diff options
| -rw-r--r-- | include/linux/audit.h | 9 | ||||
| -rw-r--r-- | kernel/auditsc.c | 16 | ||||
| -rw-r--r-- | mm/mmap.c | 2 | ||||
| -rw-r--r-- | mm/nommu.c | 2 |
4 files changed, 29 insertions, 0 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index e24afabc548f..8b5c0620abf9 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
| @@ -102,6 +102,7 @@ | |||
| 102 | #define AUDIT_EOE 1320 /* End of multi-record event */ | 102 | #define AUDIT_EOE 1320 /* End of multi-record event */ |
| 103 | #define AUDIT_BPRM_FCAPS 1321 /* Information about fcaps increasing perms */ | 103 | #define AUDIT_BPRM_FCAPS 1321 /* Information about fcaps increasing perms */ |
| 104 | #define AUDIT_CAPSET 1322 /* Record showing argument to sys_capset */ | 104 | #define AUDIT_CAPSET 1322 /* Record showing argument to sys_capset */ |
| 105 | #define AUDIT_MMAP 1323 /* Record showing descriptor and flags in mmap */ | ||
| 105 | 106 | ||
| 106 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ | 107 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ |
| 107 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ | 108 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ |
| @@ -478,6 +479,7 @@ extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm, | |||
| 478 | const struct cred *new, | 479 | const struct cred *new, |
| 479 | const struct cred *old); | 480 | const struct cred *old); |
| 480 | extern void __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old); | 481 | extern void __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old); |
| 482 | extern void __audit_mmap_fd(int fd, int flags); | ||
| 481 | 483 | ||
| 482 | static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) | 484 | static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) |
| 483 | { | 485 | { |
| @@ -531,6 +533,12 @@ static inline void audit_log_capset(pid_t pid, const struct cred *new, | |||
| 531 | __audit_log_capset(pid, new, old); | 533 | __audit_log_capset(pid, new, old); |
| 532 | } | 534 | } |
| 533 | 535 | ||
| 536 | static inline void audit_mmap_fd(int fd, int flags) | ||
| 537 | { | ||
| 538 | if (unlikely(!audit_dummy_context())) | ||
| 539 | __audit_mmap_fd(fd, flags); | ||
| 540 | } | ||
| 541 | |||
| 534 | extern int audit_n_rules; | 542 | extern int audit_n_rules; |
| 535 | extern int audit_signals; | 543 | extern int audit_signals; |
| 536 | #else | 544 | #else |
| @@ -564,6 +572,7 @@ extern int audit_signals; | |||
| 564 | #define audit_mq_getsetattr(d,s) ((void)0) | 572 | #define audit_mq_getsetattr(d,s) ((void)0) |
| 565 | #define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; }) | 573 | #define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; }) |
| 566 | #define audit_log_capset(pid, ncr, ocr) ((void)0) | 574 | #define audit_log_capset(pid, ncr, ocr) ((void)0) |
| 575 | #define audit_mmap_fd(fd, flags) ((void)0) | ||
| 567 | #define audit_ptrace(t) ((void)0) | 576 | #define audit_ptrace(t) ((void)0) |
| 568 | #define audit_n_rules 0 | 577 | #define audit_n_rules 0 |
| 569 | #define audit_signals 0 | 578 | #define audit_signals 0 |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 1b31c130d034..f49a0318c2ed 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -241,6 +241,10 @@ struct audit_context { | |||
| 241 | pid_t pid; | 241 | pid_t pid; |
| 242 | struct audit_cap_data cap; | 242 | struct audit_cap_data cap; |
| 243 | } capset; | 243 | } capset; |
| 244 | struct { | ||
| 245 | int fd; | ||
| 246 | int flags; | ||
| 247 | } mmap; | ||
