Merge git://git.infradead.org/users/eparis/audit

Pull audit updates from Eric Paris. * git://git.infradead.org/users/eparis/audit: (28 commits) AUDIT: make audit_is_compat depend on CONFIG_AUDIT_COMPAT_GENERIC audit: renumber AUDIT_FEATURE_CHANGE into the 1300 range audit: do not cast audit_rule_data pointers pointlesly AUDIT: Allow login in non-init namespaces audit: define audit_is_compat in kernel internal header kernel: Use RCU_INIT_POINTER(x, NULL) in audit.c sched: declare pid_alive as inline audit: use uapi/linux/audit.h for AUDIT_ARCH declarations syscall_get_arch: remove useless function arguments audit: remove stray newline from audit_log_execve_info() audit_panic() call audit: remove stray newlines from audit_log_lost messages audit: include subject in login records audit: remove superfluous new- prefix in AUDIT_LOGIN messages audit: allow user processes to log from another PID namespace audit: anchor all pid references in the initial pid namespace audit: convert PPIDs to the inital PID namespace. pid: get pid_t ppid of task in init_pid_ns audit: rename the misleading audit_get_context() to audit_take_context() audit: Add generic compat syscall support audit: Add CONFIG_HAVE_ARCH_AUDITSYSCALL ...
author: Linus Torvalds <torvalds@linux-foundation.org> 2014-04-12 15:38:53 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2014-04-12 15:38:53 -0400
commit: 0b747172dce6e0905ab173afbaffebb7a11d89bd (patch)
tree: cef4092aa49bd44d4759b58762bfa221dac45f57 /lib
parent: b7e70ca9c7d7f049bba8047d7ab49966fd5e9e9d (diff)
parent: 312103d64d0fcadb332899a2c84b357ddb18f4e3 (diff)
4 files changed, 74 insertions, 1 deletions
diff --git a/lib/Kconfig b/lib/Kconfig
index 5d4984c505f8..4771fb3f4da4 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -182,6 +182,15 @@ config AUDIT_GENERIC
        depends on AUDIT && !AUDIT_ARCH
        default y
+config AUDIT_ARCH_COMPAT_GENERIC
+        bool
+        default n
+config AUDIT_COMPAT_GENERIC
+        bool
+        depends on AUDIT_GENERIC && AUDIT_ARCH_COMPAT_GENERIC && COMPAT
+        default y
 config RANDOM32_SELFTEST
        bool "PRNG perform self test on init"
        default n
diff --git a/lib/Makefile b/lib/Makefile
index 48140e3ba73f..0cd7b68e1382 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -96,6 +96,7 @@ obj-$(CONFIG_TEXTSEARCH_BM) += ts_bm.o
 obj-$(CONFIG_TEXTSEARCH_FSM) += ts_fsm.o
 obj-$(CONFIG_SMP) += percpu_counter.o
 obj-$(CONFIG_AUDIT_GENERIC) += audit.o
+obj-$(CONFIG_AUDIT_COMPAT_GENERIC) += compat_audit.o
 obj-$(CONFIG_SWIOTLB) += swiotlb.o
 obj-$(CONFIG_IOMMU_HELPER) += iommu-helper.o
diff --git a/lib/audit.c b/lib/audit.c
index 76bbed4a20e5..1d726a22565b 100644
--- a/lib/audit.c
+++ b/lib/audit.c
@@ -30,11 +30,17 @@ static unsigned signal_class[] = {
 int audit_classify_arch(int arch)
 {
-        return 0;
+        if (audit_is_compat(arch))
+                return 1;
+        else
+                return 0;
 }
 int audit_classify_syscall(int abi, unsigned syscall)
 {
+        if (audit_is_compat(abi))
+                return audit_classify_compat_syscall(abi, syscall);
        switch(syscall) {
 #ifdef __NR_open
        case __NR_open:
@@ -57,6 +63,13 @@ int audit_classify_syscall(int abi, unsigned syscall)
 static int __init audit_classes_init(void)
 {
+#ifdef CONFIG_AUDIT_COMPAT_GENERIC
+        audit_register_class(AUDIT_CLASS_WRITE_32, compat_write_class);
+        audit_register_class(AUDIT_CLASS_READ_32, compat_read_class);
+        audit_register_class(AUDIT_CLASS_DIR_WRITE_32, compat_dir_class);
+        audit_register_class(AUDIT_CLASS_CHATTR_32, compat_chattr_class);
+        audit_register_class(AUDIT_CLASS_SIGNAL_32, compat_signal_class);
+#endif
        audit_register_class(AUDIT_CLASS_WRITE, write_class);
        audit_register_class(AUDIT_CLASS_READ, read_class);
        audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class);
diff --git a/lib/compat_audit.c b/lib/compat_audit.c
new file mode 100644
index 000000000000..873f75b640ab
--- /dev/null
+++ b/lib/compat_audit.c
@@ -0,0 +1,50 @@
+#include <linux/init.h>
+#include <linux/types.h>
+#include <asm/unistd32.h>
+unsigned compat_dir_class[] = {
+#include <asm-generic/audit_dir_write.h>
+~0U
+};
+unsigned compat_read_class[] = {
+#include <asm-generic/audit_read.h>
+~0U
+};
+unsigned compat_write_class[] = {
+#include <asm-generic/audit_write.h>
+~0U
+};
+unsigned compat_chattr_class[] = {
+#include <asm-generic/audit_change_attr.h>
+~0U
+};
+unsigned compat_signal_class[] = {
+#include <asm-generic/audit_signal.h>
+~0U
+};
+int audit_classify_compat_syscall(int abi, unsigned syscall)
+{
+        switch (syscall) {
+#ifdef __NR_open
+        case __NR_open:
+                return 2;
+#endif
+#ifdef __NR_openat
+        case __NR_openat:
+                return 3;
+#endif
+#ifdef __NR_socketcall
+        case __NR_socketcall:
+                return 4;
+#endif
+        case __NR_execve:
+                return 5;
+        default:
+                return 1;
+        }
+}
author	Linus Torvalds <torvalds@linux-foundation.org>	2014-04-12 15:38:53 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2014-04-12 15:38:53 -0400
commit	0b747172dce6e0905ab173afbaffebb7a11d89bd (patch)
tree	cef4092aa49bd44d4759b58762bfa221dac45f57 /lib
parent	b7e70ca9c7d7f049bba8047d7ab49966fd5e9e9d (diff)
parent	312103d64d0fcadb332899a2c84b357ddb18f4e3 (diff)

