diff options
author | Eric Paris <eparis@redhat.com> | 2008-01-07 13:40:17 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2008-02-01 14:06:23 -0500 |
commit | c2a7780efe37d01bdb3facc85a94663e6d67d4a8 (patch) | |
tree | a7e30dcb7bfb386c84de9918dcfa92381675d59f /kernel | |
parent | f701b75ed5ffb6820efe530d1a3abcc6fc4678ad (diff) |
[AUDIT] collect uid, loginuid, and comm in OBJ_PID records
Add uid, loginuid, and comm collection to OBJ_PID records. This just
gives users a little more information about the task that received a
signal. pid is rather meaningless after the fact, and even though comm
isn't great we can't collect exe reasonably on this code path for
performance reasons.
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/auditsc.c | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index ce8c957201ef..a222e73fec74 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -176,7 +176,10 @@ struct audit_aux_data_fd_pair { | |||
176 | struct audit_aux_data_pids { | 176 | struct audit_aux_data_pids { |
177 | struct audit_aux_data d; | 177 | struct audit_aux_data d; |
178 | pid_t target_pid[AUDIT_AUX_PIDS]; | 178 | pid_t target_pid[AUDIT_AUX_PIDS]; |
179 | uid_t target_auid[AUDIT_AUX_PIDS]; | ||
180 | uid_t target_uid[AUDIT_AUX_PIDS]; | ||
179 | u32 target_sid[AUDIT_AUX_PIDS]; | 181 | u32 target_sid[AUDIT_AUX_PIDS]; |
182 | char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; | ||
180 | int pid_count; | 183 | int pid_count; |
181 | }; | 184 | }; |
182 | 185 | ||
@@ -214,7 +217,10 @@ struct audit_context { | |||
214 | int arch; | 217 | int arch; |
215 | 218 | ||
216 | pid_t target_pid; | 219 | pid_t target_pid; |
220 | uid_t target_auid; | ||
221 | uid_t target_uid; | ||
217 | u32 target_sid; | 222 | u32 target_sid; |
223 | char target_comm[TASK_COMM_LEN]; | ||
218 | 224 | ||
219 | struct audit_tree_refs *trees, *first_trees; | 225 | struct audit_tree_refs *trees, *first_trees; |
220 | int tree_count; | 226 | int tree_count; |
@@ -930,7 +936,7 @@ static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk | |||
930 | } | 936 | } |
931 | 937 | ||
932 | static int audit_log_pid_context(struct audit_context *context, pid_t pid, | 938 | static int audit_log_pid_context(struct audit_context *context, pid_t pid, |
933 | u32 sid) | 939 | uid_t auid, uid_t uid, u32 sid, char *comm) |
934 | { | 940 | { |
935 | struct audit_buffer *ab; | 941 | struct audit_buffer *ab; |
936 | char *s = NULL; | 942 | char *s = NULL; |
@@ -941,11 +947,14 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid, | |||
941 | if (!ab) | 947 | if (!ab) |
942 | return 1; | 948 | return 1; |
943 | 949 | ||
950 | audit_log_format(ab, "opid=%d oauid=%d ouid=%d", pid, auid, uid); | ||
944 | if (selinux_sid_to_string(sid, &s, &len)) { | 951 | if (selinux_sid_to_string(sid, &s, &len)) { |
945 | audit_log_format(ab, "opid=%d obj=(none)", pid); | 952 | audit_log_format(ab, " obj=(none)"); |
946 | rc = 1; | 953 | rc = 1; |
947 | } else | 954 | } else |
948 | audit_log_format(ab, "opid=%d obj=%s", pid, s); | 955 | audit_log_format(ab, " obj=%s", s); |
956 | audit_log_format(ab, " ocomm="); | ||
957 | audit_log_untrustedstring(ab, comm); | ||
