diff options
-rw-r--r-- | arch/ppc/Kconfig | 17 | ||||
-rw-r--r-- | arch/ppc/kernel/entry.S | 16 | ||||
-rw-r--r-- | arch/ppc/kernel/ppc_ksyms.c | 2 | ||||
-rw-r--r-- | arch/ppc/kernel/ptrace.c | 40 | ||||
-rw-r--r-- | include/asm-ppc/seccomp.h | 10 | ||||
-rw-r--r-- | include/asm-ppc/thread_info.h | 7 | ||||
-rw-r--r-- | include/linux/audit.h | 94 | ||||
-rw-r--r-- | init/Kconfig | 3 | ||||
-rw-r--r-- | kernel/audit.c | 587 | ||||
-rw-r--r-- | kernel/auditsc.c | 259 | ||||
-rw-r--r-- | kernel/signal.c | 7 | ||||
-rw-r--r-- | net/socket.c | 9 | ||||
-rw-r--r-- | security/selinux/avc.c | 40 | ||||
-rw-r--r-- | security/selinux/hooks.c | 2 | ||||
-rw-r--r-- | security/selinux/nlmsgtab.c | 10 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 4 |
16 files changed, 674 insertions, 433 deletions
diff --git a/arch/ppc/Kconfig b/arch/ppc/Kconfig index 6e6377a69d5b..54ce6da22644 100644 --- a/arch/ppc/Kconfig +++ b/arch/ppc/Kconfig | |||
@@ -1083,6 +1083,23 @@ source "drivers/zorro/Kconfig" | |||
1083 | 1083 | ||
1084 | source kernel/power/Kconfig | 1084 | source kernel/power/Kconfig |
1085 | 1085 | ||
1086 | config SECCOMP | ||
1087 | bool "Enable seccomp to safely compute untrusted bytecode" | ||
1088 | depends on PROC_FS | ||
1089 | default y | ||
1090 | help | ||
1091 | This kernel feature is useful for number crunching applications | ||
1092 | that may need to compute untrusted bytecode during their | ||
1093 | execution. By using pipes or other transports made available to | ||
1094 | the process as file descriptors supporting the read/write | ||
1095 | syscalls, it's possible to isolate those applications in | ||
1096 | their own address space using seccomp. Once seccomp is | ||
1097 | enabled via /proc/<pid>/seccomp, it cannot be disabled | ||
1098 | and the task is only allowed to execute a few safe syscalls | ||
1099 | defined by each seccomp mode. | ||
1100 | |||
1101 | If unsure, say Y. Only embedded should say N here. | ||
1102 | |||
1086 | endmenu | 1103 | endmenu |
1087 | 1104 | ||
1088 | config ISA_DMA_API | 1105 | config ISA_DMA_API |
diff --git a/arch/ppc/kernel/entry.S b/arch/ppc/kernel/entry.S index 5f075dbc4ee7..661523707e8c 100644 --- a/arch/ppc/kernel/entry.S +++ b/arch/ppc/kernel/entry.S | |||
@@ -202,7 +202,7 @@ _GLOBAL(DoSyscall) | |||
202 | rlwinm r11,r11,0,~_TIFL_FORCE_NOERROR | 202 | rlwinm r11,r11,0,~_TIFL_FORCE_NOERROR |
203 | stw r11,TI_LOCAL_FLAGS(r10) | 203 | stw r11,TI_LOCAL_FLAGS(r10) |
204 | lwz r11,TI_FLAGS(r10) | 204 | lwz r11,TI_FLAGS(r10) |
205 | andi. r11,r11,_TIF_SYSCALL_TRACE | 205 | andi. r11,r11,_TIF_SYSCALL_T_OR_A |
206 | bne- syscall_dotrace | 206 | bne- syscall_dotrace |
207 | syscall_dotrace_cont: | 207 | syscall_dotrace_cont: |
208 | cmplwi 0,r0,NR_syscalls | 208 | cmplwi 0,r0,NR_syscalls |
@@ -237,7 +237,7 @@ ret_from_syscall: | |||
237 | SYNC | 237 | SYNC |
238 | MTMSRD(r10) | 238 | MTMSRD(r10) |
239 | lwz r9,TI_FLAGS(r12) | 239 | lwz r9,TI_FLAGS(r12) |
240 | andi. r0,r9,(_TIF_SYSCALL_TRACE|_TIF_SIGPENDING|_TIF_NEED_RESCHED) | 240 | andi. r0,r9,(_TIF_SYSCALL_T_OR_A|_TIF_SIGPENDING|_TIF_NEED_RESCHED) |
241 | bne- syscall_exit_work | 241 | bne- syscall_exit_work |
242 | syscall_exit_cont: | 242 | syscall_exit_cont: |
243 | #if defined(CONFIG_4xx) || defined(CONFIG_BOOKE) | 243 | #if defined(CONFIG_4xx) || defined(CONFIG_BOOKE) |
@@ -277,7 +277,8 @@ syscall_dotrace: | |||
277 | SAVE_NVGPRS(r1) | 277 | SAVE_NVGPRS(r1) |
278 | li r0,0xc00 | 278 | li r0,0xc00 |
279 | stw r0,TRAP(r1) | 279 | stw r0,TRAP(r1) |
280 | bl do_syscall_trace | 280 | addi r3,r1,STACK_FRAME_OVERHEAD |
281 | bl do_syscall_trace_enter | ||
281 | lwz r0,GPR0(r1) /* Restore original registers */ | 282 | lwz r0,GPR0(r1) /* Restore original registers */ |
282 | lwz r3,GPR3(r1) | 283 | lwz r3,GPR3(r1) |
283 | lwz r4,GPR4(r1) | 284 | lwz r4,GPR4(r1) |
@@ -291,7 +292,7 @@ syscall_dotrace: | |||
291 | syscall_exit_work: | 292 | syscall_exit_work: |
292 | stw r6,RESULT(r1) /* Save result */ | 293 | stw r6,RESULT(r1) /* Save result */ |
293 | stw r3,GPR3(r1) /* Update return value */ | 294 | stw r3,GPR3(r1) /* Update return value */ |
294 | andi. r0,r9,_TIF_SYSCALL_TRACE | 295 | andi. r0,r9,_TIF_SYSCALL_T_OR_A |
295 | beq 5f | 296 | beq 5f |
296 | ori r10,r10,MSR_EE | 297 | ori r10,r10,MSR_EE |
297 | SYNC | 298 | SYNC |
@@ -303,7 +304,8 @@ syscall_exit_work: | |||
303 | li r4,0xc00 | 304 | li r4,0xc00 |
304 | stw r4,TRAP(r1) | 305 | stw r4,TRAP(r1) |
305 | 4: | 306 | 4: |
306 | bl do_syscall_trace | 307 | addi r3,r1,STACK_FRAME_OVERHEAD |
308 | bl do_syscall_trace_leave | ||
307 | REST_NVGPRS(r1) | 309 | REST_NVGPRS(r1) |
308 | 2: | 310 | 2: |
309 | lwz r3,GPR3(r1) | 311 | lwz r3,GPR3(r1) |
@@ -627,8 +629,8 @@ sigreturn_exit: | |||
627 | subi r1,r3,STACK_FRAME_OVERHEAD | 629 | subi r1,r3,STACK_FRAME_OVERHEAD |
628 | rlwinm r12,r1,0,0,18 /* current_thread_info() */ | 630 | rlwinm r12,r1,0,0,18 /* current_thread_info() */ |
629 | lwz r9,TI_FLAGS(r12) | 631 | lwz r9,TI_FLAGS(r12) |
630 | andi. r0,r9,_TIF_SYSCALL_TRACE | 632 | andi. r0,r9,_TIF_SYSCALL_T_OR_A |
631 | bnel- do_syscall_trace | 633 | bnel- do_syscall_trace_leave |
632 | /* fall through */ | 634 | /* fall through */ |
633 | 635 | ||
634 | .globl ret_from_except_full | 636 | .globl ret_from_except_full |
diff --git a/arch/ppc/kernel/ppc_ksyms.c b/arch/ppc/kernel/ppc_ksyms.c index 2ccb58fe4fc3..d59ad07de8e7 100644 --- a/arch/ppc/kernel/ppc_ksyms.c +++ b/arch/ppc/kernel/ppc_ksyms.c | |||
@@ -55,7 +55,6 @@ | |||
55 | #define EXPORT_SYMTAB_STROPS | 55 | #define EXPORT_SYMTAB_STROPS |
56 | 56 | ||
57 | extern void transfer_to_handler(void); | 57 | extern void transfer_to_handler(void); |
58 | extern void do_syscall_trace(void); | ||
59 | extern void do_IRQ(struct pt_regs *regs); | 58 | extern void do_IRQ(struct pt_regs *regs); |
60 | extern void MachineCheckException(struct pt_regs *regs); | 59 | extern void MachineCheckException(struct pt_regs *regs); |
61 | extern void AlignmentException(struct pt_regs *regs); | 60 | extern void AlignmentException(struct pt_regs *regs); |
@@ -74,7 +73,6 @@ extern unsigned long mm_ptov (unsigned long paddr); | |||
74 | EXPORT_SYMBOL(clear_pages); | 73 | EXPORT_SYMBOL(clear_pages); |
75 | EXPORT_SYMBOL(clear_user_page); | 74 | EXPORT_SYMBOL(clear_user_page); |
76 | EXPORT_SYMBOL(do_signal); | 75 | EXPORT_SYMBOL(do_signal); |
77 | EXPORT_SYMBOL(do_syscall_trace); | ||
78 | EXPORT_SYMBOL(transfer_to_handler); | 76 | EXPORT_SYMBOL(transfer_to_handler); |
79 | EXPORT_SYMBOL(do_IRQ); | 77 | EXPORT_SYMBOL(do_IRQ); |
80 | EXPORT_SYMBOL(MachineCheckException); | 78 | EXPORT_SYMBOL(MachineCheckException); |
diff --git a/arch/ppc/kernel/ptrace.c b/arch/ppc/kernel/ptrace.c index 59d59a8dc249..e7aee4108dea 100644 --- a/arch/ppc/kernel/ptrace.c +++ b/arch/ppc/kernel/ptrace.c | |||
@@ -27,6 +27,9 @@ | |||
27 | #include <linux/user.h> | 27 | #include <linux/user.h> |
28 | #include <linux/security.h> | 28 | #include <linux/security.h> |
29 | #include <linux/signal.h> | 29 | #include <linux/signal.h> |
30 | #include <linux/seccomp.h> | ||
31 | #include <linux/audit.h> | ||
32 | #include <linux/module.h> | ||
30 | 33 | ||
31 | #include <asm/uaccess.h> | 34 | #include <asm/uaccess.h> |
32 | #include <asm/page.h> | 35 | #include <asm/page.h> |
@@ -455,11 +458,10 @@ out: | |||
455 | return ret; | 458 | return ret; |
456 | } | 459 | } |
457 | 460 | ||
458 | void do_syscall_trace(void) | 461 | static void do_syscall_trace(void) |
459 | { | 462 | { |
460 | if (!test_thread_flag(TIF_SYSCALL_TRACE) | 463 | /* the 0x80 provides a way for the tracing parent to distinguish |
461 | || !(current->ptrace & PT_PTRACED)) | 464 | between a syscall stop and SIGTRAP delivery */ |
462 | return; | ||
463 | ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) | 465 | ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) |
464 | ? 0x80 : 0)); | 466 | ? 0x80 : 0)); |
465 | 467 | ||
@@ -473,3 +475,33 @@ void do_syscall_trace(void) | |||
473 | current->exit_code = 0; | 475 | current->exit_code = 0; |
474 | } | 476 | } |
475 | } | 477 | } |
478 | |||
479 | void do_syscall_trace_enter(struct pt_regs *regs) | ||
480 | { | ||
481 | if (test_thread_flag(TIF_SYSCALL_TRACE) | ||
482 | && (current->ptrace & PT_PTRACED)) | ||
483 | do_syscall_trace(); | ||
484 | |||
485 | if (unlikely(current->audit_context)) | ||
486 | audit_syscall_entry(current, AUDIT_ARCH_PPC, | ||
487 | regs->gpr[0], | ||
488 | regs->gpr[3], regs->gpr[4], | ||
489 | regs->gpr[5], regs->gpr[6]); | ||
490 | } | ||
491 | |||
492 | void do_syscall_trace_leave(struct pt_regs *regs) | ||
493 | { | ||
494 | secure_computing(regs->gpr[0]); | ||
495 | |||
496 | if (unlikely(current->audit_context)) | ||
497 | audit_syscall_exit(current, | ||
498 | (regs->ccr&0x1000)?AUDITSC_FAILURE:AUDITSC_SUCCESS, | ||
499 | regs->result); | ||
500 | |||
501 | if ((test_thread_flag(TIF_SYSCALL_TRACE)) | ||
502 | && (current->ptrace & PT_PTRACED)) | ||
503 | do_syscall_trace(); | ||
504 | } | ||
505 | |||
506 | EXPORT_SYMBOL(do_syscall_trace_enter); | ||
507 | EXPORT_SYMBOL(do_syscall_trace_leave); | ||
diff --git a/include/asm-ppc/seccomp.h b/include/asm-ppc/seccomp.h new file mode 100644 index 000000000000..666c4da96d87 --- /dev/null +++ b/include/asm-ppc/seccomp.h | |||
@@ -0,0 +1,10 @@ | |||
1 | #ifndef _ASM_SECCOMP_H | ||
2 | |||
3 | #include <linux/unistd.h> | ||
4 | |||
5 | #define __NR_seccomp_read __NR_read | ||
6 | #define __NR_seccomp_write __NR_write | ||
7 | #define __NR_seccomp_exit __NR_exit | ||
8 | #define __NR_seccomp_sigreturn __NR_rt_sigreturn | ||
9 | |||
10 | #endif /* _ASM_SECCOMP_H */ | ||
diff --git a/include/asm-ppc/thread_info.h b/include/asm-ppc/thread_info.h index f7f01524e8a8..e3b5284a6f91 100644 --- a/include/asm-ppc/thread_info.h +++ b/include/asm-ppc/thread_info.h | |||
@@ -77,12 +77,19 @@ static inline struct thread_info *current_thread_info(void) | |||
77 | #define TIF_POLLING_NRFLAG 4 /* true if poll_idle() is polling | 77 | #define TIF_POLLING_NRFLAG 4 /* true if poll_idle() is polling |
78 | TIF_NEED_RESCHED */ | 78 | TIF_NEED_RESCHED */ |
79 | #define TIF_MEMDIE 5 | 79 | #define TIF_MEMDIE 5 |
80 | #define TIF_SYSCALL_AUDIT 6 /* syscall auditing active */ | ||
81 | #define TIF_SECCOMP 7 /* secure computing */ | ||
82 | |||
80 | /* as above, but as bit values */ | 83 | /* as above, but as bit values */ |
81 | #define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE) | 84 | #define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE) |
82 | #define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME) | 85 | #define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME) |
83 | #define _TIF_SIGPENDING (1<<TIF_SIGPENDING) | 86 | #define _TIF_SIGPENDING (1<<TIF_SIGPENDING) |
84 | #define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED) | 87 | #define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED) |
85 | #define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) | 88 | #define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) |
89 | #define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT) | ||
90 | #define _TIF_SECCOMP (1<<TIF_SECCOMP) | ||
91 | |||
92 | #define _TIF_SYSCALL_T_OR_A (_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT|_TIF_SECCOMP) | ||
86 | 93 | ||
87 | /* | 94 | /* |
88 | * Non racy (local) flags bit numbers | 95 | * Non racy (local) flags bit numbers |
diff --git a/include/linux/audit.h b/include/linux/audit.h index 19f04b049798..bf2ad3ba72eb 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -27,15 +27,52 @@ | |||
27 | #include <linux/sched.h> | 27 | #include <linux/sched.h> |
28 | #include <linux/elf.h> | 28 | #include <linux/elf.h> |
29 | 29 | ||
30 | /* Request and reply types */ | 30 | /* The netlink messages for the audit system is divided into blocks: |
31 | #define AUDIT_GET 1000 /* Get status */ | 31 | * 1000 - 1099 are for commanding the audit system |
32 | #define AUDIT_SET 1001 /* Set status (enable/disable/auditd) */ | 32 | * 1100 - 1199 user space trusted application messages |
