diff options
author | Steven Whitehouse <swhiteho@redhat.com> | 2006-05-12 10:48:52 -0400 |
---|---|---|
committer | Steven Whitehouse <swhiteho@redhat.com> | 2006-05-12 10:48:52 -0400 |
commit | 7d63b54a65ce902f9aaa8efe8192aa3b983264d4 (patch) | |
tree | 250a77bebe92cbd6edac70a649866044295876db /kernel/audit.c | |
parent | fd88de569b802c4a04aaa6ee74667775f4aed8c6 (diff) | |
parent | d8c3291c73b958243b33f8509d4507e76dafd055 (diff) |
Merge branch 'master'
Diffstat (limited to 'kernel/audit.c')
-rw-r--r-- | kernel/audit.c | 160 |
1 files changed, 128 insertions, 32 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index c8ccbd09048f..df57b493e1cb 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
@@ -55,6 +55,9 @@ | |||
55 | #include <net/netlink.h> | 55 | #include <net/netlink.h> |
56 | #include <linux/skbuff.h> | 56 | #include <linux/skbuff.h> |
57 | #include <linux/netlink.h> | 57 | #include <linux/netlink.h> |
58 | #include <linux/selinux.h> | ||
59 | |||
60 | #include "audit.h" | ||
58 | 61 | ||
59 | /* No auditing will take place until audit_initialized != 0. | 62 | /* No auditing will take place until audit_initialized != 0. |
60 | * (Initialization happens after skb_init is called.) */ | 63 | * (Initialization happens after skb_init is called.) */ |
@@ -227,49 +230,103 @@ void audit_log_lost(const char *message) | |||
227 | } | 230 | } |
228 | } | 231 | } |
229 | 232 | ||
230 | static int audit_set_rate_limit(int limit, uid_t loginuid) | 233 | static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sid) |
231 | { | 234 | { |
232 | int old = audit_rate_limit; | 235 | int old = audit_rate_limit; |
233 | audit_rate_limit = limit; | 236 | |
234 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | 237 | if (sid) { |
238 | char *ctx = NULL; | ||
239 | u32 len; | ||
240 | int rc; | ||
241 | if ((rc = selinux_ctxid_to_string(sid, &ctx, &len))) | ||
242 | return rc; | ||
243 | else | ||
244 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
245 | "audit_rate_limit=%d old=%d by auid=%u subj=%s", | ||
246 | limit, old, loginuid, ctx); | ||
247 | kfree(ctx); | ||
248 | } else | ||
249 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
235 | "audit_rate_limit=%d old=%d by auid=%u", | 250 | "audit_rate_limit=%d old=%d by auid=%u", |
236 | audit_rate_limit, old, loginuid); | 251 | limit, old, loginuid); |
252 | audit_rate_limit = limit; | ||
237 | return old; | 253 | return old; |
238 | } | 254 | } |
239 | 255 | ||
240 | static int audit_set_backlog_limit(int limit, uid_t loginuid) | 256 | static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid) |
241 | { | 257 | { |
242 | int old = audit_backlog_limit; | 258 | int old = audit_backlog_limit; |
243 | audit_backlog_limit = limit; | 259 | |
244 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | 260 | if (sid) { |
261 | char *ctx = NULL; | ||
262 | u32 len; | ||
263 | int rc; | ||
264 | if ((rc = selinux_ctxid_to_string(sid, &ctx, &len))) | ||
265 | return rc; | ||
266 | else | ||
267 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
268 | "audit_backlog_limit=%d old=%d by auid=%u subj=%s", | ||
269 | limit, old, loginuid, ctx); | ||
270 | kfree(ctx); | ||
271 | } else | ||
272 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
245 | "audit_backlog_limit=%d old=%d by auid=%u", | 273 | "audit_backlog_limit=%d old=%d by auid=%u", |
246 | audit_backlog_limit, old, loginuid); | 274 | limit, old, loginuid); |
275 | audit_backlog_limit = limit; | ||
247 | return old; | 276 | return old; |
248 | } | 277 | } |
249 | 278 | ||
250 | static int audit_set_enabled(int state, uid_t loginuid) | 279 | static int audit_set_enabled(int state, uid_t loginuid, u32 sid) |
251 | { | 280 | { |
252 | int old = audit_enabled; | 281 | int old = audit_enabled; |
282 | |||
253 | if (state != 0 && state != 1) | 283 | if (state != 0 && state != 1) |
254 | return -EINVAL; | 284 | return -EINVAL; |
255 | audit_enabled = state; | 285 | |
256 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | 286 | if (sid) { |
287 | char *ctx = NULL; | ||
288 | u32 len; | ||
289 | int rc; | ||
290 | if ((rc = selinux_ctxid_to_string(sid, &ctx, &len))) | ||