diff --git a/lib/Kconfig b/lib/Kconfig index 5d4984c505f8..4771fb3f4da4 100644 --- a/lib/Kconfig +++ b/lib/Kconfig
@@ -182,6 +182,15 @@ config AUDIT_GENERIC
182	depends on AUDIT && !AUDIT_ARCH	182	depends on AUDIT && !AUDIT_ARCH
183	default y	183	default y
184		184
		185	config AUDIT_ARCH_COMPAT_GENERIC
		186	bool
		187	default n
		188
		189	config AUDIT_COMPAT_GENERIC
		190	bool
		191	depends on AUDIT_GENERIC && AUDIT_ARCH_COMPAT_GENERIC && COMPAT
		192	default y
		193
185	config RANDOM32_SELFTEST	194	config RANDOM32_SELFTEST
186	bool "PRNG perform self test on init"	195	bool "PRNG perform self test on init"
187	default n	196	default n


diff --git a/lib/Makefile b/lib/Makefile index 48140e3ba73f..0cd7b68e1382 100644 --- a/lib/Makefile +++ b/lib/Makefile
@@ -96,6 +96,7 @@ obj-$(CONFIG_TEXTSEARCH_BM) += ts_bm.o
96	obj-$(CONFIG_TEXTSEARCH_FSM) += ts_fsm.o	96	obj-$(CONFIG_TEXTSEARCH_FSM) += ts_fsm.o
97	obj-$(CONFIG_SMP) += percpu_counter.o	97	obj-$(CONFIG_SMP) += percpu_counter.o
98	obj-$(CONFIG_AUDIT_GENERIC) += audit.o	98	obj-$(CONFIG_AUDIT_GENERIC) += audit.o
		99	obj-$(CONFIG_AUDIT_COMPAT_GENERIC) += compat_audit.o
99		100
100	obj-$(CONFIG_SWIOTLB) += swiotlb.o	101	obj-$(CONFIG_SWIOTLB) += swiotlb.o
101	obj-$(CONFIG_IOMMU_HELPER) += iommu-helper.o	102	obj-$(CONFIG_IOMMU_HELPER) += iommu-helper.o


