diff options
| author | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-06-19 14:35:50 -0400 |
|---|---|---|
| committer | David Woodhouse <dwmw2@shinybook.infradead.org> | 2005-06-19 14:35:50 -0400 |
| commit | 0f45aa18e65cf3d768082d7d86054a0d2a20bb18 (patch) | |
| tree | 6e94dfcd813061f5a710b5621e1b2f5a01a95533 /kernel/audit.c | |
| parent | 0107b3cf3225aed6ddde4fa8dbcd4ed643b34f4d (diff) | |
AUDIT: Allow filtering of user messages
Turn the field from a bitmask to an enumeration and add a list to allow
filtering of messages generated by userspace. We also define a list for
file system watches in anticipation of that feature.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'kernel/audit.c')
| -rw-r--r-- | kernel/audit.c | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index ef35166fdc29..f0bbfe073136 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
| @@ -107,13 +107,6 @@ static struct sk_buff_head audit_skb_queue; | |||
| 107 | static struct task_struct *kauditd_task; | 107 | static struct task_struct *kauditd_task; |
| 108 | static DECLARE_WAIT_QUEUE_HEAD(kauditd_wait); | 108 | static DECLARE_WAIT_QUEUE_HEAD(kauditd_wait); |
| 109 | 109 | ||
| 110 | /* There are three lists of rules -- one to search at task creation | ||
| 111 | * time, one to search at syscall entry time, and another to search at | ||
| 112 | * syscall exit time. */ | ||
| 113 | static LIST_HEAD(audit_tsklist); | ||
| 114 | static LIST_HEAD(audit_entlist); | ||
| 115 | static LIST_HEAD(audit_extlist); | ||
| 116 | |||
| 117 | /* The netlink socket is only to be read by 1 CPU, which lets us assume | 110 | /* The netlink socket is only to be read by 1 CPU, which lets us assume |
| 118 | * that list additions and deletions never happen simultaneously in | 111 | * that list additions and deletions never happen simultaneously in |
| 119 | * auditsc.c */ | 112 | * auditsc.c */ |
| @@ -376,6 +369,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 376 | u16 msg_type = nlh->nlmsg_type; | 369 | u16 msg_type = nlh->nlmsg_type; |
| 377 | uid_t loginuid; /* loginuid of sender */ | 370 | uid_t loginuid; /* loginuid of sender */ |
| 378 | struct audit_sig_info sig_data; | 371 | struct audit_sig_info sig_data; |
| 372 | struct task_struct *tsk; | ||
| 379 | 373 | ||
| 380 | err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type); | 374 | err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type); |
| 381 | if (err) | 375 | if (err) |
| @@ -435,15 +429,25 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
| 435 | break; | 429 | break; |
| 436 | case AUDIT_USER: | 430 | case AUDIT_USER: |
| 437 | case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: | 431 | case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: |
| 438 | ab = audit_log_start(NULL, msg_type); | 432 | read_lock(&tasklist_lock); |
| 439 | if (!ab) | 433 | tsk = find_task_by_pid(pid); |
| 440 | break; /* audit_panic has been called */ | 434 | if (tsk) |
| 441 | audit_log_format(ab, | 435 | get_task_struct(tsk); |
| 442 | "user pid=%d uid=%u auid=%u" | 436 | read_unlock(&tasklist_lock); |
| 443 | " msg='%.1024s'", | 437 | if (!tsk) |
| 444 | pid, uid, loginuid, (char *)data); | 438 | return -ESRCH; |
| 445 | audit_set_pid(ab, pid); | 439 | |
| 446 | audit_log_end(ab); | 440 | if (audit_filter_user(tsk, msg_type)) { |
| 441 | ab = audit_log_start(NULL, msg_type); | ||
| 442 | if (ab) { | ||
| 443 | audit_log_format(ab, | ||
| 444 | "user pid=%d uid=%u auid=%u msg='%.1024s'", | ||
| 445 | pid, uid, loginuid, (char *)data); | ||
| 446 | audit_set_pid(ab, pid); | ||
| 447 | audit_log_end(ab); | ||
| 448 | } | ||
| 449 | } | ||
| 450 | put_task_struct(tsk); | ||
| 447 | break; | 451 | break; |
| 448 | case AUDIT_ADD: | 452 | case AUDIT_ADD: |
| 449 | case AUDIT_DEL: | 453 | case AUDIT_DEL: |