aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--arch/ppc/Kconfig17
-rw-r--r--arch/ppc/kernel/entry.S16
-rw-r--r--arch/ppc/kernel/ppc_ksyms.c2
-rw-r--r--arch/ppc/kernel/ptrace.c40
-rw-r--r--include/asm-ppc/seccomp.h10
-rw-r--r--include/asm-ppc/thread_info.h7
-rw-r--r--include/linux/audit.h94
-rw-r--r--init/Kconfig3
-rw-r--r--kernel/audit.c587
-rw-r--r--kernel/auditsc.c259
-rw-r--r--kernel/signal.c7
-rw-r--r--net/socket.c9
-rw-r--r--security/selinux/avc.c40
-rw-r--r--security/selinux/hooks.c2
-rw-r--r--security/selinux/nlmsgtab.c10
-rw-r--r--security/selinux/ss/services.c4
16 files changed, 674 insertions, 433 deletions
diff --git a/arch/ppc/Kconfig b/arch/ppc/Kconfig
index 6e6377a69d5b..54ce6da22644 100644
--- a/arch/ppc/Kconfig
+++ b/arch/ppc/Kconfig
@@ -1083,6 +1083,23 @@ source "drivers/zorro/Kconfig"
1083 1083
1084source kernel/power/Kconfig 1084source kernel/power/Kconfig
1085 1085
1086config SECCOMP
1087 bool "Enable seccomp to safely compute untrusted bytecode"
1088 depends on PROC_FS
1089 default y
1090 help
1091 This kernel feature is useful for number crunching applications
1092 that may need to compute untrusted bytecode during their
1093 execution. By using pipes or other transports made available to
1094 the process as file descriptors supporting the read/write
1095 syscalls, it's possible to isolate those applications in
1096 their own address space using seccomp. Once seccomp is
1097 enabled via /proc/<pid>/seccomp, it cannot be disabled
1098 and the task is only allowed to execute a few safe syscalls
1099 defined by each seccomp mode.
1100
1101 If unsure, say Y. Only embedded should say N here.
1102
1086endmenu 1103endmenu
1087 1104
1088config ISA_DMA_API 1105config ISA_DMA_API
diff --git a/arch/ppc/kernel/entry.S b/arch/ppc/kernel/entry.S
index 5f075dbc4ee7..661523707e8c 100644
--- a/arch/ppc/kernel/entry.S
+++ b/arch/ppc/kernel/entry.S
@@ -202,7 +202,7 @@ _GLOBAL(DoSyscall)
202 rlwinm r11,r11,0,~_TIFL_FORCE_NOERROR 202 rlwinm r11,r11,0,~_TIFL_FORCE_NOERROR
203 stw r11,TI_LOCAL_FLAGS(r10) 203 stw r11,TI_LOCAL_FLAGS(r10)
204 lwz r11,TI_FLAGS(r10) 204 lwz r11,TI_FLAGS(r10)
205 andi. r11,r11,_TIF_SYSCALL_TRACE 205 andi. r11,r11,_TIF_SYSCALL_T_OR_A
206 bne- syscall_dotrace 206 bne- syscall_dotrace
207syscall_dotrace_cont: 207syscall_dotrace_cont:
208 cmplwi 0,r0,NR_syscalls 208 cmplwi 0,r0,NR_syscalls
@@ -237,7 +237,7 @@ ret_from_syscall:
237 SYNC 237 SYNC
238 MTMSRD(r10) 238 MTMSRD(r10)
239 lwz r9,TI_FLAGS(r12) 239 lwz r9,TI_FLAGS(r12)
240 andi. r0,r9,(_TIF_SYSCALL_TRACE|_TIF_SIGPENDING|_TIF_NEED_RESCHED) 240 andi. r0,r9,(_TIF_SYSCALL_T_OR_A|_TIF_SIGPENDING|_TIF_NEED_RESCHED)
241 bne- syscall_exit_work 241 bne- syscall_exit_work
242syscall_exit_cont: 242syscall_exit_cont:
243#if defined(CONFIG_4xx) || defined(CONFIG_BOOKE) 243#if defined(CONFIG_4xx) || defined(CONFIG_BOOKE)
@@ -277,7 +277,8 @@ syscall_dotrace:
277 SAVE_NVGPRS(r1) 277 SAVE_NVGPRS(r1)
278 li r0,0xc00 278 li r0,0xc00
279 stw r0,TRAP(r1) 279 stw r0,TRAP(r1)
280 bl do_syscall_trace 280 addi r3,r1,STACK_FRAME_OVERHEAD
281 bl do_syscall_trace_enter
281 lwz r0,GPR0(r1) /* Restore original registers */ 282 lwz r0,GPR0(r1) /* Restore original registers */
282 lwz r3,GPR3(r1) 283 lwz r3,GPR3(r1)
283 lwz r4,GPR4(r1) 284 lwz r4,GPR4(r1)
@@ -291,7 +292,7 @@ syscall_dotrace:
291syscall_exit_work: 292syscall_exit_work:
292 stw r6,RESULT(r1) /* Save result */ 293 stw r6,RESULT(r1) /* Save result */
293 stw r3,GPR3(r1) /* Update return value */ 294 stw r3,GPR3(r1) /* Update return value */
294 andi. r0,r9,_TIF_SYSCALL_TRACE 295 andi. r0,r9,_TIF_SYSCALL_T_OR_A
295 beq 5f 296 beq 5f
296 ori r10,r10,MSR_EE 297 ori r10,r10,MSR_EE
297 SYNC 298 SYNC
@@ -303,7 +304,8 @@ syscall_exit_work:
303 li r4,0xc00 304 li r4,0xc00
304 stw r4,TRAP(r1) 305 stw r4,TRAP(r1)
3054: 3064:
306 bl do_syscall_trace 307 addi r3,r1,STACK_FRAME_OVERHEAD
308 bl do_syscall_trace_leave
307 REST_NVGPRS(r1) 309 REST_NVGPRS(r1)
3082: 3102:
309 lwz r3,GPR3(r1) 311 lwz r3,GPR3(r1)
@@ -627,8 +629,8 @@ sigreturn_exit:
627 subi r1,r3,STACK_FRAME_OVERHEAD 629 subi r1,r3,STACK_FRAME_OVERHEAD
628 rlwinm r12,r1,0,0,18 /* current_thread_info() */ 630 rlwinm r12,r1,0,0,18 /* current_thread_info() */
629 lwz r9,TI_FLAGS(r12) 631 lwz r9,TI_FLAGS(r12)
630 andi. r0,r9,_TIF_SYSCALL_TRACE 632 andi. r0,r9,_TIF_SYSCALL_T_OR_A
631 bnel- do_syscall_trace 633 bnel- do_syscall_trace_leave
632 /* fall through */ 634 /* fall through */
633 635
634 .globl ret_from_except_full 636 .globl ret_from_except_full
diff --git a/arch/ppc/kernel/ppc_ksyms.c b/arch/ppc/kernel/ppc_ksyms.c
index 2ccb58fe4fc3..d59ad07de8e7 100644
--- a/arch/ppc/kernel/ppc_ksyms.c
+++ b/arch/ppc/kernel/ppc_ksyms.c
@@ -55,7 +55,6 @@
55#define EXPORT_SYMTAB_STROPS 55#define EXPORT_SYMTAB_STROPS
56 56
57extern void transfer_to_handler(void); 57extern void transfer_to_handler(void);
58extern void do_syscall_trace(void);
59extern void do_IRQ(struct pt_regs *regs); 58extern void do_IRQ(struct pt_regs *regs);
60extern void MachineCheckException(struct pt_regs *regs); 59extern void MachineCheckException(struct pt_regs *regs);
61extern void AlignmentException(struct pt_regs *regs); 60extern void AlignmentException(struct pt_regs *regs);
@@ -74,7 +73,6 @@ extern unsigned long mm_ptov (unsigned long paddr);
74EXPORT_SYMBOL(clear_pages); 73EXPORT_SYMBOL(clear_pages);
75EXPORT_SYMBOL(clear_user_page); 74EXPORT_SYMBOL(clear_user_page);
76EXPORT_SYMBOL(do_signal); 75EXPORT_SYMBOL(do_signal);
77EXPORT_SYMBOL(do_syscall_trace);
78EXPORT_SYMBOL(transfer_to_handler); 76EXPORT_SYMBOL(transfer_to_handler);
79EXPORT_SYMBOL(do_IRQ); 77EXPORT_SYMBOL(do_IRQ);
80EXPORT_SYMBOL(MachineCheckException); 78EXPORT_SYMBOL(MachineCheckException);
diff --git a/arch/ppc/kernel/ptrace.c b/arch/ppc/kernel/ptrace.c
index 59d59a8dc249..e7aee4108dea 100644
--- a/arch/ppc/kernel/ptrace.c
+++ b/arch/ppc/kernel/ptrace.c
@@ -27,6 +27,9 @@
27#include <linux/user.h> 27#include <linux/user.h>
28#include <linux/security.h> 28#include <linux/security.h>
29#include <linux/signal.h> 29#include <linux/signal.h>
30#include <linux/seccomp.h>
31#include <linux/audit.h>
32#include <linux/module.h>
30 33
31#include <asm/uaccess.h> 34#include <asm/uaccess.h>
32#include <asm/page.h> 35#include <asm/page.h>
@@ -455,11 +458,10 @@ out:
455 return ret; 458 return ret;
456} 459}
457 460
458void do_syscall_trace(void) 461static void do_syscall_trace(void)
459{ 462{
460 if (!test_thread_flag(TIF_SYSCALL_TRACE) 463 /* the 0x80 provides a way for the tracing parent to distinguish
461 || !(current->ptrace & PT_PTRACED)) 464 between a syscall stop and SIGTRAP delivery */
462 return;
463 ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) 465 ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD)
464 ? 0x80 : 0)); 466 ? 0x80 : 0));
465 467
@@ -473,3 +475,33 @@ void do_syscall_trace(void)
473 current->exit_code = 0; 475 current->exit_code = 0;
474 } 476 }
475} 477}
478
479void do_syscall_trace_enter(struct pt_regs *regs)
480{
481 if (test_thread_flag(TIF_SYSCALL_TRACE)
482 && (current->ptrace & PT_PTRACED))
483 do_syscall_trace();
484
485 if (unlikely(current->audit_context))
486 audit_syscall_entry(current, AUDIT_ARCH_PPC,
487 regs->gpr[0],
488 regs->gpr[3], regs->gpr[4],
489 regs->gpr[5], regs->gpr[6]);
490}
491
492void do_syscall_trace_leave(struct pt_regs *regs)
493{
494 secure_computing(regs->gpr[0]);
495
496 if (unlikely(current->audit_context))
497 audit_syscall_exit(current,
498 (regs->ccr&0x1000)?AUDITSC_FAILURE:AUDITSC_SUCCESS,
499 regs->result);
500
501 if ((test_thread_flag(TIF_SYSCALL_TRACE))
502 && (current->ptrace & PT_PTRACED))
503 do_syscall_trace();
504}
505
506EXPORT_SYMBOL(do_syscall_trace_enter);
507EXPORT_SYMBOL(do_syscall_trace_leave);
diff --git a/include/asm-ppc/seccomp.h b/include/asm-ppc/seccomp.h
new file mode 100644
index 000000000000..666c4da96d87
--- /dev/null
+++ b/include/asm-ppc/seccomp.h
@@ -0,0 +1,10 @@
1#ifndef _ASM_SECCOMP_H
2
3#include <linux/unistd.h>
4
5#define __NR_seccomp_read __NR_read
6#define __NR_seccomp_write __NR_write
7#define __NR_seccomp_exit __NR_exit
8#define __NR_seccomp_sigreturn __NR_rt_sigreturn
9
10#endif /* _ASM_SECCOMP_H */
diff --git a/include/asm-ppc/thread_info.h b/include/asm-ppc/thread_info.h
index f7f01524e8a8..e3b5284a6f91 100644
--- a/include/asm-ppc/thread_info.h
+++ b/include/asm-ppc/thread_info.h
@@ -77,12 +77,19 @@ static inline struct thread_info *current_thread_info(void)
77#define TIF_POLLING_NRFLAG 4 /* true if poll_idle() is polling 77#define TIF_POLLING_NRFLAG 4 /* true if poll_idle() is polling
78 TIF_NEED_RESCHED */ 78 TIF_NEED_RESCHED */
79#define TIF_MEMDIE 5 79#define TIF_MEMDIE 5
80#define TIF_SYSCALL_AUDIT 6 /* syscall auditing active */
81#define TIF_SECCOMP 7 /* secure computing */
82
80/* as above, but as bit values */ 83/* as above, but as bit values */
81#define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE) 84#define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE)
82#define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME) 85#define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME)
83#define _TIF_SIGPENDING (1<<TIF_SIGPENDING) 86#define _TIF_SIGPENDING (1<<TIF_SIGPENDING)
84#define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED) 87#define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED)
85#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) 88#define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG)
89#define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT)
90#define _TIF_SECCOMP (1<<TIF_SECCOMP)
91
92#define _TIF_SYSCALL_T_OR_A (_TIF_SYSCALL_TRACE|_TIF_SYSCALL_AUDIT|_TIF_SECCOMP)
86 93
87/* 94/*
88 * Non racy (local) flags bit numbers 95 * Non racy (local) flags bit numbers
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 19f04b049798..bf2ad3ba72eb 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -27,15 +27,52 @@
27#include <linux/sched.h> 27#include <linux/sched.h>
28#include <linux/elf.h> 28#include <linux/elf.h>
29 29
30/* Request and reply types */ 30/* The netlink messages for the audit system is divided into blocks:
31#define AUDIT_GET 1000 /* Get status */ 31 * 1000 - 1099 are for commanding the audit system
32#define AUDIT_SET 1001 /* Set status (enable/disable/auditd) */ 32 * 1100 - 1199 user space trusted application messages
33#define AUDIT_LIST 1002 /* List filtering rules */ 33 * 1200 - 1299 messages internal to the audit daemon
34#define AUDIT_ADD 1003 /* Add filtering rule */ 34 * 1300 - 1399 audit event messages
35#define AUDIT_DEL 1004 /* Delete filtering rule */ 35 * 1400 - 1499 SE Linux use
36#define AUDIT_USER 1005 /* Send a message from user-space */ 36 * 1500 - 1999 future use
37#define AUDIT_LOGIN 1006 /* Define the login id and informaiton */ 37 * 2000 is for otherwise unclassified kernel audit messages
38#define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ 38 *
39 * Messages from 1000-1199 are bi-directional. 1200-1299 are exclusively user
40 * space. Anything over that is kernel --> user space communication.
