diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2009-01-04 19:32:11 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2009-01-04 19:32:11 -0500 |
commit | fe0bdec68b77020281dc814805edfe594ae89e0f (patch) | |
tree | aeef34a49594cb0478b1104b58ba2dc933c481c5 /include/linux | |
parent | 099e657625e801adf82054c8050dde5aceb68452 (diff) | |
parent | 5af75d8d58d0f9f7b7c0515b35786b22892d5f12 (diff) |
Merge branch 'audit.b61' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b61' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:
audit: validate comparison operations, store them in sane form
clean up audit_rule_{add,del} a bit
make sure that filterkey of task,always rules is reported
audit rules ordering, part 2
fixing audit rule ordering mess, part 1
audit_update_lsm_rules() misses the audit_inode_hash[] ones
sanitize audit_log_capset()
sanitize audit_fd_pair()
sanitize audit_mq_open()
sanitize AUDIT_MQ_SENDRECV
sanitize audit_mq_notify()
sanitize audit_mq_getsetattr()
sanitize audit_ipc_set_perm()
sanitize audit_ipc_obj()
sanitize audit_socketcall
don't reallocate buffer in every audit_sockaddr()
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/audit.h | 98 |
1 files changed, 48 insertions, 50 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 26c4f6f65a46..67e5dbfc2961 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -247,6 +247,18 @@ | |||
247 | #define AUDIT_GREATER_THAN_OR_EQUAL (AUDIT_GREATER_THAN|AUDIT_EQUAL) | 247 | #define AUDIT_GREATER_THAN_OR_EQUAL (AUDIT_GREATER_THAN|AUDIT_EQUAL) |
248 | #define AUDIT_OPERATORS (AUDIT_EQUAL|AUDIT_NOT_EQUAL|AUDIT_BIT_MASK) | 248 | #define AUDIT_OPERATORS (AUDIT_EQUAL|AUDIT_NOT_EQUAL|AUDIT_BIT_MASK) |
249 | 249 | ||
250 | enum { | ||
251 | Audit_equal, | ||
252 | Audit_not_equal, | ||
253 | Audit_bitmask, | ||
254 | Audit_bittest, | ||
255 | Audit_lt, | ||
256 | Audit_gt, | ||
257 | Audit_le, | ||
258 | Audit_ge, | ||
259 | Audit_bad | ||
260 | }; | ||
261 | |||
250 | /* Status symbols */ | 262 | /* Status symbols */ |
251 | /* Mask values */ | 263 | /* Mask values */ |
252 | #define AUDIT_STATUS_ENABLED 0x0001 | 264 | #define AUDIT_STATUS_ENABLED 0x0001 |
@@ -373,6 +385,8 @@ struct audit_krule { | |||
373 | struct audit_watch *watch; /* associated watch */ | 385 | struct audit_watch *watch; /* associated watch */ |
374 | struct audit_tree *tree; /* associated watched tree */ | 386 | struct audit_tree *tree; /* associated watched tree */ |
375 | struct list_head rlist; /* entry in audit_{watch,tree}.rules list */ | 387 | struct list_head rlist; /* entry in audit_{watch,tree}.rules list */ |
388 | struct list_head list; /* for AUDIT_LIST* purposes only */ | ||
389 | u64 prio; | ||
376 | }; | 390 | }; |
377 | 391 | ||
378 | struct audit_field { | 392 | struct audit_field { |
@@ -443,70 +457,56 @@ extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); | |||
443 | #define audit_get_loginuid(t) ((t)->loginuid) | 457 | #define audit_get_loginuid(t) ((t)->loginuid) |
444 | #define audit_get_sessionid(t) ((t)->sessionid) | 458 | #define audit_get_sessionid(t) ((t)->sessionid) |
445 | extern void audit_log_task_context(struct audit_buffer *ab); | 459 | extern void audit_log_task_context(struct audit_buffer *ab); |
446 | extern int __audit_ipc_obj(struct kern_ipc_perm *ipcp); | 460 | extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); |
447 | extern int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); | 461 | extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); |
448 | extern int audit_bprm(struct linux_binprm *bprm); | 462 | extern int audit_bprm(struct linux_binprm *bprm); |
449 | extern int audit_socketcall(int nargs, unsigned long *args); | 463 | extern void audit_socketcall(int nargs, unsigned long *args); |