33 | #define AUDIT_LIST 1002 /* List filtering rules */ | 33 | * 1200 - 1299 messages internal to the audit daemon |
34 | #define AUDIT_ADD 1003 /* Add filtering rule */ | 34 | * 1300 - 1399 audit event messages |
35 | #define AUDIT_DEL 1004 /* Delete filtering rule */ | 35 | * 1400 - 1499 SE Linux use |
36 | #define AUDIT_USER 1005 /* Send a message from user-space */ | 36 | * 1500 - 1999 future use |
37 | #define AUDIT_LOGIN 1006 /* Define the login id and informaiton */ | 37 | * 2000 is for otherwise unclassified kernel audit messages |
38 | #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ | 38 | * |
39 | * Messages from 1000-1199 are bi-directional. 1200-1299 are exclusively user | ||
40 | * space. Anything over that is kernel --> user space communication. | ||
41 | */ | ||
42 | #define AUDIT_GET 1000 /* Get status */ | ||
43 | #define AUDIT_SET 1001 /* Set status (enable/disable/auditd) */ | ||
44 | #define AUDIT_LIST 1002 /* List syscall filtering rules */ | ||
45 | #define AUDIT_ADD 1003 /* Add syscall filtering rule */ | ||
46 | #define AUDIT_DEL 1004 /* Delete syscall filtering rule */ | ||
47 | #define AUDIT_USER 1005 /* Message from userspace -- deprecated */ | ||
48 | #define AUDIT_LOGIN 1006 /* Define the login id and information */ | ||
49 | #define AUDIT_WATCH_INS 1007 /* Insert file/dir watch entry */ | ||
50 | #define AUDIT_WATCH_REM 1008 /* Remove file/dir watch entry */ | ||
51 | #define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */ | ||
52 | #define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */ | ||
53 | |||
54 | #define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages uninteresting to kernel */ | ||
55 | #define AUDIT_LAST_USER_MSG 1199 | ||
56 | |||
57 | #define AUDIT_DAEMON_START 1200 /* Daemon startup record */ | ||
58 | #define AUDIT_DAEMON_END 1201 /* Daemon normal stop record */ | ||
59 | #define AUDIT_DAEMON_ABORT 1202 /* Daemon error stop record */ | ||
60 | #define AUDIT_DAEMON_CONFIG 1203 /* Daemon config change */ | ||
61 | |||
62 | #define AUDIT_SYSCALL 1300 /* Syscall event */ | ||
63 | #define AUDIT_FS_WATCH 1301 /* Filesystem watch event */ | ||
64 | #define AUDIT_PATH 1302 /* Filename path information */ | ||
65 | #define AUDIT_IPC 1303 /* IPC record */ | ||
66 | #define AUDIT_SOCKETCALL 1304 /* sys_socketcall arguments */ | ||
67 | #define AUDIT_CONFIG_CHANGE 1305 /* Audit system configuration change */ | ||
68 | #define AUDIT_SOCKADDR 1306 /* sockaddr copied as syscall arg */ | ||
69 | #define AUDIT_CWD 1307 /* Current working directory */ | ||
70 | |||
71 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ | ||
72 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ | ||
73 | #define AUDIT_AVC_PATH 1402 /* dentry, vfsmount pair from avc */ | ||
74 | |||
75 | #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ | ||
39 | 76 | ||
40 | /* Rule flags */ | 77 | /* Rule flags */ |
41 | #define AUDIT_PER_TASK 0x01 /* Apply rule at task creation (not syscall) */ | 78 | #define AUDIT_PER_TASK 0x01 /* Apply rule at task creation (not syscall) */ |
@@ -132,16 +169,9 @@ | |||
132 | #define AUDIT_ARCH_V850 (EM_V850|__AUDIT_ARCH_LE) | 169 | #define AUDIT_ARCH_V850 (EM_V850|__AUDIT_ARCH_LE) |
133 | #define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) | 170 | #define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) |
134 | 171 | ||
135 | #ifndef __KERNEL__ | ||
136 | struct audit_message { | ||
137 | struct nlmsghdr nlh; | ||
138 | char data[1200]; | ||
139 | }; | ||
140 | #endif | ||
141 | |||
142 | struct audit_status { | 172 | struct audit_status { |
143 | __u32 mask; /* Bit mask for valid entries */ | 173 | __u32 mask; /* Bit mask for valid entries */ |
144 | __u32 enabled; /* 1 = enabled, 0 = disbaled */ | 174 | __u32 enabled; /* 1 = enabled, 0 = disabled */ |
145 | __u32 failure; /* Failure-to-log action */ | 175 | __u32 failure; /* Failure-to-log action */ |
146 | __u32 pid; /* pid of auditd process */ | 176 | __u32 pid; /* pid of auditd process */ |
147 | __u32 rate_limit; /* messages rate limit (per second) */ | 177 | __u32 rate_limit; /* messages rate limit (per second) */ |
@@ -161,6 +191,11 @@ struct audit_rule { /* for AUDIT_LIST, AUDIT_ADD, and AUDIT_DEL */ | |||
161 | 191 | ||
162 | #ifdef __KERNEL__ | 192 | #ifdef __KERNEL__ |
163 | 193 | ||
194 | struct audit_sig_info { | ||
195 | uid_t uid; | ||
196 | pid_t pid; | ||
197 | }; | ||
198 | |||
164 | struct audit_buffer; | 199 | struct audit_buffer; |
165 | struct audit_context; | 200 | struct audit_context; |
166 | struct inode; | 201 | struct inode; |
@@ -185,11 +220,16 @@ extern void audit_inode(const char *name, const struct inode *inode); | |||
185 | /* Private API (for audit.c only) */ | 220 | /* Private API (for audit.c only) */ |
186 | extern int audit_receive_filter(int type, int pid, int uid, int seq, | 221 | extern int audit_receive_filter(int type, int pid, int uid, int seq, |
187 | void *data, uid_t loginuid); | 222 | void *data, uid_t loginuid); |
188 | extern void audit_get_stamp(struct audit_context *ctx, | 223 | extern unsigned int audit_serial(void); |
189 | struct timespec *t, unsigned int *serial); | 224 | extern void auditsc_get_stamp(struct audit_context *ctx, |
225 | struct timespec *t, unsigned int *serial); | ||
190 | extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); | 226 | extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); |
191 | extern uid_t audit_get_loginuid(struct audit_context *ctx); | 227 | extern uid_t audit_get_loginuid(struct audit_context *ctx); |
192 | extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); | 228 | extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); |
229 | extern int audit_socketcall(int nargs, unsigned long *args); | ||
230 | extern int audit_sockaddr(int len, void *addr); | ||
231 | extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); | ||
232 | extern void audit_signal_info(int sig, struct task_struct *t); | ||
193 | #else | 233 | #else |
194 | #define audit_alloc(t) ({ 0; }) | 234 | #define audit_alloc(t) ({ 0; }) |
195 | #define audit_free(t) do { ; } while (0) | 235 | #define audit_free(t) do { ; } while (0) |
@@ -198,18 +238,24 @@ extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mo | |||
198 | #define audit_getname(n) do { ; } while (0) | 238 | #define audit_getname(n) do { ; } while (0) |
199 | #define audit_putname(n) do { ; } while (0) | 239 | #define audit_putname(n) do { ; } while (0) |
200 | #define audit_inode(n,i) do { ; } while (0) | 240 | #define audit_inode(n,i) do { ; } while (0) |
241 | #define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; }) | ||
242 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) | ||
201 | #define audit_get_loginuid(c) ({ -1; }) | 243 | #define audit_get_loginuid(c) ({ -1; }) |
202 | #define audit_ipc_perms(q,u,g,m) ({ 0; }) | 244 | #define audit_ipc_perms(q,u,g,m) ({ 0; }) |
245 | #define audit_socketcall(n,a) ({ 0; }) | ||
246 | #define audit_sockaddr(len, addr) ({ 0; }) | ||
247 | #define audit_avc_path(dentry, mnt) ({ 0; }) | ||
248 | #define audit_signal_info(s,t) do { ; } while (0) | ||
203 | #endif | 249 | #endif |
204 | 250 | ||
205 | #ifdef CONFIG_AUDIT | 251 | #ifdef CONFIG_AUDIT |
206 | /* These are defined in audit.c */ | 252 | /* These are defined in audit.c */ |
207 | /* Public API */ | 253 | /* Public API */ |
208 | extern void audit_log(struct audit_context *ctx, | 254 | extern void audit_log(struct audit_context *ctx, int type, |
209 | const char *fmt, ...) | 255 | const char *fmt, ...) |
210 | __attribute__((format(printf,2,3))); | 256 | __attribute__((format(printf,3,4))); |
211 | 257 | ||
212 | extern struct audit_buffer *audit_log_start(struct audit_context *ctx); | 258 | extern struct audit_buffer *audit_log_start(struct audit_context *ctx,int type); |
213 | extern void audit_log_format(struct audit_buffer *ab, | 259 | extern void audit_log_format(struct audit_buffer *ab, |
214 | const char *fmt, ...) | 260 | const char *fmt, ...) |
215 | __attribute__((format(printf,2,3))); | 261 | __attribute__((format(printf,2,3))); |
@@ -229,8 +275,8 @@ extern void audit_send_reply(int pid, int seq, int type, | |||
229 | void *payload, int size); | 275 | void *payload, int size); |
230 | extern void audit_log_lost(const char *message); | 276 | extern void audit_log_lost(const char *message); |
231 | #else | 277 | #else |
232 | #define audit_log(t,f,...) do { ; } while (0) | 278 | #define audit_log(c,t,f,...) do { ; } while (0) |
233 | #define audit_log_start(t) ({ NULL; }) | 279 | #define audit_log_start(c,t) ({ NULL; }) |
234 | #define audit_log_vformat(b,f,a) do { ; } while (0) | 280 | #define audit_log_vformat(b,f,a) do { ; } while (0) |
235 | #define audit_log_format(b,f,...) do { ; } while (0) | 281 | #define audit_log_format(b,f,...) do { ; } while (0) |
236 | #define audit_log_end(b) do { ; } while (0) | 282 | #define audit_log_end(b) do { ; } while (0) |
diff --git a/init/Kconfig b/init/Kconfig index a7660ccc693f..b1091d7542ce 100644 --- a/init/Kconfig +++ b/init/Kconfig | |||
@@ -164,6 +164,7 @@ config SYSCTL | |||
164 | 164 | ||
165 | config AUDIT | 165 | config AUDIT |
166 | bool "Auditing support" | 166 | bool "Auditing support" |
167 | depends on NET | ||
167 | default y if SECURITY_SELINUX | 168 | default y if SECURITY_SELINUX |
168 | help | 169 | help |
169 | Enable auditing infrastructure that can be used with another | 170 | Enable auditing infrastructure that can be used with another |
@@ -173,7 +174,7 @@ config AUDIT | |||
173 | 174 | ||
174 | config AUDITSYSCALL | 175 | config AUDITSYSCALL |
175 | bool "Enable system-call auditing support" | 176 | bool "Enable system-call auditing support" |
176 | depends on AUDIT && (X86 || PPC64 || ARCH_S390 || IA64 || UML) | 177 | depends on AUDIT && (X86 || PPC || PPC64 || ARCH_S390 || IA64 || UML) |
177 | default y if SECURITY_SELINUX | 178 | default y if SECURITY_SELINUX |
178 | help | 179 | help |
179 | Enable low-overhead system-call auditing infrastructure that | 180 | Enable low-overhead system-call auditing infrastructure that |
diff --git a/kernel/audit.c b/kernel/audit.c index 9c4f1af0c794..ef35166fdc29 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
@@ -46,6 +46,8 @@ | |||
46 | #include <asm/types.h> | 46 | #include <asm/types.h> |
47 | #include <linux/mm.h> | 47 | #include <linux/mm.h> |
48 | #include <linux/module.h> | 48 | #include <linux/module.h> |
49 | #include <linux/err.h> | ||
50 | #include <linux/kthread.h> | ||
49 | 51 | ||
50 | #include <linux/audit.h> | 52 | #include <linux/audit.h> |
51 | 53 | ||
@@ -68,7 +70,7 @@ static int audit_failure = AUDIT_FAIL_PRINTK; | |||
68 | 70 | ||
69 | /* If audit records are to be written to the netlink socket, audit_pid | 71 | /* If audit records are to be written to the netlink socket, audit_pid |
70 | * contains the (non-zero) pid. */ | 72 | * contains the (non-zero) pid. */ |
71 | static int audit_pid; | 73 | int audit_pid; |
72 | 74 | ||
73 | /* If audit_limit is non-zero, limit the rate of sending audit records | 75 | /* If audit_limit is non-zero, limit the rate of sending audit records |
74 | * to that number per second. This prevents DoS attacks, but results in | 76 | * to that number per second. This prevents DoS attacks, but results in |
@@ -77,7 +79,10 @@ static int audit_rate_limit; | |||
77 | 79 | ||
78 | /* Number of outstanding audit_buffers allowed. */ | 80 | /* Number of outstanding audit_buffers allowed. */ |
79 | static int audit_backlog_limit = 64; | 81 | static int audit_backlog_limit = 64; |
80 | static atomic_t audit_backlog = ATOMIC_INIT(0); | 82 | |
83 | /* The identity of the user shutting down the audit system. */ | ||
84 | uid_t audit_sig_uid = -1; | ||
85 | pid_t audit_sig_pid = -1; | ||
81 | 86 | ||
82 | /* Records can be lost in several ways: | 87 | /* Records can be lost in several ways: |
83 | 0) [suppressed in audit_alloc] | 88 | 0) [suppressed in audit_alloc] |
@@ -91,19 +96,17 @@ static atomic_t audit_lost = ATOMIC_INIT(0); | |||