41 */
42#define AUDIT_GET 1000 /* Get status */
43#define AUDIT_SET 1001 /* Set status (enable/disable/auditd) */
44#define AUDIT_LIST 1002 /* List syscall filtering rules */
45#define AUDIT_ADD 1003 /* Add syscall filtering rule */
46#define AUDIT_DEL 1004 /* Delete syscall filtering rule */
47#define AUDIT_USER 1005 /* Message from userspace -- deprecated */
48#define AUDIT_LOGIN 1006 /* Define the login id and information */
49#define AUDIT_WATCH_INS 1007 /* Insert file/dir watch entry */
50#define AUDIT_WATCH_REM 1008 /* Remove file/dir watch entry */
51#define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */
52#define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */
53
54#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages uninteresting to kernel */
55#define AUDIT_LAST_USER_MSG 1199
56
57#define AUDIT_DAEMON_START 1200 /* Daemon startup record */
58#define AUDIT_DAEMON_END 1201 /* Daemon normal stop record */
59#define AUDIT_DAEMON_ABORT 1202 /* Daemon error stop record */
60#define AUDIT_DAEMON_CONFIG 1203 /* Daemon config change */
61
62#define AUDIT_SYSCALL 1300 /* Syscall event */
63#define AUDIT_FS_WATCH 1301 /* Filesystem watch event */
64#define AUDIT_PATH 1302 /* Filename path information */
65#define AUDIT_IPC 1303 /* IPC record */
66#define AUDIT_SOCKETCALL 1304 /* sys_socketcall arguments */
67#define AUDIT_CONFIG_CHANGE 1305 /* Audit system configuration change */
68#define AUDIT_SOCKADDR 1306 /* sockaddr copied as syscall arg */
69#define AUDIT_CWD 1307 /* Current working directory */
70
71#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
72#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
73#define AUDIT_AVC_PATH 1402 /* dentry, vfsmount pair from avc */
74
75#define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */
39 76
40/* Rule flags */ 77/* Rule flags */
41#define AUDIT_PER_TASK 0x01 /* Apply rule at task creation (not syscall) */ 78#define AUDIT_PER_TASK 0x01 /* Apply rule at task creation (not syscall) */
@@ -132,16 +169,9 @@
132#define AUDIT_ARCH_V850 (EM_V850|__AUDIT_ARCH_LE) 169#define AUDIT_ARCH_V850 (EM_V850|__AUDIT_ARCH_LE)
133#define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) 170#define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
134 171
135#ifndef __KERNEL__
136struct audit_message {
137 struct nlmsghdr nlh;
138 char data[1200];
139};
140#endif
141
142struct audit_status { 172struct audit_status {
143 __u32 mask; /* Bit mask for valid entries */ 173 __u32 mask; /* Bit mask for valid entries */
144 __u32 enabled; /* 1 = enabled, 0 = disbaled */ 174 __u32 enabled; /* 1 = enabled, 0 = disabled */
145 __u32 failure; /* Failure-to-log action */ 175 __u32 failure; /* Failure-to-log action */
146 __u32 pid; /* pid of auditd process */ 176 __u32 pid; /* pid of auditd process */
147 __u32 rate_limit; /* messages rate limit (per second) */ 177 __u32 rate_limit; /* messages rate limit (per second) */
@@ -161,6 +191,11 @@ struct audit_rule { /* for AUDIT_LIST, AUDIT_ADD, and AUDIT_DEL */
161 191
162#ifdef __KERNEL__ 192#ifdef __KERNEL__
163 193
194struct audit_sig_info {
195 uid_t uid;
196 pid_t pid;
197};
198
164struct audit_buffer; 199struct audit_buffer;
165struct audit_context; 200struct audit_context;
166struct inode; 201struct inode;
@@ -185,11 +220,16 @@ extern void audit_inode(const char *name, const struct inode *inode);
185 /* Private API (for audit.c only) */ 220 /* Private API (for audit.c only) */
186extern int audit_receive_filter(int type, int pid, int uid, int seq, 221extern int audit_receive_filter(int type, int pid, int uid, int seq,
187 void *data, uid_t loginuid); 222 void *data, uid_t loginuid);
188extern void audit_get_stamp(struct audit_context *ctx, 223extern unsigned int audit_serial(void);
189 struct timespec *t, unsigned int *serial); 224extern void auditsc_get_stamp(struct audit_context *ctx,
225 struct timespec *t, unsigned int *serial);
190extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); 226extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid);
191extern uid_t audit_get_loginuid(struct audit_context *ctx); 227extern uid_t audit_get_loginuid(struct audit_context *ctx);
192extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); 228extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode);
229extern int audit_socketcall(int nargs, unsigned long *args);
230extern int audit_sockaddr(int len, void *addr);
231extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt);
232extern void audit_signal_info(int sig, struct task_struct *t);
193#else 233#else
194#define audit_alloc(t) ({ 0; }) 234#define audit_alloc(t) ({ 0; })
195#define audit_free(t) do { ; } while (0) 235#define audit_free(t) do { ; } while (0)
@@ -198,18 +238,24 @@ extern int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mo
198#define audit_getname(n) do { ; } while (0) 238#define audit_getname(n) do { ; } while (0)
199#define audit_putname(n) do { ; } while (0) 239#define audit_putname(n) do { ; } while (0)
200#define audit_inode(n,i) do { ; } while (0) 240#define audit_inode(n,i) do { ; } while (0)
241#define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; })
242#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
201#define audit_get_loginuid(c) ({ -1; }) 243#define audit_get_loginuid(c) ({ -1; })
202#define audit_ipc_perms(q,u,g,m) ({ 0; }) 244#define audit_ipc_perms(q,u,g,m) ({ 0; })
245#define audit_socketcall(n,a) ({ 0; })
246#define audit_sockaddr(len, addr) ({ 0; })
247#define audit_avc_path(dentry, mnt) ({ 0; })
248#define audit_signal_info(s,t) do { ; } while (0)
203#endif 249#endif
204 250
205#ifdef CONFIG_AUDIT 251#ifdef CONFIG_AUDIT
206/* These are defined in audit.c */ 252/* These are defined in audit.c */
207 /* Public API */ 253 /* Public API */
208extern void audit_log(struct audit_context *ctx, 254extern void audit_log(struct audit_context *ctx, int type,
209 const char *fmt, ...) 255 const char *fmt, ...)
210 __attribute__((format(printf,2,3))); 256 __attribute__((format(printf,3,4)));
211 257
212extern struct audit_buffer *audit_log_start(struct audit_context *ctx); 258extern struct audit_buffer *audit_log_start(struct audit_context *ctx,int type);
213extern void audit_log_format(struct audit_buffer *ab, 259extern void audit_log_format(struct audit_buffer *ab,
214 const char *fmt, ...) 260 const char *fmt, ...)
215 __attribute__((format(printf,2,3))); 261 __attribute__((format(printf,2,3)));
@@ -229,8 +275,8 @@ extern void audit_send_reply(int pid, int seq, int type,
229 void *payload, int size); 275 void *payload, int size);
230extern void audit_log_lost(const char *message); 276extern void audit_log_lost(const char *message);
231#else 277#else
232#define audit_log(t,f,...) do { ; } while (0) 278#define audit_log(c,t,f,...) do { ; } while (0)
233#define audit_log_start(t) ({ NULL; }) 279#define audit_log_start(c,t) ({ NULL; })
234#define audit_log_vformat(b,f,a) do { ; } while (0) 280#define audit_log_vformat(b,f,a) do { ; } while (0)
235#define audit_log_format(b,f,...) do { ; } while (0) 281#define audit_log_format(b,f,...) do { ; } while (0)
236#define audit_log_end(b) do { ; } while (0) 282#define audit_log_end(b) do { ; } while (0)
diff --git a/init/Kconfig b/init/Kconfig
index a7660ccc693f..b1091d7542ce 100644
--- a/init/Kconfig
+++ b/init/Kconfig
@@ -164,6 +164,7 @@ config SYSCTL
164 164
165config AUDIT 165config AUDIT
166 bool "Auditing support" 166 bool "Auditing support"
167 depends on NET
167 default y if SECURITY_SELINUX 168 default y if SECURITY_SELINUX
168 help 169 help
169 Enable auditing infrastructure that can be used with another 170 Enable auditing infrastructure that can be used with another
@@ -173,7 +174,7 @@ config AUDIT
173 174
174config AUDITSYSCALL 175config AUDITSYSCALL
175 bool "Enable system-call auditing support" 176 bool "Enable system-call auditing support"
176 depends on AUDIT && (X86 || PPC64 || ARCH_S390 || IA64 || UML) 177 depends on AUDIT && (X86 || PPC || PPC64 || ARCH_S390 || IA64 || UML)
177 default y if SECURITY_SELINUX 178 default y if SECURITY_SELINUX
178 help 179 help
179 Enable low-overhead system-call auditing infrastructure that 180 Enable low-overhead system-call auditing infrastructure that
diff --git a/kernel/audit.c b/kernel/audit.c
index 9c4f1af0c794..ef35166fdc29 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -46,6 +46,8 @@
46#include <asm/types.h> 46#include <asm/types.h>
47#include <linux/mm.h> 47#include <linux/mm.h>
48#include <linux/module.h> 48#include <linux/module.h>
49#include <linux/err.h>
50#include <linux/kthread.h>
49 51
50#include <linux/audit.h> 52#include <linux/audit.h>
51 53
@@ -68,7 +70,7 @@ static int audit_failure = AUDIT_FAIL_PRINTK;
68 70
69/* If audit records are to be written to the netlink socket, audit_pid 71/* If audit records are to be written to the netlink socket, audit_pid
70 * contains the (non-zero) pid. */ 72 * contains the (non-zero) pid. */
71static int audit_pid; 73int audit_pid;
72 74
73/* If audit_limit is non-zero, limit the rate of sending audit records 75/* If audit_limit is non-zero, limit the rate of sending audit records
74 * to that number per second. This prevents DoS attacks, but results in 76 * to that number per second. This prevents DoS attacks, but results in
@@ -77,7 +79,10 @@ static int audit_rate_limit;
77 79
78/* Number of outstanding audit_buffers allowed. */ 80/* Number of outstanding audit_buffers allowed. */
79static int audit_backlog_limit = 64; 81static int audit_backlog_limit = 64;
80static atomic_t audit_backlog = ATOMIC_INIT(0); 82
83/* The identity of the user shutting down the audit system. */
84uid_t audit_sig_uid = -1;
85pid_t audit_sig_pid = -1;
81 86
82/* Records can be lost in several ways: 87/* Records can be lost in several ways:
83 0) [suppressed in audit_alloc] 88 0) [suppressed in audit_alloc]
@@ -91,19 +96,17 @@ static atomic_t audit_lost = ATOMIC_INIT(0);
91/* The netlink socket. */ 96/* The netlink socket. */
92static struct sock *audit_sock; 97static struct sock *audit_sock;
93 98
94/* There are two lists of audit buffers. The txlist contains audit 99/* The audit_freelist is a list of pre-allocated audit buffers (if more
95 * buffers that cannot be sent immediately to the netlink device because
96 * we are in an irq context (these are sent later in a tasklet).
