aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/auditsc.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2012-10-03 00:38:48 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2012-10-03 00:38:48 -0400
commit88265322c14cce39f7afbc416726ef4fac413298 (patch)
treee4956f905ef617971f87788d8f8a09dbb66b70a3 /kernel/auditsc.c
parent65b99c74fdd325d1ffa2e5663295888704712604 (diff)
parentbf5308344527d015ac9a6d2bda4ad4d40fd7d943 (diff)
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull security subsystem updates from James Morris: "Highlights: - Integrity: add local fs integrity verification to detect offline attacks - Integrity: add digital signature verification - Simple stacking of Yama with other LSMs (per LSS discussions) - IBM vTPM support on ppc64 - Add new driver for Infineon I2C TIS TPM - Smack: add rule revocation for subject labels" Fixed conflicts with the user namespace support in kernel/auditsc.c and security/integrity/ima/ima_policy.c. * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (39 commits) Documentation: Update git repository URL for Smack userland tools ima: change flags container data type Smack: setprocattr memory leak fix Smack: implement revoking all rules for a subject label Smack: remove task_wait() hook. ima: audit log hashes ima: generic IMA action flag handling ima: rename ima_must_appraise_or_measure audit: export audit_log_task_info tpm: fix tpm_acpi sparse warning on different address spaces samples/seccomp: fix 31 bit build on s390 ima: digital signature verification support ima: add support for different security.ima data types ima: add ima_inode_setxattr/removexattr function and calls ima: add inode_post_setattr call ima: replace iint spinblock with rwlock/read_lock ima: allocating iint improvements ima: add appraise action keywords and default rules ima: integrity appraisal extension vfs: move ima_file_free before releasing the file ...
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r--kernel/auditsc.c85
1 files changed, 40 insertions, 45 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index ff4798fcb488..29e090cc0e46 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1146,13 +1146,44 @@ error_path:
1146 1146
1147EXPORT_SYMBOL(audit_log_task_context); 1147EXPORT_SYMBOL(audit_log_task_context);
1148 1148
1149static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) 1149void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
1150{ 1150{
1151 const struct cred *cred;
1151 char name[sizeof(tsk->comm)]; 1152 char name[sizeof(tsk->comm)];
1152 struct mm_struct *mm = tsk->mm; 1153 struct mm_struct *mm = tsk->mm;
1153 struct vm_area_struct *vma; 1154 struct vm_area_struct *vma;
1155 char *tty;
1156
1157 if (!ab)
1158 return;
1154 1159
1155 /* tsk == current */ 1160 /* tsk == current */
1161 cred = current_cred();
1162
1163 spin_lock_irq(&tsk->sighand->siglock);
1164 if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
1165 tty = tsk->signal->tty->name;
1166 else
1167 tty = "(none)";
1168 spin_unlock_irq(&tsk->sighand->siglock);
1169
1170
1171 audit_log_format(ab,
1172 " ppid=%ld pid=%d auid=%u uid=%u gid=%u"
1173 " euid=%u suid=%u fsuid=%u"
1174 " egid=%u sgid=%u fsgid=%u ses=%u tty=%s",
1175 sys_getppid(),
1176 tsk->pid,
1177 from_kuid(&init_user_ns, tsk->loginuid),
1178 from_kuid(&init_user_ns, cred->uid),
1179 from_kgid(&init_user_ns, cred->gid),
1180 from_kuid(&init_user_ns, cred->euid),
1181 from_kuid(&init_user_ns, cred->suid),
1182 from_kuid(&init_user_ns, cred->fsuid),
1183 from_kgid(&init_user_ns, cred->egid),
1184 from_kgid(&init_user_ns, cred->sgid),
1185 from_kgid(&init_user_ns, cred->fsgid),
1186 tsk->sessionid, tty);