91 | /* The netlink socket. */ | 96 | /* The netlink socket. */ |
92 | static struct sock *audit_sock; | 97 | static struct sock *audit_sock; |
93 | 98 | ||
94 | /* There are two lists of audit buffers. The txlist contains audit | 99 | /* The audit_freelist is a list of pre-allocated audit buffers (if more |
95 | * buffers that cannot be sent immediately to the netlink device because | ||
96 | * we are in an irq context (these are sent later in a tasklet). | ||
97 | * | ||
98 | * The second list is a list of pre-allocated audit buffers (if more | ||
99 | * than AUDIT_MAXFREE are in use, the audit buffer is freed instead of | 100 | * than AUDIT_MAXFREE are in use, the audit buffer is freed instead of |
100 | * being placed on the freelist). */ | 101 | * being placed on the freelist). */ |
101 | static DEFINE_SPINLOCK(audit_txlist_lock); | ||
102 | static DEFINE_SPINLOCK(audit_freelist_lock); | 102 | static DEFINE_SPINLOCK(audit_freelist_lock); |
103 | static int audit_freelist_count = 0; | 103 | static int audit_freelist_count = 0; |
104 | static LIST_HEAD(audit_txlist); | ||
105 | static LIST_HEAD(audit_freelist); | 104 | static LIST_HEAD(audit_freelist); |
106 | 105 | ||
106 | static struct sk_buff_head audit_skb_queue; | ||
107 | static struct task_struct *kauditd_task; | ||
108 | static DECLARE_WAIT_QUEUE_HEAD(kauditd_wait); | ||
109 | |||
107 | /* There are three lists of rules -- one to search at task creation | 110 | /* There are three lists of rules -- one to search at task creation |
108 | * time, one to search at syscall entry time, and another to search at | 111 | * time, one to search at syscall entry time, and another to search at |
109 | * syscall exit time. */ | 112 | * syscall exit time. */ |
@@ -112,7 +115,7 @@ static LIST_HEAD(audit_entlist); | |||
112 | static LIST_HEAD(audit_extlist); | 115 | static LIST_HEAD(audit_extlist); |
113 | 116 | ||
114 | /* The netlink socket is only to be read by 1 CPU, which lets us assume | 117 | /* The netlink socket is only to be read by 1 CPU, which lets us assume |
115 | * that list additions and deletions never happen simultaneiously in | 118 | * that list additions and deletions never happen simultaneously in |
116 | * auditsc.c */ | 119 | * auditsc.c */ |
117 | static DECLARE_MUTEX(audit_netlink_sem); | 120 | static DECLARE_MUTEX(audit_netlink_sem); |
118 | 121 | ||
@@ -132,21 +135,14 @@ static DECLARE_MUTEX(audit_netlink_sem); | |||
132 | * use simultaneously. */ | 135 | * use simultaneously. */ |
133 | struct audit_buffer { | 136 | struct audit_buffer { |
134 | struct list_head list; | 137 | struct list_head list; |
135 | struct sk_buff_head sklist; /* formatted skbs ready to send */ | 138 | struct sk_buff *skb; /* formatted skb ready to send */ |
136 | struct audit_context *ctx; /* NULL or associated context */ | 139 | struct audit_context *ctx; /* NULL or associated context */ |
137 | int len; /* used area of tmp */ | ||
138 | char tmp[AUDIT_BUFSIZ]; | ||
139 | |||
140 | /* Pointer to header and contents */ | ||
141 | struct nlmsghdr *nlh; | ||
142 | int total; | ||
143 | int type; | ||
144 | int pid; | ||
145 | }; | 140 | }; |
146 | 141 | ||
147 | void audit_set_type(struct audit_buffer *ab, int type) | 142 | static void audit_set_pid(struct audit_buffer *ab, pid_t pid) |
148 | { | 143 | { |
149 | ab->type = type; | 144 | struct nlmsghdr *nlh = (struct nlmsghdr *)ab->skb->data; |
145 | nlh->nlmsg_pid = pid; | ||
150 | } | 146 | } |
151 | 147 | ||
152 | struct audit_entry { | 148 | struct audit_entry { |
@@ -154,9 +150,6 @@ struct audit_entry { | |||
154 | struct audit_rule rule; | 150 | struct audit_rule rule; |
155 | }; | 151 | }; |
156 | 152 | ||
157 | static void audit_log_end_irq(struct audit_buffer *ab); | ||
158 | static void audit_log_end_fast(struct audit_buffer *ab); | ||
159 | |||
160 | static void audit_panic(const char *message) | 153 | static void audit_panic(const char *message) |
161 | { | 154 | { |
162 | switch (audit_failure) | 155 | switch (audit_failure) |
@@ -227,10 +220,8 @@ void audit_log_lost(const char *message) | |||
227 | 220 | ||
228 | if (print) { | 221 | if (print) { |
229 | printk(KERN_WARNING | 222 | printk(KERN_WARNING |
230 | "audit: audit_lost=%d audit_backlog=%d" | 223 | "audit: audit_lost=%d audit_rate_limit=%d audit_backlog_limit=%d\n", |
231 | " audit_rate_limit=%d audit_backlog_limit=%d\n", | ||
232 | atomic_read(&audit_lost), | 224 | atomic_read(&audit_lost), |
233 | atomic_read(&audit_backlog), | ||
234 | audit_rate_limit, | 225 | audit_rate_limit, |
235 | audit_backlog_limit); | 226 | audit_backlog_limit); |
236 | audit_panic(message); | 227 | audit_panic(message); |
@@ -242,7 +233,8 @@ static int audit_set_rate_limit(int limit, uid_t loginuid) | |||
242 | { | 233 | { |
243 | int old = audit_rate_limit; | 234 | int old = audit_rate_limit; |
244 | audit_rate_limit = limit; | 235 | audit_rate_limit = limit; |
245 | audit_log(NULL, "audit_rate_limit=%d old=%d by auid %u", | 236 | audit_log(NULL, AUDIT_CONFIG_CHANGE, |
237 | "audit_rate_limit=%d old=%d by auid=%u", | ||
246 | audit_rate_limit, old, loginuid); | 238 | audit_rate_limit, old, loginuid); |
247 | return old; | 239 | return old; |
248 | } | 240 | } |
@@ -251,7 +243,8 @@ static int audit_set_backlog_limit(int limit, uid_t loginuid) | |||
251 | { | 243 | { |
252 | int old = audit_backlog_limit; | 244 | int old = audit_backlog_limit; |
253 | audit_backlog_limit = limit; | 245 | audit_backlog_limit = limit; |
254 | audit_log(NULL, "audit_backlog_limit=%d old=%d by auid %u", | 246 | audit_log(NULL, AUDIT_CONFIG_CHANGE, |
247 | "audit_backlog_limit=%d old=%d by auid=%u", | ||
255 | audit_backlog_limit, old, loginuid); | 248 | audit_backlog_limit, old, loginuid); |
256 | return old; | 249 | return old; |
257 | } | 250 | } |
@@ -262,8 +255,9 @@ static int audit_set_enabled(int state, uid_t loginuid) | |||
262 | if (state != 0 && state != 1) | 255 | if (state != 0 && state != 1) |
263 | return -EINVAL; | 256 | return -EINVAL; |
264 | audit_enabled = state; | 257 | audit_enabled = state; |
265 | audit_log(NULL, "audit_enabled=%d old=%d by auid %u", | 258 | audit_log(NULL, AUDIT_CONFIG_CHANGE, |
266 | audit_enabled, old, loginuid); | 259 | "audit_enabled=%d old=%d by auid=%u", |
260 | audit_enabled, old, loginuid); | ||
267 | return old; | 261 | return old; |
268 | } | 262 | } |
269 | 263 | ||
@@ -275,12 +269,44 @@ static int audit_set_failure(int state, uid_t loginuid) | |||
275 | && state != AUDIT_FAIL_PANIC) | 269 | && state != AUDIT_FAIL_PANIC) |
276 | return -EINVAL; | 270 | return -EINVAL; |
277 | audit_failure = state; | 271 | audit_failure = state; |
278 | audit_log(NULL, "audit_failure=%d old=%d by auid %u", | 272 | audit_log(NULL, AUDIT_CONFIG_CHANGE, |
279 | audit_failure, old, loginuid); | 273 | "audit_failure=%d old=%d by auid=%u", |
274 | audit_failure, old, loginuid); | ||
280 | return old; | 275 | return old; |
281 | } | 276 | } |
282 | 277 | ||
283 | #ifdef CONFIG_NET | 278 | int kauditd_thread(void *dummy) |
279 | { | ||
280 | struct sk_buff *skb; | ||
281 | |||
282 | while (1) { | ||
283 | skb = skb_dequeue(&audit_skb_queue); | ||
284 | if (skb) { | ||
285 | if (audit_pid) { | ||
286 | int err = netlink_unicast(audit_sock, skb, audit_pid, 0); | ||
287 | if (err < 0) { | ||
288 | BUG_ON(err != -ECONNREFUSED); /* Shoudn't happen */ | ||
289 | printk(KERN_ERR "audit: *NO* daemon at audit_pid=%d\n", audit_pid); | ||
290 | audit_pid = 0; | ||
291 | } | ||
292 | } else { | ||
293 | printk(KERN_ERR "%s\n", skb->data + NLMSG_SPACE(0)); | ||
294 | kfree_skb(skb); | ||
295 | } | ||
296 | } else { | ||
297 | DECLARE_WAITQUEUE(wait, current); | ||
298 | set_current_state(TASK_INTERRUPTIBLE); | ||
299 | add_wait_queue(&kauditd_wait, &wait); | ||
300 | |||
301 | if (!skb_queue_len(&audit_skb_queue)) | ||
302 | schedule(); | ||
303 | |||
304 | __set_current_state(TASK_RUNNING); | ||
305 | remove_wait_queue(&kauditd_wait, &wait); | ||
306 | } | ||
307 | } | ||
308 | } | ||
309 | |||
284 | void audit_send_reply(int pid, int seq, int type, int done, int multi, | 310 | void audit_send_reply(int pid, int seq, int type, int done, int multi, |
285 | void *payload, int size) | 311 | void *payload, int size) |
286 | { | 312 | { |
@@ -293,13 +319,16 @@ void audit_send_reply(int pid, int seq, int type, int done, int multi, | |||
293 | 319 | ||
294 | skb = alloc_skb(len, GFP_KERNEL); | 320 | skb = alloc_skb(len, GFP_KERNEL); |
295 | if (!skb) | 321 | if (!skb) |
296 | goto nlmsg_failure; | 322 | return; |
297 | 323 | ||
298 | nlh = NLMSG_PUT(skb, pid, seq, t, len - sizeof(*nlh)); | 324 | nlh = NLMSG_PUT(skb, pid, seq, t, size); |
299 | nlh->nlmsg_flags = flags; | 325 | nlh->nlmsg_flags = flags; |
300 | data = NLMSG_DATA(nlh); | 326 | data = NLMSG_DATA(nlh); |
301 | memcpy(data, payload, size); | 327 | memcpy(data, payload, size); |
302 | netlink_unicast(audit_sock, skb, pid, MSG_DONTWAIT); | 328 | |
329 | /* Ignore failure. It'll only happen if the sender goes away, | ||
330 | because our timeout is set to infinite. */ | ||
331 | netlink_unicast(audit_sock, skb, pid, 0); | ||
303 | return; | 332 | return; |
304 | 333 | ||
305 | nlmsg_failure: /* Used by NLMSG_PUT */ | 334 | nlmsg_failure: /* Used by NLMSG_PUT */ |
@@ -321,10 +350,12 @@ static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type) | |||
321 | case AUDIT_SET: | 350 | case AUDIT_SET: |
322 | case AUDIT_ADD: | 351 | case AUDIT_ADD: |
323 | case AUDIT_DEL: | 352 | case AUDIT_DEL: |
353 | case AUDIT_SIGNAL_INFO: | ||
324 | if (!cap_raised(eff_cap, CAP_AUDIT_CONTROL)) | 354 | if (!cap_raised(eff_cap, CAP_AUDIT_CONTROL)) |
325 | err = -EPERM; | 355 | err = -EPERM; |
326 | break; | 356 | break; |
327 | case AUDIT_USER: | 357 | case AUDIT_USER: |
358 | case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: | ||
328 | if (!cap_raised(eff_cap, CAP_AUDIT_WRITE)) | 359 | if (!cap_raised(eff_cap, CAP_AUDIT_WRITE)) |
329 | err = -EPERM; | 360 | err = -EPERM; |
330 | break; | 361 | break; |
@@ -344,11 +375,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
344 | struct audit_buffer *ab; | 375 | struct audit_buffer *ab; |
345 | u16 msg_type = nlh->nlmsg_type; | 376 | u16 msg_type = nlh->nlmsg_type; |
346 | uid_t loginuid; /* loginuid of sender */ | 377 | uid_t loginuid; /* loginuid of sender */ |
378 | struct audit_sig_info sig_data; | ||
347 | 379 | ||
348 | err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type); | 380 | err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type); |
349 | if (err) | 381 | if (err) |
350 | return err; | 382 | return err; |
351 | 383 | ||
384 | /* As soon as there's any sign of userspace auditd, start kauditd to talk to it */ | ||
385 | if (!kauditd_task) | ||
386 | kauditd_task = kthread_run(kauditd_thread, NULL, "kauditd"); | ||
387 | if (IS_ERR(kauditd_task)) { | ||
388 | err = PTR_ERR(kauditd_task); | ||
389 | kauditd_task = NULL; | ||
390 | return err; | ||
391 | } | ||
392 | |||
352 | pid = NETLINK_CREDS(skb)->pid; | 393 | pid = NETLINK_CREDS(skb)->pid; |
353 | uid = NETLINK_CREDS(skb)->uid; | 394 | uid = NETLINK_CREDS(skb)->uid; |
354 | loginuid = NETLINK_CB(skb).loginuid; | 395 | loginuid = NETLINK_CB(skb).loginuid; |
@@ -363,7 +404,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
363 | status_set.rate_limit = audit_rate_limit; | 404 | status_set.rate_limit = audit_rate_limit; |
364 | status_set.backlog_limit = audit_backlog_limit; | 405 | status_set.backlog_limit = audit_backlog_limit; |
365 | status_set.lost = atomic_read(&audit_lost); | 406 | status_set.lost = atomic_read(&audit_lost); |
366 | status_set.backlog = atomic_read(&audit_backlog); | 407 | status_set.backlog = skb_queue_len(&audit_skb_queue); |
367 | audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_GET, 0, 0, | 408 | audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_GET, 0, 0, |
368 | &status_set, sizeof(status_set)); | 409 | &status_set, sizeof(status_set)); |
369 | break; | 410 | break; |
@@ -382,7 +423,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
