aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorSteve Grubb <sgrubb@redhat.com>2006-03-31 15:22:49 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2006-05-01 06:09:56 -0400
commit9c7aa6aa74fa8a5cda36e54cbbe4fffe0214497d (patch)
tree1e1489ed5080ea4aff6206bfa904f549de8e56ca /kernel
parent1b50eed9cac0e8e5e4d3a522d8aa267f7f8f8acb (diff)
[PATCH] change lspp ipc auditing
Hi, The patch below converts IPC auditing to collect sid's and convert to context string only if it needs to output an audit record. This patch depends on the inode audit change patch already being applied. Signed-off-by: Steve Grubb <sgrubb@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/auditsc.c68
1 files changed, 21 insertions, 47 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 2e123a8a0d60..b4f7223811fe 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -107,7 +107,7 @@ struct audit_aux_data_ipcctl {
107 uid_t uid; 107 uid_t uid;
108 gid_t gid; 108 gid_t gid;
109 mode_t mode; 109 mode_t mode;
110 char *ctx; 110 u32 osid;
111}; 111};
112 112
113struct audit_aux_data_socketcall { 113struct audit_aux_data_socketcall {
@@ -432,11 +432,6 @@ static inline void audit_free_aux(struct audit_context *context)
432 dput(axi->dentry); 432 dput(axi->dentry);
433 mntput(axi->mnt); 433 mntput(axi->mnt);
434 } 434 }
435 if ( aux->type == AUDIT_IPC ) {
436 struct audit_aux_data_ipcctl *axi = (void *)aux;
437 if (axi->ctx)
438 kfree(axi->ctx);
439 }
440 435
441 context->aux = aux->next; 436 context->aux = aux->next;
442 kfree(aux); 437 kfree(aux);
@@ -584,7 +579,7 @@ static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk
584 579
585static void audit_log_exit(struct audit_context *context, struct task_struct *tsk) 580static void audit_log_exit(struct audit_context *context, struct task_struct *tsk)
586{ 581{
587 int i; 582 int i, call_panic = 0;
588 struct audit_buffer *ab; 583 struct audit_buffer *ab;
589 struct audit_aux_data *aux; 584 struct audit_aux_data *aux;
590 const char *tty; 585 const char *tty;
@@ -635,8 +630,20 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
635 case AUDIT_IPC: { 630 case AUDIT_IPC: {
636 struct audit_aux_data_ipcctl *axi = (void *)aux; 631 struct audit_aux_data_ipcctl *axi = (void *)aux;
637 audit_log_format(ab, 632 audit_log_format(ab,
638 " qbytes=%lx iuid=%u igid=%u mode=%x obj=%s", 633 " qbytes=%lx iuid=%u igid=%u mode=%x",
639 axi->qbytes, axi->uid, axi->gid, axi->mode, axi->ctx); 634 axi->qbytes, axi->uid, axi->gid, axi->mode);
635 if (axi->osid != 0) {
636 char *ctx = NULL;
637 u32 len;
638 if (selinux_ctxid_to_string(
639 axi->osid, &ctx, &len)) {
640 audit_log_format(ab, " obj=%u",
641 axi->osid);
642 call_panic = 1;
643 } else
644 audit_log_format(ab, " obj=%s", ctx);
645 kfree(ctx);
646 }
640 break; } 647 break; }
641 648
642 case AUDIT_SOCKETCALL: { 649 case AUDIT_SOCKETCALL: {
@@ -671,7 +678,6 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
671 } 678 }
672 } 679 }
673 for (i = 0; i < context->name_count; i++) { 680 for (i = 0; i < context->name_count; i++) {
674 int call_panic = 0;
675 unsigned long ino = context->names[i].ino; 681 unsigned long ino = context->names[i].ino;
676 unsigned long pino = context->names[i].pino; 682 unsigned long pino = context->names[i].pino;
677 683
@@ -708,16 +714,16 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
708 context->names[i].osid, &ctx, &len)) { 714 context->names[i].osid, &ctx, &len)) {
709 audit_log_format(ab, " obj=%u", 715 audit_log_format(ab, " obj=%u",
710 context->names[i].osid); 716 context->names[i].osid);
711 call_panic = 1; 717 call_panic = 2;
712 } else 718 } else
713 audit_log_format(ab, " obj=%s", ctx); 719 audit_log_format(ab, " obj=%s", ctx);
714 kfree(ctx); 720 kfree(ctx);
715 } 721 }
716 722
717 audit_log_end(ab); 723 audit_log_end(ab);
718 if (call_panic)
719 audit_panic("error converting sid to string");
720 } 724 }
725 if (call_panic)
726 audit_panic("error converting sid to string");
721} 727}
722 728
723/** 729/**
@@ -951,7 +957,7 @@ void audit_putname(const char *name)
951#endif 957#endif
952} 958}
953 959
954void audit_inode_context(int idx, const struct inode *inode) 960static void audit_inode_context(int idx, const struct inode *inode)
955{ 961{
956 struct audit_context *context = current->audit_context; 962 struct audit_context *context = current->audit_context;
957 963
@@ -1141,38 +1147,6 @@ uid_t audit_get_loginuid(struct audit_context *ctx)
1141 return ctx ? ctx->loginuid : -1; 1147 return ctx ? ctx->loginuid : -1;
1142} 1148}
1143 1149
1144static char *audit_ipc_context(struct kern_ipc_perm *ipcp)
1145{
1146 struct audit_context *context = current->audit_context;
1147 char *ctx = NULL;
1148 int len = 0;
1149
1150 if (likely(!context))
1151 return NULL;
1152
1153 len = security_ipc_getsecurity(ipcp, NULL, 0);
1154 if (len == -EOPNOTSUPP)
1155 goto ret;
1156 if (len < 0)
1157 goto error_path;
1158
1159 ctx = kmalloc(len, GFP_ATOMIC);
1160 if (!ctx)
1161 goto error_path;
1162
1163 len = security_ipc_getsecurity(ipcp, ctx, len);
1164 if (len < 0)
1165 goto error_path;
1166
1167 return ctx;
1168
1169error_path:
1170 kfree(ctx);
1171 audit_panic("error in audit_ipc_context");
1172ret:
1173 return NULL;
1174}
1175
1176/** 1150/**
1177 * audit_ipc_perms - record audit data for ipc 1151 * audit_ipc_perms - record audit data for ipc
1178 * @qbytes: msgq bytes 1152 * @qbytes: msgq bytes
@@ -1198,7 +1172,7 @@ int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode, str
1198 ax->uid = uid; 1172 ax->uid = uid;
1199 ax->gid = gid; 1173 ax->gid = gid;
1200 ax->mode = mode; 1174 ax->mode = mode;
1201 ax->ctx = audit_ipc_context(ipcp); 1175 selinux_get_ipc_sid(ipcp, &ax->osid);
1202 1176
1203 ax->d.type = AUDIT_IPC; 1177 ax->d.type = AUDIT_IPC;
1204 ax->d.next = context->aux; 1178 ax->d.next = context->aux;