291 | return rc; | ||
292 | else | ||
293 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
294 | "audit_enabled=%d old=%d by auid=%u subj=%s", | ||
295 | state, old, loginuid, ctx); | ||
296 | kfree(ctx); | ||
297 | } else | ||
298 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
257 | "audit_enabled=%d old=%d by auid=%u", | 299 | "audit_enabled=%d old=%d by auid=%u", |
258 | audit_enabled, old, loginuid); | 300 | state, old, loginuid); |
301 | audit_enabled = state; | ||
259 | return old; | 302 | return old; |
260 | } | 303 | } |
261 | 304 | ||
262 | static int audit_set_failure(int state, uid_t loginuid) | 305 | static int audit_set_failure(int state, uid_t loginuid, u32 sid) |
263 | { | 306 | { |
264 | int old = audit_failure; | 307 | int old = audit_failure; |
308 | |||
265 | if (state != AUDIT_FAIL_SILENT | 309 | if (state != AUDIT_FAIL_SILENT |
266 | && state != AUDIT_FAIL_PRINTK | 310 | && state != AUDIT_FAIL_PRINTK |
267 | && state != AUDIT_FAIL_PANIC) | 311 | && state != AUDIT_FAIL_PANIC) |
268 | return -EINVAL; | 312 | return -EINVAL; |
269 | audit_failure = state; | 313 | |
270 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | 314 | if (sid) { |
315 | char *ctx = NULL; | ||
316 | u32 len; | ||
317 | int rc; | ||
318 | if ((rc = selinux_ctxid_to_string(sid, &ctx, &len))) | ||
319 | return rc; | ||
320 | else | ||
321 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
322 | "audit_failure=%d old=%d by auid=%u subj=%s", | ||
323 | state, old, loginuid, ctx); | ||
324 | kfree(ctx); | ||
325 | } else | ||
326 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
271 | "audit_failure=%d old=%d by auid=%u", | 327 | "audit_failure=%d old=%d by auid=%u", |
272 | audit_failure, old, loginuid); | 328 | state, old, loginuid); |
329 | audit_failure = state; | ||
273 | return old; | 330 | return old; |
274 | } | 331 | } |
275 | 332 | ||
@@ -387,7 +444,7 @@ static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type) | |||
387 | 444 | ||
388 | static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | 445 | static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) |
389 | { | 446 | { |
390 | u32 uid, pid, seq; | 447 | u32 uid, pid, seq, sid; |
391 | void *data; | 448 | void *data; |
392 | struct audit_status *status_get, status_set; | 449 | struct audit_status *status_get, status_set; |
393 | int err; | 450 | int err; |
@@ -413,6 +470,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
413 | pid = NETLINK_CREDS(skb)->pid; | 470 | pid = NETLINK_CREDS(skb)->pid; |
414 | uid = NETLINK_CREDS(skb)->uid; | 471 | uid = NETLINK_CREDS(skb)->uid; |
415 | loginuid = NETLINK_CB(skb).loginuid; | 472 | loginuid = NETLINK_CB(skb).loginuid; |
473 | sid = NETLINK_CB(skb).sid; | ||
416 | seq = nlh->nlmsg_seq; | 474 | seq = nlh->nlmsg_seq; |
417 | data = NLMSG_DATA(nlh); | 475 | data = NLMSG_DATA(nlh); |
418 | 476 | ||
@@ -433,25 +491,43 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
433 | return -EINVAL; | 491 | return -EINVAL; |
434 | status_get = (struct audit_status *)data; | 492 | status_get = (struct audit_status *)data; |
435 | if (status_get->mask & AUDIT_STATUS_ENABLED) { | 493 | if (status_get->mask & AUDIT_STATUS_ENABLED) { |
436 | err = audit_set_enabled(status_get->enabled, loginuid); | 494 | err = audit_set_enabled(status_get->enabled, |
495 | loginuid, sid); | ||
437 | if (err < 0) return err; | 496 | if (err < 0) return err; |
438 | } | 497 | } |
439 | if (status_get->mask & AUDIT_STATUS_FAILURE) { | 498 | if (status_get->mask & AUDIT_STATUS_FAILURE) { |
440 | err = audit_set_failure(status_get->failure, loginuid); | 499 | err = audit_set_failure(status_get->failure, |
500 | loginuid, sid); | ||
441 | if (err < 0) return err; | 501 | if (err < 0) return err; |
442 | } | 502 | } |
443 | if (status_get->mask & AUDIT_STATUS_PID) { | 503 | if (status_get->mask & AUDIT_STATUS_PID) { |
444 | int old = audit_pid; | 504 | int old = audit_pid; |
505 | if (sid) { | ||
506 | char *ctx = NULL; | ||
507 | u32 len; | ||
508 | int rc; | ||
509 | if ((rc = selinux_ctxid_to_string( | ||
510 | sid, &ctx, &len))) | ||
511 | return rc; | ||
512 | else | ||
513 | audit_log(NULL, GFP_KERNEL, | ||