382 | if (status_get->mask & AUDIT_STATUS_PID) { | 423 | if (status_get->mask & AUDIT_STATUS_PID) { |
383 | int old = audit_pid; | 424 | int old = audit_pid; |
384 | audit_pid = status_get->pid; | 425 | audit_pid = status_get->pid; |
385 | audit_log(NULL, "audit_pid=%d old=%d by auid %u", | 426 | audit_log(NULL, AUDIT_CONFIG_CHANGE, |
427 | "audit_pid=%d old=%d by auid=%u", | ||
386 | audit_pid, old, loginuid); | 428 | audit_pid, old, loginuid); |
387 | } | 429 | } |
388 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) | 430 | if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) |
@@ -392,18 +434,15 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
392 | loginuid); | 434 | loginuid); |
393 | break; | 435 | break; |
394 | case AUDIT_USER: | 436 | case AUDIT_USER: |
395 | ab = audit_log_start(NULL); | 437 | case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: |
438 | ab = audit_log_start(NULL, msg_type); | ||
396 | if (!ab) | 439 | if (!ab) |
397 | break; /* audit_panic has been called */ | 440 | break; /* audit_panic has been called */ |
398 | audit_log_format(ab, | 441 | audit_log_format(ab, |
399 | "user pid=%d uid=%d length=%d loginuid=%u" | 442 | "user pid=%d uid=%u auid=%u" |
400 | " msg='%.1024s'", | 443 | " msg='%.1024s'", |
401 | pid, uid, | 444 | pid, uid, loginuid, (char *)data); |
402 | (int)(nlh->nlmsg_len | 445 | audit_set_pid(ab, pid); |
403 | - ((char *)data - (char *)nlh)), | ||
404 | loginuid, (char *)data); | ||
405 | ab->type = AUDIT_USER; | ||
406 | ab->pid = pid; | ||
407 | audit_log_end(ab); | 446 | audit_log_end(ab); |
408 | break; | 447 | break; |
409 | case AUDIT_ADD: | 448 | case AUDIT_ADD: |
@@ -412,12 +451,14 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
412 | return -EINVAL; | 451 | return -EINVAL; |
413 | /* fallthrough */ | 452 | /* fallthrough */ |
414 | case AUDIT_LIST: | 453 | case AUDIT_LIST: |
415 | #ifdef CONFIG_AUDITSYSCALL | ||
416 | err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, | 454 | err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, |
417 | uid, seq, data, loginuid); | 455 | uid, seq, data, loginuid); |
418 | #else | 456 | break; |
419 | err = -EOPNOTSUPP; | 457 | case AUDIT_SIGNAL_INFO: |
420 | #endif | 458 | sig_data.uid = audit_sig_uid; |
459 | sig_data.pid = audit_sig_pid; | ||
460 | audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_SIGNAL_INFO, | ||
461 | 0, 0, &sig_data, sizeof(sig_data)); | ||
421 | break; | 462 | break; |
422 | default: | 463 | default: |
423 | err = -EINVAL; | 464 | err = -EINVAL; |
@@ -467,87 +508,6 @@ static void audit_receive(struct sock *sk, int length) | |||
467 | up(&audit_netlink_sem); | 508 | up(&audit_netlink_sem); |
468 | } | 509 | } |
469 | 510 | ||
470 | /* Move data from tmp buffer into an skb. This is an extra copy, and | ||
471 | * that is unfortunate. However, the copy will only occur when a record | ||
472 | * is being written to user space, which is already a high-overhead | ||
473 | * operation. (Elimination of the copy is possible, for example, by | ||
474 | * writing directly into a pre-allocated skb, at the cost of wasting | ||
475 | * memory. */ | ||
476 | static void audit_log_move(struct audit_buffer *ab) | ||
477 | { | ||
478 | struct sk_buff *skb; | ||
479 | char *start; | ||
480 | int extra = ab->nlh ? 0 : NLMSG_SPACE(0); | ||
481 | |||
482 | /* possible resubmission */ | ||
483 | if (ab->len == 0) | ||
484 | return; | ||
485 | |||
486 | skb = skb_peek_tail(&ab->sklist); | ||
487 | if (!skb || skb_tailroom(skb) <= ab->len + extra) { | ||
488 | skb = alloc_skb(2 * ab->len + extra, GFP_ATOMIC); | ||
489 | if (!skb) { | ||
490 | ab->len = 0; /* Lose information in ab->tmp */ | ||
491 | audit_log_lost("out of memory in audit_log_move"); | ||
492 | return; | ||
493 | } | ||
494 | __skb_queue_tail(&ab->sklist, skb); | ||
495 | if (!ab->nlh) | ||
496 | ab->nlh = (struct nlmsghdr *)skb_put(skb, | ||
497 | NLMSG_SPACE(0)); | ||
498 | } | ||
499 | start = skb_put(skb, ab->len); | ||
500 | memcpy(start, ab->tmp, ab->len); | ||
501 | ab->len = 0; | ||
502 | } | ||
503 | |||
504 | /* Iterate over the skbuff in the audit_buffer, sending their contents | ||
505 | * to user space. */ | ||
506 | static inline int audit_log_drain(struct audit_buffer *ab) | ||
507 | { | ||
508 | struct sk_buff *skb; | ||
509 | |||
510 | while ((skb = skb_dequeue(&ab->sklist))) { | ||
511 | int retval = 0; | ||
512 | |||
513 | if (audit_pid) { | ||
514 | if (ab->nlh) { | ||
515 | ab->nlh->nlmsg_len = ab->total; | ||
516 | ab->nlh->nlmsg_type = ab->type; | ||
517 | ab->nlh->nlmsg_flags = 0; | ||
518 | ab->nlh->nlmsg_seq = 0; | ||
519 | ab->nlh->nlmsg_pid = ab->pid; | ||
520 | } | ||
521 | skb_get(skb); /* because netlink_* frees */ | ||
522 | retval = netlink_unicast(audit_sock, skb, audit_pid, | ||
523 | MSG_DONTWAIT); | ||
524 | } | ||
525 | if (retval == -EAGAIN && | ||
526 | (atomic_read(&audit_backlog)) < audit_backlog_limit) { | ||
527 | skb_queue_head(&ab->sklist, skb); | ||
528 | audit_log_end_irq(ab); | ||
529 | return 1; | ||
530 | } | ||
531 | if (retval < 0) { | ||
532 | if (retval == -ECONNREFUSED) { | ||
533 | printk(KERN_ERR | ||
534 | "audit: *NO* daemon at audit_pid=%d\n", | ||
535 | audit_pid); | ||
536 | audit_pid = 0; | ||
537 | } else | ||
538 | audit_log_lost("netlink socket too busy"); | ||
539 | } | ||
540 | if (!audit_pid) { /* No daemon */ | ||
541 | int offset = ab->nlh ? NLMSG_SPACE(0) : 0; | ||
542 | int len = skb->len - offset; | ||
543 | skb->data[offset + len] = '\0'; | ||
544 | printk(KERN_ERR "%s\n", skb->data + offset); | ||
545 | } | ||
546 | kfree_skb(skb); | ||
547 | ab->nlh = NULL; | ||
548 | } | ||
549 | return 0; | ||
550 | } | ||
551 | 511 | ||
552 | /* Initialize audit support at boot time. */ | 512 | /* Initialize audit support at boot time. */ |
553 | static int __init audit_init(void) | 513 | static int __init audit_init(void) |
@@ -558,40 +518,13 @@ static int __init audit_init(void) | |||
558 | if (!audit_sock) | 518 | if (!audit_sock) |
559 | audit_panic("cannot initialize netlink socket"); | 519 | audit_panic("cannot initialize netlink socket"); |
560 | 520 | ||
521 | audit_sock->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT; | ||
522 | skb_queue_head_init(&audit_skb_queue); | ||
561 | audit_initialized = 1; | 523 | audit_initialized = 1; |
562 | audit_enabled = audit_default; | 524 | audit_enabled = audit_default; |
563 | audit_log(NULL, "initialized"); | 525 | audit_log(NULL, AUDIT_KERNEL, "initialized"); |
564 | return 0; | ||
565 | } | ||
566 | |||
567 | #else | ||
568 | /* Without CONFIG_NET, we have no skbuffs. For now, print what we have | ||
569 | * in the buffer. */ | ||
570 | static void audit_log_move(struct audit_buffer *ab) | ||
571 | { | ||
572 | printk(KERN_ERR "%*.*s\n", ab->len, ab->len, ab->tmp); | ||
573 | ab->len = 0; | ||
574 | } | ||
575 | |||
576 | static inline int audit_log_drain(struct audit_buffer *ab) | ||
577 | { | ||
578 | return 0; | ||
579 | } | ||
580 | |||
581 | /* Initialize audit support at boot time. */ | ||
582 | int __init audit_init(void) | ||
583 | { | ||
584 | printk(KERN_INFO "audit: initializing WITHOUT netlink support\n"); | ||
585 | audit_sock = NULL; | ||
586 | audit_pid = 0; | ||
587 | |||
588 | audit_initialized = 1; | ||
589 | audit_enabled = audit_default; | ||
590 | audit_log(NULL, "initialized"); | ||
591 | return 0; | 526 | return 0; |
592 | } | 527 | } |
593 | #endif | ||
594 | |||
595 | __initcall(audit_init); | 528 | __initcall(audit_init); |
596 | 529 | ||
597 | /* Process kernel command-line parameter at boot time. audit=0 or audit=1. */ | 530 | /* Process kernel command-line parameter at boot time. audit=0 or audit=1. */ |
@@ -608,6 +541,102 @@ static int __init audit_enable(char *str) | |||
608 | 541 | ||
609 | __setup("audit=", audit_enable); | 542 | __setup("audit=", audit_enable); |
610 | 543 | ||
544 | static void audit_buffer_free(struct audit_buffer *ab) | ||
545 | { | ||
546 | unsigned long flags; | ||
547 | |||
548 | if (!ab) | ||
549 | return; | ||
550 | |||
551 | if (ab->skb) | ||
552 | kfree_skb(ab->skb); | ||
553 | |||
554 | spin_lock_irqsave(&audit_freelist_lock, flags); | ||
555 | if (++audit_freelist_count > AUDIT_MAXFREE) | ||
556 | kfree(ab); | ||
557 | else | ||
558 | list_add(&ab->list, &audit_freelist); | ||
559 | spin_unlock_irqrestore(&audit_freelist_lock, flags); | ||
560 | } | ||
561 | |||
562 | static struct audit_buffer * audit_buffer_alloc(struct audit_context *ctx, | ||
563 | int gfp_mask, int type) | ||
564 | { | ||
565 | unsigned long flags; | ||
566 | struct audit_buffer *ab = NULL; | ||
567 | struct nlmsghdr *nlh; | ||
568 | |||
569 | spin_lock_irqsave(&audit_freelist_lock, flags); | ||
570 | if (!list_empty(&audit_freelist)) { | ||
571 | ab = list_entry(audit_freelist.next, | ||
572 | struct audit_buffer, list); | ||
573 | list_del(&ab->list); | ||
574 | --audit_freelist_count; | ||
575 | } | ||
576 | spin_unlock_irqrestore(&audit_freelist_lock, flags); | ||
577 | |||
578 | if (!ab) { | ||
579 | ab = kmalloc(sizeof(*ab), gfp_mask); | ||
580 | if (!ab) | ||
581 | goto err; | ||
582 | } | ||
583 | |||
584 | ab->skb = alloc_skb(AUDIT_BUFSIZ, gfp_mask); | ||
585 | if (!ab->skb) | ||
586 | goto err; | ||
587 | |||
588 | ab->ctx = ctx; | ||
589 | nlh = (struct nlmsghdr *)skb_put(ab->skb, NLMSG_SPACE(0)); | ||
590 | nlh->nlmsg_type = type; | ||
591 | nlh->nlmsg_flags = 0; | ||
592 | nlh->nlmsg_pid = 0; | ||
593 | nlh->nlmsg_seq = 0; | ||
594 | return ab; | ||
595 | err: | ||
596 | audit_buffer_free(ab); | ||
597 | return NULL; | ||
598 | } | ||
599 | |||
600 | /* Compute a serial number for the audit record. Audit records are | ||
601 | * written to user-space as soon as they are generated, so a complete | ||
602 | * audit record may be written in several pieces. The timestamp of the | ||
603 | * record and this serial number are used by the user-space tools to | ||
604 | * determine which pieces belong to the same audit record. The | ||
605 | * (timestamp,serial) tuple is unique for each syscall and is live from | ||
606 | * syscall entry to syscall exit. | ||
607 | * | ||
608 | * Atomic values are only guaranteed to be 24-bit, so we count down. | ||
609 | * | ||
610 | * NOTE: Another possibility is to store the formatted records off the | ||
611 | * audit context (for those records that have a context), and emit them | ||
612 | * all at syscall exit. However, this could delay the reporting of | ||
613 | * significant errors until syscall exit (or never, if the system | ||
614 | * halts). */ | ||
615 | unsigned int audit_serial(void) | ||
616 | { | ||
617 | static atomic_t serial = ATOMIC_INIT(0xffffff); | ||
618 | unsigned int a, b; | ||
619 | |||
620 | do { | ||
621 | a = atomic_read(&serial); | ||
622 | if (atomic_dec_and_test(&serial)) | ||
623 | atomic_set(&serial, 0xffffff); | ||
624 | b = atomic_read(&serial); | ||
625 | } while (b != a - 1); | ||
626 | |||
627 | return 0xffffff - b; | ||
628 | } | ||
629 | |||
630 | static inline void audit_get_stamp(struct audit_context *ctx, | ||
631 | struct timespec *t, unsigned int *serial) | ||
632 | { | ||
633 | if (ctx) | ||
634 | auditsc_get_stamp(ctx, t, serial); | ||
635 | else { | ||
636 | *t = CURRENT_TIME; | ||
637 | *serial = audit_serial(); | ||
638 | } | ||
639 | } | ||
611 | 640 | ||
612 | /* Obtain an audit buffer. This routine does locking to obtain the | 641 | /* Obtain an audit buffer. This routine does locking to obtain the |
613 | * audit buffer, but then no locking is required for calls to | 642 | * audit buffer, but then no locking is required for calls to |
@@ -615,10 +644,9 @@ __setup("audit=", audit_enable); | |||
615 | * syscall, then the syscall is marked as auditable and an audit record | 644 | * syscall, then the syscall is marked as auditable and an audit record |
616 | * will be written at syscall exit. If there is no associated task, tsk | 645 | * will be written at syscall exit. If there is no associated task, tsk |
