diff options
-rw-r--r-- | arch/ia64/ia32/audit.c | 5 | ||||
-rw-r--r-- | arch/ia64/kernel/audit.c | 17 | ||||
-rw-r--r-- | arch/powerpc/kernel/audit.c | 17 | ||||
-rw-r--r-- | arch/powerpc/kernel/compat_audit.c | 5 | ||||
-rw-r--r-- | arch/s390/kernel/audit.c | 17 | ||||
-rw-r--r-- | arch/s390/kernel/compat_audit.c | 5 | ||||
-rw-r--r-- | arch/sparc64/kernel/audit.c | 17 | ||||
-rw-r--r-- | arch/sparc64/kernel/compat_audit.c | 5 | ||||
-rw-r--r-- | arch/x86_64/ia32/audit.c | 5 | ||||
-rw-r--r-- | arch/x86_64/kernel/audit.c | 17 | ||||
-rw-r--r-- | fs/exec.c | 2 | ||||
-rw-r--r-- | fs/namei.c | 2 | ||||
-rw-r--r-- | fs/xattr.c | 2 | ||||
-rw-r--r-- | include/asm-generic/audit_signal.h | 3 | ||||
-rw-r--r-- | include/linux/audit.h | 21 | ||||
-rw-r--r-- | ipc/mqueue.c | 4 | ||||
-rw-r--r-- | kernel/audit.h | 13 | ||||
-rw-r--r-- | kernel/auditfilter.c | 48 | ||||
-rw-r--r-- | kernel/auditsc.c | 311 | ||||
-rw-r--r-- | kernel/ptrace.c | 3 | ||||
-rw-r--r-- | kernel/signal.c | 10 | ||||
-rw-r--r-- | lib/audit.c | 11 |
22 files changed, 439 insertions, 101 deletions
diff --git a/arch/ia64/ia32/audit.c b/arch/ia64/ia32/audit.c index 92d7d0c8d93f..8850fe40ea34 100644 --- a/arch/ia64/ia32/audit.c +++ b/arch/ia64/ia32/audit.c | |||
@@ -20,6 +20,11 @@ unsigned ia32_read_class[] = { | |||
20 | ~0U | 20 | ~0U |
21 | }; | 21 | }; |
22 | 22 | ||
23 | unsigned ia32_signal_class[] = { | ||
24 | #include <asm-generic/audit_signal.h> | ||
25 | ~0U | ||
26 | }; | ||
27 | |||
23 | int ia32_classify_syscall(unsigned syscall) | 28 | int ia32_classify_syscall(unsigned syscall) |
24 | { | 29 | { |
25 | switch(syscall) { | 30 | switch(syscall) { |
diff --git a/arch/ia64/kernel/audit.c b/arch/ia64/kernel/audit.c index 04682555a28c..f3802ae89b10 100644 --- a/arch/ia64/kernel/audit.c +++ b/arch/ia64/kernel/audit.c | |||
@@ -23,6 +23,20 @@ static unsigned chattr_class[] = { | |||
23 | ~0U | 23 | ~0U |
24 | }; | 24 | }; |
25 | 25 | ||
26 | static unsigned signal_class[] = { | ||
27 | #include <asm-generic/audit_signal.h> | ||
28 | ~0U | ||
29 | }; | ||
30 | |||
31 | int audit_classify_arch(int arch) | ||
32 | { | ||
33 | #ifdef CONFIG_IA32_SUPPORT | ||
34 | if (arch == AUDIT_ARCH_I386) | ||
35 | return 1; | ||
36 | #endif | ||
37 | return 0; | ||
38 | } | ||
39 | |||
26 | int audit_classify_syscall(int abi, unsigned syscall) | 40 | int audit_classify_syscall(int abi, unsigned syscall) |
27 | { | 41 | { |
28 | #ifdef CONFIG_IA32_SUPPORT | 42 | #ifdef CONFIG_IA32_SUPPORT |
@@ -49,15 +63,18 @@ static int __init audit_classes_init(void) | |||
49 | extern __u32 ia32_write_class[]; | 63 | extern __u32 ia32_write_class[]; |
50 | extern __u32 ia32_read_class[]; | 64 | extern __u32 ia32_read_class[]; |
51 | extern __u32 ia32_chattr_class[]; | 65 | extern __u32 ia32_chattr_class[]; |
66 | extern __u32 ia32_signal_class[]; | ||
52 | audit_register_class(AUDIT_CLASS_WRITE_32, ia32_write_class); | 67 | audit_register_class(AUDIT_CLASS_WRITE_32, ia32_write_class); |