97 *
98 * The second list is a list of pre-allocated audit buffers (if more
99 * than AUDIT_MAXFREE are in use, the audit buffer is freed instead of 100 * than AUDIT_MAXFREE are in use, the audit buffer is freed instead of
100 * being placed on the freelist). */ 101 * being placed on the freelist). */
101static DEFINE_SPINLOCK(audit_txlist_lock);
102static DEFINE_SPINLOCK(audit_freelist_lock); 102static DEFINE_SPINLOCK(audit_freelist_lock);
103static int audit_freelist_count = 0; 103static int audit_freelist_count = 0;
104static LIST_HEAD(audit_txlist);
105static LIST_HEAD(audit_freelist); 104static LIST_HEAD(audit_freelist);
106 105
106static struct sk_buff_head audit_skb_queue;
107static struct task_struct *kauditd_task;
108static DECLARE_WAIT_QUEUE_HEAD(kauditd_wait);
109
107/* There are three lists of rules -- one to search at task creation 110/* There are three lists of rules -- one to search at task creation
108 * time, one to search at syscall entry time, and another to search at 111 * time, one to search at syscall entry time, and another to search at
109 * syscall exit time. */ 112 * syscall exit time. */
@@ -112,7 +115,7 @@ static LIST_HEAD(audit_entlist);
112static LIST_HEAD(audit_extlist); 115static LIST_HEAD(audit_extlist);
113 116
114/* The netlink socket is only to be read by 1 CPU, which lets us assume 117/* The netlink socket is only to be read by 1 CPU, which lets us assume
115 * that list additions and deletions never happen simultaneiously in 118 * that list additions and deletions never happen simultaneously in
116 * auditsc.c */ 119 * auditsc.c */
117static DECLARE_MUTEX(audit_netlink_sem); 120static DECLARE_MUTEX(audit_netlink_sem);
118 121
@@ -132,21 +135,14 @@ static DECLARE_MUTEX(audit_netlink_sem);
132 * use simultaneously. */ 135 * use simultaneously. */
133struct audit_buffer { 136struct audit_buffer {
134 struct list_head list; 137 struct list_head list;
135 struct sk_buff_head sklist; /* formatted skbs ready to send */ 138 struct sk_buff *skb; /* formatted skb ready to send */
136 struct audit_context *ctx; /* NULL or associated context */ 139 struct audit_context *ctx; /* NULL or associated context */
137 int len; /* used area of tmp */
138 char tmp[AUDIT_BUFSIZ];
139
140 /* Pointer to header and contents */
141 struct nlmsghdr *nlh;
142 int total;
143 int type;
144 int pid;
145}; 140};
146 141
147void audit_set_type(struct audit_buffer *ab, int type) 142static void audit_set_pid(struct audit_buffer *ab, pid_t pid)
148{ 143{
149 ab->type = type; 144 struct nlmsghdr *nlh = (struct nlmsghdr *)ab->skb->data;
145 nlh->nlmsg_pid = pid;
150} 146}
151 147
152struct audit_entry { 148struct audit_entry {
@@ -154,9 +150,6 @@ struct audit_entry {
154 struct audit_rule rule; 150 struct audit_rule rule;
155}; 151};
156 152
157static void audit_log_end_irq(struct audit_buffer *ab);
158static void audit_log_end_fast(struct audit_buffer *ab);
159
160static void audit_panic(const char *message) 153static void audit_panic(const char *message)
161{ 154{
162 switch (audit_failure) 155 switch (audit_failure)
@@ -227,10 +220,8 @@ void audit_log_lost(const char *message)
227 220
228 if (print) { 221 if (print) {
229 printk(KERN_WARNING 222 printk(KERN_WARNING
230 "audit: audit_lost=%d audit_backlog=%d" 223 "audit: audit_lost=%d audit_rate_limit=%d audit_backlog_limit=%d\n",
231 " audit_rate_limit=%d audit_backlog_limit=%d\n",
232 atomic_read(&audit_lost), 224 atomic_read(&audit_lost),
233 atomic_read(&audit_backlog),
234 audit_rate_limit, 225 audit_rate_limit,
235 audit_backlog_limit); 226 audit_backlog_limit);
236 audit_panic(message); 227 audit_panic(message);
@@ -242,7 +233,8 @@ static int audit_set_rate_limit(int limit, uid_t loginuid)
242{ 233{
243 int old = audit_rate_limit; 234 int old = audit_rate_limit;
244 audit_rate_limit = limit; 235 audit_rate_limit = limit;
245 audit_log(NULL, "audit_rate_limit=%d old=%d by auid %u", 236 audit_log(NULL, AUDIT_CONFIG_CHANGE,
237 "audit_rate_limit=%d old=%d by auid=%u",
246 audit_rate_limit, old, loginuid); 238 audit_rate_limit, old, loginuid);
247 return old; 239 return old;
248} 240}
@@ -251,7 +243,8 @@ static int audit_set_backlog_limit(int limit, uid_t loginuid)
251{ 243{
252 int old = audit_backlog_limit; 244 int old = audit_backlog_limit;
253 audit_backlog_limit = limit; 245 audit_backlog_limit = limit;
254 audit_log(NULL, "audit_backlog_limit=%d old=%d by auid %u", 246 audit_log(NULL, AUDIT_CONFIG_CHANGE,
247 "audit_backlog_limit=%d old=%d by auid=%u",
255 audit_backlog_limit, old, loginuid); 248 audit_backlog_limit, old, loginuid);
256 return old; 249 return old;
257} 250}
@@ -262,8 +255,9 @@ static int audit_set_enabled(int state, uid_t loginuid)
262 if (state != 0 && state != 1) 255 if (state != 0 && state != 1)
263 return -EINVAL; 256 return -EINVAL;
264 audit_enabled = state; 257 audit_enabled = state;
265 audit_log(NULL, "audit_enabled=%d old=%d by auid %u", 258 audit_log(NULL, AUDIT_CONFIG_CHANGE,
266 audit_enabled, old, loginuid); 259 "audit_enabled=%d old=%d by auid=%u",
260 audit_enabled, old, loginuid);
267 return old; 261 return old;
268} 262}
269 263
@@ -275,12 +269,44 @@ static int audit_set_failure(int state, uid_t loginuid)
275 && state != AUDIT_FAIL_PANIC) 269 && state != AUDIT_FAIL_PANIC)
276 return -EINVAL; 270 return -EINVAL;
277 audit_failure = state; 271 audit_failure = state;
278 audit_log(NULL, "audit_failure=%d old=%d by auid %u", 272 audit_log(NULL, AUDIT_CONFIG_CHANGE,
279 audit_failure, old, loginuid); 273 "audit_failure=%d old=%d by auid=%u",
274 audit_failure, old, loginuid);
280 return old; 275 return old;
281} 276}
282 277
283#ifdef CONFIG_NET 278int kauditd_thread(void *dummy)
279{
280 struct sk_buff *skb;
281
282 while (1) {
283 skb = skb_dequeue(&audit_skb_queue);
284 if (skb) {
285 if (audit_pid) {
286 int err = netlink_unicast(audit_sock, skb, audit_pid, 0);
287 if (err < 0) {
288 BUG_ON(err != -ECONNREFUSED); /* Shoudn't happen */
289 printk(KERN_ERR "audit: *NO* daemon at audit_pid=%d\n", audit_pid);
290 audit_pid = 0;
291 }
292 } else {
293 printk(KERN_ERR "%s\n", skb->data + NLMSG_SPACE(0));
294 kfree_skb(skb);
295 }
296 } else {
297 DECLARE_WAITQUEUE(wait, current);
298 set_current_state(TASK_INTERRUPTIBLE);
299 add_wait_queue(&kauditd_wait, &wait);
300
301 if (!skb_queue_len(&audit_skb_queue))
302 schedule();
303
304 __set_current_state(TASK_RUNNING);
305 remove_wait_queue(&kauditd_wait, &wait);
306 }
307 }
308}
309
284void audit_send_reply(int pid, int seq, int type, int done, int multi, 310void audit_send_reply(int pid, int seq, int type, int done, int multi,
285 void *payload, int size) 311 void *payload, int size)
286{ 312{
@@ -293,13 +319,16 @@ void audit_send_reply(int pid, int seq, int type, int done, int multi,
293 319
294 skb = alloc_skb(len, GFP_KERNEL); 320 skb = alloc_skb(len, GFP_KERNEL);
295 if (!skb) 321 if (!skb)
296 goto nlmsg_failure; 322 return;
297 323
298 nlh = NLMSG_PUT(skb, pid, seq, t, len - sizeof(*nlh)); 324 nlh = NLMSG_PUT(skb, pid, seq, t, size);
299 nlh->nlmsg_flags = flags; 325 nlh->nlmsg_flags = flags;
300 data = NLMSG_DATA(nlh); 326 data = NLMSG_DATA(nlh);
301 memcpy(data, payload, size); 327 memcpy(data, payload, size);
302 netlink_unicast(audit_sock, skb, pid, MSG_DONTWAIT); 328
329 /* Ignore failure. It'll only happen if the sender goes away,
330 because our timeout is set to infinite. */
331 netlink_unicast(audit_sock, skb, pid, 0);
303 return; 332 return;
304 333
305nlmsg_failure: /* Used by NLMSG_PUT */ 334nlmsg_failure: /* Used by NLMSG_PUT */
@@ -321,10 +350,12 @@ static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type)
321 case AUDIT_SET: 350 case AUDIT_SET:
322 case AUDIT_ADD: 351 case AUDIT_ADD:
323 case AUDIT_DEL: 352 case AUDIT_DEL:
353 case AUDIT_SIGNAL_INFO:
324 if (!cap_raised(eff_cap, CAP_AUDIT_CONTROL)) 354 if (!cap_raised(eff_cap, CAP_AUDIT_CONTROL))
325 err = -EPERM; 355 err = -EPERM;
326 break; 356 break;
327 case AUDIT_USER: 357 case AUDIT_USER:
358 case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
328 if (!cap_raised(eff_cap, CAP_AUDIT_WRITE)) 359 if (!cap_raised(eff_cap, CAP_AUDIT_WRITE))
329 err = -EPERM; 360 err = -EPERM;
330 break; 361 break;
@@ -344,11 +375,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
344 struct audit_buffer *ab; 375 struct audit_buffer *ab;
345 u16 msg_type = nlh->nlmsg_type; 376 u16 msg_type = nlh->nlmsg_type;
346 uid_t loginuid; /* loginuid of sender */ 377 uid_t loginuid; /* loginuid of sender */
378 struct audit_sig_info sig_data;
347 379
348 err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type); 380 err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type);
349 if (err) 381 if (err)
350 return err; 382 return err;
351 383
384 /* As soon as there's any sign of userspace auditd, start kauditd to talk to it */
385 if (!kauditd_task)
386 kauditd_task = kthread_run(kauditd_thread, NULL, "kauditd");
387 if (IS_ERR(kauditd_task)) {
388 err = PTR_ERR(kauditd_task);
389 kauditd_task = NULL;
390 return err;
391 }
392
352 pid = NETLINK_CREDS(skb)->pid; 393 pid = NETLINK_CREDS(skb)->pid;
353 uid = NETLINK_CREDS(skb)->uid; 394 uid = NETLINK_CREDS(skb)->uid;
354 loginuid = NETLINK_CB(skb).loginuid; 395 loginuid = NETLINK_CB(skb).loginuid;
