audit: fix event coverage of AUDIT_ANOM_LINK

The userspace audit tools didn't like the existing formatting of the AUDIT_ANOM_LINK event. It needed to be expanded to emit an AUDIT_PATH event as well, so this implements the change. The bulk of the patch is moving code out of auditsc.c into audit.c and audit.h for general use. It expands audit_log_name to include an optional "struct path" argument for the simple case of just needing to report a pathname. This also makes audit_log_task_info available when syscall auditing is not enabled, since it is needed in either case for process details. Signed-off-by: Kees Cook <keescook@chromium.org> Reported-by: Steve Grubb <sgrubb@redhat.com>
author: Eric Paris <eparis@redhat.com> 2013-04-30 15:30:32 -0400
committer: Eric Paris <eparis@redhat.com> 2013-04-30 15:31:28 -0400
commit: b24a30a7305418ff138ff51776fc555ec57c011a (patch)
tree: 2c64cff75b758c3fb407118ab473167fb5bec3fa /include/linux
parent: 7173c54e3a9deb491a586e7e107375109ee48bcb (diff)
1 files changed, 11 insertions, 9 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index b76bfc8efc25..469d11755e46 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -190,8 +190,6 @@ static inline int audit_get_sessionid(struct task_struct *tsk)
        return tsk->sessionid;
 }
-extern int audit_log_task_context(struct audit_buffer *ab);
-extern void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk);
 extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
 extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
 extern int __audit_bprm(struct linux_binprm *bprm);
@@ -346,13 +344,6 @@ static inline int audit_get_sessionid(struct task_struct *tsk)
 {
        return -1;
 }
-static int void audit_log_task_context(struct audit_buffer *ab)
-{
-        return 0;
-}
-static inline void audit_log_task_info(struct audit_buffer *ab,
-                                       struct task_struct *tsk)
-{ }
 static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
 { }
 static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid,
@@ -439,6 +430,10 @@ static inline void	    audit_log_secctx(struct audit_buffer *ab, u32 secid)
 { }
 #endif
+extern int audit_log_task_context(struct audit_buffer *ab);
+extern void audit_log_task_info(struct audit_buffer *ab,
+                                struct task_struct *tsk);
 extern int                  audit_update_lsm_rules(void);
                                /* Private API (for audit.c only) */
@@ -485,6 +480,13 @@ static inline void audit_log_link_denied(const char *string,
 { }
 static inline void audit_log_secctx(struct audit_buffer *ab, u32 secid)
 { }
+static inline int audit_log_task_context(struct audit_buffer *ab)
+{
+        return 0;
+}
+static inline void audit_log_task_info(struct audit_buffer *ab,
+                                       struct task_struct *tsk)
+{ }
 #define audit_enabled 0
 #endif /* CONFIG_AUDIT */
 static inline void audit_log_string(struct audit_buffer *ab, const char *buf)
author	Eric Paris <eparis@redhat.com>	2013-04-30 15:30:32 -0400
committer	Eric Paris <eparis@redhat.com>	2013-04-30 15:31:28 -0400
commit	b24a30a7305418ff138ff51776fc555ec57c011a (patch)
tree	2c64cff75b758c3fb407118ab473167fb5bec3fa /include/linux
parent	7173c54e3a9deb491a586e7e107375109ee48bcb (diff)