audit: export audit_log_task_info

At the suggestion of eparis@redhat.com, move this chunk of task logging from audit_log_exit to audit_log_task_info and export this function so it's usuable elsewhere in the kernel. This patch is against git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity#next-ima-appraisal Changelog v2: - add empty audit_log_task_info if CONFIG_AUDITSYSCALL isn't set. Changelog v1: - Initial post. Signed-off-by: Peter Moody <pmoody@google.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
author: Peter Moody <pmoody@google.com> 2012-06-14 13:04:35 -0400
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> 2012-09-12 07:28:05 -0400
commit: e23eb920b0f3978687c497de2ac3eb9e281dab32 (patch)
tree: c4b2a7765b330a901d0f9c6ff30b14855ddab088 /kernel/auditsc.c
parent: a40695edad6a69561b299272028c172e2d981666 (diff)
1 files changed, 34 insertions, 40 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 4b96415527b8..37f52f27828d 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1154,13 +1154,38 @@ error_path:
 EXPORT_SYMBOL(audit_log_task_context);
-static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
+void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
 {
+        const struct cred *cred;
        char name[sizeof(tsk->comm)];
        struct mm_struct *mm = tsk->mm;
        struct vm_area_struct *vma;
+        char *tty;
+        if (!ab)
+                return;
        /* tsk == current */
+        cred = current_cred();
+        spin_lock_irq(&tsk->sighand->siglock);
+        if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
+                tty = tsk->signal->tty->name;
+        else
+                tty = "(none)";
+        spin_unlock_irq(&tsk->sighand->siglock);
+        audit_log_format(ab,
+                         " ppid=%ld pid=%d auid=%u uid=%u gid=%u"
+                         " euid=%u suid=%u fsuid=%u"
+                         " egid=%u sgid=%u fsgid=%u ses=%u tty=%s",
+                         sys_getppid(),
+                         tsk->pid,
+                         tsk->loginuid, cred->uid, cred->gid,
+                         cred->euid, cred->suid, cred->fsuid,
+                         cred->egid, cred->sgid, cred->fsgid,
+                         tsk->sessionid, tty);
        get_task_comm(name, tsk);
        audit_log_format(ab, " comm=");
@@ -1183,6 +1208,8 @@ static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk
        audit_log_task_context(ab);
 }
+EXPORT_SYMBOL(audit_log_task_info);
 static int audit_log_pid_context(struct audit_context *context, pid_t pid,
                                 uid_t auid, uid_t uid, unsigned int sessionid,
                                 u32 sid, char *comm)
@@ -1585,26 +1612,12 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
 static void audit_log_exit(struct audit_context *context, struct task_struct *tsk)
 {
-        const struct cred *cred;
        int i, call_panic = 0;
        struct audit_buffer *ab;
        struct audit_aux_data *aux;
-        const char *tty;
        struct audit_names *n;
        /* tsk == current */
-        context->pid = tsk->pid;
-        if (!context->ppid)
-                context->ppid = sys_getppid();
-        cred = current_cred();
-        context->uid   = cred->uid;
-        context->gid   = cred->gid;
-        context->euid  = cred->euid;
-        context->suid  = cred->suid;
-        context->fsuid = cred->fsuid;
-        context->egid  = cred->egid;
-        context->sgid  = cred->sgid;
-        context->fsgid = cred->fsgid;
        context->personality = tsk->personality;
        ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL);
@@ -1619,32 +1632,13 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
                                 (context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
                                 context->return_code);
-        spin_lock_irq(&tsk->sighand->siglock);
-        if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
-                tty = tsk->signal->tty->name;
-        else
-                tty = "(none)";
-        spin_unlock_irq(&tsk->sighand->siglock);
        audit_log_format(ab,
-                  " a0=%lx a1=%lx a2=%lx a3=%lx items=%d"
+                         " a0=%lx a1=%lx a2=%lx a3=%lx items=%d",
-                  " ppid=%d pid=%d auid=%u uid=%u gid=%u"
+                         context->argv[0],
-                  " euid=%u suid=%u fsuid=%u"
+                         context->argv[1],
-                  " egid=%u sgid=%u fsgid=%u tty=%s ses=%u",
+                         context->argv[2],
-                  context->argv[0],
+                         context->argv[3],
-                  context->argv[1],
+                         context->name_count);
-                  context->argv[2],
-                  context->argv[3],
-                  context->name_count,
-                  context->ppid,
-                  context->pid,
-                  tsk->loginuid,
-                  context->uid,
-                  context->gid,
-                  context->euid, context->suid, context->fsuid,
-                  context->egid, context->sgid, context->fsgid, tty,
-                  tsk->sessionid);
        audit_log_task_info(ab, tsk);
        audit_log_key(ab, context->filterkey);
author	Peter Moody <pmoody@google.com>	2012-06-14 13:04:35 -0400
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2012-09-12 07:28:05 -0400
commit	e23eb920b0f3978687c497de2ac3eb9e281dab32 (patch)
tree	c4b2a7765b330a901d0f9c6ff30b14855ddab088 /kernel/auditsc.c
parent	a40695edad6a69561b299272028c172e2d981666 (diff)