617 | * should be NULL. */ | 646 | * should be NULL. */ |
618 | struct audit_buffer *audit_log_start(struct audit_context *ctx) | 647 | struct audit_buffer *audit_log_start(struct audit_context *ctx, int type) |
619 | { | 648 | { |
620 | struct audit_buffer *ab = NULL; | 649 | struct audit_buffer *ab = NULL; |
621 | unsigned long flags; | ||
622 | struct timespec t; | 650 | struct timespec t; |
623 | unsigned int serial; | 651 | unsigned int serial; |
624 | 652 | ||
@@ -626,57 +654,48 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx) | |||
626 | return NULL; | 654 | return NULL; |
627 | 655 | ||
628 | if (audit_backlog_limit | 656 | if (audit_backlog_limit |
629 | && atomic_read(&audit_backlog) > audit_backlog_limit) { | 657 | && skb_queue_len(&audit_skb_queue) > audit_backlog_limit) { |
630 | if (audit_rate_check()) | 658 | if (audit_rate_check()) |
631 | printk(KERN_WARNING | 659 | printk(KERN_WARNING |
632 | "audit: audit_backlog=%d > " | 660 | "audit: audit_backlog=%d > " |
633 | "audit_backlog_limit=%d\n", | 661 | "audit_backlog_limit=%d\n", |
634 | atomic_read(&audit_backlog), | 662 | skb_queue_len(&audit_skb_queue), |
635 | audit_backlog_limit); | 663 | audit_backlog_limit); |
636 | audit_log_lost("backlog limit exceeded"); | 664 | audit_log_lost("backlog limit exceeded"); |
637 | return NULL; | 665 | return NULL; |
638 | } | 666 | } |
639 | 667 | ||
640 | spin_lock_irqsave(&audit_freelist_lock, flags); | 668 | ab = audit_buffer_alloc(ctx, GFP_ATOMIC, type); |
641 | if (!list_empty(&audit_freelist)) { | ||
642 | ab = list_entry(audit_freelist.next, | ||
643 | struct audit_buffer, list); | ||
644 | list_del(&ab->list); | ||
645 | --audit_freelist_count; | ||
646 | } | ||
647 | spin_unlock_irqrestore(&audit_freelist_lock, flags); | ||
648 | |||
649 | if (!ab) | ||
650 | ab = kmalloc(sizeof(*ab), GFP_ATOMIC); | ||
651 | if (!ab) { | 669 | if (!ab) { |
652 | audit_log_lost("out of memory in audit_log_start"); | 670 | audit_log_lost("out of memory in audit_log_start"); |
653 | return NULL; | 671 | return NULL; |
654 | } | 672 | } |
655 | 673 | ||
656 | atomic_inc(&audit_backlog); | 674 | audit_get_stamp(ab->ctx, &t, &serial); |
657 | skb_queue_head_init(&ab->sklist); | ||
658 | |||
659 | ab->ctx = ctx; | ||
660 | ab->len = 0; | ||
661 | ab->nlh = NULL; | ||
662 | ab->total = 0; | ||
663 | ab->type = AUDIT_KERNEL; | ||
664 | ab->pid = 0; | ||
665 | 675 | ||
666 | #ifdef CONFIG_AUDITSYSCALL | ||
667 | if (ab->ctx) | ||
668 | audit_get_stamp(ab->ctx, &t, &serial); | ||
669 | else | ||
670 | #endif | ||
671 | { | ||
672 | t = CURRENT_TIME; | ||
673 | serial = 0; | ||
674 | } | ||
675 | audit_log_format(ab, "audit(%lu.%03lu:%u): ", | 676 | audit_log_format(ab, "audit(%lu.%03lu:%u): ", |
676 | t.tv_sec, t.tv_nsec/1000000, serial); | 677 | t.tv_sec, t.tv_nsec/1000000, serial); |
677 | return ab; | 678 | return ab; |
678 | } | 679 | } |
679 | 680 | ||
681 | /** | ||
682 | * audit_expand - expand skb in the audit buffer | ||
683 | * @ab: audit_buffer | ||
684 | * | ||
685 | * Returns 0 (no space) on failed expansion, or available space if | ||
686 | * successful. | ||
687 | */ | ||
688 | static inline int audit_expand(struct audit_buffer *ab, int extra) | ||
689 | { | ||
690 | struct sk_buff *skb = ab->skb; | ||
691 | int ret = pskb_expand_head(skb, skb_headroom(skb), extra, | ||
692 | GFP_ATOMIC); | ||
693 | if (ret < 0) { | ||
694 | audit_log_lost("out of memory in audit_expand"); | ||
695 | return 0; | ||
696 | } | ||
697 | return skb_tailroom(skb); | ||
698 | } | ||
680 | 699 | ||
681 | /* Format an audit message into the audit buffer. If there isn't enough | 700 | /* Format an audit message into the audit buffer. If there isn't enough |
682 | * room in the audit buffer, more room will be allocated and vsnprint | 701 | * room in the audit buffer, more room will be allocated and vsnprint |
@@ -686,26 +705,35 @@ static void audit_log_vformat(struct audit_buffer *ab, const char *fmt, | |||
686 | va_list args) | 705 | va_list args) |
687 | { | 706 | { |
688 | int len, avail; | 707 | int len, avail; |
708 | struct sk_buff *skb; | ||
709 | va_list args2; | ||
689 | 710 | ||
690 | if (!ab) | 711 | if (!ab) |
691 | return; | 712 | return; |
692 | 713 | ||
693 | avail = sizeof(ab->tmp) - ab->len; | 714 | BUG_ON(!ab->skb); |
694 | if (avail <= 0) { | 715 | skb = ab->skb; |
695 | audit_log_move(ab); | 716 | avail = skb_tailroom(skb); |
696 | avail = sizeof(ab->tmp) - ab->len; | 717 | if (avail == 0) { |
718 | avail = audit_expand(ab, AUDIT_BUFSIZ); | ||
719 | if (!avail) | ||
720 | goto out; | ||
697 | } | 721 | } |
698 | len = vsnprintf(ab->tmp + ab->len, avail, fmt, args); | 722 | va_copy(args2, args); |
723 | len = vsnprintf(skb->tail, avail, fmt, args); | ||
699 | if (len >= avail) { | 724 | if (len >= avail) { |
700 | /* The printk buffer is 1024 bytes long, so if we get | 725 | /* The printk buffer is 1024 bytes long, so if we get |
701 | * here and AUDIT_BUFSIZ is at least 1024, then we can | 726 | * here and AUDIT_BUFSIZ is at least 1024, then we can |
702 | * log everything that printk could have logged. */ | 727 | * log everything that printk could have logged. */ |
703 | audit_log_move(ab); | 728 | avail = audit_expand(ab, max_t(unsigned, AUDIT_BUFSIZ, 1+len-avail)); |
704 | avail = sizeof(ab->tmp) - ab->len; | 729 | if (!avail) |
705 | len = vsnprintf(ab->tmp + ab->len, avail, fmt, args); | 730 | goto out; |
731 | len = vsnprintf(skb->tail, avail, fmt, args2); | ||
706 | } | 732 | } |
707 | ab->len += (len < avail) ? len : avail; | 733 | if (len > 0) |
708 | ab->total += (len < avail) ? len : avail; | 734 | skb_put(skb, len); |
735 | out: | ||
736 | return; | ||
709 | } | 737 | } |
710 | 738 | ||
711 | /* Format a message into the audit buffer. All the work is done in | 739 | /* Format a message into the audit buffer. All the work is done in |
@@ -721,20 +749,47 @@ void audit_log_format(struct audit_buffer *ab, const char *fmt, ...) | |||
721 | va_end(args); | 749 | va_end(args); |
722 | } | 750 | } |
723 | 751 | ||
724 | void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len) | 752 | /* This function will take the passed buf and convert it into a string of |
753 | * ascii hex digits. The new string is placed onto the skb. */ | ||
754 | void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf, | ||
755 | size_t len) | ||
725 | { | 756 | { |
726 | int i; | 757 | int i, avail, new_len; |
758 | unsigned char *ptr; | ||
759 | struct sk_buff *skb; | ||
760 | static const unsigned char *hex = "0123456789ABCDEF"; | ||
761 | |||
762 | BUG_ON(!ab->skb); | ||
763 | skb = ab->skb; | ||
764 | avail = skb_tailroom(skb); | ||
765 | new_len = len<<1; | ||
766 | if (new_len >= avail) { | ||
767 | /* Round the buffer request up to the next multiple */ | ||
768 | new_len = AUDIT_BUFSIZ*(((new_len-avail)/AUDIT_BUFSIZ) + 1); | ||
769 | avail = audit_expand(ab, new_len); | ||
770 | if (!avail) | ||
771 | return; | ||
772 | } | ||
727 | 773 | ||
728 | for (i=0; i<len; i++) | 774 | ptr = skb->tail; |
729 | audit_log_format(ab, "%02x", buf[i]); | 775 | for (i=0; i<len; i++) { |
776 | *ptr++ = hex[(buf[i] & 0xF0)>>4]; /* Upper nibble */ | ||
777 | *ptr++ = hex[buf[i] & 0x0F]; /* Lower nibble */ | ||
778 | } | ||
779 | *ptr = 0; | ||
780 | skb_put(skb, len << 1); /* new string is twice the old string */ | ||
730 | } | 781 | } |
731 | 782 | ||
783 | /* This code will escape a string that is passed to it if the string | ||
784 | * contains a control character, unprintable character, double quote mark, | ||
785 | * or a space. Unescaped strings will start and end with a double quote mark. | ||
786 | * Strings that are escaped are printed in hex (2 digits per char). */ | ||
732 | void audit_log_untrustedstring(struct audit_buffer *ab, const char *string) | 787 | void audit_log_untrustedstring(struct audit_buffer *ab, const char *string) |
733 | { | 788 | { |
734 | const unsigned char *p = string; | 789 | const unsigned char *p = string; |
735 | 790 | ||
736 | while (*p) { | 791 | while (*p) { |
737 | if (*p == '"' || *p == ' ' || *p < 0x20 || *p > 0x7f) { | 792 | if (*p == '"' || *p < 0x21 || *p > 0x7f) { |
738 | audit_log_hex(ab, string, strlen(string)); | 793 | audit_log_hex(ab, string, strlen(string)); |
739 | return; | 794 | return; |
740 | } | 795 | } |
@@ -743,117 +798,63 @@ void audit_log_untrustedstring(struct audit_buffer *ab, const char *string) | |||
743 | audit_log_format(ab, "\"%s\"", string); | 798 | audit_log_format(ab, "\"%s\"", string); |
744 | } | 799 | } |
745 | 800 | ||
746 | 801 | /* This is a helper-function to print the escaped d_path */ | |
747 | /* This is a helper-function to print the d_path without using a static | ||
748 | * buffer or allocating another buffer in addition to the one in | ||
749 | * audit_buffer. */ | ||
750 | void audit_log_d_path(struct audit_buffer *ab, const char *prefix, | 802 | void audit_log_d_path(struct audit_buffer *ab, const char *prefix, |
751 | struct dentry *dentry, struct vfsmount *vfsmnt) | 803 | struct dentry *dentry, struct vfsmount *vfsmnt) |
752 | { | 804 | { |
753 | char *p; | 805 | char *p, *path; |
754 | int len, avail; | ||
755 | 806 | ||
756 | if (prefix) audit_log_format(ab, " %s", prefix); | 807 | if (prefix) |
757 | 808 | audit_log_format(ab, " %s", prefix); | |
758 | if (ab->len > 128) | ||
759 | audit_log_move(ab); | ||
760 | avail = sizeof(ab->tmp) - ab->len; | ||
761 | p = d_path(dentry, vfsmnt, ab->tmp + ab->len, avail); | ||
762 | if (IS_ERR(p)) { | ||
763 | /* FIXME: can we save some information here? */ | ||
764 | audit_log_format(ab, "<toolong>"); | ||
765 | } else { | ||
766 | /* path isn't at start of buffer */ | ||
767 | len = (ab->tmp + sizeof(ab->tmp) - 1) - p; | ||
768 | memmove(ab->tmp + ab->len, p, len); | ||
769 | ab->len += len; | ||
770 | ab->total += len; | ||
771 | } | ||
772 | } | ||
773 | |||
774 | /* Remove queued messages from the audit_txlist and send them to userspace. */ | ||
775 | static void audit_tasklet_handler(unsigned long arg) | ||
776 | { | ||
777 | LIST_HEAD(list); | ||
778 | struct audit_buffer *ab; | ||
779 | unsigned long flags; | ||
780 | 809 | ||
781 | spin_lock_irqsave(&audit_txlist_lock, flags); | 810 | /* We will allow 11 spaces for ' (deleted)' to be appended */ |
782 | list_splice_init(&audit_txlist, &list); | 811 | path = kmalloc(PATH_MAX+11, GFP_KERNEL); |
783 | spin_unlock_irqrestore(&audit_txlist_lock, flags); | 812 | if (!path) { |
784 | 813 | audit_log_format(ab, "<no memory>"); | |
785 | while (!list_empty(&list)) { | 814 | return; |
786 | ab = list_entry(list.next, struct audit_buffer, list); | ||
787 | list_del(&ab->list); | ||
788 | audit_log_end_fast(ab); | ||
789 | } | 815 | } |
816 | p = d_path(dentry, vfsmnt, path, PATH_MAX+11); | ||
817 | if (IS_ERR(p)) { /* Should never happen since we send PATH_MAX */ | ||
818 | /* FIXME: can we save some information here? */ | ||
819 | audit_log_format(ab, "<too long>"); | ||
820 | } else | ||
821 | audit_log_untrustedstring(ab, p); | ||
822 | kfree(path); | ||
790 | } | 823 | } |
791 | 824 | ||
792 | static DECLARE_TASKLET(audit_tasklet, audit_tasklet_handler, 0); | ||
793 | |||
794 | /* The netlink_* functions cannot be called inside an irq context, so | 825 | /* The netlink_* functions cannot be called inside an irq context, so |
795 | * the audit buffer is places on a queue and a tasklet is scheduled to | 826 | * the audit buffer is places on a queue and a tasklet is scheduled to |
796 | * remove them from the queue outside the irq context. May be called in | 827 | * remove them from the queue outside the irq context. May be called in |
797 | * any context. */ | 828 | * any context. */ |
798 | static void audit_log_end_irq(struct audit_buffer *ab) | 829 | void audit_log_end(struct audit_buffer *ab) |
799 | { | ||
800 | unsigned long flags; | ||
801 | |||
802 | if (!ab) | ||
803 | return; | ||
804 | spin_lock_irqsave(&audit_txlist_lock, flags); | ||
805 | list_add_tail(&ab->list, &audit_txlist); | ||
806 | spin_unlock_irqrestore(&audit_txlist_lock, flags); | ||
