aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--kernel/audit.c134
-rw-r--r--kernel/auditsc.c150
2 files changed, 238 insertions, 46 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 0a813d2883e5..973ca5a9e0d6 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -72,7 +72,7 @@ static int audit_failure = AUDIT_FAIL_PRINTK;
72 * contains the (non-zero) pid. */ 72 * contains the (non-zero) pid. */
73int audit_pid; 73int audit_pid;
74 74
75/* If audit_limit is non-zero, limit the rate of sending audit records 75/* If audit_rate_limit is non-zero, limit the rate of sending audit records
76 * to that number per second. This prevents DoS attacks, but results in 76 * to that number per second. This prevents DoS attacks, but results in
77 * audit records being dropped. */ 77 * audit records being dropped. */
78static int audit_rate_limit; 78static int audit_rate_limit;
@@ -102,7 +102,7 @@ static struct sock *audit_sock;
102 * than AUDIT_MAXFREE are in use, the audit buffer is freed instead of 102 * than AUDIT_MAXFREE are in use, the audit buffer is freed instead of
103 * being placed on the freelist). */ 103 * being placed on the freelist). */
104static DEFINE_SPINLOCK(audit_freelist_lock); 104static DEFINE_SPINLOCK(audit_freelist_lock);
105static int audit_freelist_count = 0; 105static int audit_freelist_count;
106static LIST_HEAD(audit_freelist); 106static LIST_HEAD(audit_freelist);
107 107
108static struct sk_buff_head audit_skb_queue; 108static struct sk_buff_head audit_skb_queue;
@@ -186,8 +186,14 @@ static inline int audit_rate_check(void)
186 return retval; 186 return retval;
187} 187}
188 188
189/* Emit at least 1 message per second, even if audit_rate_check is 189/**
190 * throttling. */ 190 * audit_log_lost - conditionally log lost audit message event
191 * @message: the message stating reason for lost audit message
192 *
193 * Emit at least 1 message per second, even if audit_rate_check is
194 * throttling.
195 * Always increment the lost messages counter.
196*/
191void audit_log_lost(const char *message) 197void audit_log_lost(const char *message)
192{ 198{
193 static unsigned long last_msg = 0; 199 static unsigned long last_msg = 0;
@@ -218,7 +224,6 @@ void audit_log_lost(const char *message)
218 audit_backlog_limit); 224 audit_backlog_limit);
219 audit_panic(message); 225 audit_panic(message);
220 } 226 }
221
222} 227}
223 228
224static int audit_set_rate_limit(int limit, uid_t loginuid) 229static int audit_set_rate_limit(int limit, uid_t loginuid)
@@ -302,6 +307,19 @@ static int kauditd_thread(void *dummy)
302 } 307 }
303} 308}
304 309
310/**
311 * audit_send_reply - send an audit reply message via netlink
312 * @pid: process id to send reply to
313 * @seq: sequence number
314 * @type: audit message type
315 * @done: done (last) flag
316 * @multi: multi-part message flag
317 * @payload: payload data
318 * @size: payload size
319 *
320 * Allocates an skb, builds the netlink message, and sends it to the pid.
321 * No failure notifications.
322 */
305void audit_send_reply(int pid, int seq, int type, int done, int multi, 323void audit_send_reply(int pid, int seq, int type, int done, int multi,
306 void *payload, int size) 324 void *payload, int size)
307{ 325{
@@ -376,7 +394,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
376 if (err) 394 if (err)
377 return err; 395 return err;
378 396
379 /* As soon as there's any sign of userspace auditd, start kauditd to talk to it */ 397 /* As soon as there's any sign of userspace auditd,
398 * start kauditd to talk to it */
380 if (!kauditd_task) 399 if (!kauditd_task)
381 kauditd_task = kthread_run(kauditd_thread, NULL, "kauditd"); 400 kauditd_task = kthread_run(kauditd_thread, NULL, "kauditd");
382 if (IS_ERR(kauditd_task)) { 401 if (IS_ERR(kauditd_task)) {
@@ -469,9 +488,11 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
469 return err < 0 ? err : 0; 488 return err < 0 ? err : 0;
470} 489}
471 490
472/* Get message from skb (based on rtnetlink_rcv_skb). Each message is 491/*
492 * Get message from skb (based on rtnetlink_rcv_skb). Each message is
473 * processed by audit_receive_msg. Malformed skbs with wrong length are 493 * processed by audit_receive_msg. Malformed skbs with wrong length are
474 * discarded silently. */ 494 * discarded silently.
