aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2008-01-07 13:40:17 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2008-02-01 14:06:23 -0500
commitc2a7780efe37d01bdb3facc85a94663e6d67d4a8 (patch)
treea7e30dcb7bfb386c84de9918dcfa92381675d59f /kernel
parentf701b75ed5ffb6820efe530d1a3abcc6fc4678ad (diff)
[AUDIT] collect uid, loginuid, and comm in OBJ_PID records
Add uid, loginuid, and comm collection to OBJ_PID records. This just gives users a little more information about the task that received a signal. pid is rather meaningless after the fact, and even though comm isn't great we can't collect exe reasonably on this code path for performance reasons. Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/auditsc.c32
1 files changed, 27 insertions, 5 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index ce8c957201ef..a222e73fec74 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -176,7 +176,10 @@ struct audit_aux_data_fd_pair {
176struct audit_aux_data_pids { 176struct audit_aux_data_pids {
177 struct audit_aux_data d; 177 struct audit_aux_data d;
178 pid_t target_pid[AUDIT_AUX_PIDS]; 178 pid_t target_pid[AUDIT_AUX_PIDS];
179 uid_t target_auid[AUDIT_AUX_PIDS];
180 uid_t target_uid[AUDIT_AUX_PIDS];
179 u32 target_sid[AUDIT_AUX_PIDS]; 181 u32 target_sid[AUDIT_AUX_PIDS];
182 char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN];
180 int pid_count; 183 int pid_count;
181}; 184};
182 185
@@ -214,7 +217,10 @@ struct audit_context {
214 int arch; 217 int arch;
215 218
216 pid_t target_pid; 219 pid_t target_pid;
220 uid_t target_auid;
221 uid_t target_uid;
217 u32 target_sid; 222 u32 target_sid;
223 char target_comm[TASK_COMM_LEN];
218 224
219 struct audit_tree_refs *trees, *first_trees; 225 struct audit_tree_refs *trees, *first_trees;
220 int tree_count; 226 int tree_count;
@@ -930,7 +936,7 @@ static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk
930} 936}
931 937
932static int audit_log_pid_context(struct audit_context *context, pid_t pid, 938static int audit_log_pid_context(struct audit_context *context, pid_t pid,
933 u32 sid) 939 uid_t auid, uid_t uid, u32 sid, char *comm)
934{ 940{
935 struct audit_buffer *ab; 941 struct audit_buffer *ab;
936 char *s = NULL; 942 char *s = NULL;
@@ -941,11 +947,14 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
941 if (!ab) 947 if (!ab)
942 return 1; 948 return 1;
943 949
950 audit_log_format(ab, "opid=%d oauid=%d ouid=%d", pid, auid, uid);
944 if (selinux_sid_to_string(sid, &s, &len)) { 951 if (selinux_sid_to_string(sid, &s, &len)) {
945 audit_log_format(ab, "opid=%d obj=(none)", pid); 952 audit_log_format(ab, " obj=(none)");
946 rc = 1; 953 rc = 1;
947 } else 954 } else
948 audit_log_format(ab, "opid=%d obj=%s", pid, s); 955 audit_log_format(ab, " obj=%s", s);
956 audit_log_format(ab, " ocomm=");
957 audit_log_untrustedstring(ab, comm);
949 audit_log_end(ab); 958 audit_log_end(ab);
950 kfree(s); 959 kfree(s);
951 960
@@ -1176,13 +1185,17 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
1176 1185
1177 for (i = 0; i < axs->pid_count; i++) 1186 for (i = 0; i < axs->pid_count; i++)
1178 if (audit_log_pid_context(context, axs->target_pid[i], 1187 if (audit_log_pid_context(context, axs->target_pid[i],
1179 axs->target_sid[i])) 1188 axs->target_auid[i],
1189 axs->target_uid[i],
1190 axs->target_sid[i],
1191 axs->target_comm[i]))
1180 call_panic = 1; 1192 call_panic = 1;
1181 } 1193 }
1182 1194
1183 if (context->target_pid && 1195 if (context->target_pid &&
1184 audit_log_pid_context(context, context->target_pid, 1196 audit_log_pid_context(context, context->target_pid,
1185 context->target_sid)) 1197 context->target_auid, context->target_uid,
1198 context->target_sid, context->target_comm))
1186 call_panic = 1; 1199 call_panic = 1;
1187 1200
1188 if (context->pwd && context->pwdmnt) { 1201 if (context->pwd && context->pwdmnt) {
@@ -2185,7 +2198,10 @@ void __audit_ptrace(struct task_struct *t)
2185 struct audit_context *context = current->audit_context; 2198 struct audit_context *context = current->audit_context;
2186 2199
2187 context->target_pid = t->pid; 2200 context->target_pid = t->pid;
2201 context->target_auid = audit_get_loginuid(t);
2202 context->target_uid = t->uid;
2188 selinux_get_task_sid(t, &context->target_sid); 2203 selinux_get_task_sid(t, &context->target_sid);
2204 memcpy(context->target_comm, t->comm, TASK_COMM_LEN);
2189} 2205}
2190 2206
2191/** 2207/**
@@ -2222,7 +2238,10 @@ int __audit_signal_info(int sig, struct task_struct *t)
2222 * in audit_context */ 2238 * in audit_context */
2223 if (!ctx->target_pid) { 2239 if (!ctx->target_pid) {
2224 ctx->target_pid = t->tgid; 2240 ctx->target_pid = t->tgid;
2241 ctx->target_auid = audit_get_loginuid(t);
2242 ctx->target_uid = t->uid;
2225 selinux_get_task_sid(t, &ctx->target_sid); 2243 selinux_get_task_sid(t, &ctx->target_sid);
2244 memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN);
2226 return 0; 2245 return 0;
2227 } 2246 }
2228 2247
@@ -2239,7 +2258,10 @@ int __audit_signal_info(int sig, struct task_struct *t)
2239 BUG_ON(axp->pid_count >= AUDIT_AUX_PIDS); 2258 BUG_ON(axp->pid_count >= AUDIT_AUX_PIDS);
2240 2259
2241 axp->target_pid[axp->pid_count] = t->tgid; 2260 axp->target_pid[axp->pid_count] = t->tgid;
2261 axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
2262 axp->target_uid[axp->pid_count] = t->uid;
2242 selinux_get_task_sid(t, &axp->target_sid[axp->pid_count]); 2263 selinux_get_task_sid(t, &axp->target_sid[axp->pid_count]);
2264 memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN);
2243 axp->pid_count++; 2265 axp->pid_count++;
2244 2266
2245 return 0; 2267 return 0;