1156 1187
1157 get_task_comm(name, tsk); 1188 get_task_comm(name, tsk);
1158 audit_log_format(ab, " comm="); 1189 audit_log_format(ab, " comm=");
@@ -1175,6 +1206,8 @@ static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk
1175 audit_log_task_context(ab); 1206 audit_log_task_context(ab);
1176} 1207}
1177 1208
1209EXPORT_SYMBOL(audit_log_task_info);
1210
1178static int audit_log_pid_context(struct audit_context *context, pid_t pid, 1211static int audit_log_pid_context(struct audit_context *context, pid_t pid,
1179 kuid_t auid, kuid_t uid, unsigned int sessionid, 1212 kuid_t auid, kuid_t uid, unsigned int sessionid,
1180 u32 sid, char *comm) 1213 u32 sid, char *comm)
@@ -1580,26 +1613,12 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
1580 1613
1581static void audit_log_exit(struct audit_context *context, struct task_struct *tsk) 1614static void audit_log_exit(struct audit_context *context, struct task_struct *tsk)
1582{ 1615{
1583 const struct cred *cred;
1584 int i, call_panic = 0; 1616 int i, call_panic = 0;
1585 struct audit_buffer *ab; 1617 struct audit_buffer *ab;
1586 struct audit_aux_data *aux; 1618 struct audit_aux_data *aux;
1587 const char *tty;
1588 struct audit_names *n; 1619 struct audit_names *n;
1589 1620
1590 /* tsk == current */ 1621 /* tsk == current */
1591 context->pid = tsk->pid;
1592 if (!context->ppid)
1593 context->ppid = sys_getppid();
1594 cred = current_cred();
1595 context->uid = cred->uid;
1596 context->gid = cred->gid;
1597 context->euid = cred->euid;
1598 context->suid = cred->suid;
1599 context->fsuid = cred->fsuid;
1600 context->egid = cred->egid;
1601 context->sgid = cred->sgid;
1602 context->fsgid = cred->fsgid;
1603 context->personality = tsk->personality; 1622 context->personality = tsk->personality;
1604 1623
1605 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL); 1624 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL);
@@ -1614,37 +1633,13 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
1614 (context->return_valid==AUDITSC_SUCCESS)?"yes":"no", 1633 (context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
1615 context->return_code); 1634 context->return_code);
1616 1635
1617 spin_lock_irq(&tsk->sighand->siglock);
1618 if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
1619 tty = tsk->signal->tty->name;
1620 else
1621 tty = "(none)";
1622 spin_unlock_irq(&tsk->sighand->siglock);
1623
1624 audit_log_format(ab, 1636 audit_log_format(ab,
1625 " a0=%lx a1=%lx a2=%lx a3=%lx items=%d" 1637 " a0=%lx a1=%lx a2=%lx a3=%lx items=%d",
1626 " ppid=%d pid=%d auid=%u uid=%u gid=%u" 1638 context->argv[0],
1627 " euid=%u suid=%u fsuid=%u" 1639 context->argv[1],
1628 " egid=%u sgid=%u fsgid=%u tty=%s ses=%u", 1640 context->argv[2],
1629 context->argv[0], 1641 context->argv[3],
1630 context->argv[1], 1642 context->name_count);
1631 context->argv[2],
1632 context->argv[3],
1633 context->name_count,
1634 context->ppid,
1635 context->pid,
1636 from_kuid(&init_user_ns, tsk->loginuid),
1637 from_kuid(&init_user_ns, context->uid),
1638 from_kgid(&init_user_ns, context->gid),
1639 from_kuid(&init_user_ns, context->euid),
1640 from_kuid(&init_user_ns, context->suid),
1641 from_kuid(&init_user_ns, context->fsuid),
1642 from_kgid(&init_user_ns, context->egid),
1643 from_kgid(&init_user_ns, context->sgid),
1644 from_kgid(&init_user_ns, context->fsgid),
1645 tty,
1646 tsk->sessionid);
1647
1648 1643
1649 audit_log_task_info(ab, tsk); 1644 audit_log_task_info(ab, tsk);
1650 audit_log_key(ab, context->filterkey); 1645 audit_log_key(ab, context->filterkey);
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-01 21:24:24 -0400