AUDIT: Capture sys_socketcall arguments and sockaddrs

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
author: David Woodhouse <dwmw2@shinybook.infradead.org> 2005-05-17 07:08:48 -0400
committer: David Woodhouse <dwmw2@shinybook.infradead.org> 2005-05-17 07:08:48 -0400
commit: 3ec3b2fba526ead2fa3f3d7c91924f39a0733749 (patch)
tree: 12b9b3de4e0d5bb3c977ea3ef534ba4f7e556cb9 /kernel/auditsc.c
parent: 69887ac1dcb79dfc773dabac2dd081fa6d6e2573 (diff)
1 files changed, 71 insertions, 2 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 773d28a3f701..818778d5b6ad 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -34,7 +34,7 @@
 #include <asm/types.h>
 #include <linux/mm.h>
 #include <linux/module.h>
+#include <linux/socket.h>
 #include <linux/audit.h>
 #include <linux/personality.h>
 #include <linux/time.h>
@@ -112,6 +112,18 @@ struct audit_aux_data_ipcctl {
        mode_t                  mode;
 };
+struct audit_aux_data_socketcall {
+        struct audit_aux_data   d;
+        int                     nargs;
+        unsigned long           args[0];
+};
+struct audit_aux_data_sockaddr {
+        struct audit_aux_data   d;
+        int                     len;
+        char                    a[0];
+};
 /* The per-task audit context. */
 struct audit_context {
@@ -694,7 +706,22 @@ static void audit_log_exit(struct audit_context *context)
                        audit_log_format(ab, 
                                         " qbytes=%lx iuid=%d igid=%d mode=%x",
                                         axi->qbytes, axi->uid, axi->gid, axi->mode);
-                        }
+                        break; }
+                case AUDIT_SOCKETCALL: {
+                        int i;
+                        struct audit_aux_data_socketcall *axs = (void *)aux;
+                        audit_log_format(ab, "nargs=%d", axs->nargs);
+                        for (i=0; i<axs->nargs; i++)
+                                audit_log_format(ab, " a%d=%lx", i, axs->args[i]);
+                        break; }
+                case AUDIT_SOCKADDR: {
+                        struct audit_aux_data_sockaddr *axs = (void *)aux;
+                        audit_log_format(ab, "saddr=");
+                        audit_log_hex(ab, axs->a, axs->len);
+                        break; }
                }
                audit_log_end(ab);
@@ -1053,6 +1080,48 @@ int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode)
        return 0;
 }
+int audit_socketcall(int nargs, unsigned long *args)
+{
+        struct audit_aux_data_socketcall *ax;
+        struct audit_context *context = current->audit_context;
+        if (likely(!context))
+                return 0;
+        ax = kmalloc(sizeof(*ax) + nargs * sizeof(unsigned long), GFP_KERNEL);
+        if (!ax)
+                return -ENOMEM;
+        ax->nargs = nargs;
+        memcpy(ax->args, args, nargs * sizeof(unsigned long));
+        ax->d.type = AUDIT_SOCKETCALL;
+        ax->d.next = context->aux;
+        context->aux = (void *)ax;
+        return 0;
+}
+int audit_sockaddr(int len, void *a)
+{
+        struct audit_aux_data_sockaddr *ax;
+        struct audit_context *context = current->audit_context;
+        if (likely(!context))
+                return 0;
+        ax = kmalloc(sizeof(*ax) + len, GFP_KERNEL);
+        if (!ax)
+                return -ENOMEM;
+        ax->len = len;
+        memcpy(ax->a, a, len);
+        ax->d.type = AUDIT_SOCKADDR;
+        ax->d.next = context->aux;
+        context->aux = (void *)ax;
+        return 0;
+}
 void audit_signal_info(int sig, struct task_struct *t)
 {
        extern pid_t audit_sig_pid;
