aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2009-01-04 19:32:11 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2009-01-04 19:32:11 -0500
commitfe0bdec68b77020281dc814805edfe594ae89e0f (patch)
treeaeef34a49594cb0478b1104b58ba2dc933c481c5 /include/linux
parent099e657625e801adf82054c8050dde5aceb68452 (diff)
parent5af75d8d58d0f9f7b7c0515b35786b22892d5f12 (diff)
Merge branch 'audit.b61' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b61' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: audit: validate comparison operations, store them in sane form clean up audit_rule_{add,del} a bit make sure that filterkey of task,always rules is reported audit rules ordering, part 2 fixing audit rule ordering mess, part 1 audit_update_lsm_rules() misses the audit_inode_hash[] ones sanitize audit_log_capset() sanitize audit_fd_pair() sanitize audit_mq_open() sanitize AUDIT_MQ_SENDRECV sanitize audit_mq_notify() sanitize audit_mq_getsetattr() sanitize audit_ipc_set_perm() sanitize audit_ipc_obj() sanitize audit_socketcall don't reallocate buffer in every audit_sockaddr()
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/audit.h98
1 files changed, 48 insertions, 50 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 26c4f6f65a46..67e5dbfc2961 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -247,6 +247,18 @@
247#define AUDIT_GREATER_THAN_OR_EQUAL (AUDIT_GREATER_THAN|AUDIT_EQUAL) 247#define AUDIT_GREATER_THAN_OR_EQUAL (AUDIT_GREATER_THAN|AUDIT_EQUAL)
248#define AUDIT_OPERATORS (AUDIT_EQUAL|AUDIT_NOT_EQUAL|AUDIT_BIT_MASK) 248#define AUDIT_OPERATORS (AUDIT_EQUAL|AUDIT_NOT_EQUAL|AUDIT_BIT_MASK)
249 249
250enum {
251 Audit_equal,
252 Audit_not_equal,
253 Audit_bitmask,
254 Audit_bittest,
255 Audit_lt,
256 Audit_gt,
257 Audit_le,
258 Audit_ge,
259 Audit_bad
260};
261
250/* Status symbols */ 262/* Status symbols */
251 /* Mask values */ 263 /* Mask values */
252#define AUDIT_STATUS_ENABLED 0x0001 264#define AUDIT_STATUS_ENABLED 0x0001
@@ -373,6 +385,8 @@ struct audit_krule {
373 struct audit_watch *watch; /* associated watch */ 385 struct audit_watch *watch; /* associated watch */
374 struct audit_tree *tree; /* associated watched tree */ 386 struct audit_tree *tree; /* associated watched tree */
375 struct list_head rlist; /* entry in audit_{watch,tree}.rules list */ 387 struct list_head rlist; /* entry in audit_{watch,tree}.rules list */
388 struct list_head list; /* for AUDIT_LIST* purposes only */
389 u64 prio;
376}; 390};
377 391
378struct audit_field { 392struct audit_field {
@@ -443,70 +457,56 @@ extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid);
443#define audit_get_loginuid(t) ((t)->loginuid) 457#define audit_get_loginuid(t) ((t)->loginuid)
444#define audit_get_sessionid(t) ((t)->sessionid) 458#define audit_get_sessionid(t) ((t)->sessionid)
445extern void audit_log_task_context(struct audit_buffer *ab); 459extern void audit_log_task_context(struct audit_buffer *ab);
446extern int __audit_ipc_obj(struct kern_ipc_perm *ipcp); 460extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
447extern int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); 461extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode);
448extern int audit_bprm(struct linux_binprm *bprm); 462extern int audit_bprm(struct linux_binprm *bprm);
449extern int audit_socketcall(int nargs, unsigned long *args); 463extern void audit_socketcall(int nargs, unsigned long *args);
450extern int audit_sockaddr(int len, void *addr); 464extern int audit_sockaddr(int len, void *addr);
451extern int __audit_fd_pair(int fd1, int fd2); 465extern void __audit_fd_pair(int fd1, int fd2);
452extern int audit_set_macxattr(const char *name); 466extern int audit_set_macxattr(const char *name);
453extern int __audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr); 467extern void __audit_mq_open(int oflag, mode_t mode, struct mq_attr *attr);
454extern int __audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout); 468extern void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec *abs_timeout);
455extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout); 469extern void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification);
456extern int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification); 470extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat);
457extern int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat);
458extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, 471extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
459 const struct cred *new, 472 const struct cred *new,
460 const struct cred *old); 473 const struct cred *old);
461extern int __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old); 474extern void __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old);
462 475
463static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp) 476static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
464{ 477{
465 if (unlikely(!audit_dummy_context())) 478 if (unlikely(!audit_dummy_context()))