@@ -363,7 +404,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
363 status_set.rate_limit = audit_rate_limit; 404 status_set.rate_limit = audit_rate_limit;
364 status_set.backlog_limit = audit_backlog_limit; 405 status_set.backlog_limit = audit_backlog_limit;
365 status_set.lost = atomic_read(&audit_lost); 406 status_set.lost = atomic_read(&audit_lost);
366 status_set.backlog = atomic_read(&audit_backlog); 407 status_set.backlog = skb_queue_len(&audit_skb_queue);
367 audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_GET, 0, 0, 408 audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_GET, 0, 0,
368 &status_set, sizeof(status_set)); 409 &status_set, sizeof(status_set));
369 break; 410 break;
@@ -382,7 +423,8 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
382 if (status_get->mask & AUDIT_STATUS_PID) { 423 if (status_get->mask & AUDIT_STATUS_PID) {
383 int old = audit_pid; 424 int old = audit_pid;
384 audit_pid = status_get->pid; 425 audit_pid = status_get->pid;
385 audit_log(NULL, "audit_pid=%d old=%d by auid %u", 426 audit_log(NULL, AUDIT_CONFIG_CHANGE,
427 "audit_pid=%d old=%d by auid=%u",
386 audit_pid, old, loginuid); 428 audit_pid, old, loginuid);
387 } 429 }
388 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) 430 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT)
@@ -392,18 +434,15 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
392 loginuid); 434 loginuid);
393 break; 435 break;
394 case AUDIT_USER: 436 case AUDIT_USER:
395 ab = audit_log_start(NULL); 437 case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
438 ab = audit_log_start(NULL, msg_type);
396 if (!ab) 439 if (!ab)
397 break; /* audit_panic has been called */ 440 break; /* audit_panic has been called */
398 audit_log_format(ab, 441 audit_log_format(ab,
399 "user pid=%d uid=%d length=%d loginuid=%u" 442 "user pid=%d uid=%u auid=%u"
400 " msg='%.1024s'", 443 " msg='%.1024s'",
401 pid, uid, 444 pid, uid, loginuid, (char *)data);
402 (int)(nlh->nlmsg_len 445 audit_set_pid(ab, pid);
403 - ((char *)data - (char *)nlh)),
404 loginuid, (char *)data);
405 ab->type = AUDIT_USER;
406 ab->pid = pid;
407 audit_log_end(ab); 446 audit_log_end(ab);
408 break; 447 break;
409 case AUDIT_ADD: 448 case AUDIT_ADD:
@@ -412,12 +451,14 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
412 return -EINVAL; 451 return -EINVAL;
413 /* fallthrough */ 452 /* fallthrough */
414 case AUDIT_LIST: 453 case AUDIT_LIST:
415#ifdef CONFIG_AUDITSYSCALL
416 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, 454 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
417 uid, seq, data, loginuid); 455 uid, seq, data, loginuid);
418#else 456 break;
419 err = -EOPNOTSUPP; 457 case AUDIT_SIGNAL_INFO:
420#endif 458 sig_data.uid = audit_sig_uid;
459 sig_data.pid = audit_sig_pid;
460 audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_SIGNAL_INFO,
461 0, 0, &sig_data, sizeof(sig_data));
421 break; 462 break;
422 default: 463 default:
423 err = -EINVAL; 464 err = -EINVAL;
@@ -467,87 +508,6 @@ static void audit_receive(struct sock *sk, int length)
467 up(&audit_netlink_sem); 508 up(&audit_netlink_sem);
468} 509}
469 510
470/* Move data from tmp buffer into an skb. This is an extra copy, and
471 * that is unfortunate. However, the copy will only occur when a record
472 * is being written to user space, which is already a high-overhead
473 * operation. (Elimination of the copy is possible, for example, by
474 * writing directly into a pre-allocated skb, at the cost of wasting
475 * memory. */
476static void audit_log_move(struct audit_buffer *ab)
477{
478 struct sk_buff *skb;
479 char *start;
480 int extra = ab->nlh ? 0 : NLMSG_SPACE(0);
481
482 /* possible resubmission */
483 if (ab->len == 0)
484 return;
485
486 skb = skb_peek_tail(&ab->sklist);
487 if (!skb || skb_tailroom(skb) <= ab->len + extra) {
488 skb = alloc_skb(2 * ab->len + extra, GFP_ATOMIC);
489 if (!skb) {
490 ab->len = 0; /* Lose information in ab->tmp */
491 audit_log_lost("out of memory in audit_log_move");
492 return;
493 }
494 __skb_queue_tail(&ab->sklist, skb);
495 if (!ab->nlh)
496 ab->nlh = (struct nlmsghdr *)skb_put(skb,
497 NLMSG_SPACE(0));
498 }
499 start = skb_put(skb, ab->len);
500 memcpy(start, ab->tmp, ab->len);
501 ab->len = 0;
502}
503
504/* Iterate over the skbuff in the audit_buffer, sending their contents
505 * to user space. */
506static inline int audit_log_drain(struct audit_buffer *ab)
507{
508 struct sk_buff *skb;
509
510 while ((skb = skb_dequeue(&ab->sklist))) {
511 int retval = 0;
512
513 if (audit_pid) {
514 if (ab->nlh) {
515 ab->nlh->nlmsg_len = ab->total;
516 ab->nlh->nlmsg_type = ab->type;
517 ab->nlh->nlmsg_flags = 0;
518 ab->nlh->nlmsg_seq = 0;
519 ab->nlh->nlmsg_pid = ab->pid;
520 }
521 skb_get(skb); /* because netlink_* frees */
522 retval = netlink_unicast(audit_sock, skb, audit_pid,
523 MSG_DONTWAIT);
524 }
525 if (retval == -EAGAIN &&
526 (atomic_read(&audit_backlog)) < audit_backlog_limit) {
527 skb_queue_head(&ab->sklist, skb);
528 audit_log_end_irq(ab);
529 return 1;
530 }
531 if (retval < 0) {
532 if (retval == -ECONNREFUSED) {
533 printk(KERN_ERR
534 "audit: *NO* daemon at audit_pid=%d\n",
535 audit_pid);
536 audit_pid = 0;
537 } else
538 audit_log_lost("netlink socket too busy");
539 }
540 if (!audit_pid) { /* No daemon */
541 int offset = ab->nlh ? NLMSG_SPACE(0) : 0;
542 int len = skb->len - offset;
543 skb->data[offset + len] = '\0';
544 printk(KERN_ERR "%s\n", skb->data + offset);
545 }
546 kfree_skb(skb);
547 ab->nlh = NULL;
548 }
549 return 0;
550}
551 511
552/* Initialize audit support at boot time. */ 512/* Initialize audit support at boot time. */
553static int __init audit_init(void) 513static int __init audit_init(void)
@@ -558,40 +518,13 @@ static int __init audit_init(void)
558 if (!audit_sock) 518 if (!audit_sock)
559 audit_panic("cannot initialize netlink socket"); 519 audit_panic("cannot initialize netlink socket");
560 520
521 audit_sock->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
522 skb_queue_head_init(&audit_skb_queue);
561 audit_initialized = 1; 523 audit_initialized = 1;
562 audit_enabled = audit_default; 524 audit_enabled = audit_default;
563 audit_log(NULL, "initialized"); 525 audit_log(NULL, AUDIT_KERNEL, "initialized");
564 return 0;
565}
566
567#else
568/* Without CONFIG_NET, we have no skbuffs. For now, print what we have
569 * in the buffer. */
570static void audit_log_move(struct audit_buffer *ab)
571{
572 printk(KERN_ERR "%*.*s\n", ab->len, ab->len, ab->tmp);
573 ab->len = 0;
574}
575
576static inline int audit_log_drain(struct audit_buffer *ab)
577{
578 return 0;
579}
580
581/* Initialize audit support at boot time. */
582int __init audit_init(void)
583{
584 printk(KERN_INFO "audit: initializing WITHOUT netlink support\n");
585 audit_sock = NULL;
586 audit_pid = 0;
587
588 audit_initialized = 1;
589 audit_enabled = audit_default;
590 audit_log(NULL, "initialized");
591 return 0; 526 return 0;
592} 527}
593#endif
594
595__initcall(audit_init); 528__initcall(audit_init);
596 529
597/* Process kernel command-line parameter at boot time. audit=0 or audit=1. */ 530/* Process kernel command-line parameter at boot time. audit=0 or audit=1. */
@@ -608,6 +541,102 @@ static int __init audit_enable(char *str)
608 541
609__setup("audit=", audit_enable); 542__setup("audit=", audit_enable);
610 543
544static void audit_buffer_free(struct audit_buffer *ab)
545{
546 unsigned long flags;
547
548 if (!ab)
549 return;
550
551 if (ab->skb)
552 kfree_skb(ab->skb);
553
554 spin_lock_irqsave(&audit_freelist_lock, flags);
555 if (++audit_freelist_count > AUDIT_MAXFREE)
556 kfree(ab);
557 else
558 list_add(&ab->list, &audit_freelist);
559 spin_unlock_irqrestore(&audit_freelist_lock, flags);
560}
561
562static struct audit_buffer * audit_buffer_alloc(struct audit_context *ctx,
563 int gfp_mask, int type)
564{
565 unsigned long flags;
566 struct audit_buffer *ab = NULL;
567 struct nlmsghdr *nlh;
568
569 spin_lock_irqsave(&audit_freelist_lock, flags);
570 if (!list_empty(&audit_freelist)) {
571 ab = list_entry(audit_freelist.next,
572 struct audit_buffer, list);
573 list_del(&ab->list);
574 --audit_freelist_count;
575 }
576 spin_unlock_irqrestore(&audit_freelist_lock, flags);
577
578 if (!ab) {
579 ab = kmalloc(sizeof(*ab), gfp_mask);
580 if (!ab)
581 goto err;
582 }
583
584 ab->skb = alloc_skb(AUDIT_BUFSIZ, gfp_mask);
585 if (!ab->skb)
586 goto err;
587
588 ab->ctx = ctx;
589 nlh = (struct nlmsghdr *)skb_put(ab->skb, NLMSG_SPACE(0));
590 nlh->nlmsg_type = type;
591 nlh->nlmsg_flags = 0;
592 nlh->nlmsg_pid = 0;
593 nlh->nlmsg_seq = 0;
594 return ab;
595err:
596 audit_buffer_free(ab);
597 return NULL;
598}
599
600/* Compute a serial number for the audit record. Audit records are
601 * written to user-space as soon as they are generated, so a complete
602 * audit record may be written in several pieces. The timestamp of the
603 * record and this serial number are used by the user-space tools to
604 * determine which pieces belong to the same audit record. The
605 * (timestamp,serial) tuple is unique for each syscall and is live from
606 * syscall entry to syscall exit.
607 *
608 * Atomic values are only guaranteed to be 24-bit, so we count down.
