aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2008-12-10 03:47:15 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2009-01-04 15:14:40 -0500
commite816f370cbadd2afea9f1a42f232d0636137d563 (patch)
tree8a9fe488ced59cd9864fcbf15292641c3b95143c /kernel
parenta33e6751003c5ade603737d828b1519d980ce392 (diff)
sanitize audit_ipc_set_perm()
* get rid of allocations * make it return void * simplify callers Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/auditsc.c59
1 files changed, 26 insertions, 33 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 73504313264f..fbed62e05bce 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -151,16 +151,6 @@ struct audit_aux_data_mq_getsetattr {
151 struct mq_attr mqstat; 151 struct mq_attr mqstat;
152}; 152};
153 153
154struct audit_aux_data_ipcctl {
155 struct audit_aux_data d;
156 struct ipc_perm p;
157 unsigned long qbytes;
158 uid_t uid;
159 gid_t gid;
160 mode_t mode;
161 u32 osid;
162};
163
164struct audit_aux_data_execve { 154struct audit_aux_data_execve {
165 struct audit_aux_data d; 155 struct audit_aux_data d;
166 int argc; 156 int argc;
@@ -252,6 +242,11 @@ struct audit_context {
252 gid_t gid; 242 gid_t gid;
253 mode_t mode; 243 mode_t mode;
254 u32 osid; 244 u32 osid;
245 int has_perm;
246 uid_t perm_uid;
247 gid_t perm_gid;
248 mode_t perm_mode;
249 unsigned long qbytes;
255 } ipc; 250 } ipc;
256 }; 251 };
257 252
@@ -1260,6 +1255,19 @@ static void show_special(struct audit_context *context, int *call_panic)
1260 security_release_secctx(ctx, len); 1255 security_release_secctx(ctx, len);
1261 } 1256 }
1262 } 1257 }
1258 if (context->ipc.has_perm) {
1259 audit_log_end(ab);
1260 ab = audit_log_start(context, GFP_KERNEL,
1261 AUDIT_IPC_SET_PERM);
1262 audit_log_format(ab,
1263 "qbytes=%lx ouid=%u ogid=%u mode=%#o",
1264 context->ipc.qbytes,
1265 context->ipc.perm_uid,
1266 context->ipc.perm_gid,
1267 context->ipc.perm_mode);
1268 if (!ab)
1269 return;
1270 }
1263 break; } 1271 break; }
1264 } 1272 }
1265 audit_log_end(ab); 1273 audit_log_end(ab);
@@ -1379,13 +1387,6 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
1379 axi->mqstat.mq_msgsize, axi->mqstat.mq_curmsgs); 1387 axi->mqstat.mq_msgsize, axi->mqstat.mq_curmsgs);
1380 break; } 1388 break; }
1381 1389
1382 case AUDIT_IPC_SET_PERM: {
1383 struct audit_aux_data_ipcctl *axi = (void *)aux;
1384 audit_log_format(ab,
1385 "qbytes=%lx ouid=%u ogid=%u mode=%#o",
1386 axi->qbytes, axi->uid, axi->gid, axi->mode);
1387 break; }
1388
1389 case AUDIT_EXECVE: { 1390 case AUDIT_EXECVE: {
1390 struct audit_aux_data_execve *axi = (void *)aux; 1391 struct audit_aux_data_execve *axi = (void *)aux;
1391 audit_log_execve_info(context, &ab, axi); 1392 audit_log_execve_info(context, &ab, axi);
@@ -2352,6 +2353,7 @@ void __audit_ipc_obj(struct kern_ipc_perm *ipcp)
2352 context->ipc.uid = ipcp->uid; 2353 context->ipc.uid = ipcp->uid;
2353 context->ipc.gid = ipcp->gid; 2354 context->ipc.gid = ipcp->gid;
2354 context->ipc.mode = ipcp->mode; 2355 context->ipc.mode = ipcp->mode;
2356 context->ipc.has_perm = 0;
2355 security_ipc_getsecid(ipcp, &context->ipc.osid); 2357 security_ipc_getsecid(ipcp, &context->ipc.osid);
2356 context->type = AUDIT_IPC; 2358 context->type = AUDIT_IPC;
2357} 2359}
@@ -2363,26 +2365,17 @@ void __audit_ipc_obj(struct kern_ipc_perm *ipcp)
2363 * @gid: msgq group id 2365 * @gid: msgq group id
2364 * @mode: msgq mode (permissions) 2366 * @mode: msgq mode (permissions)
2365 * 2367 *
2366 * Returns 0 for success or NULL context or < 0 on error. 2368 * Called only after audit_ipc_obj().
2367 */ 2369 */
2368int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode) 2370void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode)
2369{ 2371{
2370 struct audit_aux_data_ipcctl *ax;
2371 struct audit_context *context = current->audit_context; 2372 struct audit_context *context = current->audit_context;
2372 2373
2373 ax = kmalloc(sizeof(*ax), GFP_ATOMIC); 2374 context->ipc.qbytes = qbytes;
2374 if (!ax) 2375 context->ipc.perm_uid = uid;
2375 return -ENOMEM; 2376 context->ipc.perm_gid = gid;
2376 2377 context->ipc.perm_mode = mode;
2377 ax->qbytes = qbytes; 2378 context->ipc.has_perm = 1;
2378 ax->uid = uid;
2379 ax->gid = gid;
2380 ax->mode = mode;
2381
2382 ax->d.type = AUDIT_IPC_SET_PERM;
2383 ax->d.next = context->aux;
2384 context->aux = (void *)ax;
2385 return 0;
2386} 2379}
2387 2380
2388int audit_bprm(struct linux_binprm *bprm) 2381int audit_bprm(struct linux_binprm *bprm)