diff --git a/lib/audit.c b/lib/audit.c index 76bbed4a20e5..1d726a22565b 100644 --- a/lib/audit.c +++ b/lib/audit.c
@@ -30,11 +30,17 @@ static unsigned signal_class[] = {
30		30
31	int audit_classify_arch(int arch)	31	int audit_classify_arch(int arch)
32	{	32	{
33	return 0;	33	if (audit_is_compat(arch))
		34	return 1;
		35	else
		36	return 0;
34	}	37	}
35		38
36	int audit_classify_syscall(int abi, unsigned syscall)	39	int audit_classify_syscall(int abi, unsigned syscall)
37	{	40	{
		41	if (audit_is_compat(abi))
		42	return audit_classify_compat_syscall(abi, syscall);
		43
38	switch(syscall) {	44	switch(syscall) {
39	#ifdef __NR_open	45	#ifdef __NR_open
40	case __NR_open:	46	case __NR_open:
@@ -57,6 +63,13 @@ int audit_classify_syscall(int abi, unsigned syscall)
57		63
58	static int __init audit_classes_init(void)	64	static int __init audit_classes_init(void)
59	{	65	{
		66	#ifdef CONFIG_AUDIT_COMPAT_GENERIC
		67	audit_register_class(AUDIT_CLASS_WRITE_32, compat_write_class);
		68	audit_register_class(AUDIT_CLASS_READ_32, compat_read_class);
		69	audit_register_class(AUDIT_CLASS_DIR_WRITE_32, compat_dir_class);
		70	audit_register_class(AUDIT_CLASS_CHATTR_32, compat_chattr_class);
		71	audit_register_class(AUDIT_CLASS_SIGNAL_32, compat_signal_class);
		72	#endif
60	audit_register_class(AUDIT_CLASS_WRITE, write_class);	73	audit_register_class(AUDIT_CLASS_WRITE, write_class);
61	audit_register_class(AUDIT_CLASS_READ, read_class);	74	audit_register_class(AUDIT_CLASS_READ, read_class);
62	audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class);	75	audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class);


diff --git a/lib/compat_audit.c b/lib/compat_audit.c new file mode 100644 index 000000000000..873f75b640ab --- /dev/null +++ b/lib/compat_audit.c
@@ -0,0 +1,50 @@
		1	#include <linux/init.h>
		2	#include <linux/types.h>
		3	#include <asm/unistd32.h>
		4
		5	unsigned compat_dir_class[] = {
		6	#include <asm-generic/audit_dir_write.h>
		7	~0U
		8	};
		9
		10	unsigned compat_read_class[] = {
		11	#include <asm-generic/audit_read.h>
		12	~0U
		13	};
		14
		15	unsigned compat_write_class[] = {
		16	#include <asm-generic/audit_write.h>
		17	~0U
		18	};
		19
		20	unsigned compat_chattr_class[] = {
		21	#include <asm-generic/audit_change_attr.h>
		22	~0U
		23	};
		24
		25	unsigned compat_signal_class[] = {
		26	#include <asm-generic/audit_signal.h>
		27	~0U
		28	};
		29
		30	int audit_classify_compat_syscall(int abi, unsigned syscall)
		31	{
		32	switch (syscall) {
		33	#ifdef __NR_open
		34	case __NR_open:
		35	return 2;
		36	#endif
		37	#ifdef __NR_openat
		38	case __NR_openat:
		39	return 3;
		40	#endif
		41	#ifdef __NR_socketcall
		42	case __NR_socketcall:
		43	return 4;
		44	#endif
		45	case __NR_execve:
		46	return 5;
		47	default:
		48	return 1;
		49	}
		50	}