aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorDavid Woodhouse <dwmw2@shinybook.infradead.org>2005-05-17 07:08:48 -0400
committerDavid Woodhouse <dwmw2@shinybook.infradead.org>2005-05-17 07:08:48 -0400
commit3ec3b2fba526ead2fa3f3d7c91924f39a0733749 (patch)
tree12b9b3de4e0d5bb3c977ea3ef534ba4f7e556cb9 /kernel
parent69887ac1dcb79dfc773dabac2dd081fa6d6e2573 (diff)
AUDIT: Capture sys_socketcall arguments and sockaddrs
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/auditsc.c73
1 files changed, 71 insertions, 2 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 773d28a3f701..818778d5b6ad 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -34,7 +34,7 @@
34#include <asm/types.h> 34#include <asm/types.h>
35#include <linux/mm.h> 35#include <linux/mm.h>
36#include <linux/module.h> 36#include <linux/module.h>
37 37#include <linux/socket.h>
38#include <linux/audit.h> 38#include <linux/audit.h>
39#include <linux/personality.h> 39#include <linux/personality.h>
40#include <linux/time.h> 40#include <linux/time.h>
@@ -112,6 +112,18 @@ struct audit_aux_data_ipcctl {
112 mode_t mode; 112 mode_t mode;
113}; 113};
114 114
115struct audit_aux_data_socketcall {
116 struct audit_aux_data d;
117 int nargs;
118 unsigned long args[0];
119};
120
121struct audit_aux_data_sockaddr {
122 struct audit_aux_data d;
123 int len;
124 char a[0];
125};
126
115 127
116/* The per-task audit context. */ 128/* The per-task audit context. */
117struct audit_context { 129struct audit_context {
@@ -694,7 +706,22 @@ static void audit_log_exit(struct audit_context *context)
694 audit_log_format(ab, 706 audit_log_format(ab,
695 " qbytes=%lx iuid=%d igid=%d mode=%x", 707 " qbytes=%lx iuid=%d igid=%d mode=%x",
696 axi->qbytes, axi->uid, axi->gid, axi->mode); 708 axi->qbytes, axi->uid, axi->gid, axi->mode);
697 } 709 break; }
710
711 case AUDIT_SOCKETCALL: {
712 int i;
713 struct audit_aux_data_socketcall *axs = (void *)aux;
714 audit_log_format(ab, "nargs=%d", axs->nargs);
715 for (i=0; i<axs->nargs; i++)
716 audit_log_format(ab, " a%d=%lx", i, axs->args[i]);
717 break; }
718
719 case AUDIT_SOCKADDR: {
720 struct audit_aux_data_sockaddr *axs = (void *)aux;
721
722 audit_log_format(ab, "saddr=");
723 audit_log_hex(ab, axs->a, axs->len);
724 break; }
698 } 725 }
699 audit_log_end(ab); 726 audit_log_end(ab);
700 727
@@ -1053,6 +1080,48 @@ int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode)
1053 return 0; 1080 return 0;
1054} 1081}
1055 1082
1083int audit_socketcall(int nargs, unsigned long *args)
1084{
1085 struct audit_aux_data_socketcall *ax;
1086 struct audit_context *context = current->audit_context;
1087
1088 if (likely(!context))
1089 return 0;
1090
1091 ax = kmalloc(sizeof(*ax) + nargs * sizeof(unsigned long), GFP_KERNEL);
1092 if (!ax)
1093 return -ENOMEM;
1094
1095 ax->nargs = nargs;
1096 memcpy(ax->args, args, nargs * sizeof(unsigned long));
1097
1098 ax->d.type = AUDIT_SOCKETCALL;
1099 ax->d.next = context->aux;
1100 context->aux = (void *)ax;
1101 return 0;
1102}
1103
1104int audit_sockaddr(int len, void *a)
1105{
1106 struct audit_aux_data_sockaddr *ax;
1107 struct audit_context *context = current->audit_context;
1108
1109 if (likely(!context))
1110 return 0;
1111
1112 ax = kmalloc(sizeof(*ax) + len, GFP_KERNEL);
1113 if (!ax)
1114 return -ENOMEM;
1115
1116 ax->len = len;
1117 memcpy(ax->a, a, len);
1118
1119 ax->d.type = AUDIT_SOCKADDR;
1120 ax->d.next = context->aux;
1121 context->aux = (void *)ax;
1122 return 0;
1123}
1124
1056void audit_signal_info(int sig, struct task_struct *t) 1125void audit_signal_info(int sig, struct task_struct *t)
1057{ 1126{
1058 extern pid_t audit_sig_pid; 1127 extern pid_t audit_sig_pid;