aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2008-04-29 14:41:22 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2008-04-29 14:41:22 -0400
commit9781db7b345b5dfe93787aaaf310c861db7c1ede (patch)
treed9796e29fd914ca04835636be95bbd5082a034fd /include
parent97094dcf5cefc8ccfdf93839f54dac2c4d316165 (diff)
parent8b67dca9420474623709e00d72a066068a502b20 (diff)
Merge branch 'audit.b50' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b50' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: [PATCH] new predicate - AUDIT_FILETYPE [patch 2/2] Use find_task_by_vpid in audit code [patch 1/2] audit: let userspace fully control TTY input auditing [PATCH 2/2] audit: fix sparse shadowed variable warnings [PATCH 1/2] audit: move extern declarations to audit.h Audit: MAINTAINERS update Audit: increase the maximum length of the key field Audit: standardize string audit interfaces Audit: stop deadlock from signals under load Audit: save audit_backlog_limit audit messages in case auditd comes back Audit: collect sessionid in netlink messages Audit: end printk with newline
Diffstat (limited to 'include')
-rw-r--r--include/linux/audit.h28
-rw-r--r--include/linux/netlink.h1
-rw-r--r--include/linux/tty.h9
-rw-r--r--include/net/netlabel.h1
-rw-r--r--include/net/xfrm.h23
5 files changed, 34 insertions, 28 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 4ccb048cae1d..63c3bb98558f 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -146,7 +146,7 @@
146/* Rule structure sizes -- if these change, different AUDIT_ADD and 146/* Rule structure sizes -- if these change, different AUDIT_ADD and
147 * AUDIT_LIST commands must be implemented. */ 147 * AUDIT_LIST commands must be implemented. */
148#define AUDIT_MAX_FIELDS 64 148#define AUDIT_MAX_FIELDS 64
149#define AUDIT_MAX_KEY_LEN 32 149#define AUDIT_MAX_KEY_LEN 256
150#define AUDIT_BITMASK_SIZE 64 150#define AUDIT_BITMASK_SIZE 64
151#define AUDIT_WORD(nr) ((__u32)((nr)/32)) 151#define AUDIT_WORD(nr) ((__u32)((nr)/32))
152#define AUDIT_BIT(nr) (1 << ((nr) - AUDIT_WORD(nr)*32)) 152#define AUDIT_BIT(nr) (1 << ((nr) - AUDIT_WORD(nr)*32))
@@ -209,6 +209,7 @@
209#define AUDIT_WATCH 105 209#define AUDIT_WATCH 105
210#define AUDIT_PERM 106 210#define AUDIT_PERM 106
211#define AUDIT_DIR 107 211#define AUDIT_DIR 107
212#define AUDIT_FILETYPE 108
212 213
213#define AUDIT_ARG0 200 214#define AUDIT_ARG0 200
214#define AUDIT_ARG1 (AUDIT_ARG0+1) 215#define AUDIT_ARG1 (AUDIT_ARG0+1)
@@ -549,16 +550,20 @@ extern void audit_log_format(struct audit_buffer *ab,
549 const char *fmt, ...) 550 const char *fmt, ...)
550 __attribute__((format(printf,2,3))); 551 __attribute__((format(printf,2,3)));
551extern void audit_log_end(struct audit_buffer *ab); 552extern void audit_log_end(struct audit_buffer *ab);
552extern void audit_log_hex(struct audit_buffer *ab,
553 const unsigned char *buf,
554 size_t len);
555extern int audit_string_contains_control(const char *string, 553extern int audit_string_contains_control(const char *string,
556 size_t len); 554 size_t len);
555extern void audit_log_n_hex(struct audit_buffer *ab,
556 const unsigned char *buf,
557 size_t len);
558extern void audit_log_n_string(struct audit_buffer *ab,
559 const char *buf,
560 size_t n);
561#define audit_log_string(a,b) audit_log_n_string(a, b, strlen(b));
562extern void audit_log_n_untrustedstring(struct audit_buffer *ab,
563 const char *string,
564 size_t n);
557extern void audit_log_untrustedstring(struct audit_buffer *ab, 565extern void audit_log_untrustedstring(struct audit_buffer *ab,
558 const char *string); 566 const char *string);
559extern void audit_log_n_untrustedstring(struct audit_buffer *ab,
560 size_t n,
561 const char *string);
562extern void audit_log_d_path(struct audit_buffer *ab, 567extern void audit_log_d_path(struct audit_buffer *ab,
563 const char *prefix, 568 const char *prefix,
564 struct path *path); 569 struct path *path);
@@ -569,7 +574,8 @@ extern int audit_update_lsm_rules(void);
569extern int audit_filter_user(struct netlink_skb_parms *cb, int type); 574extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
570extern int audit_filter_type(int type); 575extern int audit_filter_type(int type);