495 */
475static void audit_receive_skb(struct sk_buff *skb) 496static void audit_receive_skb(struct sk_buff *skb)
476{ 497{
477 int err; 498 int err;
@@ -600,7 +621,10 @@ err:
600 return NULL; 621 return NULL;
601} 622}
602 623
603/* Compute a serial number for the audit record. Audit records are 624/**
625 * audit_serial - compute a serial number for the audit record
626 *
627 * Compute a serial number for the audit record. Audit records are
604 * written to user-space as soon as they are generated, so a complete 628 * written to user-space as soon as they are generated, so a complete
605 * audit record may be written in several pieces. The timestamp of the 629 * audit record may be written in several pieces. The timestamp of the
606 * record and this serial number are used by the user-space tools to 630 * record and this serial number are used by the user-space tools to
@@ -612,8 +636,8 @@ err:
612 * audit context (for those records that have a context), and emit them 636 * audit context (for those records that have a context), and emit them
613 * all at syscall exit. However, this could delay the reporting of 637 * all at syscall exit. However, this could delay the reporting of
614 * significant errors until syscall exit (or never, if the system 638 * significant errors until syscall exit (or never, if the system
615 * halts). */ 639 * halts).
616 640 */
617unsigned int audit_serial(void) 641unsigned int audit_serial(void)
618{ 642{
619 static spinlock_t serial_lock = SPIN_LOCK_UNLOCKED; 643 static spinlock_t serial_lock = SPIN_LOCK_UNLOCKED;
@@ -649,6 +673,21 @@ static inline void audit_get_stamp(struct audit_context *ctx,
649 * will be written at syscall exit. If there is no associated task, tsk 673 * will be written at syscall exit. If there is no associated task, tsk
650 * should be NULL. */ 674 * should be NULL. */
651 675
676/**
677 * audit_log_start - obtain an audit buffer
678 * @ctx: audit_context (may be NULL)
679 * @gfp_mask: type of allocation
680 * @type: audit message type
681 *
682 * Returns audit_buffer pointer on success or NULL on error.
683 *
684 * Obtain an audit buffer. This routine does locking to obtain the
685 * audit buffer, but then no locking is required for calls to
686 * audit_log_*format. If the task (ctx) is a task that is currently in a
687 * syscall, then the syscall is marked as auditable and an audit record
688 * will be written at syscall exit. If there is no associated task, then
689 * task context (ctx) should be NULL.
690 */
652struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, 691struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
653 int type) 692 int type)
654{ 693{
@@ -713,6 +752,7 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask,
713/** 752/**
714 * audit_expand - expand skb in the audit buffer 753 * audit_expand - expand skb in the audit buffer
715 * @ab: audit_buffer 754 * @ab: audit_buffer
755 * @extra: space to add at tail of the skb
716 * 756 *
717 * Returns 0 (no space) on failed expansion, or available space if 757 * Returns 0 (no space) on failed expansion, or available space if
718 * successful. 758 * successful.
@@ -729,10 +769,12 @@ static inline int audit_expand(struct audit_buffer *ab, int extra)
729 return skb_tailroom(skb); 769 return skb_tailroom(skb);
730} 770}
731 771
732/* Format an audit message into the audit buffer. If there isn't enough 772/*
773 * Format an audit message into the audit buffer. If there isn't enough
733 * room in the audit buffer, more room will be allocated and vsnprint 774 * room in the audit buffer, more room will be allocated and vsnprint
734 * will be called a second time. Currently, we assume that a printk 775 * will be called a second time. Currently, we assume that a printk
735 * can't format message larger than 1024 bytes, so we don't either. */ 776 * can't format message larger than 1024 bytes, so we don't either.