450 | extern int audit_sockaddr(int len, void *addr); | 464 | extern int audit_sockaddr(int len, void *addr); |
451 | extern int __audit_fd_pair(int fd1, int fd2); | 465 | extern void __audit_fd_pair(int fd1, int fd2); |
452 | extern int audit_set_macxattr(const char *name); | 466 | extern int audit_set_macxattr(const char *name); |
453 | extern int __audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr); | 467 | extern void __audit_mq_open(int oflag, mode_t mode, struct mq_attr *attr); |
454 | extern int __audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout); | 468 | extern void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec *abs_timeout); |
455 | extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout); | 469 | extern void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification); |
456 | extern int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification); | 470 | extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); |
457 | extern int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat); | ||
458 | extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, | 471 | extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, |
459 | const struct cred *new, | 472 | const struct cred *new, |
460 | const struct cred *old); | 473 | const struct cred *old); |
461 | extern int __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old); | 474 | extern void __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old); |
462 | 475 | ||
463 | static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp) | 476 | static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) |
464 | { | 477 | { |
465 | if (unlikely(!audit_dummy_context())) | 478 | if (unlikely(!audit_dummy_context())) |
466 | return __audit_ipc_obj(ipcp); | 479 | __audit_ipc_obj(ipcp); |
467 | return 0; | ||
468 | } | ||
469 | static inline int audit_fd_pair(int fd1, int fd2) | ||
470 | { | ||
471 | if (unlikely(!audit_dummy_context())) | ||
472 | return __audit_fd_pair(fd1, fd2); | ||
473 | return 0; | ||
474 | } | 480 | } |
475 | static inline int audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode) | 481 | static inline void audit_fd_pair(int fd1, int fd2) |
476 | { | 482 | { |
477 | if (unlikely(!audit_dummy_context())) | 483 | if (unlikely(!audit_dummy_context())) |
478 | return __audit_ipc_set_perm(qbytes, uid, gid, mode); | 484 | __audit_fd_pair(fd1, fd2); |
479 | return 0; | ||
480 | } | 485 | } |
481 | static inline int audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr) | 486 | static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode) |
482 | { | 487 | { |
483 | if (unlikely(!audit_dummy_context())) | 488 | if (unlikely(!audit_dummy_context())) |
484 | return __audit_mq_open(oflag, mode, u_attr); | 489 | __audit_ipc_set_perm(qbytes, uid, gid, mode); |
485 | return 0; | ||
486 | } | 490 | } |
487 | static inline int audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout) | 491 | static inline void audit_mq_open(int oflag, mode_t mode, struct mq_attr *attr) |
488 | { | 492 | { |
489 | if (unlikely(!audit_dummy_context())) | 493 | if (unlikely(!audit_dummy_context())) |
490 | return __audit_mq_timedsend(mqdes, msg_len, msg_prio, u_abs_timeout); | 494 | __audit_mq_open(oflag, mode, attr); |
491 | return 0; | ||
492 | } | 495 | } |
493 | static inline int audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout) | 496 | static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec *abs_timeout) |
494 | { | 497 | { |
495 | if (unlikely(!audit_dummy_context())) | 498 | if (unlikely(!audit_dummy_context())) |
496 | return __audit_mq_timedreceive(mqdes, msg_len, u_msg_prio, u_abs_timeout); | 499 | __audit_mq_sendrecv(mqdes, msg_len, msg_prio, abs_timeout); |