949 | audit_log_end(ab); | 958 | audit_log_end(ab); |
950 | kfree(s); | 959 | kfree(s); |
951 | 960 | ||
@@ -1176,13 +1185,17 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
1176 | 1185 | ||
1177 | for (i = 0; i < axs->pid_count; i++) | 1186 | for (i = 0; i < axs->pid_count; i++) |
1178 | if (audit_log_pid_context(context, axs->target_pid[i], | 1187 | if (audit_log_pid_context(context, axs->target_pid[i], |
1179 | axs->target_sid[i])) | 1188 | axs->target_auid[i], |
1189 | axs->target_uid[i], | ||
1190 | axs->target_sid[i], | ||
1191 | axs->target_comm[i])) | ||
1180 | call_panic = 1; | 1192 | call_panic = 1; |
1181 | } | 1193 | } |
1182 | 1194 | ||
1183 | if (context->target_pid && | 1195 | if (context->target_pid && |
1184 | audit_log_pid_context(context, context->target_pid, | 1196 | audit_log_pid_context(context, context->target_pid, |
1185 | context->target_sid)) | 1197 | context->target_auid, context->target_uid, |
1198 | context->target_sid, context->target_comm)) | ||
1186 | call_panic = 1; | 1199 | call_panic = 1; |
1187 | 1200 | ||
1188 | if (context->pwd && context->pwdmnt) { | 1201 | if (context->pwd && context->pwdmnt) { |
@@ -2185,7 +2198,10 @@ void __audit_ptrace(struct task_struct *t) | |||
2185 | struct audit_context *context = current->audit_context; | 2198 | struct audit_context *context = current->audit_context; |
2186 | 2199 | ||
2187 | context->target_pid = t->pid; | 2200 | context->target_pid = t->pid; |
2201 | context->target_auid = audit_get_loginuid(t); | ||
2202 | context->target_uid = t->uid; | ||
2188 | selinux_get_task_sid(t, &context->target_sid); | 2203 | selinux_get_task_sid(t, &context->target_sid); |
2204 | memcpy(context->target_comm, t->comm, TASK_COMM_LEN); | ||
2189 | } | 2205 | } |
2190 | 2206 | ||
2191 | /** | 2207 | /** |
@@ -2222,7 +2238,10 @@ int __audit_signal_info(int sig, struct task_struct *t) | |||
2222 | * in audit_context */ | 2238 | * in audit_context */ |
2223 | if (!ctx->target_pid) { | 2239 | if (!ctx->target_pid) { |
2224 | ctx->target_pid = t->tgid; | 2240 | ctx->target_pid = t->tgid; |
2241 | ctx->target_auid = audit_get_loginuid(t); | ||
2242 | ctx->target_uid = t->uid; | ||
2225 | selinux_get_task_sid(t, &ctx->target_sid); | 2243 | selinux_get_task_sid(t, &ctx->target_sid); |
2244 | memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); | ||
2226 | return 0; | 2245 | return 0; |
2227 | } | 2246 | } |
2228 | 2247 | ||
@@ -2239,7 +2258,10 @@ int __audit_signal_info(int sig, struct task_struct *t) | |||
2239 | BUG_ON(axp->pid_count >= AUDIT_AUX_PIDS); | 2258 | BUG_ON(axp->pid_count >= AUDIT_AUX_PIDS); |
2240 | 2259 | ||
2241 | axp->target_pid[axp->pid_count] = t->tgid; | 2260 | axp->target_pid[axp->pid_count] = t->tgid; |
2261 | axp->target_auid[axp->pid_count] = audit_get_loginuid(t); | ||
2262 | axp->target_uid[axp->pid_count] = t->uid; | ||
2242 | selinux_get_task_sid(t, &axp->target_sid[axp->pid_count]); | 2263 | selinux_get_task_sid(t, &axp->target_sid[axp->pid_count]); |
2264 | memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); | ||
2243 | axp->pid_count++; | 2265 | axp->pid_count++; |
2244 | 2266 | ||
2245 | return 0; | 2267 | return 0; |