777 */
736static void audit_log_vformat(struct audit_buffer *ab, const char *fmt, 778static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
737 va_list args) 779 va_list args)
738{ 780{
@@ -757,7 +799,8 @@ static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
757 /* The printk buffer is 1024 bytes long, so if we get 799 /* The printk buffer is 1024 bytes long, so if we get
758 * here and AUDIT_BUFSIZ is at least 1024, then we can 800 * here and AUDIT_BUFSIZ is at least 1024, then we can
759 * log everything that printk could have logged. */ 801 * log everything that printk could have logged. */
760 avail = audit_expand(ab, max_t(unsigned, AUDIT_BUFSIZ, 1+len-avail)); 802 avail = audit_expand(ab,
803 max_t(unsigned, AUDIT_BUFSIZ, 1+len-avail));
761 if (!avail) 804 if (!avail)
762 goto out; 805 goto out;
763 len = vsnprintf(skb->tail, avail, fmt, args2); 806 len = vsnprintf(skb->tail, avail, fmt, args2);
@@ -768,8 +811,14 @@ out:
768 return; 811 return;
769} 812}
770 813
771/* Format a message into the audit buffer. All the work is done in 814/**
772 * audit_log_vformat. */ 815 * audit_log_format - format a message into the audit buffer.
816 * @ab: audit_buffer
817 * @fmt: format string
818 * @...: optional parameters matching @fmt string
819 *
820 * All the work is done in audit_log_vformat.
821 */
773void audit_log_format(struct audit_buffer *ab, const char *fmt, ...) 822void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
774{ 823{
775 va_list args; 824 va_list args;
@@ -781,9 +830,18 @@ void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
781 va_end(args); 830 va_end(args);
782} 831}
783 832
784/* This function will take the passed buf and convert it into a string of 833/**
785 * ascii hex digits. The new string is placed onto the skb. */ 834 * audit_log_hex - convert a buffer to hex and append it to the audit skb
786void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf, 835 * @ab: the audit_buffer
836 * @buf: buffer to convert to hex
837 * @len: length of @buf to be converted
838 *
839 * No return value; failure to expand is silently ignored.
840 *
841 * This function will take the passed buf and convert it into a string of
842 * ascii hex digits. The new string is placed onto the skb.
843 */
844void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf,
787 size_t len) 845 size_t len)
788{ 846{
789 int i, avail, new_len; 847 int i, avail, new_len;
@@ -812,10 +870,16 @@ void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf,
812 skb_put(skb, len << 1); /* new string is twice the old string */ 870 skb_put(skb, len << 1); /* new string is twice the old string */
813} 871}
814 872
815/* This code will escape a string that is passed to it if the string 873/**
816 * contains a control character, unprintable character, double quote mark, 874 * audit_log_unstrustedstring - log a string that may contain random characters
875 * @ab: audit_buffer
876 * @string: string to be logged
877 *
878 * This code will escape a string that is passed to it if the string
879 * contains a control character, unprintable character, double quote mark,
817 * or a space. Unescaped strings will start and end with a double quote mark. 880 * or a space. Unescaped strings will start and end with a double quote mark.
818 * Strings that are escaped are printed in hex (2 digits per char). */ 881 * Strings that are escaped are printed in hex (2 digits per char).