497 | return 0; | ||
498 | } | 500 | } |
499 | static inline int audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification) | 501 | static inline void audit_mq_notify(mqd_t mqdes, const struct sigevent *notification) |
500 | { | 502 | { |
501 | if (unlikely(!audit_dummy_context())) | 503 | if (unlikely(!audit_dummy_context())) |
502 | return __audit_mq_notify(mqdes, u_notification); | 504 | __audit_mq_notify(mqdes, notification); |
503 | return 0; | ||
504 | } | 505 | } |
505 | static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) | 506 | static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) |
506 | { | 507 | { |
507 | if (unlikely(!audit_dummy_context())) | 508 | if (unlikely(!audit_dummy_context())) |
508 | return __audit_mq_getsetattr(mqdes, mqstat); | 509 | __audit_mq_getsetattr(mqdes, mqstat); |
509 | return 0; | ||
510 | } | 510 | } |
511 | 511 | ||
512 | static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, | 512 | static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, |
@@ -518,12 +518,11 @@ static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm, | |||
518 | return 0; | 518 | return 0; |
519 | } | 519 | } |
520 | 520 | ||
521 | static inline int audit_log_capset(pid_t pid, const struct cred *new, | 521 | static inline void audit_log_capset(pid_t pid, const struct cred *new, |
522 | const struct cred *old) | 522 | const struct cred *old) |
523 | { | 523 | { |
524 | if (unlikely(!audit_dummy_context())) | 524 | if (unlikely(!audit_dummy_context())) |
525 | return __audit_log_capset(pid, new, old); | 525 | __audit_log_capset(pid, new, old); |
526 | return 0; | ||
527 | } | 526 | } |
528 | 527 | ||
529 | extern int audit_n_rules; | 528 | extern int audit_n_rules; |
@@ -546,20 +545,19 @@ extern int audit_signals; | |||
546 | #define audit_get_loginuid(t) (-1) | 545 | #define audit_get_loginuid(t) (-1) |
547 | #define audit_get_sessionid(t) (-1) | 546 | #define audit_get_sessionid(t) (-1) |
548 | #define audit_log_task_context(b) do { ; } while (0) | 547 | #define audit_log_task_context(b) do { ; } while (0) |
549 | #define audit_ipc_obj(i) ({ 0; }) | 548 | #define audit_ipc_obj(i) ((void)0) |
550 | #define audit_ipc_set_perm(q,u,g,m) ({ 0; }) | 549 | #define audit_ipc_set_perm(q,u,g,m) ((void)0) |
551 | #define audit_bprm(p) ({ 0; }) | 550 | #define audit_bprm(p) ({ 0; }) |
552 | #define audit_socketcall(n,a) ({ 0; }) | 551 | #define audit_socketcall(n,a) ((void)0) |
553 | #define audit_fd_pair(n,a) ({ 0; }) | 552 | #define audit_fd_pair(n,a) ((void)0) |
554 | #define audit_sockaddr(len, addr) ({ 0; }) | 553 | #define audit_sockaddr(len, addr) ({ 0; }) |
555 | #define audit_set_macxattr(n) do { ; } while (0) | 554 | #define audit_set_macxattr(n) do { ; } while (0) |
556 | #define audit_mq_open(o,m,a) ({ 0; }) | 555 | #define audit_mq_open(o,m,a) ((void)0) |
557 | #define audit_mq_timedsend(d,l,p,t) ({ 0; }) | 556 | #define audit_mq_sendrecv(d,l,p,t) ((void)0) |
558 | #define audit_mq_timedreceive(d,l,p,t) ({ 0; }) | 557 | #define audit_mq_notify(d,n) ((void)0) |
559 | #define audit_mq_notify(d,n) ({ 0; }) | 558 | #define audit_mq_getsetattr(d,s) ((void)0) |
560 | #define audit_mq_getsetattr(d,s) ({ 0; }) | ||
561 | #define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; }) | 559 | #define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; }) |
562 | #define audit_log_capset(pid, ncr, ocr) ({ 0; }) | 560 | #define audit_log_capset(pid, ncr, ocr) ((void)0) |
563 | #define audit_ptrace(t) ((void)0) | 561 | #define audit_ptrace(t) ((void)0) |
564 | #define audit_n_rules 0 | 562 | #define audit_n_rules 0 |
565 | #define audit_signals 0 | 563 | #define audit_signals 0 |