| 244 | }; | 248 | }; |
| 245 | int fds[2]; | 249 | int fds[2]; |
| 246 | 250 | ||
| @@ -1305,6 +1309,10 @@ static void show_special(struct audit_context *context, int *call_panic) | |||
| 1305 | audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted); | 1309 | audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted); |
| 1306 | audit_log_cap(ab, "cap_pe", &context->capset.cap.effective); | 1310 | audit_log_cap(ab, "cap_pe", &context->capset.cap.effective); |
| 1307 | break; } | 1311 | break; } |
| 1312 | case AUDIT_MMAP: { | ||
| 1313 | audit_log_format(ab, "fd=%d flags=0x%x", context->mmap.fd, | ||
| 1314 | context->mmap.flags); | ||
| 1315 | break; } | ||
| 1308 | } | 1316 | } |
| 1309 | audit_log_end(ab); | 1317 | audit_log_end(ab); |
| 1310 | } | 1318 | } |
| @@ -2476,6 +2484,14 @@ void __audit_log_capset(pid_t pid, | |||
| 2476 | context->type = AUDIT_CAPSET; | 2484 | context->type = AUDIT_CAPSET; |
| 2477 | } | 2485 | } |
| 2478 | 2486 | ||
| 2487 | void __audit_mmap_fd(int fd, int flags) | ||
| 2488 | { | ||
| 2489 | struct audit_context *context = current->audit_context; | ||
| 2490 | context->mmap.fd = fd; | ||
| 2491 | context->mmap.flags = flags; | ||
| 2492 | context->type = AUDIT_MMAP; | ||
| 2493 | } | ||
| 2494 | |||
| 2479 | /** | 2495 | /** |
| 2480 | * audit_core_dumps - record information about processes that end abnormally | 2496 | * audit_core_dumps - record information about processes that end abnormally |
| 2481 | * @signr: signal value | 2497 | * @signr: signal value |
| @@ -28,6 +28,7 @@ | |||
| 28 | #include <linux/rmap.h> | 28 | #include <linux/rmap.h> |
| 29 | #include <linux/mmu_notifier.h> | 29 | #include <linux/mmu_notifier.h> |
| 30 | #include <linux/perf_event.h> | 30 | #include <linux/perf_event.h> |
| 31 | #include <linux/audit.h> | ||
| 31 | 32 | ||
| 32 | #include <asm/uaccess.h> | 33 | #include <asm/uaccess.h> |
| 33 | #include <asm/cacheflush.h> | 34 | #include <asm/cacheflush.h> |
| @@ -1108,6 +1109,7 @@ SYSCALL_DEFINE6(mmap_pgoff, unsigned long, addr, unsigned long, len, | |||
| 1108 | unsigned long retval = -EBADF; | 1109 | unsigned long retval = -EBADF; |
| 1109 | 1110 | ||
| 1110 | if (!(flags & MAP_ANONYMOUS)) { | 1111 | if (!(flags & MAP_ANONYMOUS)) { |
| 1112 | audit_mmap_fd(fd, flags); | ||
| 1111 | if (unlikely(flags & MAP_HUGETLB)) | 1113 | if (unlikely(flags & MAP_HUGETLB)) |
| 1112 | return -EINVAL; | 1114 | return -EINVAL; |
| 1113 | file = fget(fd); | 1115 | file = fget(fd); |
diff --git a/mm/nommu.c b/mm/nommu.c index 30b5c20eec15..3613517c7592 100644 --- a/mm/nommu.c +++ b/mm/nommu.c | |||
| @@ -29,6 +29,7 @@ | |||
| 29 | #include <linux/personality.h> | 29 | #include <linux/personality.h> |
| 30 | #include <linux/security.h> | 30 | #include <linux/security.h> |
| 31 | #include <linux/syscalls.h> | 31 | #include <linux/syscalls.h> |
| 32 | #include <linux/audit.h> | ||
| 32 | 33 | ||
| 33 | #include <asm/uaccess.h> | 34 | #include <asm/uaccess.h> |
| 34 | #include <asm/tlb.h> | 35 | #include <asm/tlb.h> |
| @@ -1458,6 +1459,7 @@ SYSCALL_DEFINE6(mmap_pgoff, unsigned long, addr, unsigned long, len, | |||
| 1458 | struct file *file = NULL; | 1459 | struct file *file = NULL; |
| 1459 | unsigned long retval = -EBADF; | 1460 | unsigned long retval = -EBADF; |
| 1460 | 1461 | ||
| 1462 | audit_mmap_fd(fd, flags); | ||
| 1461 | if (!(flags & MAP_ANONYMOUS)) { | 1463 | if (!(flags & MAP_ANONYMOUS)) { |
| 1462 | file = fget(fd); | 1464 | file = fget(fd); |
| 1463 | if (!file) | 1465 | if (!file) |