882 */
819void audit_log_untrustedstring(struct audit_buffer *ab, const char *string) 883void audit_log_untrustedstring(struct audit_buffer *ab, const char *string)
820{ 884{
821 const unsigned char *p = string; 885 const unsigned char *p = string;
@@ -854,10 +918,15 @@ void audit_log_d_path(struct audit_buffer *ab, const char *prefix,
854 kfree(path); 918 kfree(path);
855} 919}
856 920
857/* The netlink_* functions cannot be called inside an irq context, so 921/**
858 * the audit buffer is places on a queue and a tasklet is scheduled to 922 * audit_log_end - end one audit record
923 * @ab: the audit_buffer
924 *
925 * The netlink_* functions cannot be called inside an irq context, so
926 * the audit buffer is placed on a queue and a tasklet is scheduled to
859 * remove them from the queue outside the irq context. May be called in 927 * remove them from the queue outside the irq context. May be called in
860 * any context. */ 928 * any context.
929 */
861void audit_log_end(struct audit_buffer *ab) 930void audit_log_end(struct audit_buffer *ab)
862{ 931{
863 if (!ab) 932 if (!ab)
@@ -878,9 +947,18 @@ void audit_log_end(struct audit_buffer *ab)
878 audit_buffer_free(ab); 947 audit_buffer_free(ab);
879} 948}
880 949
881/* Log an audit record. This is a convenience function that calls 950/**
882 * audit_log_start, audit_log_vformat, and audit_log_end. It may be 951 * audit_log - Log an audit record
883 * called in any context. */ 952 * @ctx: audit context
953 * @gfp_mask: type of allocation
954 * @type: audit message type
955 * @fmt: format string to use
956 * @...: variable parameters matching the format string
957 *
958 * This is a convenience function that calls audit_log_start,
959 * audit_log_vformat, and audit_log_end. It may be called
960 * in any context.
961 */
884void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type, 962void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
885 const char *fmt, ...) 963 const char *fmt, ...)
886{ 964{
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index cfaa4a277f08..51a4f58a4d81 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -330,6 +330,15 @@ static int audit_list_rules(void *_dest)
330 return 0; 330 return 0;
331} 331}
332 332
333/**
334 * audit_receive_filter - apply all rules to the specified message type
335 * @type: audit message type
336 * @pid: target pid for netlink audit messages
337 * @uid: target uid for netlink audit messages
338 * @seq: netlink audit message sequence (serial) number
339 * @data: payload data
340 * @loginuid: loginuid of sender
341 */
333int audit_receive_filter(int type, int pid, int uid, int seq, void *data, 342int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
334 uid_t loginuid) 343 uid_t loginuid)
335{ 344{
@@ -527,7 +536,7 @@ static enum audit_state audit_filter_task(struct task_struct *tsk)
527/* At syscall entry and exit time, this filter is called if the 536/* At syscall entry and exit time, this filter is called if the
528 * audit_state is not low enough that auditing cannot take place, but is 537 * audit_state is not low enough that auditing cannot take place, but is
529 * also not high enough that we already know we have to write an audit 538 * also not high enough that we already know we have to write an audit
530 * record (i.e., the state is AUDIT_SETUP_CONTEXT or AUDIT_BUILD_CONTEXT). 539 * record (i.e., the state is AUDIT_SETUP_CONTEXT or AUDIT_BUILD_CONTEXT).
531 */ 540 */
532static enum audit_state audit_filter_syscall(struct task_struct *tsk, 541static enum audit_state audit_filter_syscall(struct task_struct *tsk,
533 struct audit_context *ctx, 542 struct audit_context *ctx,
@@ -721,10 +730,15 @@ static inline struct audit_context *audit_alloc_context(enum audit_state state)
721 return context; 730 return context;
722} 731}
723 732
724/* Filter on the task information and allocate a per-task audit context 733/**
734 * audit_alloc - allocate an audit context block for a task
735 * @tsk: task
736 *
737 * Filter on the task information and allocate a per-task audit context
725 * if necessary. Doing so turns on system call auditing for the 738 * if necessary. Doing so turns on system call auditing for the
726 * specified task. This is called from copy_process, so no lock is 739 * specified task. This is called from copy_process, so no lock is
727 * needed. */ 740 * needed.