author	David Woodhouse <dwmw2@shinybook.infradead.org>	2005-05-17 07:08:48 -0400
committer	David Woodhouse <dwmw2@shinybook.infradead.org>	2005-05-17 07:08:48 -0400
commit	3ec3b2fba526ead2fa3f3d7c91924f39a0733749 (patch)
tree	12b9b3de4e0d5bb3c977ea3ef534ba4f7e556cb9 /kernel/auditsc.c
parent	69887ac1dcb79dfc773dabac2dd081fa6d6e2573 (diff)

diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 773d28a3f701..818778d5b6ad 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c
@@ -34,7 +34,7 @@
34	#include <asm/types.h>	34	#include <asm/types.h>
35	#include <linux/mm.h>	35	#include <linux/mm.h>
36	#include <linux/module.h>	36	#include <linux/module.h>
37		37	#include <linux/socket.h>
38	#include <linux/audit.h>	38	#include <linux/audit.h>
39	#include <linux/personality.h>	39	#include <linux/personality.h>
40	#include <linux/time.h>	40	#include <linux/time.h>
@@ -112,6 +112,18 @@ struct audit_aux_data_ipcctl {
112	mode_t mode;	112	mode_t mode;
113	};	113	};
114		114
		115	struct audit_aux_data_socketcall {
		116	struct audit_aux_data d;
		117	int nargs;
		118	unsigned long args[0];
		119	};
		120
		121	struct audit_aux_data_sockaddr {
		122	struct audit_aux_data d;
		123	int len;
		124	char a[0];
		125	};
		126
115		127
116	/* The per-task audit context. */	128	/* The per-task audit context. */
117	struct audit_context {	129	struct audit_context {
@@ -694,7 +706,22 @@ static void audit_log_exit(struct audit_context *context)
694	audit_log_format(ab,	706	audit_log_format(ab,
695	" qbytes=%lx iuid=%d igid=%d mode=%x",	707	" qbytes=%lx iuid=%d igid=%d mode=%x",
696	axi->qbytes, axi->uid, axi->gid, axi->mode);	708	axi->qbytes, axi->uid, axi->gid, axi->mode);
697	}	709	break; }
		710
		711	case AUDIT_SOCKETCALL: {
		712	int i;
		713	struct audit_aux_data_socketcall axs = (void )aux;
		714	audit_log_format(ab, "nargs=%d", axs->nargs);
		715	for (i=0; i<axs->nargs; i++)
		716	audit_log_format(ab, " a%d=%lx", i, axs->args[i]);
		717	break; }
		718
		719	case AUDIT_SOCKADDR: {
		720	struct audit_aux_data_sockaddr axs = (void )aux;
		721
		722	audit_log_format(ab, "saddr=");
		723	audit_log_hex(ab, axs->a, axs->len);
		724	break; }
698	}	725	}
699	audit_log_end(ab);	726	audit_log_end(ab);
700		727
@@ -1053,6 +1080,48 @@ int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode)
1053	return 0;	1080	return 0;
1054	}	1081	}
1055		1082
		1083	int audit_socketcall(int nargs, unsigned long *args)
		1084	{
		1085	struct audit_aux_data_socketcall *ax;
		1086	struct audit_context *context = current->audit_context;
		1087
		1088	if (likely(!context))
		1089	return 0;
		1090
		1091	ax = kmalloc(sizeof(ax) + nargs sizeof(unsigned long), GFP_KERNEL);
		1092	if (!ax)
		1093	return -ENOMEM;
		1094
		1095	ax->nargs = nargs;
		1096	memcpy(ax->args, args, nargs * sizeof(unsigned long));
		1097
		1098	ax->d.type = AUDIT_SOCKETCALL;
		1099	ax->d.next = context->aux;
		1100	context->aux = (void *)ax;
		1101	return 0;
		1102	}
		1103
		1104	int audit_sockaddr(int len, void *a)
		1105	{
		1106	struct audit_aux_data_sockaddr *ax;
		1107	struct audit_context *context = current->audit_context;
		1108
		1109	if (likely(!context))
		1110	return 0;
		1111
		1112	ax = kmalloc(sizeof(*ax) + len, GFP_KERNEL);
		1113	if (!ax)
		1114	return -ENOMEM;
		1115
		1116	ax->len = len;
		1117	memcpy(ax->a, a, len);
		1118
		1119	ax->d.type = AUDIT_SOCKADDR;
		1120	ax->d.next = context->aux;
		1121	context->aux = (void *)ax;
		1122	return 0;
		1123	}
		1124
1056	void audit_signal_info(int sig, struct task_struct *t)	1125	void audit_signal_info(int sig, struct task_struct *t)
1057	{	1126	{
1058	extern pid_t audit_sig_pid;	1127	extern pid_t audit_sig_pid;