53 | audit_register_class(AUDIT_CLASS_READ_32, ia32_read_class); | 68 | audit_register_class(AUDIT_CLASS_READ_32, ia32_read_class); |
54 | audit_register_class(AUDIT_CLASS_DIR_WRITE_32, ia32_dir_class); | 69 | audit_register_class(AUDIT_CLASS_DIR_WRITE_32, ia32_dir_class); |
55 | audit_register_class(AUDIT_CLASS_CHATTR_32, ia32_chattr_class); | 70 | audit_register_class(AUDIT_CLASS_CHATTR_32, ia32_chattr_class); |
71 | audit_register_class(AUDIT_CLASS_SIGNAL_32, ia32_signal_class); | ||
56 | #endif | 72 | #endif |
57 | audit_register_class(AUDIT_CLASS_WRITE, write_class); | 73 | audit_register_class(AUDIT_CLASS_WRITE, write_class); |
58 | audit_register_class(AUDIT_CLASS_READ, read_class); | 74 | audit_register_class(AUDIT_CLASS_READ, read_class); |
59 | audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); | 75 | audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); |
60 | audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); | 76 | audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); |
77 | audit_register_class(AUDIT_CLASS_SIGNAL, signal_class); | ||
61 | return 0; | 78 | return 0; |
62 | } | 79 | } |
63 | 80 | ||
diff --git a/arch/powerpc/kernel/audit.c b/arch/powerpc/kernel/audit.c index 7fe5e6300e9a..a4dab7cab348 100644 --- a/arch/powerpc/kernel/audit.c +++ b/arch/powerpc/kernel/audit.c | |||
@@ -23,6 +23,20 @@ static unsigned chattr_class[] = { | |||
23 | ~0U | 23 | ~0U |
24 | }; | 24 | }; |
25 | 25 | ||
26 | static unsigned signal_class[] = { | ||
27 | #include <asm-generic/audit_signal.h> | ||
28 | ~0U | ||
29 | }; | ||
30 | |||
31 | int audit_classify_arch(int arch) | ||
32 | { | ||
33 | #ifdef CONFIG_PPC64 | ||
34 | if (arch == AUDIT_ARCH_PPC) | ||
35 | return 1; | ||
36 | #endif | ||
37 | return 0; | ||
38 | } | ||
39 | |||
26 | int audit_classify_syscall(int abi, unsigned syscall) | 40 | int audit_classify_syscall(int abi, unsigned syscall) |
27 | { | 41 | { |
28 | #ifdef CONFIG_PPC64 | 42 | #ifdef CONFIG_PPC64 |
@@ -51,15 +65,18 @@ static int __init audit_classes_init(void) | |||
51 | extern __u32 ppc32_write_class[]; | 65 | extern __u32 ppc32_write_class[]; |
52 | extern __u32 ppc32_read_class[]; | 66 | extern __u32 ppc32_read_class[]; |
53 | extern __u32 ppc32_chattr_class[]; | 67 | extern __u32 ppc32_chattr_class[]; |
68 | extern __u32 ppc32_signal_class[]; | ||
54 | audit_register_class(AUDIT_CLASS_WRITE_32, ppc32_write_class); | 69 | audit_register_class(AUDIT_CLASS_WRITE_32, ppc32_write_class); |
55 | audit_register_class(AUDIT_CLASS_READ_32, ppc32_read_class); | 70 | audit_register_class(AUDIT_CLASS_READ_32, ppc32_read_class); |
56 | audit_register_class(AUDIT_CLASS_DIR_WRITE_32, ppc32_dir_class); | 71 | audit_register_class(AUDIT_CLASS_DIR_WRITE_32, ppc32_dir_class); |
57 | audit_register_class(AUDIT_CLASS_CHATTR_32, ppc32_chattr_class); | 72 | audit_register_class(AUDIT_CLASS_CHATTR_32, ppc32_chattr_class); |
73 | audit_register_class(AUDIT_CLASS_SIGNAL_32, ppc32_signal_class); | ||
58 | #endif | 74 | #endif |
59 | audit_register_class(AUDIT_CLASS_WRITE, write_class); | 75 | audit_register_class(AUDIT_CLASS_WRITE, write_class); |