741 */
728int audit_alloc(struct task_struct *tsk) 742int audit_alloc(struct task_struct *tsk)
729{ 743{
730 struct audit_context *context; 744 struct audit_context *context;
@@ -911,8 +925,12 @@ static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)
911 } 925 }
912} 926}
913 927
914/* Free a per-task audit context. Called from copy_process and 928/**
915 * __put_task_struct. */ 929 * audit_free - free a per-task audit context
930 * @tsk: task whose audit context block to free
931 *
932 * Called from copy_process and __put_task_struct.
933 */
916void audit_free(struct task_struct *tsk) 934void audit_free(struct task_struct *tsk)
917{ 935{
918 struct audit_context *context; 936 struct audit_context *context;
@@ -934,13 +952,24 @@ void audit_free(struct task_struct *tsk)
934 audit_free_context(context); 952 audit_free_context(context);
935} 953}
936 954
937/* Fill in audit context at syscall entry. This only happens if the 955/**
956 * audit_syscall_entry - fill in an audit record at syscall entry
957 * @tsk: task being audited
958 * @arch: architecture type
959 * @major: major syscall type (function)
960 * @a1: additional syscall register 1
961 * @a2: additional syscall register 2
962 * @a3: additional syscall register 3
963 * @a4: additional syscall register 4
964 *
965 * Fill in audit context at syscall entry. This only happens if the
938 * audit context was created when the task was created and the state or 966 * audit context was created when the task was created and the state or
939 * filters demand the audit context be built. If the state from the 967 * filters demand the audit context be built. If the state from the
940 * per-task filter or from the per-syscall filter is AUDIT_RECORD_CONTEXT, 968 * per-task filter or from the per-syscall filter is AUDIT_RECORD_CONTEXT,
941 * then the record will be written at syscall exit time (otherwise, it 969 * then the record will be written at syscall exit time (otherwise, it
942 * will only be written if another part of the kernel requests that it 970 * will only be written if another part of the kernel requests that it
943 * be written). */ 971 * be written).
972 */
944void audit_syscall_entry(struct task_struct *tsk, int arch, int major, 973void audit_syscall_entry(struct task_struct *tsk, int arch, int major,
945 unsigned long a1, unsigned long a2, 974 unsigned long a1, unsigned long a2,
946 unsigned long a3, unsigned long a4) 975 unsigned long a3, unsigned long a4)
@@ -950,7 +979,8 @@ void audit_syscall_entry(struct task_struct *tsk, int arch, int major,
950 979
951 BUG_ON(!context); 980 BUG_ON(!context);
952 981
953 /* This happens only on certain architectures that make system 982 /*
983 * This happens only on certain architectures that make system
954 * calls in kernel_thread via the entry.S interface, instead of 984 * calls in kernel_thread via the entry.S interface, instead of
955 * with direct calls. (If you are porting to a new 985 * with direct calls. (If you are porting to a new
956 * architecture, hitting this condition can indicate that you 986 * architecture, hitting this condition can indicate that you
@@ -1009,11 +1039,18 @@ void audit_syscall_entry(struct task_struct *tsk, int arch, int major,
1009 context->auditable = !!(state == AUDIT_RECORD_CONTEXT); 1039 context->auditable = !!(state == AUDIT_RECORD_CONTEXT);
1010} 1040}
1011 1041
1012/* Tear down after system call. If the audit context has been marked as 1042/**
1043 * audit_syscall_exit - deallocate audit context after a system call
1044 * @tsk: task being audited
1045 * @valid: success/failure flag
1046 * @return_code: syscall return value
1047 *
1048 * Tear down after system call. If the audit context has been marked as
1013 * auditable (either because of the AUDIT_RECORD_CONTEXT state from 1049 * auditable (either because of the AUDIT_RECORD_CONTEXT state from
1014 * filtering, or because some other part of the kernel write an audit 1050 * filtering, or because some other part of the kernel write an audit
1015 * message), then write out the syscall information. In call cases, 1051 * message), then write out the syscall information. In call cases,
1016 * free the names stored from getname(). */ 1052 * free the names stored from getname().
