diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2007-03-20 13:58:35 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2007-05-11 05:38:25 -0400 |
| commit | a5cb013da773a67ee48d1c19e96436c22a73a7eb (patch) | |
| tree | 8832d105c4742674423bd50352b8a4805c44fecc /kernel/auditsc.c | |
| parent | 129a84de2347002f09721cda3155ccfd19fade40 (diff) | |
[PATCH] auditing ptrace
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel/auditsc.c')
| -rw-r--r-- | kernel/auditsc.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 628c7ac590a0..2243c559bc03 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -209,6 +209,9 @@ struct audit_context { | |||
| 209 | unsigned long personality; | 209 | unsigned long personality; |
| 210 | int arch; | 210 | int arch; |
| 211 | 211 | ||
| 212 | pid_t target_pid; | ||
| 213 | u32 target_sid; | ||
| 214 | |||
| 212 | #if AUDIT_DEBUG | 215 | #if AUDIT_DEBUG |
| 213 | int put_count; | 216 | int put_count; |
| 214 | int ino_count; | 217 | int ino_count; |
| @@ -973,6 +976,23 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
| 973 | audit_log_end(ab); | 976 | audit_log_end(ab); |
| 974 | } | 977 | } |
| 975 | 978 | ||
| 979 | if (context->target_pid) { | ||
| 980 | ab =audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); | ||
| 981 | if (ab) { | ||
| 982 | char *s = NULL, *t; | ||
| 983 | u32 len; | ||
| 984 | if (selinux_sid_to_string(context->target_sid, | ||
| 985 | &s, &len)) | ||
| 986 | t = "(none)"; | ||
| 987 | else | ||
| 988 | t = s; | ||
| 989 | audit_log_format(ab, "opid=%d obj=%s", | ||
| 990 | context->target_pid, t); | ||
| 991 | audit_log_end(ab); | ||
| 992 | kfree(s); | ||
| 993 | } | ||
| 994 | } | ||
| 995 | |||
| 976 | if (context->pwd && context->pwdmnt) { | 996 | if (context->pwd && context->pwdmnt) { |
| 977 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD); | 997 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD); |
| 978 | if (ab) { | 998 | if (ab) { |
| @@ -1193,6 +1213,7 @@ void audit_syscall_exit(int valid, long return_code) | |||
| 1193 | } else { | 1213 | } else { |
| 1194 | audit_free_names(context); | 1214 | audit_free_names(context); |
| 1195 | audit_free_aux(context); | 1215 | audit_free_aux(context); |
| 1216 | context->target_pid = 0; | ||
| 1196 | kfree(context->filterkey); | 1217 | kfree(context->filterkey); |
| 1197 | context->filterkey = NULL; | 1218 | context->filterkey = NULL; |
| 1198 | tsk->audit_context = context; | 1219 | tsk->audit_context = context; |
| @@ -1880,6 +1901,14 @@ int audit_sockaddr(int len, void *a) | |||
| 1880 | return 0; | 1901 | return 0; |
| 1881 | } | 1902 | } |
| 1882 | 1903 | ||
| 1904 | void __audit_ptrace(struct task_struct *t) | ||
| 1905 | { | ||
| 1906 | struct audit_context *context = current->audit_context; | ||
| 1907 | |||
| 1908 | context->target_pid = t->pid; | ||
| 1909 | selinux_get_task_sid(t, &context->target_sid); | ||
| 1910 | } | ||
| 1911 | |||
| 1883 | /** | 1912 | /** |
| 1884 | * audit_avc_path - record the granting or denial of permissions | 1913 | * audit_avc_path - record the granting or denial of permissions |
| 1885 | * @dentry: dentry to record | 1914 | * @dentry: dentry to record |