60 | audit_register_class(AUDIT_CLASS_READ, read_class); | 76 | audit_register_class(AUDIT_CLASS_READ, read_class); |
61 | audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); | 77 | audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); |
62 | audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); | 78 | audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); |
79 | audit_register_class(AUDIT_CLASS_SIGNAL, signal_class); | ||
63 | return 0; | 80 | return 0; |
64 | } | 81 | } |
65 | 82 | ||
diff --git a/arch/powerpc/kernel/compat_audit.c b/arch/powerpc/kernel/compat_audit.c index 640d4bb29321..108ff14e2122 100644 --- a/arch/powerpc/kernel/compat_audit.c +++ b/arch/powerpc/kernel/compat_audit.c | |||
@@ -21,6 +21,11 @@ unsigned ppc32_read_class[] = { | |||
21 | ~0U | 21 | ~0U |
22 | }; | 22 | }; |
23 | 23 | ||
24 | unsigned ppc32_signal_class[] = { | ||
25 | #include <asm-generic/audit_signal.h> | ||
26 | ~0U | ||
27 | }; | ||
28 | |||
24 | int ppc32_classify_syscall(unsigned syscall) | 29 | int ppc32_classify_syscall(unsigned syscall) |
25 | { | 30 | { |
26 | switch(syscall) { | 31 | switch(syscall) { |
diff --git a/arch/s390/kernel/audit.c b/arch/s390/kernel/audit.c index 0741d9193390..d1c76fe10f29 100644 --- a/arch/s390/kernel/audit.c +++ b/arch/s390/kernel/audit.c | |||
@@ -23,6 +23,20 @@ static unsigned chattr_class[] = { | |||
23 | ~0U | 23 | ~0U |
24 | }; | 24 | }; |
25 | 25 | ||
26 | static unsigned signal_class[] = { | ||
27 | #include <asm-generic/audit_signal.h> | ||
28 | ~0U | ||
29 | }; | ||
30 | |||
31 | int audit_classify_arch(int arch) | ||
32 | { | ||
33 | #ifdef CONFIG_COMPAT | ||
34 | if (arch == AUDIT_ARCH_S390) | ||
35 | return 1; | ||
36 | #endif | ||
37 | return 0; | ||
38 | } | ||
39 | |||
26 | int audit_classify_syscall(int abi, unsigned syscall) | 40 | int audit_classify_syscall(int abi, unsigned syscall) |
27 | { | 41 | { |
28 | #ifdef CONFIG_COMPAT | 42 | #ifdef CONFIG_COMPAT |
@@ -51,15 +65,18 @@ static int __init audit_classes_init(void) | |||
51 | extern __u32 s390_write_class[]; | 65 | extern __u32 s390_write_class[]; |
52 | extern __u32 s390_read_class[]; | 66 | extern __u32 s390_read_class[]; |
53 | extern __u32 s390_chattr_class[]; | 67 | extern __u32 s390_chattr_class[]; |
68 | extern __u32 s390_signal_class[]; | ||
54 | audit_register_class(AUDIT_CLASS_WRITE_32, s390_write_class); | 69 | audit_register_class(AUDIT_CLASS_WRITE_32, s390_write_class); |
55 | audit_register_class(AUDIT_CLASS_READ_32, s390_read_class); | 70 | audit_register_class(AUDIT_CLASS_READ_32, s390_read_class); |
56 | audit_register_class(AUDIT_CLASS_DIR_WRITE_32, s390_dir_class); | 71 | audit_register_class(AUDIT_CLASS_DIR_WRITE_32, s390_dir_class); |
57 | audit_register_class(AUDIT_CLASS_CHATTR_32, s390_chattr_class); | 72 | audit_register_class(AUDIT_CLASS_CHATTR_32, s390_chattr_class); |
73 | audit_register_class(AUDIT_CLASS_SIGNAL_32, s390_signal_class); | ||
58 | #endif | 74 | #endif |
