diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2008-12-10 03:47:15 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2009-01-04 15:14:40 -0500 |
commit | e816f370cbadd2afea9f1a42f232d0636137d563 (patch) | |
tree | 8a9fe488ced59cd9864fcbf15292641c3b95143c /kernel | |
parent | a33e6751003c5ade603737d828b1519d980ce392 (diff) |
sanitize audit_ipc_set_perm()
* get rid of allocations
* make it return void
* simplify callers
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/auditsc.c | 59 |
1 files changed, 26 insertions, 33 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 73504313264f..fbed62e05bce 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -151,16 +151,6 @@ struct audit_aux_data_mq_getsetattr { | |||
151 | struct mq_attr mqstat; | 151 | struct mq_attr mqstat; |
152 | }; | 152 | }; |
153 | 153 | ||
154 | struct audit_aux_data_ipcctl { | ||
155 | struct audit_aux_data d; | ||
156 | struct ipc_perm p; | ||
157 | unsigned long qbytes; | ||
158 | uid_t uid; | ||
159 | gid_t gid; | ||
160 | mode_t mode; | ||
161 | u32 osid; | ||
162 | }; | ||
163 | |||
164 | struct audit_aux_data_execve { | 154 | struct audit_aux_data_execve { |
165 | struct audit_aux_data d; | 155 | struct audit_aux_data d; |
166 | int argc; | 156 | int argc; |
@@ -252,6 +242,11 @@ struct audit_context { | |||
252 | gid_t gid; | 242 | gid_t gid; |
253 | mode_t mode; | 243 | mode_t mode; |
254 | u32 osid; | 244 | u32 osid; |
245 | int has_perm; | ||
246 | uid_t perm_uid; | ||
247 | gid_t perm_gid; | ||
248 | mode_t perm_mode; | ||
249 | unsigned long qbytes; | ||
255 | } ipc; | 250 | } ipc; |
256 | }; | 251 | }; |
257 | 252 | ||
@@ -1260,6 +1255,19 @@ static void show_special(struct audit_context *context, int *call_panic) | |||
1260 | security_release_secctx(ctx, len); | 1255 | security_release_secctx(ctx, len); |
1261 | } | 1256 | } |
1262 | } | 1257 | } |
1258 | if (context->ipc.has_perm) { | ||
1259 | audit_log_end(ab); | ||
1260 | ab = audit_log_start(context, GFP_KERNEL, | ||
1261 | AUDIT_IPC_SET_PERM); | ||
1262 | audit_log_format(ab, | ||
1263 | "qbytes=%lx ouid=%u ogid=%u mode=%#o", | ||
1264 | context->ipc.qbytes, | ||
1265 | context->ipc.perm_uid, | ||
1266 | context->ipc.perm_gid, | ||
1267 | context->ipc.perm_mode); | ||
1268 | if (!ab) | ||
1269 | return; | ||
1270 | } | ||
1263 | break; } | 1271 | break; } |
1264 | } | 1272 | } |
1265 | audit_log_end(ab); | 1273 | audit_log_end(ab); |
@@ -1379,13 +1387,6 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
1379 | axi->mqstat.mq_msgsize, axi->mqstat.mq_curmsgs); | 1387 | axi->mqstat.mq_msgsize, axi->mqstat.mq_curmsgs); |
1380 | break; } | 1388 | break; } |
1381 | 1389 | ||
1382 | case AUDIT_IPC_SET_PERM: { | ||
1383 | struct audit_aux_data_ipcctl *axi = (void *)aux; | ||
1384 | audit_log_format(ab, | ||
1385 | "qbytes=%lx ouid=%u ogid=%u mode=%#o", | ||
1386 | axi->qbytes, axi->uid, axi->gid, axi->mode); | ||
1387 | break; } | ||
1388 | |||
1389 | case AUDIT_EXECVE: { | 1390 | case AUDIT_EXECVE: { |
1390 | struct audit_aux_data_execve *axi = (void *)aux; | 1391 | struct audit_aux_data_execve *axi = (void *)aux; |
1391 | audit_log_execve_info(context, &ab, axi); | 1392 | audit_log_execve_info(context, &ab, axi); |
@@ -2352,6 +2353,7 @@ void __audit_ipc_obj(struct kern_ipc_perm *ipcp) | |||
2352 | context->ipc.uid = ipcp->uid; | 2353 | context->ipc.uid = ipcp->uid; |
2353 | context->ipc.gid = ipcp->gid; | 2354 | context->ipc.gid = ipcp->gid; |
2354 | context->ipc.mode = ipcp->mode; | 2355 | context->ipc.mode = ipcp->mode; |
2356 | context->ipc.has_perm = 0; | ||
2355 | security_ipc_getsecid(ipcp, &context->ipc.osid); | 2357 | security_ipc_getsecid(ipcp, &context->ipc.osid); |
2356 | context->type = AUDIT_IPC; | 2358 | context->type = AUDIT_IPC; |
2357 | } | 2359 | } |
@@ -2363,26 +2365,17 @@ void __audit_ipc_obj(struct kern_ipc_perm *ipcp) | |||
2363 | * @gid: msgq group id | 2365 | * @gid: msgq group id |
2364 | * @mode: msgq mode (permissions) | 2366 | * @mode: msgq mode (permissions) |
2365 | * | 2367 | * |
2366 | * Returns 0 for success or NULL context or < 0 on error. | 2368 | * Called only after audit_ipc_obj(). |
2367 | */ | 2369 | */ |
2368 | int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode) | 2370 | void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode) |
2369 | { | 2371 | { |
2370 | struct audit_aux_data_ipcctl *ax; | ||
2371 | struct audit_context *context = current->audit_context; | 2372 | struct audit_context *context = current->audit_context; |
2372 | 2373 | ||
2373 | ax = kmalloc(sizeof(*ax), GFP_ATOMIC); | 2374 | context->ipc.qbytes = qbytes; |
2374 | if (!ax) | 2375 | context->ipc.perm_uid = uid; |
2375 | return -ENOMEM; | 2376 | context->ipc.perm_gid = gid; |
2376 | 2377 | context->ipc.perm_mode = mode; | |
2377 | ax->qbytes = qbytes; | 2378 | context->ipc.has_perm = 1; |
2378 | ax->uid = uid; | ||
2379 | ax->gid = gid; | ||
2380 | ax->mode = mode; | ||
2381 | |||
2382 | ax->d.type = AUDIT_IPC_SET_PERM; | ||
2383 | ax->d.next = context->aux; | ||
2384 | context->aux = (void *)ax; | ||
2385 | return 0; | ||
2386 | } | 2379 | } |
2387 | 2380 | ||
2388 | int audit_bprm(struct linux_binprm *bprm) | 2381 | int audit_bprm(struct linux_binprm *bprm) |