807 | |||
808 | tasklet_schedule(&audit_tasklet); | ||
809 | } | ||
810 | |||
811 | /* Send the message in the audit buffer directly to user space. May not | ||
812 | * be called in an irq context. */ | ||
813 | static void audit_log_end_fast(struct audit_buffer *ab) | ||
814 | { | 830 | { |
815 | unsigned long flags; | ||
816 | |||
817 | BUG_ON(in_irq()); | ||
818 | if (!ab) | 831 | if (!ab) |
819 | return; | 832 | return; |
820 | if (!audit_rate_check()) { | 833 | if (!audit_rate_check()) { |
821 | audit_log_lost("rate limit exceeded"); | 834 | audit_log_lost("rate limit exceeded"); |
822 | } else { | 835 | } else { |
823 | audit_log_move(ab); | 836 | if (audit_pid) { |
824 | if (audit_log_drain(ab)) | 837 | struct nlmsghdr *nlh = (struct nlmsghdr *)ab->skb->data; |
825 | return; | 838 | nlh->nlmsg_len = ab->skb->len - NLMSG_SPACE(0); |
839 | skb_queue_tail(&audit_skb_queue, ab->skb); | ||
840 | ab->skb = NULL; | ||
841 | wake_up_interruptible(&kauditd_wait); | ||
842 | } else { | ||
843 | printk("%s\n", ab->skb->data + NLMSG_SPACE(0)); | ||
844 | } | ||
826 | } | 845 | } |
827 | 846 | audit_buffer_free(ab); | |
828 | atomic_dec(&audit_backlog); | ||
829 | spin_lock_irqsave(&audit_freelist_lock, flags); | ||
830 | if (++audit_freelist_count > AUDIT_MAXFREE) | ||
831 | kfree(ab); | ||
832 | else | ||
833 | list_add(&ab->list, &audit_freelist); | ||
834 | spin_unlock_irqrestore(&audit_freelist_lock, flags); | ||
835 | } | ||
836 | |||
837 | /* Send or queue the message in the audit buffer, depending on the | ||
838 | * current context. (A convenience function that may be called in any | ||
839 | * context.) */ | ||
840 | void audit_log_end(struct audit_buffer *ab) | ||
841 | { | ||
842 | if (in_irq()) | ||
843 | audit_log_end_irq(ab); | ||
844 | else | ||
845 | audit_log_end_fast(ab); | ||
846 | } | 847 | } |
847 | 848 | ||
848 | /* Log an audit record. This is a convenience function that calls | 849 | /* Log an audit record. This is a convenience function that calls |
849 | * audit_log_start, audit_log_vformat, and audit_log_end. It may be | 850 | * audit_log_start, audit_log_vformat, and audit_log_end. It may be |
850 | * called in any context. */ | 851 | * called in any context. */ |
851 | void audit_log(struct audit_context *ctx, const char *fmt, ...) | 852 | void audit_log(struct audit_context *ctx, int type, const char *fmt, ...) |
852 | { | 853 | { |
853 | struct audit_buffer *ab; | 854 | struct audit_buffer *ab; |
854 | va_list args; | 855 | va_list args; |
855 | 856 | ||
856 | ab = audit_log_start(ctx); | 857 | ab = audit_log_start(ctx, type); |
857 | if (ab) { | 858 | if (ab) { |
858 | va_start(args, fmt); | 859 | va_start(args, fmt); |
859 | audit_log_vformat(ab, fmt, args); | 860 | audit_log_vformat(ab, fmt, args); |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 37b3ac94bc47..e75f84e1a1a0 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -34,7 +34,8 @@ | |||
34 | #include <asm/types.h> | 34 | #include <asm/types.h> |
35 | #include <linux/mm.h> | 35 | #include <linux/mm.h> |
36 | #include <linux/module.h> | 36 | #include <linux/module.h> |
37 | 37 | #include <linux/mount.h> | |
38 | #include <linux/socket.h> | ||
38 | #include <linux/audit.h> | 39 | #include <linux/audit.h> |
39 | #include <linux/personality.h> | 40 | #include <linux/personality.h> |
40 | #include <linux/time.h> | 41 | #include <linux/time.h> |
@@ -112,6 +113,23 @@ struct audit_aux_data_ipcctl { | |||
112 | mode_t mode; | 113 | mode_t mode; |
113 | }; | 114 | }; |
114 | 115 | ||
116 | struct audit_aux_data_socketcall { | ||
117 | struct audit_aux_data d; | ||
118 | int nargs; | ||
119 | unsigned long args[0]; | ||
120 | }; | ||
121 | |||
122 | struct audit_aux_data_sockaddr { | ||
123 | struct audit_aux_data d; | ||
124 | int len; | ||
125 | char a[0]; | ||
126 | }; | ||
127 | |||
128 | struct audit_aux_data_path { | ||
129 | struct audit_aux_data d; | ||
130 | struct dentry *dentry; | ||
131 | struct vfsmount *mnt; | ||
132 | }; | ||
115 | 133 | ||
116 | /* The per-task audit context. */ | 134 | /* The per-task audit context. */ |
117 | struct audit_context { | 135 | struct audit_context { |
@@ -127,6 +145,8 @@ struct audit_context { | |||
127 | int auditable; /* 1 if record should be written */ | 145 | int auditable; /* 1 if record should be written */ |
128 | int name_count; | 146 | int name_count; |
129 | struct audit_names names[AUDIT_NAMES]; | 147 | struct audit_names names[AUDIT_NAMES]; |
148 | struct dentry * pwd; | ||
149 | struct vfsmount * pwdmnt; | ||
130 | struct audit_context *previous; /* For nested syscalls */ | 150 | struct audit_context *previous; /* For nested syscalls */ |
131 | struct audit_aux_data *aux; | 151 | struct audit_aux_data *aux; |
132 | 152 | ||
@@ -157,6 +177,8 @@ struct audit_entry { | |||
157 | struct audit_rule rule; | 177 | struct audit_rule rule; |
158 | }; | 178 | }; |
159 | 179 | ||
180 | extern int audit_pid; | ||
181 | |||
160 | /* Check to see if two rules are identical. It is called from | 182 | /* Check to see if two rules are identical. It is called from |
161 | * audit_del_rule during AUDIT_DEL. */ | 183 | * audit_del_rule during AUDIT_DEL. */ |
162 | static int audit_compare_rule(struct audit_rule *a, struct audit_rule *b) | 184 | static int audit_compare_rule(struct audit_rule *a, struct audit_rule *b) |
@@ -226,7 +248,6 @@ static inline int audit_del_rule(struct audit_rule *rule, | |||
226 | return -EFAULT; /* No matching rule */ | 248 | return -EFAULT; /* No matching rule */ |
227 | } | 249 | } |
228 | 250 | ||
229 | #ifdef CONFIG_NET | ||
230 | /* Copy rule from user-space to kernel-space. Called during | 251 | /* Copy rule from user-space to kernel-space. Called during |
231 | * AUDIT_ADD. */ | 252 | * AUDIT_ADD. */ |
232 | static int audit_copy_rule(struct audit_rule *d, struct audit_rule *s) | 253 | static int audit_copy_rule(struct audit_rule *d, struct audit_rule *s) |
@@ -287,7 +308,8 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data, | |||
287 | err = audit_add_rule(entry, &audit_entlist); | 308 | err = audit_add_rule(entry, &audit_entlist); |
288 | if (!err && (flags & AUDIT_AT_EXIT)) | 309 | if (!err && (flags & AUDIT_AT_EXIT)) |
289 | err = audit_add_rule(entry, &audit_extlist); | 310 | err = audit_add_rule(entry, &audit_extlist); |
290 | audit_log(NULL, "auid %u added an audit rule\n", loginuid); | 311 | audit_log(NULL, AUDIT_CONFIG_CHANGE, |
312 | "auid=%u added an audit rule\n", loginuid); | ||
291 | break; | 313 | break; |
292 | case AUDIT_DEL: | 314 | case AUDIT_DEL: |
293 | flags =((struct audit_rule *)data)->flags; | 315 | flags =((struct audit_rule *)data)->flags; |
@@ -297,7 +319,8 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data, | |||
297 | err = audit_del_rule(data, &audit_entlist); | 319 | err = audit_del_rule(data, &audit_entlist); |
298 | if (!err && (flags & AUDIT_AT_EXIT)) | 320 | if (!err && (flags & AUDIT_AT_EXIT)) |
299 | err = audit_del_rule(data, &audit_extlist); | 321 | err = audit_del_rule(data, &audit_extlist); |
300 | audit_log(NULL, "auid %u removed an audit rule\n", loginuid); | 322 | audit_log(NULL, AUDIT_CONFIG_CHANGE, |
323 | "auid=%u removed an audit rule\n", loginuid); | ||
301 | break; | 324 | break; |
302 | default: | 325 | default: |
303 | return -EINVAL; | 326 | return -EINVAL; |
@@ -305,7 +328,6 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data, | |||
305 | 328 | ||
306 | return err; | 329 | return err; |
307 | } | 330 | } |
308 | #endif | ||
309 | 331 | ||
310 | /* Compare a task_struct with an audit_rule. Return 1 on match, 0 | 332 | /* Compare a task_struct with an audit_rule. Return 1 on match, 0 |
311 | * otherwise. */ | 333 | * otherwise. */ |
@@ -444,7 +466,7 @@ static enum audit_state audit_filter_task(struct task_struct *tsk) | |||
444 | 466 | ||
445 | /* At syscall entry and exit time, this filter is called if the | 467 | /* At syscall entry and exit time, this filter is called if the |
446 | * audit_state is not low enough that auditing cannot take place, but is | 468 | * audit_state is not low enough that auditing cannot take place, but is |
447 | * also not high enough that we already know we have to write and audit | 469 | * also not high enough that we already know we have to write an audit |
448 | * record (i.e., the state is AUDIT_SETUP_CONTEXT or AUDIT_BUILD_CONTEXT). | 470 | * record (i.e., the state is AUDIT_SETUP_CONTEXT or AUDIT_BUILD_CONTEXT). |
449 | */ | 471 | */ |
450 | static enum audit_state audit_filter_syscall(struct task_struct *tsk, | 472 | static enum audit_state audit_filter_syscall(struct task_struct *tsk, |
@@ -532,6 +554,12 @@ static inline void audit_free_names(struct audit_context *context) | |||
532 | if (context->names[i].name) | 554 | if (context->names[i].name) |
533 | __putname(context->names[i].name); | 555 | __putname(context->names[i].name); |
534 | context->name_count = 0; | 556 | context->name_count = 0; |
557 | if (context->pwd) | ||
558 | dput(context->pwd); | ||
559 | if (context->pwdmnt) | ||
560 | mntput(context->pwdmnt); | ||
561 | context->pwd = NULL; | ||
562 | context->pwdmnt = NULL; | ||
535 | } | 563 | } |
536 | 564 | ||
537 | static inline void audit_free_aux(struct audit_context *context) | 565 | static inline void audit_free_aux(struct audit_context *context) |
@@ -539,6 +567,11 @@ static inline void audit_free_aux(struct audit_context *context) | |||
539 | struct audit_aux_data *aux; | 567 | struct audit_aux_data *aux; |
540 | 568 | ||
541 | while ((aux = context->aux)) { | 569 | while ((aux = context->aux)) { |
570 | if (aux->type == AUDIT_AVC_PATH) { | ||
571 | struct audit_aux_data_path *axi = (void *)aux; | ||
572 | dput(axi->dentry); | ||
573 | mntput(axi->mnt); | ||
574 | } | ||
542 | context->aux = aux->next; | 575 | context->aux = aux->next; |
543 | kfree(aux); | 576 | kfree(aux); |
544 | } | 577 | } |
@@ -625,7 +658,8 @@ static void audit_log_task_info(struct audit_buffer *ab) | |||
625 | struct vm_area_struct *vma; | 658 | struct vm_area_struct *vma; |
626 | 659 | ||
627 | get_task_comm(name, current); | 660 | get_task_comm(name, current); |
628 | audit_log_format(ab, " comm=%s", name); | 661 | audit_log_format(ab, " comm="); |
662 | audit_log_untrustedstring(ab, name); | ||
629 | 663 | ||
630 | if (!mm) | 664 | if (!mm) |
631 | return; | 665 | return; |
@@ -649,23 +683,24 @@ static void audit_log_exit(struct audit_context *context) | |||
649 | { | 683 | { |
650 | int i; | 684 | int i; |
651 | struct audit_buffer *ab; | 685 | struct audit_buffer *ab; |
686 | struct audit_aux_data *aux; | ||
652 | 687 | ||
653 | ab = audit_log_start(context); | 688 | ab = audit_log_start(context, AUDIT_SYSCALL); |
654 | if (!ab) | 689 | if (!ab) |
655 | return; /* audit_panic has been called */ | 690 | return; /* audit_panic has been called */ |
656 | audit_log_format(ab, "syscall=%d", context->major); | 691 | audit_log_format(ab, "arch=%x syscall=%d", |
692 | context->arch, context->major); | ||
657 | if (context->personality != PER_LINUX) | 693 | if (context->personality != PER_LINUX) |
658 | audit_log_format(ab, " per=%lx", context->personality); | 694 | audit_log_format(ab, " per=%lx", context->personality); |
659 | audit_log_format(ab, " arch=%x", context->arch); | ||
660 | if (context->return_valid) | 695 | if (context->return_valid) |
661 | audit_log_format(ab, " success=%s exit=%ld", | 696 | audit_log_format(ab, " success=%s exit=%ld", |
662 | (context->return_valid==AUDITSC_SUCCESS)?"yes":"no", | 697 | (context->return_valid==AUDITSC_SUCCESS)?"yes":"no", |
663 | context->return_code); | 698 | context->return_code); |
664 | audit_log_format(ab, | 699 | audit_log_format(ab, |
665 | " a0=%lx a1=%lx a2=%lx a3=%lx items=%d" | 700 | " a0=%lx a1=%lx a2=%lx a3=%lx items=%d" |
666 | " pid=%d loginuid=%d uid=%d gid=%d" | 701 | " pid=%d auid=%u uid=%u gid=%u" |
667 | " euid=%d suid=%d fsuid=%d" | 702 | " euid=%u suid=%u fsuid=%u" |
668 | " egid=%d sgid=%d fsgid=%d", | 703 | " egid=%u sgid=%u fsgid=%u", |