59 | audit_register_class(AUDIT_CLASS_WRITE, write_class); | 75 | audit_register_class(AUDIT_CLASS_WRITE, write_class); |
60 | audit_register_class(AUDIT_CLASS_READ, read_class); | 76 | audit_register_class(AUDIT_CLASS_READ, read_class); |
61 | audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); | 77 | audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); |
62 | audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); | 78 | audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); |
79 | audit_register_class(AUDIT_CLASS_SIGNAL, signal_class); | ||
63 | return 0; | 80 | return 0; |
64 | } | 81 | } |
65 | 82 | ||
diff --git a/arch/s390/kernel/compat_audit.c b/arch/s390/kernel/compat_audit.c index 16d9436bfa91..0569f5126e49 100644 --- a/arch/s390/kernel/compat_audit.c +++ b/arch/s390/kernel/compat_audit.c | |||
@@ -21,6 +21,11 @@ unsigned s390_read_class[] = { | |||
21 | ~0U | 21 | ~0U |
22 | }; | 22 | }; |
23 | 23 | ||
24 | unsigned s390_signal_class[] = { | ||
25 | #include <asm-generic/audit_signal.h> | ||
26 | ~0U | ||
27 | }; | ||
28 | |||
24 | int s390_classify_syscall(unsigned syscall) | 29 | int s390_classify_syscall(unsigned syscall) |
25 | { | 30 | { |
26 | switch(syscall) { | 31 | switch(syscall) { |
diff --git a/arch/sparc64/kernel/audit.c b/arch/sparc64/kernel/audit.c index aef19cc27072..24d7f4b4178a 100644 --- a/arch/sparc64/kernel/audit.c +++ b/arch/sparc64/kernel/audit.c | |||
@@ -23,6 +23,20 @@ static unsigned chattr_class[] = { | |||
23 | ~0U | 23 | ~0U |
24 | }; | 24 | }; |
25 | 25 | ||
26 | static unsigned signal_class[] = { | ||
27 | #include <asm-generic/audit_signal.h> | ||
28 | ~0U | ||
29 | }; | ||
30 | |||
31 | int audit_classify_arch(int arch) | ||
32 | { | ||
33 | #ifdef CONFIG_SPARC32_COMPAT | ||
34 | if (arch == AUDIT_ARCH_SPARC) | ||
35 | return 1; | ||
36 | #endif | ||
37 | return 0; | ||
38 | } | ||
39 | |||
26 | int audit_classify_syscall(int abi, unsigned syscall) | 40 | int audit_classify_syscall(int abi, unsigned syscall) |
27 | { | 41 | { |
28 | #ifdef CONFIG_SPARC32_COMPAT | 42 | #ifdef CONFIG_SPARC32_COMPAT |
@@ -51,15 +65,18 @@ static int __init audit_classes_init(void) | |||
51 | extern __u32 sparc32_write_class[]; | 65 | extern __u32 sparc32_write_class[]; |
52 | extern __u32 sparc32_read_class[]; | 66 | extern __u32 sparc32_read_class[]; |
53 | extern __u32 sparc32_chattr_class[]; | 67 | extern __u32 sparc32_chattr_class[]; |
68 | extern __u32 sparc32_signal_class[]; | ||
54 | audit_register_class(AUDIT_CLASS_WRITE_32, sparc32_write_class); | 69 | audit_register_class(AUDIT_CLASS_WRITE_32, sparc32_write_class); |
55 | audit_register_class(AUDIT_CLASS_READ_32, sparc32_read_class); | 70 | audit_register_class(AUDIT_CLASS_READ_32, sparc32_read_class); |
56 | audit_register_class(AUDIT_CLASS_DIR_WRITE_32, sparc32_dir_class); | 71 | audit_register_class(AUDIT_CLASS_DIR_WRITE_32, sparc32_dir_class); |
57 | audit_register_class(AUDIT_CLASS_CHATTR_32, sparc32_chattr_class); | 72 | audit_register_class(AUDIT_CLASS_CHATTR_32, sparc32_chattr_class); |