466 return __audit_ipc_obj(ipcp); 479 __audit_ipc_obj(ipcp);
467 return 0;
468}
469static inline int audit_fd_pair(int fd1, int fd2)
470{
471 if (unlikely(!audit_dummy_context()))
472 return __audit_fd_pair(fd1, fd2);
473 return 0;
474} 480}
475static inline int audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode) 481static inline void audit_fd_pair(int fd1, int fd2)
476{ 482{
477 if (unlikely(!audit_dummy_context())) 483 if (unlikely(!audit_dummy_context()))
478 return __audit_ipc_set_perm(qbytes, uid, gid, mode); 484 __audit_fd_pair(fd1, fd2);
479 return 0;
480} 485}
481static inline int audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr) 486static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode)
482{ 487{
483 if (unlikely(!audit_dummy_context())) 488 if (unlikely(!audit_dummy_context()))
484 return __audit_mq_open(oflag, mode, u_attr); 489 __audit_ipc_set_perm(qbytes, uid, gid, mode);
485 return 0;
486} 490}
487static inline int audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout) 491static inline void audit_mq_open(int oflag, mode_t mode, struct mq_attr *attr)
488{ 492{
489 if (unlikely(!audit_dummy_context())) 493 if (unlikely(!audit_dummy_context()))
490 return __audit_mq_timedsend(mqdes, msg_len, msg_prio, u_abs_timeout); 494 __audit_mq_open(oflag, mode, attr);
491 return 0;
492} 495}
493static inline int audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout) 496static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec *abs_timeout)
494{ 497{
495 if (unlikely(!audit_dummy_context())) 498 if (unlikely(!audit_dummy_context()))
496 return __audit_mq_timedreceive(mqdes, msg_len, u_msg_prio, u_abs_timeout); 499 __audit_mq_sendrecv(mqdes, msg_len, msg_prio, abs_timeout);
497 return 0;
498} 500}
499static inline int audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification) 501static inline void audit_mq_notify(mqd_t mqdes, const struct sigevent *notification)
500{ 502{
501 if (unlikely(!audit_dummy_context())) 503 if (unlikely(!audit_dummy_context()))
502 return __audit_mq_notify(mqdes, u_notification); 504 __audit_mq_notify(mqdes, notification);
503 return 0;
504} 505}
505static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) 506static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
506{ 507{
507 if (unlikely(!audit_dummy_context())) 508 if (unlikely(!audit_dummy_context()))
508 return __audit_mq_getsetattr(mqdes, mqstat); 509 __audit_mq_getsetattr(mqdes, mqstat);
509 return 0;
510} 510}
511 511
512static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, 512static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm,
@@ -518,12 +518,11 @@ static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm,
518 return 0; 518 return 0;
519} 519}
520 520
521static inline int audit_log_capset(pid_t pid, const struct cred *new, 521static inline void audit_log_capset(pid_t pid, const struct cred *new,
522 const struct cred *old) 522 const struct cred *old)
523{ 523{
524 if (unlikely(!audit_dummy_context())) 524 if (unlikely(!audit_dummy_context()))
525 return __audit_log_capset(pid, new, old); 525 __audit_log_capset(pid, new, old);
526 return 0;
527} 526}
528 527
529extern int audit_n_rules; 528extern int audit_n_rules;
@@ -546,20 +545,19 @@ extern int audit_signals;
546#define audit_get_loginuid(t) (-1) 545#define audit_get_loginuid(t) (-1)
547#define audit_get_sessionid(t) (-1) 546#define audit_get_sessionid(t) (-1)
548#define audit_log_task_context(b) do { ; } while (0) 547#define audit_log_task_context(b) do { ; } while (0)
549#define audit_ipc_obj(i) ({ 0; }) 548#define audit_ipc_obj(i) ((void)0)
550#define audit_ipc_set_perm(q,u,g,m) ({ 0; }) 549#define audit_ipc_set_perm(q,u,g,m) ((void)0)
551#define audit_bprm(p) ({ 0; }) 550#define audit_bprm(p) ({ 0; })
552#define audit_socketcall(n,a) ({ 0; }) 551#define audit_socketcall(n,a) ((void)0)
553#define audit_fd_pair(n,a) ({ 0; }) 552#define audit_fd_pair(n,a) ((void)0)
554#define audit_sockaddr(len, addr) ({ 0; }) 553#define audit_sockaddr(len, addr) ({ 0; })
555#define audit_set_macxattr(n) do { ; } while (0) 554#define audit_set_macxattr(n) do { ; } while (0)
556#define audit_mq_open(o,m,a) ({ 0; }) 555#define audit_mq_open(o,m,a) ((void)0)
557#define audit_mq_timedsend(d,l,p,t) ({ 0; }) 556#define audit_mq_sendrecv(d,l,p,t) ((void)0)
558#define audit_mq_timedreceive(d,l,p,t) ({ 0; }) 557#define audit_mq_notify(d,n) ((void)0)
559#define audit_mq_notify(d,n) ({ 0; }) 558#define audit_mq_getsetattr(d,s) ((void)0)
560#define audit_mq_getsetattr(d,s) ({ 0; })
561#define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; }) 559#define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; })
562#define audit_log_capset(pid, ncr, ocr) ({ 0; }) 560#define audit_log_capset(pid, ncr, ocr) ((void)0)
563#define audit_ptrace(t) ((void)0) 561#define audit_ptrace(t) ((void)0)
564#define audit_n_rules 0 562#define audit_n_rules 0
565#define audit_signals 0 563#define audit_signals 0