669 | context->argv[0], | 704 | context->argv[0], |
670 | context->argv[1], | 705 | context->argv[1], |
671 | context->argv[2], | 706 | context->argv[2], |
@@ -679,33 +714,57 @@ static void audit_log_exit(struct audit_context *context) | |||
679 | context->egid, context->sgid, context->fsgid); | 714 | context->egid, context->sgid, context->fsgid); |
680 | audit_log_task_info(ab); | 715 | audit_log_task_info(ab); |
681 | audit_log_end(ab); | 716 | audit_log_end(ab); |
682 | while (context->aux) { | ||
683 | struct audit_aux_data *aux; | ||
684 | 717 | ||
685 | ab = audit_log_start(context); | 718 | for (aux = context->aux; aux; aux = aux->next) { |
719 | |||
720 | ab = audit_log_start(context, aux->type); | ||
686 | if (!ab) | 721 | if (!ab) |
687 | continue; /* audit_panic has been called */ | 722 | continue; /* audit_panic has been called */ |
688 | 723 | ||
689 | aux = context->aux; | ||
690 | context->aux = aux->next; | ||
691 | |||
692 | audit_log_format(ab, "auxitem=%d", aux->type); | ||
693 | switch (aux->type) { | 724 | switch (aux->type) { |
694 | case AUDIT_AUX_IPCPERM: { | 725 | case AUDIT_IPC: { |
695 | struct audit_aux_data_ipcctl *axi = (void *)aux; | 726 | struct audit_aux_data_ipcctl *axi = (void *)aux; |
696 | audit_log_format(ab, | 727 | audit_log_format(ab, |
697 | " qbytes=%lx uid=%d gid=%d mode=%x", | 728 | " qbytes=%lx iuid=%u igid=%u mode=%x", |
698 | axi->qbytes, axi->uid, axi->gid, axi->mode); | 729 | axi->qbytes, axi->uid, axi->gid, axi->mode); |
699 | } | 730 | break; } |
731 | |||
732 | case AUDIT_SOCKETCALL: { | ||
733 | int i; | ||
734 | struct audit_aux_data_socketcall *axs = (void *)aux; | ||
735 | audit_log_format(ab, "nargs=%d", axs->nargs); | ||
736 | for (i=0; i<axs->nargs; i++) | ||
737 | audit_log_format(ab, " a%d=%lx", i, axs->args[i]); | ||
738 | break; } | ||
739 | |||
740 | case AUDIT_SOCKADDR: { | ||
741 | struct audit_aux_data_sockaddr *axs = (void *)aux; | ||
742 | |||
743 | audit_log_format(ab, "saddr="); | ||
744 | audit_log_hex(ab, axs->a, axs->len); | ||
745 | break; } | ||
746 | |||
747 | case AUDIT_AVC_PATH: { | ||
748 | struct audit_aux_data_path *axi = (void *)aux; | ||
749 | audit_log_d_path(ab, "path=", axi->dentry, axi->mnt); | ||
750 | break; } | ||
751 | |||
700 | } | 752 | } |
701 | audit_log_end(ab); | 753 | audit_log_end(ab); |
702 | kfree(aux); | ||
703 | } | 754 | } |
704 | 755 | ||
756 | if (context->pwd && context->pwdmnt) { | ||
757 | ab = audit_log_start(context, AUDIT_CWD); | ||
758 | if (ab) { | ||
759 | audit_log_d_path(ab, "cwd=", context->pwd, context->pwdmnt); | ||
760 | audit_log_end(ab); | ||
761 | } | ||
762 | } | ||
705 | for (i = 0; i < context->name_count; i++) { | 763 | for (i = 0; i < context->name_count; i++) { |
706 | ab = audit_log_start(context); | 764 | ab = audit_log_start(context, AUDIT_PATH); |
707 | if (!ab) | 765 | if (!ab) |
708 | continue; /* audit_panic has been called */ | 766 | continue; /* audit_panic has been called */ |
767 | |||
709 | audit_log_format(ab, "item=%d", i); | 768 | audit_log_format(ab, "item=%d", i); |
710 | if (context->names[i].name) { | 769 | if (context->names[i].name) { |
711 | audit_log_format(ab, " name="); | 770 | audit_log_format(ab, " name="); |
@@ -713,7 +772,7 @@ static void audit_log_exit(struct audit_context *context) | |||
713 | } | 772 | } |
714 | if (context->names[i].ino != (unsigned long)-1) | 773 | if (context->names[i].ino != (unsigned long)-1) |
715 | audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#o" | 774 | audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#o" |
716 | " uid=%d gid=%d rdev=%02x:%02x", | 775 | " ouid=%u ogid=%u rdev=%02x:%02x", |
717 | context->names[i].ino, | 776 | context->names[i].ino, |
718 | MAJOR(context->names[i].dev), | 777 | MAJOR(context->names[i].dev), |
719 | MINOR(context->names[i].dev), | 778 | MINOR(context->names[i].dev), |
@@ -741,42 +800,12 @@ void audit_free(struct task_struct *tsk) | |||
741 | 800 | ||
742 | /* Check for system calls that do not go through the exit | 801 | /* Check for system calls that do not go through the exit |
743 | * function (e.g., exit_group), then free context block. */ | 802 | * function (e.g., exit_group), then free context block. */ |
744 | if (context->in_syscall && context->auditable) | 803 | if (context->in_syscall && context->auditable && context->pid != audit_pid) |
745 | audit_log_exit(context); | 804 | audit_log_exit(context); |
746 | 805 | ||
747 | audit_free_context(context); | 806 | audit_free_context(context); |
748 | } | 807 | } |
749 | 808 | ||
750 | /* Compute a serial number for the audit record. Audit records are | ||
751 | * written to user-space as soon as they are generated, so a complete | ||
752 | * audit record may be written in several pieces. The timestamp of the | ||
753 | * record and this serial number are used by the user-space daemon to | ||
754 | * determine which pieces belong to the same audit record. The | ||
755 | * (timestamp,serial) tuple is unique for each syscall and is live from | ||
756 | * syscall entry to syscall exit. | ||
757 | * | ||
758 | * Atomic values are only guaranteed to be 24-bit, so we count down. | ||
759 | * | ||
760 | * NOTE: Another possibility is to store the formatted records off the | ||
761 | * audit context (for those records that have a context), and emit them | ||
762 | * all at syscall exit. However, this could delay the reporting of | ||
763 | * significant errors until syscall exit (or never, if the system | ||
764 | * halts). */ | ||
765 | static inline unsigned int audit_serial(void) | ||
766 | { | ||
767 | static atomic_t serial = ATOMIC_INIT(0xffffff); | ||
768 | unsigned int a, b; | ||
769 | |||
770 | do { | ||
771 | a = atomic_read(&serial); | ||
772 | if (atomic_dec_and_test(&serial)) | ||
773 | atomic_set(&serial, 0xffffff); | ||
774 | b = atomic_read(&serial); | ||
775 | } while (b != a - 1); | ||
776 | |||
777 | return 0xffffff - b; | ||
778 | } | ||
779 | |||
780 | /* Fill in audit context at syscall entry. This only happens if the | 809 | /* Fill in audit context at syscall entry. This only happens if the |
781 | * audit context was created when the task was created and the state or | 810 | * audit context was created when the task was created and the state or |
782 | * filters demand the audit context be built. If the state from the | 811 | * filters demand the audit context be built. If the state from the |
@@ -876,7 +905,7 @@ void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code) | |||
876 | if (likely(!context)) | 905 | if (likely(!context)) |
877 | return; | 906 | return; |
878 | 907 | ||
879 | if (context->in_syscall && context->auditable) | 908 | if (context->in_syscall && context->auditable && context->pid != audit_pid) |
880 | audit_log_exit(context); | 909 | audit_log_exit(context); |
881 | 910 | ||
882 | context->in_syscall = 0; | 911 | context->in_syscall = 0; |
@@ -916,6 +945,13 @@ void audit_getname(const char *name) | |||
916 | context->names[context->name_count].name = name; | 945 | context->names[context->name_count].name = name; |
917 | context->names[context->name_count].ino = (unsigned long)-1; | 946 | context->names[context->name_count].ino = (unsigned long)-1; |
918 | ++context->name_count; | 947 | ++context->name_count; |
948 | if (!context->pwd) { | ||
949 | read_lock(¤t->fs->lock); | ||
950 | context->pwd = dget(current->fs->pwd); | ||
951 | context->pwdmnt = mntget(current->fs->pwdmnt); | ||
952 | read_unlock(¤t->fs->lock); | ||
953 | } | ||
954 | |||
919 | } | 955 | } |
920 | 956 | ||
921 | /* Intercept a putname request. Called from | 957 | /* Intercept a putname request. Called from |
@@ -994,34 +1030,26 @@ void audit_inode(const char *name, const struct inode *inode) | |||
994 | context->names[idx].rdev = inode->i_rdev; | 1030 | context->names[idx].rdev = inode->i_rdev; |
995 | } | 1031 | } |
996 | 1032 | ||
997 | void audit_get_stamp(struct audit_context *ctx, | 1033 | void auditsc_get_stamp(struct audit_context *ctx, |
998 | struct timespec *t, unsigned int *serial) | 1034 | struct timespec *t, unsigned int *serial) |
999 | { | 1035 | { |
1000 | if (ctx) { | 1036 | t->tv_sec = ctx->ctime.tv_sec; |
1001 | t->tv_sec = ctx->ctime.tv_sec; | 1037 | t->tv_nsec = ctx->ctime.tv_nsec; |
1002 | t->tv_nsec = ctx->ctime.tv_nsec; | 1038 | *serial = ctx->serial; |
1003 | *serial = ctx->serial; | 1039 | ctx->auditable = 1; |
1004 | ctx->auditable = 1; | ||
1005 | } else { | ||
1006 | *t = CURRENT_TIME; | ||
1007 | *serial = 0; | ||
1008 | } | ||
1009 | } | 1040 | } |
1010 | 1041 | ||
1011 | extern int audit_set_type(struct audit_buffer *ab, int type); | ||
1012 | |||
1013 | int audit_set_loginuid(struct task_struct *task, uid_t loginuid) | 1042 | int audit_set_loginuid(struct task_struct *task, uid_t loginuid) |
1014 | { | 1043 | { |
1015 | if (task->audit_context) { | 1044 | if (task->audit_context) { |
1016 | struct audit_buffer *ab; | 1045 | struct audit_buffer *ab; |
1017 | 1046 | ||
1018 | ab = audit_log_start(NULL); | 1047 | ab = audit_log_start(NULL, AUDIT_LOGIN); |
1019 | if (ab) { | 1048 | if (ab) { |
1020 | audit_log_format(ab, "login pid=%d uid=%u " | 1049 | audit_log_format(ab, "login pid=%d uid=%u " |
1021 | "old loginuid=%u new loginuid=%u", | 1050 | "old auid=%u new auid=%u", |
1022 | task->pid, task->uid, | 1051 | task->pid, task->uid, |
1023 | task->audit_context->loginuid, loginuid); | 1052 | task->audit_context->loginuid, loginuid); |
1024 | audit_set_type(ab, AUDIT_LOGIN); | ||
1025 | audit_log_end(ab); | 1053 | audit_log_end(ab); |
1026 | } | 1054 | } |
1027 | task->audit_context->loginuid = loginuid; | 1055 | task->audit_context->loginuid = loginuid; |
@@ -1051,8 +1079,89 @@ int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode) | |||
1051 | ax->gid = gid; | 1079 | ax->gid = gid; |
1052 | ax->mode = mode; | 1080 | ax->mode = mode; |
1053 | 1081 | ||
1054 | ax->d.type = AUDIT_AUX_IPCPERM; | 1082 | ax->d.type = AUDIT_IPC; |
1083 | ax->d.next = context->aux; | ||
1084 | context->aux = (void *)ax; | ||
1085 | return 0; | ||
1086 | } | ||
1087 | |||
1088 | int audit_socketcall(int nargs, unsigned long *args) | ||
1089 | { | ||
1090 | struct audit_aux_data_socketcall *ax; | ||
1091 | struct audit_context *context = current->audit_context; | ||
1092 | |||
1093 | if (likely(!context)) | ||
1094 | return 0; | ||
1095 | |||
1096 | ax = kmalloc(sizeof(*ax) + nargs * sizeof(unsigned long), GFP_KERNEL); | ||
1097 | if (!ax) | ||
1098 | return -ENOMEM; | ||
1099 | |||
1100 | ax->nargs = nargs; | ||
1101 | memcpy(ax->args, args, nargs * sizeof(unsigned long)); | ||
1102 | |||
1103 | ax->d.type = AUDIT_SOCKETCALL; | ||
1104 | ax->d.next = context->aux; | ||
1105 | context->aux = (void *)ax; | ||
1106 | return 0; | ||
1107 | } | ||
1108 | |||
1109 | int audit_sockaddr(int len, void *a) | ||
1110 | { | ||
1111 | struct audit_aux_data_sockaddr *ax; | ||
1112 | struct audit_context *context = current->audit_context; | ||
1113 | |||
1114 | if (likely(!context)) | ||
1115 | return 0; | ||
1116 | |||
1117 | ax = kmalloc(sizeof(*ax) + len, GFP_KERNEL); | ||
1118 | if (!ax) | ||
1119 | return -ENOMEM; | ||
1120 | |||
1121 | ax->len = len; | ||
1122 | memcpy(ax->a, a, len); | ||
1123 | |||
1124 | ax->d.type = AUDIT_SOCKADDR; | ||
1055 | ax->d.next = context->aux; | 1125 | ax->d.next = context->aux; |
1056 | context->aux = (void *)ax; | 1126 | context->aux = (void *)ax; |
1057 | return 0; | 1127 | return 0; |
1058 | } | 1128 | } |
1129 | |||
1130 | int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt) | ||
1131 | { | ||
1132 | struct audit_aux_data_path *ax; | ||
1133 | struct audit_context *context = current->audit_context; | ||
1134 | |||
1135 | if (likely(!context)) | ||
1136 | return 0; | ||
1137 | |||
1138 | ax = kmalloc(sizeof(*ax), GFP_ATOMIC); | ||
1139 | if (!ax) | ||
1140 | return -ENOMEM; | ||
1141 | |||
1142 | ax->dentry = dget(dentry); | ||
1143 | ax->mnt = mntget(mnt); | ||
1144 | |||
1145 | ax->d.type = AUDIT_AVC_PATH; | ||