73 | audit_register_class(AUDIT_CLASS_SIGNAL_32, sparc32_signal_class); | ||
58 | #endif | 74 | #endif |
59 | audit_register_class(AUDIT_CLASS_WRITE, write_class); | 75 | audit_register_class(AUDIT_CLASS_WRITE, write_class); |
60 | audit_register_class(AUDIT_CLASS_READ, read_class); | 76 | audit_register_class(AUDIT_CLASS_READ, read_class); |
61 | audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); | 77 | audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); |
62 | audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); | 78 | audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); |
79 | audit_register_class(AUDIT_CLASS_SIGNAL, signal_class); | ||
63 | return 0; | 80 | return 0; |
64 | } | 81 | } |
65 | 82 | ||
diff --git a/arch/sparc64/kernel/compat_audit.c b/arch/sparc64/kernel/compat_audit.c index cca96c91b780..c1979482aa92 100644 --- a/arch/sparc64/kernel/compat_audit.c +++ b/arch/sparc64/kernel/compat_audit.c | |||
@@ -20,6 +20,11 @@ unsigned sparc32_read_class[] = { | |||
20 | ~0U | 20 | ~0U |
21 | }; | 21 | }; |
22 | 22 | ||
23 | unsigned sparc32_signal_class[] = { | ||
24 | #include <asm-generic/audit_signal.h> | ||
25 | ~0U | ||
26 | }; | ||
27 | |||
23 | int sparc32_classify_syscall(unsigned syscall) | 28 | int sparc32_classify_syscall(unsigned syscall) |
24 | { | 29 | { |
25 | switch(syscall) { | 30 | switch(syscall) { |
diff --git a/arch/x86_64/ia32/audit.c b/arch/x86_64/ia32/audit.c index 92d7d0c8d93f..8850fe40ea34 100644 --- a/arch/x86_64/ia32/audit.c +++ b/arch/x86_64/ia32/audit.c | |||
@@ -20,6 +20,11 @@ unsigned ia32_read_class[] = { | |||
20 | ~0U | 20 | ~0U |
21 | }; | 21 | }; |
22 | 22 | ||
23 | unsigned ia32_signal_class[] = { | ||
24 | #include <asm-generic/audit_signal.h> | ||
25 | ~0U | ||
26 | }; | ||
27 | |||
23 | int ia32_classify_syscall(unsigned syscall) | 28 | int ia32_classify_syscall(unsigned syscall) |
24 | { | 29 | { |
25 | switch(syscall) { | 30 | switch(syscall) { |
diff --git a/arch/x86_64/kernel/audit.c b/arch/x86_64/kernel/audit.c index 21f33387bef3..06d3e5a14d9d 100644 --- a/arch/x86_64/kernel/audit.c +++ b/arch/x86_64/kernel/audit.c | |||
@@ -23,6 +23,20 @@ static unsigned chattr_class[] = { | |||
23 | ~0U | 23 | ~0U |
24 | }; | 24 | }; |
25 | 25 | ||
26 | static unsigned signal_class[] = { | ||
27 | #include <asm-generic/audit_signal.h> | ||
28 | ~0U | ||
29 | }; | ||
30 | |||
31 | int audit_classify_arch(int arch) | ||
32 | { | ||
33 | #ifdef CONFIG_IA32_EMULATION | ||
34 | if (arch == AUDIT_ARCH_I386) | ||
35 | return 1; | ||
36 | #endif | ||
37 | return 0; | ||
38 | } | ||
39 | |||
26 | int audit_classify_syscall(int abi, unsigned syscall) | 40 | int audit_classify_syscall(int abi, unsigned syscall) |
27 | { | 41 | { |
28 | #ifdef CONFIG_IA32_EMULATION | 42 | #ifdef CONFIG_IA32_EMULATION |
@@ -49,15 +63,18 @@ static int __init audit_classes_init(void) | |||
49 | extern __u32 ia32_write_class[]; | 63 | extern __u32 ia32_write_class[]; |
50 | extern __u32 ia32_read_class[]; | 64 | extern __u32 ia32_read_class[]; |