609 *
610 * NOTE: Another possibility is to store the formatted records off the
611 * audit context (for those records that have a context), and emit them
612 * all at syscall exit. However, this could delay the reporting of
613 * significant errors until syscall exit (or never, if the system
614 * halts). */
615unsigned int audit_serial(void)
616{
617 static atomic_t serial = ATOMIC_INIT(0xffffff);
618 unsigned int a, b;
619
620 do {
621 a = atomic_read(&serial);
622 if (atomic_dec_and_test(&serial))
623 atomic_set(&serial, 0xffffff);
624 b = atomic_read(&serial);
625 } while (b != a - 1);
626
627 return 0xffffff - b;
628}
629
630static inline void audit_get_stamp(struct audit_context *ctx,
631 struct timespec *t, unsigned int *serial)
632{
633 if (ctx)
634 auditsc_get_stamp(ctx, t, serial);
635 else {
636 *t = CURRENT_TIME;
637 *serial = audit_serial();
638 }
639}
611 640
612/* Obtain an audit buffer. This routine does locking to obtain the 641/* Obtain an audit buffer. This routine does locking to obtain the
613 * audit buffer, but then no locking is required for calls to 642 * audit buffer, but then no locking is required for calls to
@@ -615,10 +644,9 @@ __setup("audit=", audit_enable);
615 * syscall, then the syscall is marked as auditable and an audit record 644 * syscall, then the syscall is marked as auditable and an audit record
616 * will be written at syscall exit. If there is no associated task, tsk 645 * will be written at syscall exit. If there is no associated task, tsk
617 * should be NULL. */ 646 * should be NULL. */
618struct audit_buffer *audit_log_start(struct audit_context *ctx) 647struct audit_buffer *audit_log_start(struct audit_context *ctx, int type)
619{ 648{
620 struct audit_buffer *ab = NULL; 649 struct audit_buffer *ab = NULL;
621 unsigned long flags;
622 struct timespec t; 650 struct timespec t;
623 unsigned int serial; 651 unsigned int serial;
624 652
@@ -626,57 +654,48 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx)
626 return NULL; 654 return NULL;
627 655
628 if (audit_backlog_limit 656 if (audit_backlog_limit
629 && atomic_read(&audit_backlog) > audit_backlog_limit) { 657 && skb_queue_len(&audit_skb_queue) > audit_backlog_limit) {
630 if (audit_rate_check()) 658 if (audit_rate_check())
631 printk(KERN_WARNING 659 printk(KERN_WARNING
632 "audit: audit_backlog=%d > " 660 "audit: audit_backlog=%d > "
633 "audit_backlog_limit=%d\n", 661 "audit_backlog_limit=%d\n",
634 atomic_read(&audit_backlog), 662 skb_queue_len(&audit_skb_queue),
635 audit_backlog_limit); 663 audit_backlog_limit);
636 audit_log_lost("backlog limit exceeded"); 664 audit_log_lost("backlog limit exceeded");
637 return NULL; 665 return NULL;
638 } 666 }
639 667
640 spin_lock_irqsave(&audit_freelist_lock, flags); 668 ab = audit_buffer_alloc(ctx, GFP_ATOMIC, type);
641 if (!list_empty(&audit_freelist)) {
642 ab = list_entry(audit_freelist.next,
643 struct audit_buffer, list);
644 list_del(&ab->list);
645 --audit_freelist_count;
646 }
647 spin_unlock_irqrestore(&audit_freelist_lock, flags);
648
649 if (!ab)
650 ab = kmalloc(sizeof(*ab), GFP_ATOMIC);
651 if (!ab) { 669 if (!ab) {
652 audit_log_lost("out of memory in audit_log_start"); 670 audit_log_lost("out of memory in audit_log_start");
653 return NULL; 671 return NULL;
654 } 672 }
655 673
656 atomic_inc(&audit_backlog); 674 audit_get_stamp(ab->ctx, &t, &serial);
657 skb_queue_head_init(&ab->sklist);
658
659 ab->ctx = ctx;
660 ab->len = 0;
661 ab->nlh = NULL;
662 ab->total = 0;
663 ab->type = AUDIT_KERNEL;
664 ab->pid = 0;
665 675
666#ifdef CONFIG_AUDITSYSCALL
667 if (ab->ctx)
668 audit_get_stamp(ab->ctx, &t, &serial);
669 else
670#endif
671 {
672 t = CURRENT_TIME;
673 serial = 0;
674 }
675 audit_log_format(ab, "audit(%lu.%03lu:%u): ", 676 audit_log_format(ab, "audit(%lu.%03lu:%u): ",
676 t.tv_sec, t.tv_nsec/1000000, serial); 677 t.tv_sec, t.tv_nsec/1000000, serial);
677 return ab; 678 return ab;
678} 679}
679 680
681/**
682 * audit_expand - expand skb in the audit buffer
683 * @ab: audit_buffer
684 *
685 * Returns 0 (no space) on failed expansion, or available space if
686 * successful.
687 */
688static inline int audit_expand(struct audit_buffer *ab, int extra)
689{
690 struct sk_buff *skb = ab->skb;
691 int ret = pskb_expand_head(skb, skb_headroom(skb), extra,
692 GFP_ATOMIC);
693 if (ret < 0) {
694 audit_log_lost("out of memory in audit_expand");
695 return 0;
696 }
697 return skb_tailroom(skb);
698}
680 699
681/* Format an audit message into the audit buffer. If there isn't enough 700/* Format an audit message into the audit buffer. If there isn't enough
682 * room in the audit buffer, more room will be allocated and vsnprint 701 * room in the audit buffer, more room will be allocated and vsnprint
@@ -686,26 +705,35 @@ static void audit_log_vformat(struct audit_buffer *ab, const char *fmt,
686 va_list args) 705 va_list args)
687{ 706{
688 int len, avail; 707 int len, avail;
708 struct sk_buff *skb;
709 va_list args2;
689 710
690 if (!ab) 711 if (!ab)
691 return; 712 return;
692 713
693 avail = sizeof(ab->tmp) - ab->len; 714 BUG_ON(!ab->skb);
694 if (avail <= 0) { 715 skb = ab->skb;
695 audit_log_move(ab); 716 avail = skb_tailroom(skb);
696 avail = sizeof(ab->tmp) - ab->len; 717 if (avail == 0) {
718 avail = audit_expand(ab, AUDIT_BUFSIZ);
719 if (!avail)
720 goto out;
697 } 721 }
698 len = vsnprintf(ab->tmp + ab->len, avail, fmt, args); 722 va_copy(args2, args);
723 len = vsnprintf(skb->tail, avail, fmt, args);
699 if (len >= avail) { 724 if (len >= avail) {
700 /* The printk buffer is 1024 bytes long, so if we get 725 /* The printk buffer is 1024 bytes long, so if we get
701 * here and AUDIT_BUFSIZ is at least 1024, then we can 726 * here and AUDIT_BUFSIZ is at least 1024, then we can
702 * log everything that printk could have logged. */ 727 * log everything that printk could have logged. */
703 audit_log_move(ab); 728 avail = audit_expand(ab, max_t(unsigned, AUDIT_BUFSIZ, 1+len-avail));
704 avail = sizeof(ab->tmp) - ab->len; 729 if (!avail)
705 len = vsnprintf(ab->tmp + ab->len, avail, fmt, args); 730 goto out;
731 len = vsnprintf(skb->tail, avail, fmt, args2);
706 } 732 }
707 ab->len += (len < avail) ? len : avail; 733 if (len > 0)
708 ab->total += (len < avail) ? len : avail; 734 skb_put(skb, len);
735out:
736 return;
709} 737}
710 738
711/* Format a message into the audit buffer. All the work is done in 739/* Format a message into the audit buffer. All the work is done in
@@ -721,20 +749,47 @@ void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)
721 va_end(args); 749 va_end(args);
722} 750}
723 751
724void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len) 752/* This function will take the passed buf and convert it into a string of
753 * ascii hex digits. The new string is placed onto the skb. */
754void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf,
755 size_t len)
725{ 756{
726 int i; 757 int i, avail, new_len;
758 unsigned char *ptr;
759 struct sk_buff *skb;
760 static const unsigned char *hex = "0123456789ABCDEF";
761
762 BUG_ON(!ab->skb);
763 skb = ab->skb;
764 avail = skb_tailroom(skb);
765 new_len = len<<1;
766 if (new_len >= avail) {
767 /* Round the buffer request up to the next multiple */
768 new_len = AUDIT_BUFSIZ*(((new_len-avail)/AUDIT_BUFSIZ) + 1);
769 avail = audit_expand(ab, new_len);
770 if (!avail)
771 return;
772 }
727 773
728 for (i=0; i<len; i++) 774 ptr = skb->tail;
729 audit_log_format(ab, "%02x", buf[i]); 775 for (i=0; i<len; i++) {
776 *ptr++ = hex[(buf[i] & 0xF0)>>4]; /* Upper nibble */
777 *ptr++ = hex[buf[i] & 0x0F]; /* Lower nibble */
778 }
779 *ptr = 0;
780 skb_put(skb, len << 1); /* new string is twice the old string */
730} 781}
731 782
783/* This code will escape a string that is passed to it if the string
784 * contains a control character, unprintable character, double quote mark,
785 * or a space. Unescaped strings will start and end with a double quote mark.
786 * Strings that are escaped are printed in hex (2 digits per char). */
732void audit_log_untrustedstring(struct audit_buffer *ab, const char *string) 787void audit_log_untrustedstring(struct audit_buffer *ab, const char *string)
733{ 788{
734 const unsigned char *p = string; 789 const unsigned char *p = string;
735 790
736 while (*p) { 791 while (*p) {
737 if (*p == '"' || *p == ' ' || *p < 0x20 || *p > 0x7f) { 792 if (*p == '"' || *p < 0x21 || *p > 0x7f) {
738 audit_log_hex(ab, string, strlen(string)); 793 audit_log_hex(ab, string, strlen(string));
739 return; 794 return;
740 } 795 }
@@ -743,117 +798,63 @@ void audit_log_untrustedstring(struct audit_buffer *ab, const char *string)
743 audit_log_format(ab, "\"%s\"", string); 798 audit_log_format(ab, "\"%s\"", string);
744} 799}
745 800
746 801/* This is a helper-function to print the escaped d_path */
747/* This is a helper-function to print the d_path without using a static
748 * buffer or allocating another buffer in addition to the one in
749 * audit_buffer. */
750void audit_log_d_path(struct audit_buffer *ab, const char *prefix, 802void audit_log_d_path(struct audit_buffer *ab, const char *prefix,
751 struct dentry *dentry, struct vfsmount *vfsmnt) 803 struct dentry *dentry, struct vfsmount *vfsmnt)
752{ 804{
753 char *p; 805 char *p, *path;
754 int len, avail;
755 806
756 if (prefix) audit_log_format(ab, " %s", prefix); 807 if (prefix)
757 808 audit_log_format(ab, " %s", prefix);
758 if (ab->len > 128)
759 audit_log_move(ab);
760 avail = sizeof(ab->tmp) - ab->len;
761 p = d_path(dentry, vfsmnt, ab->tmp + ab->len, avail);
762 if (IS_ERR(p)) {
763 /* FIXME: can we save some information here? */
764 audit_log_format(ab, "<toolong>");
765 } else {
766 /* path isn't at start of buffer */
767 len = (ab->tmp + sizeof(ab->tmp) - 1) - p;
768 memmove(ab->tmp + ab->len, p, len);
769 ab->len += len;
770 ab->total += len;
771 }
772}
773
774/* Remove queued messages from the audit_txlist and send them to userspace. */
775static void audit_tasklet_handler(unsigned long arg)
776{
777 LIST_HEAD(list);
778 struct audit_buffer *ab;
779 unsigned long flags;
780 809
781 spin_lock_irqsave(&audit_txlist_lock, flags); 810 /* We will allow 11 spaces for ' (deleted)' to be appended */
782 list_splice_init(&audit_txlist, &list); 811 path = kmalloc(PATH_MAX+11, GFP_KERNEL);
783 spin_unlock_irqrestore(&audit_txlist_lock, flags); 812 if (!path) {
784 813 audit_log_format(ab, "<no memory>");
785 while (!list_empty(&list)) { 814 return;
786 ab = list_entry(list.next, struct audit_buffer, list);
787 list_del(&ab->list);
788 audit_log_end_fast(ab);
789 } 815 }
816 p = d_path(dentry, vfsmnt, path, PATH_MAX+11);
817 if (IS_ERR(p)) { /* Should never happen since we send PATH_MAX */
818 /* FIXME: can we save some information here? */
819 audit_log_format(ab, "<too long>");
820 } else
821 audit_log_untrustedstring(ab, p);
822 kfree(path);
790} 823}
791 824
792static DECLARE_TASKLET(audit_tasklet, audit_tasklet_handler, 0);
793
794/* The netlink_* functions cannot be called inside an irq context, so 825/* The netlink_* functions cannot be called inside an irq context, so
795 * the audit buffer is places on a queue and a tasklet is scheduled to 826 * the audit buffer is places on a queue and a tasklet is scheduled to
796 * remove them from the queue outside the irq context. May be called in 827 * remove them from the queue outside the irq context. May be called in
797 * any context. */ 828 * any context. */
798static void audit_log_end_irq(struct audit_buffer *ab) 829void audit_log_end(struct audit_buffer *ab)
799{
800 unsigned long flags;
801
802 if (!ab)
803 return;
804 spin_lock_irqsave(&audit_txlist_lock, flags);
805 list_add_tail(&ab->list, &audit_txlist);
806 spin_unlock_irqrestore(&audit_txlist_lock, flags);
807
808 tasklet_schedule(&audit_tasklet);
809}
810
811/* Send the message in the audit buffer directly to user space. May not
812 * be called in an irq context. */
813static void audit_log_end_fast(struct audit_buffer *ab)
814{ 830{
815 unsigned long flags;
816
817 BUG_ON(in_irq());
818 if (!ab) 831 if (!ab)
819 return; 832 return;
820 if (!audit_rate_check()) { 833 if (!audit_rate_check()) {
821 audit_log_lost("rate limit exceeded"); 834 audit_log_lost("rate limit exceeded");
822 } else { 835 } else {
823 audit_log_move(ab); 836 if (audit_pid) {
824 if (audit_log_drain(ab)) 837 struct nlmsghdr *nlh = (struct nlmsghdr *)ab->skb->data;
825 return; 838 nlh->nlmsg_len = ab->skb->len - NLMSG_SPACE(0);
839 skb_queue_tail(&audit_skb_queue, ab->skb);
840 ab->skb = NULL;
841 wake_up_interruptible(&kauditd_wait);
842 } else {
843 printk("%s\n", ab->skb->data + NLMSG_SPACE(0));
844 }
826 } 845 }
827 846 audit_buffer_free(ab);
828 atomic_dec(&audit_backlog);
829 spin_lock_irqsave(&audit_freelist_lock, flags);
830 if (++audit_freelist_count > AUDIT_MAXFREE)
831 kfree(ab);
832 else
833 list_add(&ab->list, &audit_freelist);
834 spin_unlock_irqrestore(&audit_freelist_lock, flags);
835}
836
837/* Send or queue the message in the audit buffer, depending on the
838 * current context. (A convenience function that may be called in any
839 * context.) */
840void audit_log_end(struct audit_buffer *ab)
841{
842 if (in_irq())
843 audit_log_end_irq(ab);
844 else
845 audit_log_end_fast(ab);
846} 847}
847 848
848/* Log an audit record. This is a convenience function that calls 849/* Log an audit record. This is a convenience function that calls
849 * audit_log_start, audit_log_vformat, and audit_log_end. It may be 850 * audit_log_start, audit_log_vformat, and audit_log_end. It may be
850 * called in any context. */ 851 * called in any context. */
851void audit_log(struct audit_context *ctx, const char *fmt, ...) 852void audit_log(struct audit_context *ctx, int type, const char *fmt, ...)