514 | AUDIT_CONFIG_CHANGE, | ||
515 | "audit_pid=%d old=%d by auid=%u subj=%s", | ||
516 | status_get->pid, old, | ||
517 | loginuid, ctx); | ||
518 | kfree(ctx); | ||
519 | } else | ||
520 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
521 | "audit_pid=%d old=%d by auid=%u", | ||
522 | status_get->pid, old, loginuid); | ||
445 | audit_pid = status_get->pid; | 523 | audit_pid = status_get->pid; |
446 | audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, | ||
447 | "audit_pid=%d old=%d by auid=%u", | ||
448 | audit_pid, old, loginuid); | ||
449 | } | 524 | } |
450 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) | 525 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) |
451 | audit_set_rate_limit(status_get->rate_limit, loginuid); | 526 | audit_set_rate_limit(status_get->rate_limit, |
527 | loginuid, sid); | ||
452 | if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) | 528 | if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) |
453 | audit_set_backlog_limit(status_get->backlog_limit, | 529 | audit_set_backlog_limit(status_get->backlog_limit, |
454 | loginuid); | 530 | loginuid, sid); |
455 | break; | 531 | break; |
456 | case AUDIT_USER: | 532 | case AUDIT_USER: |
457 | case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: | 533 | case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: |
@@ -465,8 +541,23 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
465 | ab = audit_log_start(NULL, GFP_KERNEL, msg_type); | 541 | ab = audit_log_start(NULL, GFP_KERNEL, msg_type); |
466 | if (ab) { | 542 | if (ab) { |
467 | audit_log_format(ab, | 543 | audit_log_format(ab, |
468 | "user pid=%d uid=%u auid=%u msg='%.1024s'", | 544 | "user pid=%d uid=%u auid=%u", |
469 | pid, uid, loginuid, (char *)data); | 545 | pid, uid, loginuid); |
546 | if (sid) { | ||
547 | char *ctx = NULL; | ||
548 | u32 len; | ||
549 | if (selinux_ctxid_to_string( | ||
550 | sid, &ctx, &len)) { | ||
551 | audit_log_format(ab, | ||
552 | " ssid=%u", sid); | ||
553 | /* Maybe call audit_panic? */ | ||
554 | } else | ||
555 | audit_log_format(ab, | ||
556 | " subj=%s", ctx); | ||
557 | kfree(ctx); | ||
558 | } | ||
559 | audit_log_format(ab, " msg='%.1024s'", | ||
560 | (char *)data); | ||
470 | audit_set_pid(ab, pid); | 561 | audit_set_pid(ab, pid); |
471 | audit_log_end(ab); | 562 | audit_log_end(ab); |
472 | } | 563 | } |
@@ -480,7 +571,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
480 | case AUDIT_LIST: | 571 | case AUDIT_LIST: |
481 | err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, | 572 | err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, |
482 | uid, seq, data, nlmsg_len(nlh), | 573 | uid, seq, data, nlmsg_len(nlh), |
483 | loginuid); | 574 | loginuid, sid); |
484 | break; | 575 | break; |
485 | case AUDIT_ADD_RULE: | 576 | case AUDIT_ADD_RULE: |
486 | case AUDIT_DEL_RULE: | 577 | case AUDIT_DEL_RULE: |
@@ -490,7 +581,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
490 | case AUDIT_LIST_RULES: | 581 | case AUDIT_LIST_RULES: |
491 | err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, | 582 | err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, |
492 | uid, seq, data, nlmsg_len(nlh), | 583 | uid, seq, data, nlmsg_len(nlh), |
493 | loginuid); | 584 | loginuid, sid); |
494 | break; | 585 | break; |
495 | case AUDIT_SIGNAL_INFO: | 586 | case AUDIT_SIGNAL_INFO: |
496 | sig_data.uid = audit_sig_uid; | 587 | sig_data.uid = audit_sig_uid; |
@@ -564,6 +655,11 @@ static int __init audit_init(void) | |||
564 | skb_queue_head_init(&audit_skb_queue); | 655 | skb_queue_head_init(&audit_skb_queue); |
565 | audit_initialized = 1; | 656 | audit_initialized = 1; |
566 | audit_enabled = audit_default; | 657 | audit_enabled = audit_default; |
658 | |||
659 | /* Register the callback with selinux. This callback will be invoked | ||
660 | * when a new policy is loaded. */ | ||
661 | selinux_audit_set_callback(&selinux_audit_rule_update); | ||
662 | |||
567 | audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized"); | 663 | audit_log(NULL, GFP_KERNEL, AUDIT_KERNEL, "initialized"); |
568 | return 0; | 664 | return 0; |
569 | } | 665 | } |