51 | extern __u32 ia32_chattr_class[]; | 65 | extern __u32 ia32_chattr_class[]; |
66 | extern __u32 ia32_signal_class[]; | ||
52 | audit_register_class(AUDIT_CLASS_WRITE_32, ia32_write_class); | 67 | audit_register_class(AUDIT_CLASS_WRITE_32, ia32_write_class); |
53 | audit_register_class(AUDIT_CLASS_READ_32, ia32_read_class); | 68 | audit_register_class(AUDIT_CLASS_READ_32, ia32_read_class); |
54 | audit_register_class(AUDIT_CLASS_DIR_WRITE_32, ia32_dir_class); | 69 | audit_register_class(AUDIT_CLASS_DIR_WRITE_32, ia32_dir_class); |
55 | audit_register_class(AUDIT_CLASS_CHATTR_32, ia32_chattr_class); | 70 | audit_register_class(AUDIT_CLASS_CHATTR_32, ia32_chattr_class); |
71 | audit_register_class(AUDIT_CLASS_SIGNAL_32, ia32_signal_class); | ||
56 | #endif | 72 | #endif |
57 | audit_register_class(AUDIT_CLASS_WRITE, write_class); | 73 | audit_register_class(AUDIT_CLASS_WRITE, write_class); |
58 | audit_register_class(AUDIT_CLASS_READ, read_class); | 74 | audit_register_class(AUDIT_CLASS_READ, read_class); |
59 | audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); | 75 | audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); |
60 | audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); | 76 | audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); |
77 | audit_register_class(AUDIT_CLASS_SIGNAL, signal_class); | ||
61 | return 0; | 78 | return 0; |
62 | } | 79 | } |
63 | 80 | ||
@@ -1495,6 +1495,8 @@ int do_coredump(long signr, int exit_code, struct pt_regs * regs) | |||
1495 | int flag = 0; | 1495 | int flag = 0; |
1496 | int ispipe = 0; | 1496 | int ispipe = 0; |
1497 | 1497 | ||
1498 | audit_core_dumps(signr); | ||
1499 | |||
1498 | binfmt = current->binfmt; | 1500 | binfmt = current->binfmt; |
1499 | if (!binfmt || !binfmt->core_dump) | 1501 | if (!binfmt || !binfmt->core_dump) |
1500 | goto fail; | 1502 | goto fail; |
diff --git a/fs/namei.c b/fs/namei.c index b3780e3fc88e..5e2d98d10c5d 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
@@ -1719,7 +1719,7 @@ do_last: | |||
1719 | * It already exists. | 1719 | * It already exists. |
1720 | */ | 1720 | */ |
1721 | mutex_unlock(&dir->d_inode->i_mutex); | 1721 | mutex_unlock(&dir->d_inode->i_mutex); |
1722 | audit_inode_update(path.dentry->d_inode); | 1722 | audit_inode(pathname, path.dentry->d_inode); |
1723 | 1723 | ||
1724 | error = -EEXIST; | 1724 | error = -EEXIST; |
1725 | if (flag & O_EXCL) | 1725 | if (flag & O_EXCL) |
diff --git a/fs/xattr.c b/fs/xattr.c index 9f4568b55b0f..4523aca79659 100644 --- a/fs/xattr.c +++ b/fs/xattr.c | |||
@@ -350,6 +350,7 @@ sys_fgetxattr(int fd, char __user *name, void __user *value, size_t size) | |||
350 | f = fget(fd); | 350 | f = fget(fd); |
351 | if (!f) | 351 | if (!f) |
352 | return error; | 352 | return error; |
353 | audit_inode(NULL, f->f_path.dentry->d_inode); | ||
353 | error = getxattr(f->f_path.dentry, name, value, size); | 354 | error = getxattr(f->f_path.dentry, name, value, size); |
354 | fput(f); | 355 | fput(f); |
355 | return error; | 356 | return error; |