852{ 853{
853 struct audit_buffer *ab; 854 struct audit_buffer *ab;
854 va_list args; 855 va_list args;
855 856
856 ab = audit_log_start(ctx); 857 ab = audit_log_start(ctx, type);
857 if (ab) { 858 if (ab) {
858 va_start(args, fmt); 859 va_start(args, fmt);
859 audit_log_vformat(ab, fmt, args); 860 audit_log_vformat(ab, fmt, args);
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 37b3ac94bc47..e75f84e1a1a0 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -34,7 +34,8 @@
34#include <asm/types.h> 34#include <asm/types.h>
35#include <linux/mm.h> 35#include <linux/mm.h>
36#include <linux/module.h> 36#include <linux/module.h>
37 37#include <linux/mount.h>
38#include <linux/socket.h>
38#include <linux/audit.h> 39#include <linux/audit.h>
39#include <linux/personality.h> 40#include <linux/personality.h>
40#include <linux/time.h> 41#include <linux/time.h>
@@ -112,6 +113,23 @@ struct audit_aux_data_ipcctl {
112 mode_t mode; 113 mode_t mode;
113}; 114};
114 115
116struct audit_aux_data_socketcall {
117 struct audit_aux_data d;
118 int nargs;
119 unsigned long args[0];
120};
121
122struct audit_aux_data_sockaddr {
123 struct audit_aux_data d;
124 int len;
125 char a[0];
126};
127
128struct audit_aux_data_path {
129 struct audit_aux_data d;
130 struct dentry *dentry;
131 struct vfsmount *mnt;
132};
115 133
116/* The per-task audit context. */ 134/* The per-task audit context. */
117struct audit_context { 135struct audit_context {
@@ -127,6 +145,8 @@ struct audit_context {
127 int auditable; /* 1 if record should be written */ 145 int auditable; /* 1 if record should be written */
128 int name_count; 146 int name_count;
129 struct audit_names names[AUDIT_NAMES]; 147 struct audit_names names[AUDIT_NAMES];
148 struct dentry * pwd;
149 struct vfsmount * pwdmnt;
130 struct audit_context *previous; /* For nested syscalls */ 150 struct audit_context *previous; /* For nested syscalls */
131 struct audit_aux_data *aux; 151 struct audit_aux_data *aux;
132 152
@@ -157,6 +177,8 @@ struct audit_entry {
157 struct audit_rule rule; 177 struct audit_rule rule;
158}; 178};
159 179
180extern int audit_pid;
181
160/* Check to see if two rules are identical. It is called from 182/* Check to see if two rules are identical. It is called from
161 * audit_del_rule during AUDIT_DEL. */ 183 * audit_del_rule during AUDIT_DEL. */
162static int audit_compare_rule(struct audit_rule *a, struct audit_rule *b) 184static int audit_compare_rule(struct audit_rule *a, struct audit_rule *b)
@@ -226,7 +248,6 @@ static inline int audit_del_rule(struct audit_rule *rule,
226 return -EFAULT; /* No matching rule */ 248 return -EFAULT; /* No matching rule */
227} 249}
228 250
229#ifdef CONFIG_NET
230/* Copy rule from user-space to kernel-space. Called during 251/* Copy rule from user-space to kernel-space. Called during
231 * AUDIT_ADD. */ 252 * AUDIT_ADD. */
232static int audit_copy_rule(struct audit_rule *d, struct audit_rule *s) 253static int audit_copy_rule(struct audit_rule *d, struct audit_rule *s)
@@ -287,7 +308,8 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
287 err = audit_add_rule(entry, &audit_entlist); 308 err = audit_add_rule(entry, &audit_entlist);
288 if (!err && (flags & AUDIT_AT_EXIT)) 309 if (!err && (flags & AUDIT_AT_EXIT))
289 err = audit_add_rule(entry, &audit_extlist); 310 err = audit_add_rule(entry, &audit_extlist);
290 audit_log(NULL, "auid %u added an audit rule\n", loginuid); 311 audit_log(NULL, AUDIT_CONFIG_CHANGE,
312 "auid=%u added an audit rule\n", loginuid);
291 break; 313 break;
292 case AUDIT_DEL: 314 case AUDIT_DEL:
293 flags =((struct audit_rule *)data)->flags; 315 flags =((struct audit_rule *)data)->flags;
@@ -297,7 +319,8 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
297 err = audit_del_rule(data, &audit_entlist); 319 err = audit_del_rule(data, &audit_entlist);
298 if (!err && (flags & AUDIT_AT_EXIT)) 320 if (!err && (flags & AUDIT_AT_EXIT))
299 err = audit_del_rule(data, &audit_extlist); 321 err = audit_del_rule(data, &audit_extlist);
300 audit_log(NULL, "auid %u removed an audit rule\n", loginuid); 322 audit_log(NULL, AUDIT_CONFIG_CHANGE,
323 "auid=%u removed an audit rule\n", loginuid);
301 break; 324 break;
302 default: 325 default:
303 return -EINVAL; 326 return -EINVAL;
@@ -305,7 +328,6 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
305 328
306 return err; 329 return err;
307} 330}
308#endif
309 331
310/* Compare a task_struct with an audit_rule. Return 1 on match, 0 332/* Compare a task_struct with an audit_rule. Return 1 on match, 0
311 * otherwise. */ 333 * otherwise. */
@@ -444,7 +466,7 @@ static enum audit_state audit_filter_task(struct task_struct *tsk)
444 466
445/* At syscall entry and exit time, this filter is called if the 467/* At syscall entry and exit time, this filter is called if the
446 * audit_state is not low enough that auditing cannot take place, but is 468 * audit_state is not low enough that auditing cannot take place, but is
447 * also not high enough that we already know we have to write and audit 469 * also not high enough that we already know we have to write an audit
448 * record (i.e., the state is AUDIT_SETUP_CONTEXT or AUDIT_BUILD_CONTEXT). 470 * record (i.e., the state is AUDIT_SETUP_CONTEXT or AUDIT_BUILD_CONTEXT).