1053 */
1017void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code) 1054void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code)
1018{ 1055{
1019 struct audit_context *context; 1056 struct audit_context *context;
@@ -1048,7 +1085,13 @@ void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code)
1048 put_task_struct(tsk); 1085 put_task_struct(tsk);
1049} 1086}
1050 1087
1051/* Add a name to the list. Called from fs/namei.c:getname(). */ 1088/**
1089 * audit_getname - add a name to the list
1090 * @name: name to add
1091 *
1092 * Add a name to the list of audit names for this context.
1093 * Called from fs/namei.c:getname().
1094 */
1052void audit_getname(const char *name) 1095void audit_getname(const char *name)
1053{ 1096{
1054 struct audit_context *context = current->audit_context; 1097 struct audit_context *context = current->audit_context;
@@ -1077,10 +1120,13 @@ void audit_getname(const char *name)
1077 1120
1078} 1121}
1079 1122
1080/* Intercept a putname request. Called from 1123/* audit_putname - intercept a putname request
1081 * include/linux/fs.h:putname(). If we have stored the name from 1124 * @name: name to intercept and delay for putname
1082 * getname in the audit context, then we delay the putname until syscall 1125 *
1083 * exit. */ 1126 * If we have stored the name from getname in the audit context,
1127 * then we delay the putname until syscall exit.
1128 * Called from include/linux/fs.h:putname().
1129 */
1084void audit_putname(const char *name) 1130void audit_putname(const char *name)
1085{ 1131{
1086 struct audit_context *context = current->audit_context; 1132 struct audit_context *context = current->audit_context;
@@ -1117,8 +1163,14 @@ void audit_putname(const char *name)
1117#endif 1163#endif
1118} 1164}
1119 1165
1120/* Store the inode and device from a lookup. Called from 1166/**
1121 * fs/namei.c:path_lookup(). */ 1167 * audit_inode - store the inode and device from a lookup
1168 * @name: name being audited
1169 * @inode: inode being audited
1170 * @flags: lookup flags (as used in path_lookup())
1171 *
1172 * Called from fs/namei.c:path_lookup().
1173 */
1122void audit_inode(const char *name, const struct inode *inode, unsigned flags) 1174void audit_inode(const char *name, const struct inode *inode, unsigned flags)
1123{ 1175{
1124 int idx; 1176 int idx;
@@ -1154,6 +1206,14 @@ void audit_inode(const char *name, const struct inode *inode, unsigned flags)
1154 context->names[idx].rdev = inode->i_rdev; 1206 context->names[idx].rdev = inode->i_rdev;
1155} 1207}
1156 1208
1209/**
1210 * auditsc_get_stamp - get local copies of audit_context values
1211 * @ctx: audit_context for the task
1212 * @t: timespec to store time recorded in the audit_context
1213 * @serial: serial value that is recorded in the audit_context
1214 *
1215 * Also sets the context as auditable.
1216 */
1157void auditsc_get_stamp(struct audit_context *ctx, 1217void auditsc_get_stamp(struct audit_context *ctx,
1158 struct timespec *t, unsigned int *serial) 1218 struct timespec *t, unsigned int *serial)
1159{ 1219{
@@ -1165,6 +1225,15 @@ void auditsc_get_stamp(struct audit_context *ctx,
1165 ctx->auditable = 1; 1225 ctx->auditable = 1;
1166} 1226}
1167 1227
1228/**
1229 * audit_set_loginuid - set a task's audit_context loginuid
1230 * @task: task whose audit context is being modified
1231 * @loginuid: loginuid value
1232 *
1233 * Returns 0.
1234 *
1235 * Called (set) from fs/proc/base.c::proc_loginuid_write().
