                __audit_syscall_exit(success, return_code);
+        }
+}
 static inline void audit_getname(const char *name)
 {
        if (unlikely(!audit_dummy_context()))
@@ -453,6 +508,12 @@ static inline void audit_inode_child(const struct dentry *dentry,
 }
 void audit_core_dumps(long signr);
+static inline void audit_seccomp(unsigned long syscall)
+{
+        if (unlikely(!audit_dummy_context()))
+                __audit_seccomp(syscall);
+}
 static inline void audit_ptrace(struct task_struct *t)
 {
        if (unlikely(!audit_dummy_context()))
@@ -463,17 +524,16 @@ static inline void audit_ptrace(struct task_struct *t)
 extern unsigned int audit_serial(void);
 extern int auditsc_get_stamp(struct audit_context *ctx,
                              struct timespec *t, unsigned int *serial);
-extern int  audit_set_loginuid(struct task_struct *task, uid_t loginuid);
+extern int  audit_set_loginuid(uid_t loginuid);
 #define audit_get_loginuid(t) ((t)->loginuid)
 #define audit_get_sessionid(t) ((t)->sessionid)
 extern void audit_log_task_context(struct audit_buffer *ab);
 extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
 extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
-extern int audit_bprm(struct linux_binprm *bprm);
+extern int __audit_bprm(struct linux_binprm *bprm);
-extern void audit_socketcall(int nargs, unsigned long *args);
+extern void __audit_socketcall(int nargs, unsigned long *args);
-extern int audit_sockaddr(int len, void *addr);
+extern int __audit_sockaddr(int len, void *addr);
 extern void __audit_fd_pair(int fd1, int fd2);
-extern int audit_set_macxattr(const char *name);
 extern void __audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr);
 extern void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec *abs_timeout);
 extern void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification);
@@ -499,6 +559,23 @@ static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid
        if (unlikely(!audit_dummy_context()))
                __audit_ipc_set_perm(qbytes, uid, gid, mode);
 }
+static inline int audit_bprm(struct linux_binprm *bprm)
+{
+        if (unlikely(!audit_dummy_context()))
+                return __audit_bprm(bprm);
+        return 0;
+}
+static inline void audit_socketcall(int nargs, unsigned long *args)
+{
+        if (unlikely(!audit_dummy_context()))
+                __audit_socketcall(nargs, args);
+}
+static inline int audit_sockaddr(int len, void *addr)
+{
+        if (unlikely(!audit_dummy_context()))
+                return __audit_sockaddr(len, addr);
+        return 0;
+}
 static inline void audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr)
 {
        if (unlikely(!audit_dummy_context()))
@@ -544,12 +621,11 @@ static inline void audit_mmap_fd(int fd, int flags)
 extern int audit_n_rules;
 extern int audit_signals;
-#else
+#else /* CONFIG_AUDITSYSCALL */
-#define audit_finish_fork(t)
 #define audit_alloc(t) ({ 0; })
 #define audit_free(t) do { ; } while (0)
 #define audit_syscall_entry(ta,a,b,c,d,e) do { ; } while (0)
-#define audit_syscall_exit(f,r) do { ; } while (0)
+#define audit_syscall_exit(r) do { ; } while (0)
 #define audit_dummy_context() 1
 #define audit_getname(n) do { ; } while (0)
 #define audit_putname(n) do { ; } while (0)
@@ -558,6 +634,7 @@ extern int audit_signals;
 #define audit_inode(n,d) do { (void)(d); } while (0)
 #define audit_inode_child(i,p) do { ; } while (0)
 #define audit_core_dumps(i) do { ; } while (0)
+#define audit_seccomp(i) do { ; } while (0)
 #define auditsc_get_stamp(c,t,s) (0)
 #define audit_get_loginuid(t) (-1)
 #define audit_get_sessionid(t) (-1)
@@ -568,7 +645,6 @@ extern int audit_signals;
 #define audit_socketcall(n,a) ((void)0)
 #define audit_fd_pair(n,a) ((void)0)
 #define audit_sockaddr(len, addr) ({ 0; })
-#define audit_set_macxattr(n) do { ; } while (0)
 #define audit_mq_open(o,m,a) ((void)0)
 #define audit_mq_sendrecv(d,l,p,t) ((void)0)
 #define audit_mq_notify(d,n) ((void)0)
@@ -579,7 +655,7 @@ extern int audit_signals;
 #define audit_ptrace(t) ((void)0)
 #define audit_n_rules 0
 #define audit_signals 0
-#endif
+#endif /* CONFIG_AUDITSYSCALL */
 #ifdef CONFIG_AUDIT
 /* These are defined in audit.c */
diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h
index a27e56ca41a4..c2f1f6a5fcb8 100644
--- a/include/linux/ptrace.h
+++ b/include/linux/ptrace.h
@@ -112,6 +112,7 @@
 #include <linux/compiler.h>             /* For unlikely.  */
 #include <linux/sched.h>                /* For struct task_struct.  */
+#include <linux/err.h>                  /* for IS_ERR_VALUE */
 extern long arch_ptrace(struct task_struct *child, long request,
@@ -266,6 +267,15 @@ static inline void ptrace_release_task(struct task_struct *task)
 #define force_successful_syscall_return() do { } while (0)
 #endif
+#ifndef is_syscall_success
+/*
+ * On most systems we can tell if a syscall is a success based on if the retval
+ * is an error value.  On some systems like ia64 and powerpc they have different
+ * indicators of success/failure and must define their own.
+ */
+#define is_syscall_success(regs) (!IS_ERR_VALUE((unsigned long)(regs_return_value(regs))))
+#endif
 /*
 * <asm/ptrace.h> should define the following things inside #ifdef __KERNEL__.
 *
author	Linus Torvalds <torvalds@linux-foundation.org>	2012-01-17 19:06:51 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2012-01-17 19:41:31 -0500
commit	f429ee3b808118591d1f3cdf3c0d0793911a5677 (patch)
tree	96d848f5f677d96758ecd2aee5eb6931b75bf218 /include/linux
parent	22b4eb5e3174efb49791c62823d0cccc35394c36 (diff)
parent	c158a35c8a681cf68d36f22f058f9f5466386c71 (diff)