449 */ 471 */
450static enum audit_state audit_filter_syscall(struct task_struct *tsk, 472static enum audit_state audit_filter_syscall(struct task_struct *tsk,
@@ -532,6 +554,12 @@ static inline void audit_free_names(struct audit_context *context)
532 if (context->names[i].name) 554 if (context->names[i].name)
533 __putname(context->names[i].name); 555 __putname(context->names[i].name);
534 context->name_count = 0; 556 context->name_count = 0;
557 if (context->pwd)
558 dput(context->pwd);
559 if (context->pwdmnt)
560 mntput(context->pwdmnt);
561 context->pwd = NULL;
562 context->pwdmnt = NULL;
535} 563}
536 564
537static inline void audit_free_aux(struct audit_context *context) 565static inline void audit_free_aux(struct audit_context *context)
@@ -539,6 +567,11 @@ static inline void audit_free_aux(struct audit_context *context)
539 struct audit_aux_data *aux; 567 struct audit_aux_data *aux;
540 568
541 while ((aux = context->aux)) { 569 while ((aux = context->aux)) {
570 if (aux->type == AUDIT_AVC_PATH) {
571 struct audit_aux_data_path *axi = (void *)aux;
572 dput(axi->dentry);
573 mntput(axi->mnt);
574 }
542 context->aux = aux->next; 575 context->aux = aux->next;
543 kfree(aux); 576 kfree(aux);
544 } 577 }
@@ -625,7 +658,8 @@ static void audit_log_task_info(struct audit_buffer *ab)
625 struct vm_area_struct *vma; 658 struct vm_area_struct *vma;
626 659
627 get_task_comm(name, current); 660 get_task_comm(name, current);
628 audit_log_format(ab, " comm=%s", name); 661 audit_log_format(ab, " comm=");
662 audit_log_untrustedstring(ab, name);
629 663
630 if (!mm) 664 if (!mm)
631 return; 665 return;
@@ -649,23 +683,24 @@ static void audit_log_exit(struct audit_context *context)
649{ 683{
650 int i; 684 int i;
651 struct audit_buffer *ab; 685 struct audit_buffer *ab;
686 struct audit_aux_data *aux;
652 687
653 ab = audit_log_start(context); 688 ab = audit_log_start(context, AUDIT_SYSCALL);
654 if (!ab) 689 if (!ab)
655 return; /* audit_panic has been called */ 690 return; /* audit_panic has been called */
656 audit_log_format(ab, "syscall=%d", context->major); 691 audit_log_format(ab, "arch=%x syscall=%d",
692 context->arch, context->major);
657 if (context->personality != PER_LINUX) 693 if (context->personality != PER_LINUX)
658 audit_log_format(ab, " per=%lx", context->personality); 694 audit_log_format(ab, " per=%lx", context->personality);
659 audit_log_format(ab, " arch=%x", context->arch);
660 if (context->return_valid) 695 if (context->return_valid)
661 audit_log_format(ab, " success=%s exit=%ld", 696 audit_log_format(ab, " success=%s exit=%ld",
662 (context->return_valid==AUDITSC_SUCCESS)?"yes":"no", 697 (context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
663 context->return_code); 698 context->return_code);
664 audit_log_format(ab, 699 audit_log_format(ab,
665 " a0=%lx a1=%lx a2=%lx a3=%lx items=%d" 700 " a0=%lx a1=%lx a2=%lx a3=%lx items=%d"
666 " pid=%d loginuid=%d uid=%d gid=%d" 701 " pid=%d auid=%u uid=%u gid=%u"
667 " euid=%d suid=%d fsuid=%d" 702 " euid=%u suid=%u fsuid=%u"
668 " egid=%d sgid=%d fsgid=%d", 703 " egid=%u sgid=%u fsgid=%u",
669 context->argv[0], 704 context->argv[0],
670 context->argv[1], 705 context->argv[1],
671 context->argv[2], 706 context->argv[2],
@@ -679,33 +714,57 @@ static void audit_log_exit(struct audit_context *context)
679 context->egid, context->sgid, context->fsgid); 714 context->egid, context->sgid, context->fsgid);
680 audit_log_task_info(ab); 715 audit_log_task_info(ab);
681 audit_log_end(ab); 716 audit_log_end(ab);
682 while (context->aux) {
683 struct audit_aux_data *aux;
684 717
685 ab = audit_log_start(context); 718 for (aux = context->aux; aux; aux = aux->next) {
719
720 ab = audit_log_start(context, aux->type);
686 if (!ab) 721 if (!ab)
687 continue; /* audit_panic has been called */ 722 continue; /* audit_panic has been called */
688 723
689 aux = context->aux;
690 context->aux = aux->next;
691
692 audit_log_format(ab, "auxitem=%d", aux->type);
693 switch (aux->type) { 724 switch (aux->type) {
694 case AUDIT_AUX_IPCPERM: { 725 case AUDIT_IPC: {
695 struct audit_aux_data_ipcctl *axi = (void *)aux; 726 struct audit_aux_data_ipcctl *axi = (void *)aux;
696 audit_log_format(ab, 727 audit_log_format(ab,
697 " qbytes=%lx uid=%d gid=%d mode=%x", 728 " qbytes=%lx iuid=%u igid=%u mode=%x",
698 axi->qbytes, axi->uid, axi->gid, axi->mode); 729 axi->qbytes, axi->uid, axi->gid, axi->mode);
699 } 730 break; }
731
732 case AUDIT_SOCKETCALL: {
733 int i;
734 struct audit_aux_data_socketcall *axs = (void *)aux;
735 audit_log_format(ab, "nargs=%d", axs->nargs);
736 for (i=0; i<axs->nargs; i++)
737 audit_log_format(ab, " a%d=%lx", i, axs->args[i]);
738 break; }
739
740 case AUDIT_SOCKADDR: {
741 struct audit_aux_data_sockaddr *axs = (void *)aux;
742
743 audit_log_format(ab, "saddr=");
744 audit_log_hex(ab, axs->a, axs->len);
745 break; }
746
747 case AUDIT_AVC_PATH: {
748 struct audit_aux_data_path *axi = (void *)aux;
749 audit_log_d_path(ab, "path=", axi->dentry, axi->mnt);
750 break; }
751
700 } 752 }
701 audit_log_end(ab); 753 audit_log_end(ab);
702 kfree(aux);
703 } 754 }
704 755
756 if (context->pwd && context->pwdmnt) {
757 ab = audit_log_start(context, AUDIT_CWD);
758 if (ab) {
759 audit_log_d_path(ab, "cwd=", context->pwd, context->pwdmnt);
760 audit_log_end(ab);
761 }
762 }
705 for (i = 0; i < context->name_count; i++) { 763 for (i = 0; i < context->name_count; i++) {
706 ab = audit_log_start(context); 764 ab = audit_log_start(context, AUDIT_PATH);
707 if (!ab) 765 if (!ab)
708 continue; /* audit_panic has been called */ 766 continue; /* audit_panic has been called */
767
709 audit_log_format(ab, "item=%d", i); 768 audit_log_format(ab, "item=%d", i);
710 if (context->names[i].name) { 769 if (context->names[i].name) {
711 audit_log_format(ab, " name="); 770 audit_log_format(ab, " name=");
@@ -713,7 +772,7 @@ static void audit_log_exit(struct audit_context *context)
713 } 772 }
714 if (context->names[i].ino != (unsigned long)-1) 773 if (context->names[i].ino != (unsigned long)-1)
715 audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#o" 774 audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#o"
716 " uid=%d gid=%d rdev=%02x:%02x", 775 " ouid=%u ogid=%u rdev=%02x:%02x",
717 context->names[i].ino, 776 context->names[i].ino,
718 MAJOR(context->names[i].dev), 777 MAJOR(context->names[i].dev),
719 MINOR(context->names[i].dev), 778 MINOR(context->names[i].dev),
@@ -741,42 +800,12 @@ void audit_free(struct task_struct *tsk)
741 800
742 /* Check for system calls that do not go through the exit 801 /* Check for system calls that do not go through the exit
743 * function (e.g., exit_group), then free context block. */ 802 * function (e.g., exit_group), then free context block. */
744 if (context->in_syscall && context->auditable) 803 if (context->in_syscall && context->auditable && context->pid != audit_pid)
745 audit_log_exit(context); 804 audit_log_exit(context);
746 805
747 audit_free_context(context); 806 audit_free_context(context);
748} 807}
749 808
750/* Compute a serial number for the audit record. Audit records are
751 * written to user-space as soon as they are generated, so a complete
752 * audit record may be written in several pieces. The timestamp of the
753 * record and this serial number are used by the user-space daemon to
754 * determine which pieces belong to the same audit record. The
755 * (timestamp,serial) tuple is unique for each syscall and is live from
756 * syscall entry to syscall exit.
757 *
758 * Atomic values are only guaranteed to be 24-bit, so we count down.
759 *
760 * NOTE: Another possibility is to store the formatted records off the
761 * audit context (for those records that have a context), and emit them
762 * all at syscall exit. However, this could delay the reporting of
763 * significant errors until syscall exit (or never, if the system
764 * halts). */
765static inline unsigned int audit_serial(void)
766{
767 static atomic_t serial = ATOMIC_INIT(0xffffff);
768 unsigned int a, b;
769
770 do {
771 a = atomic_read(&serial);
772 if (atomic_dec_and_test(&serial))
773 atomic_set(&serial, 0xffffff);
774 b = atomic_read(&serial);
775 } while (b != a - 1);
776
777 return 0xffffff - b;
778}
779
780/* Fill in audit context at syscall entry. This only happens if the 809/* Fill in audit context at syscall entry. This only happens if the
781 * audit context was created when the task was created and the state or 810 * audit context was created when the task was created and the state or
782 * filters demand the audit context be built. If the state from the 811 * filters demand the audit context be built. If the state from the
@@ -876,7 +905,7 @@ void audit_syscall_exit(struct task_struct *tsk, int valid, long return_code)
876 if (likely(!context)) 905 if (likely(!context))
877 return; 906 return;
878 907
879 if (context->in_syscall && context->auditable) 908 if (context->in_syscall && context->auditable && context->pid != audit_pid)
880 audit_log_exit(context); 909 audit_log_exit(context);
881 910
882 context->in_syscall = 0; 911 context->in_syscall = 0;
@@ -916,6 +945,13 @@ void audit_getname(const char *name)
916 context->names[context->name_count].name = name; 945 context->names[context->name_count].name = name;
917 context->names[context->name_count].ino = (unsigned long)-1; 946 context->names[context->name_count].ino = (unsigned long)-1;
918 ++context->name_count; 947 ++context->name_count;
948 if (!context->pwd) {
949 read_lock(&current->fs->lock);
950 context->pwd = dget(current->fs->pwd);
951 context->pwdmnt = mntget(current->fs->pwdmnt);
952 read_unlock(&current->fs->lock);
953 }
954
919} 955}
920 956
921/* Intercept a putname request. Called from 957/* Intercept a putname request. Called from
@@ -994,34 +1030,26 @@ void audit_inode(const char *name, const struct inode *inode)
994 context->names[idx].rdev = inode->i_rdev; 1030 context->names[idx].rdev = inode->i_rdev;
995} 1031}
996 1032
997void audit_get_stamp(struct audit_context *ctx, 1033void auditsc_get_stamp(struct audit_context *ctx,
998 struct timespec *t, unsigned int *serial) 1034 struct timespec *t, unsigned int *serial)
999{ 1035{
1000 if (ctx) { 1036 t->tv_sec = ctx->ctime.tv_sec;
1001 t->tv_sec = ctx->ctime.tv_sec; 1037 t->tv_nsec = ctx->ctime.tv_nsec;
1002 t->tv_nsec = ctx->ctime.tv_nsec; 1038 *serial = ctx->serial;
1003 *serial = ctx->serial; 1039 ctx->auditable = 1;
1004 ctx->auditable = 1;
1005 } else {
1006 *t = CURRENT_TIME;
1007 *serial = 0;
1008 }
1009} 1040}
1010 1041
1011extern int audit_set_type(struct audit_buffer *ab, int type);
1012
1013int audit_set_loginuid(struct task_struct *task, uid_t loginuid) 1042int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
1014{ 1043{
1015 if (task->audit_context) { 1044 if (task->audit_context) {
1016 struct audit_buffer *ab; 1045 struct audit_buffer *ab;
1017 1046
1018 ab = audit_log_start(NULL); 1047 ab = audit_log_start(NULL, AUDIT_LOGIN);
1019 if (ab) { 1048 if (ab) {
1020 audit_log_format(ab, "login pid=%d uid=%u " 1049 audit_log_format(ab, "login pid=%d uid=%u "
1021 "old loginuid=%u new loginuid=%u", 1050 "old auid=%u new auid=%u",
1022 task->pid, task->uid, 1051 task->pid, task->uid,
1023 task->audit_context->loginuid, loginuid); 1052 task->audit_context->loginuid, loginuid);
1024 audit_set_type(ab, AUDIT_LOGIN);
1025 audit_log_end(ab); 1053 audit_log_end(ab);
1026 } 1054 }
1027 task->audit_context->loginuid = loginuid; 1055 task->audit_context->loginuid = loginuid;
@@ -1051,8 +1079,89 @@ int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode)
1051 ax->gid = gid; 1079 ax->gid = gid;
1052 ax->mode = mode; 1080 ax->mode = mode;
1053 1081
1054 ax->d.type = AUDIT_AUX_IPCPERM; 1082 ax->d.type = AUDIT_IPC;
1083 ax->d.next = context->aux;
1084 context->aux = (void *)ax;
1085 return 0;
1086}
1087
1088int audit_socketcall(int nargs, unsigned long *args)
1089{