1236 */
1168int audit_set_loginuid(struct task_struct *task, uid_t loginuid) 1237int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
1169{ 1238{
1170 if (task->audit_context) { 1239 if (task->audit_context) {
@@ -1183,11 +1252,26 @@ int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
1183 return 0; 1252 return 0;
1184} 1253}
1185 1254
1255/**
1256 * audit_get_loginuid - get the loginuid for an audit_context
1257 * @ctx: the audit_context
1258 *
1259 * Returns the context's loginuid or -1 if @ctx is NULL.
1260 */
1186uid_t audit_get_loginuid(struct audit_context *ctx) 1261uid_t audit_get_loginuid(struct audit_context *ctx)
1187{ 1262{
1188 return ctx ? ctx->loginuid : -1; 1263 return ctx ? ctx->loginuid : -1;
1189} 1264}
1190 1265
1266/**
1267 * audit_ipc_perms - record audit data for ipc
1268 * @qbytes: msgq bytes
1269 * @uid: msgq user id
1270 * @gid: msgq group id
1271 * @mode: msgq mode (permissions)
1272 *
1273 * Returns 0 for success or NULL context or < 0 on error.
1274 */
1191int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode) 1275int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode)
1192{ 1276{
1193 struct audit_aux_data_ipcctl *ax; 1277 struct audit_aux_data_ipcctl *ax;
@@ -1211,6 +1295,13 @@ int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode)
1211 return 0; 1295 return 0;
1212} 1296}
1213 1297
1298/**
1299 * audit_socketcall - record audit data for sys_socketcall
1300 * @nargs: number of args
1301 * @args: args array
1302 *
1303 * Returns 0 for success or NULL context or < 0 on error.
1304 */
1214int audit_socketcall(int nargs, unsigned long *args) 1305int audit_socketcall(int nargs, unsigned long *args)
1215{ 1306{
1216 struct audit_aux_data_socketcall *ax; 1307 struct audit_aux_data_socketcall *ax;
@@ -1232,6 +1323,13 @@ int audit_socketcall(int nargs, unsigned long *args)
1232 return 0; 1323 return 0;
1233} 1324}
1234 1325
1326/**
1327 * audit_sockaddr - record audit data for sys_bind, sys_connect, sys_sendto
1328 * @len: data length in user space
1329 * @a: data address in kernel space
1330 *
1331 * Returns 0 for success or NULL context or < 0 on error.
1332 */
1235int audit_sockaddr(int len, void *a) 1333int audit_sockaddr(int len, void *a)
1236{ 1334{
1237 struct audit_aux_data_sockaddr *ax; 1335 struct audit_aux_data_sockaddr *ax;
@@ -1253,6 +1351,15 @@ int audit_sockaddr(int len, void *a)
1253 return 0; 1351 return 0;
1254} 1352}
1255 1353
1354/**
1355 * audit_avc_path - record the granting or denial of permissions
1356 * @dentry: dentry to record
1357 * @mnt: mnt to record
1358 *
1359 * Returns 0 for success or NULL context or < 0 on error.
1360 *
1361 * Called from security/selinux/avc.c::avc_audit()
1362 */
1256int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt) 1363int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt)
1257{ 1364{
1258 struct audit_aux_data_path *ax; 1365 struct audit_aux_data_path *ax;
@@ -1274,6 +1381,14 @@ int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt)
1274 return 0; 1381 return 0;
1275} 1382}
1276 1383
1384/**
1385 * audit_signal_info - record signal info for shutting down audit subsystem
1386 * @sig: signal value
1387 * @t: task being signaled
1388 *
1389 * If the audit subsystem is being terminated, record the task (pid)
1390 * and uid that is doing that.
1391 */
1277void audit_signal_info(int sig, struct task_struct *t) 1392void audit_signal_info(int sig, struct task_struct *t)
1278{ 1393{
1279 extern pid_t audit_sig_pid; 1394 extern pid_t audit_sig_pid;
@@ -1290,4 +1405,3 @@ void audit_signal_info(int sig, struct task_struct *t)
1290 } 1405 }
1291 } 1406 }
1292} 1407}
1293