571extern int audit_receive_filter(int type, int pid, int uid, int seq, 576extern int audit_receive_filter(int type, int pid, int uid, int seq,
572 void *data, size_t datasz, uid_t loginuid, u32 sid); 577 void *data, size_t datasz, uid_t loginuid,
578 u32 sessionid, u32 sid);
573extern int audit_enabled; 579extern int audit_enabled;
574#else 580#else
575#define audit_log(c,g,t,f,...) do { ; } while (0) 581#define audit_log(c,g,t,f,...) do { ; } while (0)
@@ -577,9 +583,11 @@ extern int audit_enabled;
577#define audit_log_vformat(b,f,a) do { ; } while (0) 583#define audit_log_vformat(b,f,a) do { ; } while (0)
578#define audit_log_format(b,f,...) do { ; } while (0) 584#define audit_log_format(b,f,...) do { ; } while (0)
579#define audit_log_end(b) do { ; } while (0) 585#define audit_log_end(b) do { ; } while (0)
580#define audit_log_hex(a,b,l) do { ; } while (0) 586#define audit_log_n_hex(a,b,l) do { ; } while (0)
581#define audit_log_untrustedstring(a,s) do { ; } while (0) 587#define audit_log_n_string(a,c,l) do { ; } while (0)
588#define audit_log_string(a,c) do { ; } while (0)
582#define audit_log_n_untrustedstring(a,n,s) do { ; } while (0) 589#define audit_log_n_untrustedstring(a,n,s) do { ; } while (0)
590#define audit_log_untrustedstring(a,s) do { ; } while (0)
583#define audit_log_d_path(b, p, d) do { ; } while (0) 591#define audit_log_d_path(b, p, d) do { ; } while (0)
584#define audit_enabled 0 592#define audit_enabled 0
585#endif 593#endif
diff --git a/include/linux/netlink.h b/include/linux/netlink.h
index fb0713b6ffaf..bec1062a25a1 100644
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -166,6 +166,7 @@ struct netlink_skb_parms
166 __u32 dst_group; 166 __u32 dst_group;
167 kernel_cap_t eff_cap; 167 kernel_cap_t eff_cap;
168 __u32 loginuid; /* Login (audit) uid */ 168 __u32 loginuid; /* Login (audit) uid */
169 __u32 sessionid; /* Session id (audit) */
169 __u32 sid; /* SELinux security id */ 170 __u32 sid; /* SELinux security id */
170}; 171};
171 172
diff --git a/include/linux/tty.h b/include/linux/tty.h
index dd8e08fe8855..265831ccaa88 100644
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -300,7 +300,6 @@ extern void tty_hangup(struct tty_struct * tty);
300extern void tty_vhangup(struct tty_struct * tty); 300extern void tty_vhangup(struct tty_struct * tty);
301extern void tty_unhangup(struct file *filp); 301extern void tty_unhangup(struct file *filp);
302extern int tty_hung_up_p(struct file * filp); 302extern int tty_hung_up_p(struct file * filp);
303extern int is_tty(struct file *filp);
304extern void do_SAK(struct tty_struct *tty); 303extern void do_SAK(struct tty_struct *tty);
305extern void __do_SAK(struct tty_struct *tty); 304extern void __do_SAK(struct tty_struct *tty);
306extern void disassociate_ctty(int priv); 305extern void disassociate_ctty(int priv);
@@ -351,8 +350,7 @@ extern void tty_audit_add_data(struct tty_struct *tty, unsigned char *data,
351extern void tty_audit_exit(void); 350extern void tty_audit_exit(void);
352extern void tty_audit_fork(struct signal_struct *sig); 351extern void tty_audit_fork(struct signal_struct *sig);
353extern void tty_audit_push(struct tty_struct *tty); 352extern void tty_audit_push(struct tty_struct *tty);
354extern void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid); 353extern void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid);
355extern void tty_audit_opening(void);
356#else 354#else
357static inline void tty_audit_add_data(struct tty_struct *tty, 355static inline void tty_audit_add_data(struct tty_struct *tty,
358 unsigned char *data, size_t size) 356 unsigned char *data, size_t size)
@@ -367,10 +365,7 @@ static inline void tty_audit_fork(struct signal_struct *sig)
367static inline void tty_audit_push(struct tty_struct *tty) 365static inline void tty_audit_push(struct tty_struct *tty)
368{ 366{
369} 367}
370static inline void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid) 368static inline void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)
371{
372}
373static inline void tty_audit_opening(void)
374{ 369{
375} 370}
376#endif 371#endif