1090 struct audit_aux_data_socketcall *ax;
1091 struct audit_context *context = current->audit_context;
1092
1093 if (likely(!context))
1094 return 0;
1095
1096 ax = kmalloc(sizeof(*ax) + nargs * sizeof(unsigned long), GFP_KERNEL);
1097 if (!ax)
1098 return -ENOMEM;
1099
1100 ax->nargs = nargs;
1101 memcpy(ax->args, args, nargs * sizeof(unsigned long));
1102
1103 ax->d.type = AUDIT_SOCKETCALL;
1104 ax->d.next = context->aux;
1105 context->aux = (void *)ax;
1106 return 0;
1107}
1108
1109int audit_sockaddr(int len, void *a)
1110{
1111 struct audit_aux_data_sockaddr *ax;
1112 struct audit_context *context = current->audit_context;
1113
1114 if (likely(!context))
1115 return 0;
1116
1117 ax = kmalloc(sizeof(*ax) + len, GFP_KERNEL);
1118 if (!ax)
1119 return -ENOMEM;
1120
1121 ax->len = len;
1122 memcpy(ax->a, a, len);
1123
1124 ax->d.type = AUDIT_SOCKADDR;
1055 ax->d.next = context->aux; 1125 ax->d.next = context->aux;
1056 context->aux = (void *)ax; 1126 context->aux = (void *)ax;
1057 return 0; 1127 return 0;
1058} 1128}
1129
1130int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt)
1131{
1132 struct audit_aux_data_path *ax;
1133 struct audit_context *context = current->audit_context;
1134
1135 if (likely(!context))
1136 return 0;
1137
1138 ax = kmalloc(sizeof(*ax), GFP_ATOMIC);
1139 if (!ax)
1140 return -ENOMEM;
1141
1142 ax->dentry = dget(dentry);
1143 ax->mnt = mntget(mnt);
1144
1145 ax->d.type = AUDIT_AVC_PATH;
1146 ax->d.next = context->aux;
1147 context->aux = (void *)ax;
1148 return 0;
1149}
1150
1151void audit_signal_info(int sig, struct task_struct *t)
1152{
1153 extern pid_t audit_sig_pid;
1154 extern uid_t audit_sig_uid;
1155
1156 if (unlikely(audit_pid && t->pid == audit_pid)) {
1157 if (sig == SIGTERM || sig == SIGHUP) {
1158 struct audit_context *ctx = current->audit_context;
1159 audit_sig_pid = current->pid;
1160 if (ctx)
1161 audit_sig_uid = ctx->loginuid;
1162 else
1163 audit_sig_uid = current->uid;
1164 }
1165 }
1166}
1167
diff --git a/kernel/signal.c b/kernel/signal.c
index b3c24c732c5a..c89821b69ae3 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
@@ -24,6 +24,7 @@
24#include <linux/ptrace.h> 24#include <linux/ptrace.h>
25#include <linux/posix-timers.h> 25#include <linux/posix-timers.h>
26#include <linux/signal.h> 26#include <linux/signal.h>
27#include <linux/audit.h>
27#include <asm/param.h> 28#include <asm/param.h>
28#include <asm/uaccess.h> 29#include <asm/uaccess.h>
29#include <asm/unistd.h> 30#include <asm/unistd.h>
@@ -667,7 +668,11 @@ static int check_kill_permission(int sig, struct siginfo *info,
667 && (current->uid ^ t->suid) && (current->uid ^ t->uid) 668 && (current->uid ^ t->suid) && (current->uid ^ t->uid)
668 && !capable(CAP_KILL)) 669 && !capable(CAP_KILL))
669 return error; 670 return error;
670 return security_task_kill(t, info, sig); 671
672 error = security_task_kill(t, info, sig);
673 if (!error)
674 audit_signal_info(sig, t); /* Let audit system see the signal */
675 return error;
671} 676}
672 677
673/* forward decl */ 678/* forward decl */
diff --git a/net/socket.c b/net/socket.c
index cec0cb38b9ce..38729af09461 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -81,6 +81,7 @@
81#include <linux/syscalls.h> 81#include <linux/syscalls.h>
82#include <linux/compat.h> 82#include <linux/compat.h>
83#include <linux/kmod.h> 83#include <linux/kmod.h>
84#include <linux/audit.h>
84 85
85#ifdef CONFIG_NET_RADIO 86#ifdef CONFIG_NET_RADIO
86#include <linux/wireless.h> /* Note : will define WIRELESS_EXT */ 87#include <linux/wireless.h> /* Note : will define WIRELESS_EXT */
@@ -226,7 +227,7 @@ int move_addr_to_kernel(void __user *uaddr, int ulen, void *kaddr)
226 return 0; 227 return 0;
227 if(copy_from_user(kaddr,uaddr,ulen)) 228 if(copy_from_user(kaddr,uaddr,ulen))
228 return -EFAULT; 229 return -EFAULT;
229 return 0; 230 return audit_sockaddr(ulen, kaddr);
230} 231}
231 232
232/** 233/**
@@ -1906,7 +1907,11 @@ asmlinkage long sys_socketcall(int call, unsigned long __user *args)
1906 /* copy_from_user should be SMP safe. */ 1907 /* copy_from_user should be SMP safe. */
1907 if (copy_from_user(a, args, nargs[call])) 1908 if (copy_from_user(a, args, nargs[call]))
1908 return -EFAULT; 1909 return -EFAULT;
1909 1910
1911 err = audit_socketcall(nargs[call]/sizeof(unsigned long), a);
1912 if (err)
1913 return err;
1914
1910 a0=a[0]; 1915 a0=a[0];
1911 a1=a[1]; 1916 a1=a[1];
1912 1917
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 85a6f66a873f..451502467a9b 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -242,7 +242,7 @@ void __init avc_init(void)
242 avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node), 242 avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node),
243 0, SLAB_PANIC, NULL, NULL); 243 0, SLAB_PANIC, NULL, NULL);
244 244
245 audit_log(current->audit_context, "AVC INITIALIZED\n"); 245 audit_log(current->audit_context, AUDIT_KERNEL, "AVC INITIALIZED\n");
246} 246}
247 247
248int avc_get_hash_stats(char *page) 248int avc_get_hash_stats(char *page)
@@ -532,6 +532,7 @@ void avc_audit(u32 ssid, u32 tsid,
532 u16 tclass, u32 requested, 532 u16 tclass, u32 requested,
533 struct av_decision *avd, int result, struct avc_audit_data *a) 533 struct av_decision *avd, int result, struct avc_audit_data *a)
534{ 534{
535 struct task_struct *tsk = current;
535 struct inode *inode = NULL; 536 struct inode *inode = NULL;
536 u32 denied, audited; 537 u32 denied, audited;
537 struct audit_buffer *ab; 538 struct audit_buffer *ab;
@@ -549,12 +550,18 @@ void avc_audit(u32 ssid, u32 tsid,
549 return; 550 return;
550 } 551 }
551 552
552 ab = audit_log_start(current->audit_context); 553 ab = audit_log_start(current->audit_context, AUDIT_AVC);
553 if (!ab) 554 if (!ab)
554 return; /* audit_panic has been called */ 555 return; /* audit_panic has been called */
555 audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted"); 556 audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted");
556 avc_dump_av(ab, tclass,audited); 557 avc_dump_av(ab, tclass,audited);
557 audit_log_format(ab, " for "); 558 audit_log_format(ab, " for ");
559 if (a && a->tsk)
560 tsk = a->tsk;
561 if (tsk && tsk->pid) {
562 audit_log_format(ab, " pid=%d comm=", tsk->pid);
563 audit_log_untrustedstring(ab, tsk->comm);
564 }
558 if (a) { 565 if (a) {
559 switch (a->type) { 566 switch (a->type) {
560 case AVC_AUDIT_DATA_IPC: 567 case AVC_AUDIT_DATA_IPC:
@@ -566,21 +573,18 @@ void avc_audit(u32 ssid, u32 tsid,
566 case AVC_AUDIT_DATA_FS: 573 case AVC_AUDIT_DATA_FS:
567 if (a->u.fs.dentry) { 574 if (a->u.fs.dentry) {
568 struct dentry *dentry = a->u.fs.dentry; 575 struct dentry *dentry = a->u.fs.dentry;
569 if (a->u.fs.mnt) { 576 if (a->u.fs.mnt)
570 audit_log_d_path(ab, "path=", dentry, 577 audit_avc_path(dentry, a->u.fs.mnt);
571 a->u.fs.mnt); 578 audit_log_format(ab, " name=");
572 } else { 579 audit_log_untrustedstring(ab, dentry->d_name.name);
573 audit_log_format(ab, " name=%s",
574 dentry->d_name.name);
575 }
576 inode = dentry->d_inode; 580 inode = dentry->d_inode;
577 } else if (a->u.fs.inode) { 581 } else if (a->u.fs.inode) {
578 struct dentry *dentry; 582 struct dentry *dentry;
579 inode = a->u.fs.inode; 583 inode = a->u.fs.inode;
580 dentry = d_find_alias(inode); 584 dentry = d_find_alias(inode);
581 if (dentry) { 585 if (dentry) {
582 audit_log_format(ab, " name=%s", 586 audit_log_format(ab, " name=");
583 dentry->d_name.name); 587 audit_log_untrustedstring(ab, dentry->d_name.name);
584 dput(dentry); 588 dput(dentry);
585 } 589 }
586 } 590 }
@@ -623,22 +627,20 @@ void avc_audit(u32 ssid, u32 tsid,
623 case AF_UNIX: 627 case AF_UNIX:
624 u = unix_sk(sk); 628 u = unix_sk(sk);
625 if (u->dentry) { 629 if (u->dentry) {
626 audit_log_d_path(ab, "path=", 630 audit_avc_path(u->dentry, u->mnt);
627 u->dentry, u->mnt); 631 audit_log_format(ab, " name=");
632 audit_log_untrustedstring(ab, u->dentry->d_name.name);
628 break; 633 break;
629 } 634 }
630 if (!u->addr) 635 if (!u->addr)
631 break; 636 break;
632 len = u->addr->len-sizeof(short); 637 len = u->addr->len-sizeof(short);
633 p = &u->addr->name->sun_path[0]; 638 p = &u->addr->name->sun_path[0];
639 audit_log_format(ab, " path=");
634 if (*p) 640 if (*p)
635 audit_log_format(ab, 641 audit_log_untrustedstring(ab, p);
636 "path=%*.*s", len,
637 len, p);
638 else 642 else
639 audit_log_format(ab, 643 audit_log_hex(ab, p, len);
640 "path=@%*.*s", len-1,
641 len-1, p+1);
642 break; 644 break;
643 } 645 }
644 } 646 }
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index aae1e794fe48..db845cbd5841 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3419,7 +3419,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
3419 err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm); 3419 err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
3420 if (err) { 3420 if (err) {
3421 if (err == -EINVAL) { 3421 if (err == -EINVAL) {
3422 audit_log(current->audit_context, 3422 audit_log(current->audit_context, AUDIT_SELINUX_ERR,
3423 "SELinux: unrecognized netlink message" 3423 "SELinux: unrecognized netlink message"
3424 " type=%hu for sclass=%hu\n", 3424 " type=%hu for sclass=%hu\n",
3425 nlh->nlmsg_type, isec->sclass); 3425 nlh->nlmsg_type, isec->sclass);
diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c
index b3adb481bc25..f0fb6d76f7c5 100644
--- a/security/selinux/nlmsgtab.c
+++ b/security/selinux/nlmsgtab.c
@@ -97,6 +97,7 @@ static struct nlmsg_perm nlmsg_audit_perms[] =
97 { AUDIT_ADD, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, 97 { AUDIT_ADD, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
98 { AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE }, 98 { AUDIT_DEL, NETLINK_AUDIT_SOCKET__NLMSG_WRITE },
99 { AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY }, 99 { AUDIT_USER, NETLINK_AUDIT_SOCKET__NLMSG_RELAY },
100 { AUDIT_SIGNAL_INFO, NETLINK_AUDIT_SOCKET__NLMSG_READ },
100}; 101};
101 102
102 103
@@ -141,8 +142,13 @@ int selinux_nlmsg_lookup(u16 sclass, u16 nlmsg_type, u32 *perm)
141 break; 142 break;
142 143
143 case SECCLASS_NETLINK_AUDIT_SOCKET: 144 case SECCLASS_NETLINK_AUDIT_SOCKET:
144 err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms, 145 if (nlmsg_type >= AUDIT_FIRST_USER_MSG &&
145 sizeof(nlmsg_audit_perms)); 146 nlmsg_type <= AUDIT_LAST_USER_MSG) {
147 *perm = NETLINK_AUDIT_SOCKET__NLMSG_RELAY;
148 } else {
149 err = nlmsg_perm(nlmsg_type, perm, nlmsg_audit_perms,
150 sizeof(nlmsg_audit_perms));
151 }
146 break; 152 break;
147 153
148 /* No messaging from userspace, or class unknown/unhandled */ 154 /* No messaging from userspace, or class unknown/unhandled */
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 8449d667b062..b6149147d5cb 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -365,7 +365,7 @@ static int security_validtrans_handle_fail(struct context *ocontext,
365 goto out; 365 goto out;
366 if (context_struct_to_string(tcontext, &t, &tlen) < 0) 366 if (context_struct_to_string(tcontext, &t, &tlen) < 0)
367 goto out; 367 goto out;
368 audit_log(current->audit_context, 368 audit_log(current->audit_context, AUDIT_SELINUX_ERR,
369 "security_validate_transition: denied for" 369 "security_validate_transition: denied for"
370 " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s", 370 " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
371 o, n, t, policydb.p_class_val_to_name[tclass-1]); 371 o, n, t, policydb.p_class_val_to_name[tclass-1]);
@@ -742,7 +742,7 @@ static int compute_sid_handle_invalid_context(
742 goto out; 742 goto out;
743 if (context_struct_to_string(newcontext, &n, &nlen) < 0) 743 if (context_struct_to_string(newcontext, &n, &nlen) < 0)
744 goto out; 744 goto out;
745 audit_log(current->audit_context, 745 audit_log(current->audit_context, AUDIT_SELINUX_ERR,
746 "security_compute_sid: invalid context %s" 746 "security_compute_sid: invalid context %s"
747 " for scontext=%s" 747 " for scontext=%s"
748 " tcontext=%s" 748 " tcontext=%s"