1146 | ax->d.next = context->aux; | ||
1147 | context->aux = (void *)ax; | ||
1148 | return 0; | ||
1149 | } | ||
1150 | |||
1151 | void audit_signal_info(int sig, struct task_struct *t) | ||
1152 | { | ||
1153 | extern pid_t audit_sig_pid; | ||
1154 | extern uid_t audit_sig_uid; | ||
1155 | |||
1156 | if (unlikely(audit_pid && t->pid == audit_pid)) { | ||
1157 | if (sig == SIGTERM || sig == SIGHUP) { | ||
1158 | struct audit_context *ctx = current->audit_context; | ||
1159 | audit_sig_pid = current->pid; | ||
1160 | if (ctx) | ||
1161 | audit_sig_uid = ctx->loginuid; | ||
1162 | else | ||
1163 | audit_sig_uid = current->uid; | ||
1164 | } | ||
1165 | } | ||
1166 | } | ||
1167 | |||
diff --git a/kernel/signal.c b/kernel/signal.c index b3c24c732c5a..c89821b69ae3 100644 --- a/kernel/signal.c +++ b/kernel/signal.c | |||
@@ -24,6 +24,7 @@ | |||
24 | #include <linux/ptrace.h> | 24 | #include <linux/ptrace.h> |
25 | #include <linux/posix-timers.h> | 25 | #include <linux/posix-timers.h> |
26 | #include <linux/signal.h> | 26 | #include <linux/signal.h> |
27 | #include <linux/audit.h> | ||
27 | #include <asm/param.h> | 28 | #include <asm/param.h> |
28 | #include <asm/uaccess.h> | 29 | #include <asm/uaccess.h> |
29 | #include <asm/unistd.h> | 30 | #include <asm/unistd.h> |
@@ -667,7 +668,11 @@ static int check_kill_permission(int sig, struct siginfo *info, | |||
667 | && (current->uid ^ t->suid) && (current->uid ^ t->uid) | 668 | && (current->uid ^ t->suid) && (current->uid ^ t->uid) |
668 | && !capable(CAP_KILL)) | 669 | && !capable(CAP_KILL)) |
669 | return error; | 670 | return error; |
670 | return security_task_kill(t, info, sig); | 671 | |
672 | error = security_task_kill(t, info, sig); | ||
673 | if (!error) | ||
674 | audit_signal_info(sig, t); /* Let audit system see the signal */ | ||
675 | return error; | ||
671 | } | 676 | } |
672 | 677 | ||
673 | /* forward decl */ | 678 | /* forward decl */ |
diff --git a/net/socket.c b/net/socket.c index cec0cb38b9ce..38729af09461 100644 --- a/net/socket.c +++ b/net/socket.c | |||
@@ -81,6 +81,7 @@ | |||
81 | #include <linux/syscalls.h> | 81 | #include <linux/syscalls.h> |
82 | #include <linux/compat.h> | 82 | #include <linux/compat.h> |
83 | #include <linux/kmod.h> | 83 | #include <linux/kmod.h> |
84 | #include <linux/audit.h> | ||
84 | 85 | ||
85 | #ifdef CONFIG_NET_RADIO | 86 | #ifdef CONFIG_NET_RADIO |
86 | #include <linux/wireless.h> /* Note : will define WIRELESS_EXT */ | 87 | #include <linux/wireless.h> /* Note : will define WIRELESS_EXT */ |
@@ -226,7 +227,7 @@ int move_addr_to_kernel(void __user *uaddr, int ulen, void *kaddr) | |||
226 | return 0; | 227 | return 0; |
227 | if(copy_from_user(kaddr,uaddr,ulen)) | 228 | if(copy_from_user(kaddr,uaddr,ulen)) |
228 | return -EFAULT; | 229 | return -EFAULT; |
229 | return 0; | 230 | return audit_sockaddr(ulen, kaddr); |
230 | } | 231 | } |
231 | 232 | ||
232 | /** | 233 | /** |
@@ -1906,7 +1907,11 @@ asmlinkage long sys_socketcall(int call, unsigned long __user *args) | |||
1906 | /* copy_from_user should be SMP safe. */ | 1907 | /* copy_from_user should be SMP safe. */ |
1907 | if (copy_from_user(a, args, nargs[call])) | 1908 | if (copy_from_user(a, args, nargs[call])) |
1908 | return -EFAULT; | 1909 | return -EFAULT; |
1909 | 1910 | ||
1911 | err = audit_socketcall(nargs[call]/sizeof(unsigned long), a); | ||
1912 | if (err) | ||
1913 | return err; | ||
1914 | |||
1910 | a0=a[0]; | 1915 | a0=a[0]; |
1911 | a1=a[1]; | 1916 | a1=a[1]; |
1912 | 1917 | ||
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 85a6f66a873f..451502467a9b 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c | |||
@@ -242,7 +242,7 @@ void __init avc_init(void) | |||
242 | avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node), | 242 | avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node), |
243 | 0, SLAB_PANIC, NULL, NULL); | 243 | 0, SLAB_PANIC, NULL, NULL); |
244 | 244 | ||
245 | audit_log(current->audit_context, "AVC INITIALIZED\n"); | 245 | audit_log(current->audit_context, AUDIT_KERNEL, "AVC INITIALIZED\n"); |
246 | } | 246 | } |
247 | 247 | ||
248 | int avc_get_hash_stats(char *page) | 248 | int avc_get_hash_stats(char *page) |
@@ -532,6 +532,7 @@ void avc_audit(u32 ssid, u32 tsid, | |||
532 | u16 tclass, u32 requested, | 532 | u16 tclass, u32 requested, |
533 | struct av_decision *avd, int result, struct avc_audit_data *a) | 533 | struct av_decision *avd, int result, struct avc_audit_data *a) |
534 | { | 534 | { |
535 | struct task_struct *tsk = current; | ||
535 | struct inode *inode = NULL; | 536 | struct inode *inode = NULL; |
536 | u32 denied, audited; | 537 | u32 denied, audited; |
537 | struct audit_buffer *ab; | 538 | struct audit_buffer *ab; |
@@ -549,12 +550,18 @@ void avc_audit(u32 ssid, u32 tsid, | |||
549 | return; | 550 | return; |
550 | } | 551 | } |
551 | 552 | ||
552 | ab = audit_log_start(current->audit_context); | 553 | ab = audit_log_start(current->audit_context, AUDIT_AVC); |
553 | if (!ab) | 554 | if (!ab) |
554 | return; /* audit_panic has been called */ | 555 | return; /* audit_panic has been called */ |
555 | audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted"); | 556 | audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted"); |
556 | avc_dump_av(ab, tclass,audited); | 557 | avc_dump_av(ab, tclass,audited); |
557 | audit_log_format(ab, " for "); | 558 | audit_log_format(ab, " for "); |
559 | if (a && a->tsk) | ||
560 | tsk = a->tsk; | ||
561 | if (tsk && tsk->pid) { | ||
562 | audit_log_format(ab, " pid=%d comm=", tsk->pid); | ||
563 | audit_log_untrustedstring(ab, tsk->comm); | ||
564 | } | ||
558 | if (a) { | 565 | if (a) { |
559 | switch (a->type) { | 566 | switch (a->type) { |
560 | case AVC_AUDIT_DATA_IPC: | 567 | case AVC_AUDIT_DATA_IPC: |
@@ -566,21 +573,18 @@ void avc_audit(u32 ssid, u32 tsid, | |||
566 | case AVC_AUDIT_DATA_FS: | 573 | case AVC_AUDIT_DATA_FS: |
567 | if (a->u.fs.dentry) { | 574 | if (a->u.fs.dentry) { |
568 | struct dentry *dentry = a->u.fs.dentry; | 575 | struct dentry *dentry = a->u.fs.dentry; |
569 | if (a->u.fs.mnt) { | 576 | if (a->u.fs.mnt) |
570 | audit_log_d_path(ab, "path=", dentry, | 577 | audit_avc_path(dentry, a->u.fs.mnt); |
571 | a->u.fs.mnt); | 578 | audit_log_format(ab, " name="); |
572 | } else { | 579 | audit_log_untrustedstring(ab, dentry->d_name.name); |
573 | audit_log_format(ab, " name=%s", | ||
574 | dentry->d_name.name); | ||
575 | } | ||
576 | inode = dentry->d_inode; | 580 | inode = dentry->d_inode; |
577 | } else if (a->u.fs.inode) { | 581 | } else if (a->u.fs.inode) { |
578 | struct dentry *dentry; | 582 | struct dentry *dentry; |
579 | inode = a->u.fs.inode; | 583 | inode = a->u.fs.inode; |
580 | dentry = d_find_alias(inode); | 584 | dentry = d_find_alias(inode); |
581 | if (dentry) { | 585 | if (dentry) { |
582 | audit_log_format(ab, " name=%s", | 586 | audit_log_format(ab, " name="); |
583 | dentry->d_name.name); | 587 | audit_log_untrustedstring(ab, dentry->d_name.name); |
584 | dput(dentry); | 588 | dput(dentry); |
585 | } | 589 | } |
586 | } | 590 | } |
@@ -623,22 +627,20 @@ void avc_audit(u32 ssid, u32 tsid, | |||
623 | case AF_UNIX: | 627 | case AF_UNIX: |
624 | u = unix_sk(sk); | 628 | u = unix_sk(sk); |
625 | if (u->dentry) { | 629 | if (u->dentry) { |
626 | audit_log_d_path(ab, "path=", | 630 | audit_avc_path(u->dentry, u->mnt); |
627 | u->dentry, u->mnt); | 631 | audit_log_format(ab, " name="); |
632 | audit_log_untrustedstring(ab, u->dentry->d_name.name); | ||
628 | break; | 633 | break; |
629 | } | 634 | } |
630 | if (!u->addr) | 635 | if (!u->addr) |
631 | break; | 636 | break; |
632 | len = u->addr->len-sizeof(short); | 637 | len = u->addr->len-sizeof(short); |
633 | p = &u->addr->name->sun_path[0]; | 638 | p = &u->addr->name->sun_path[0]; |
639 | audit_log_format(ab, " path="); | ||
634 | if (*p) | 640 | if (*p) |
635 | audit_log_format(ab, | 641 | audit_log_untrustedstring(ab, p); |
636 | "path=%*.*s", len, | ||
637 | len, p); | ||
638 | else | 642 | else |
639 | audit_log_format(ab, | 643 | audit_log_hex(ab, p, len); |
640 | "path=@%*.*s", len-1, | ||
641 | len-1, p+1); | ||
642 | break; | 644 | break; |
643 | } | 645 | } |
644 | } | 646 | } |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index aae1e794fe48..db845cbd5841 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -3419,7 +3419,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) | |||
3419 | err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm); | 3419 | err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm); |
3420 | if (err) { | 3420 | if (err) { |
3421 | if (err == -EINVAL) { | 3421 | if (err == -EINVAL) { |
3422 | audit_log(current->audit_context, | 3422 | audit_log(current->audit_context, AUDIT_SELINUX_ERR, |
3423 | "SELinux: unrecognized netlink message" | 3423 | "SELinux: unrecognized netlink message" |
3424 | " type=%hu for sclass=%hu\n", | 3424 | " type=%hu for sclass=%hu\n", |
3425 | nlh->nlmsg_type, isec->sclass); | 3425 | nlh->nlmsg_type, isec->sclass); |
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index b3adb481bc25..f0fb6d76f7c5 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c | |||
@@ -97,6 +97,7 @@ static struct nlmsg_perm nlmsg_audit_perms[] = | |||
97 | { AUDIT_ADD, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, | 97 | { AUDIT_ADD, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, |
98 | { AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, | 98 | { AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, |
99 | { AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, | 99 | { AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, |
100 | { AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ }, | ||
100 | }; | 101 | }; |
101 | 102 | ||
102 | 103 | ||
@@ -141,8 +142,13 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm) | |||
141 | break; | 142 | break; |
142 | 143 | ||
143 | case SECCLASS_NETLINK_AUDIT_SOCKET: | 144 | case SECCLASS_NETLINK_AUDIT_SOCKET: |
144 | err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms, | 145 | if (nlmsg_type >= AUDIT_FIRST_USER_MSG && |
145 | sizeof(nlmsg_audit_perms)); | 146 | nlmsg_type <= AUDIT_LAST_USER_MSG) { |
147 | *perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY; | ||
148 | } else { | ||
149 | err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms, | ||
150 | sizeof(nlmsg_audit_perms)); | ||
151 | } | ||
146 | break; | 152 | break; |
147 | 153 | ||
148 | /* No messaging from userspace, or class unknown/unhandled */ | 154 | /* No messaging from userspace, or class unknown/unhandled */ |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 8449d667b062..b6149147d5cb 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -365,7 +365,7 @@ static int security_validtrans_handle_fail(struct context *ocontext, | |||
365 | goto out; | 365 | goto out; |
366 | if (context_struct_to_string(tcontext, &t, &tlen) < 0) | 366 | if (context_struct_to_string(tcontext, &t, &tlen) < 0) |
367 | goto out; | 367 | goto out; |
368 | audit_log(current->audit_context, | 368 | audit_log(current->audit_context, AUDIT_SELINUX_ERR, |
369 | "security_validate_transition: denied for" | 369 | "security_validate_transition: denied for" |
370 | " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s", | 370 | " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s", |
371 | o, n, t, policydb.p_class_val_to_name[tclass-1]); | 371 | o, n, t, policydb.p_class_val_to_name[tclass-1]); |
@@ -742,7 +742,7 @@ static int compute_sid_handle_invalid_context( | |||
742 | goto out; | 742 | goto out; |
743 | if (context_struct_to_string(newcontext, &n, &nlen) < 0) | 743 | if (context_struct_to_string(newcontext, &n, &nlen) < 0) |
744 | goto out; | 744 | goto out; |
745 | audit_log(current->audit_context, | 745 | audit_log(current->audit_context, AUDIT_SELINUX_ERR, |
746 | "security_compute_sid: invalid context %s" | 746 | "security_compute_sid: invalid context %s" |
747 | " for scontext=%s" | 747 | " for scontext=%s" |
748 | " tcontext=%s" | 748 | " tcontext=%s" |