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 5e53a85b5ca1..e4d2d6baa983 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -103,6 +103,7 @@ struct cipso_v4_doi;
103struct netlbl_audit { 103struct netlbl_audit {
104 u32 secid; 104 u32 secid;
105 uid_t loginuid; 105 uid_t loginuid;
106 u32 sessionid;
106}; 107};
107 108
108/* 109/*
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index baa9f372cfd1..d1350bcccb03 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -597,8 +597,9 @@ struct xfrm_spi_skb_cb {
597/* Audit Information */ 597/* Audit Information */
598struct xfrm_audit 598struct xfrm_audit
599{ 599{
600 u32 loginuid;
601 u32 secid; 600 u32 secid;
601 uid_t loginuid;
602 u32 sessionid;
602}; 603};
603 604
604#ifdef CONFIG_AUDITSYSCALL 605#ifdef CONFIG_AUDITSYSCALL
@@ -616,13 +617,13 @@ static inline struct audit_buffer *xfrm_audit_start(const char *op)
616 return audit_buf; 617 return audit_buf;
617} 618}
618 619
619static inline void xfrm_audit_helper_usrinfo(u32 auid, u32 secid, 620static inline void xfrm_audit_helper_usrinfo(uid_t auid, u32 ses, u32 secid,
620 struct audit_buffer *audit_buf) 621 struct audit_buffer *audit_buf)
621{ 622{
622 char *secctx; 623 char *secctx;
623 u32 secctx_len; 624 u32 secctx_len;
624 625
625 audit_log_format(audit_buf, " auid=%u", auid); 626 audit_log_format(audit_buf, " auid=%u ses=%u", auid, ses);
626 if (secid != 0 && 627 if (secid != 0 &&
627 security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) { 628 security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) {
628 audit_log_format(audit_buf, " subj=%s", secctx); 629 audit_log_format(audit_buf, " subj=%s", secctx);
@@ -632,13 +633,13 @@ static inline void xfrm_audit_helper_usrinfo(u32 auid, u32 secid,
632} 633}
633 634
634extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result, 635extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
635 u32 auid, u32 secid); 636 u32 auid, u32 ses, u32 secid);
636extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result, 637extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
637 u32 auid, u32 secid); 638 u32 auid, u32 ses, u32 secid);
638extern void xfrm_audit_state_add(struct xfrm_state *x, int result, 639extern void xfrm_audit_state_add(struct xfrm_state *x, int result,
639 u32 auid, u32 secid); 640 u32 auid, u32 ses, u32 secid);
640extern void xfrm_audit_state_delete(struct xfrm_state *x, int result, 641extern void xfrm_audit_state_delete(struct xfrm_state *x, int result,
641 u32 auid, u32 secid); 642 u32 auid, u32 ses, u32 secid);
642extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x, 643extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
643 struct sk_buff *skb); 644 struct sk_buff *skb);
644extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family); 645extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family);
@@ -647,10 +648,10 @@ extern void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
647extern void xfrm_audit_state_icvfail(struct xfrm_state *x, 648extern void xfrm_audit_state_icvfail(struct xfrm_state *x,
648 struct sk_buff *skb, u8 proto); 649 struct sk_buff *skb, u8 proto);
649#else 650#else
650#define xfrm_audit_policy_add(x, r, a, s) do { ; } while (0) 651#define xfrm_audit_policy_add(x, r, a, se, s) do { ; } while (0)
651#define xfrm_audit_policy_delete(x, r, a, s) do { ; } while (0) 652#define xfrm_audit_policy_delete(x, r, a, se, s) do { ; } while (0)
652#define xfrm_audit_state_add(x, r, a, s) do { ; } while (0) 653#define xfrm_audit_state_add(x, r, a, se, s) do { ; } while (0)
653#define xfrm_audit_state_delete(x, r, a, s) do { ; } while (0) 654#define xfrm_audit_state_delete(x, r, a, se, s) do { ; } while (0)
654#define xfrm_audit_state_replay_overflow(x, s) do { ; } while (0) 655#define xfrm_audit_state_replay_overflow(x, s) do { ; } while (0)
655#define xfrm_audit_state_notfound_simple(s, f) do { ; } while (0) 656#define xfrm_audit_state_notfound_simple(s, f) do { ; } while (0)
656#define xfrm_audit_state_notfound(s, f, sp, sq) do { ; } while (0) 657#define xfrm_audit_state_notfound(s, f, sp, sq) do { ; } while (0)
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-25 20:45:11 -0500