@@ -422,6 +423,7 @@ sys_flistxattr(int fd, char __user *list, size_t size) | |||
422 | f = fget(fd); | 423 | f = fget(fd); |
423 | if (!f) | 424 | if (!f) |
424 | return error; | 425 | return error; |
426 | audit_inode(NULL, f->f_path.dentry->d_inode); | ||
425 | error = listxattr(f->f_path.dentry, list, size); | 427 | error = listxattr(f->f_path.dentry, list, size); |
426 | fput(f); | 428 | fput(f); |
427 | return error; | 429 | return error; |
diff --git a/include/asm-generic/audit_signal.h b/include/asm-generic/audit_signal.h new file mode 100644 index 000000000000..6feab7f18a53 --- /dev/null +++ b/include/asm-generic/audit_signal.h | |||
@@ -0,0 +1,3 @@ | |||
1 | __NR_kill, | ||
2 | __NR_tgkill, | ||
3 | __NR_tkill, | ||
diff --git a/include/linux/audit.h b/include/linux/audit.h index 773e30df11ee..fccc6e50298a 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -91,6 +91,7 @@ | |||
91 | #define AUDIT_MQ_GETSETATTR 1315 /* POSIX MQ get/set attribute record type */ | 91 | #define AUDIT_MQ_GETSETATTR 1315 /* POSIX MQ get/set attribute record type */ |
92 | #define AUDIT_KERNEL_OTHER 1316 /* For use by 3rd party modules */ | 92 | #define AUDIT_KERNEL_OTHER 1316 /* For use by 3rd party modules */ |
93 | #define AUDIT_FD_PAIR 1317 /* audit record for pipe/socketpair */ | 93 | #define AUDIT_FD_PAIR 1317 /* audit record for pipe/socketpair */ |
94 | #define AUDIT_OBJ_PID 1318 /* ptrace target */ | ||
94 | 95 | ||
95 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ | 96 | #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ |
96 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ | 97 | #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ |
@@ -111,6 +112,7 @@ | |||
111 | #define AUDIT_FIRST_KERN_ANOM_MSG 1700 | 112 | #define AUDIT_FIRST_KERN_ANOM_MSG 1700 |
112 | #define AUDIT_LAST_KERN_ANOM_MSG 1799 | 113 | #define AUDIT_LAST_KERN_ANOM_MSG 1799 |
113 | #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */ | 114 | #define AUDIT_ANOM_PROMISCUOUS 1700 /* Device changed promiscuous mode */ |
115 | #define AUDIT_ANOM_ABEND 1701 /* Process ended abnormally */ | ||
114 | 116 | ||
115 | #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ | 117 | #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ |
116 | 118 | ||
@@ -148,6 +150,8 @@ | |||
148 | #define AUDIT_CLASS_READ_32 5 | 150 | #define AUDIT_CLASS_READ_32 5 |
149 | #define AUDIT_CLASS_WRITE 6 | 151 | #define AUDIT_CLASS_WRITE 6 |
150 | #define AUDIT_CLASS_WRITE_32 7 | 152 | #define AUDIT_CLASS_WRITE_32 7 |
153 | #define AUDIT_CLASS_SIGNAL 8 | ||
154 | #define AUDIT_CLASS_SIGNAL_32 9 | ||
151 | 155 | ||
152 | /* This bitmask is used to validate user input. It represents all bits that | 156 | /* This bitmask is used to validate user input. It represents all bits that |
153 | * are currently used in an audit field constant understood by the kernel. | 157 | * are currently used in an audit field constant understood by the kernel. |
@@ -337,6 +341,7 @@ struct mqstat; | |||
337 | #define AUDITSC_RESULT(x) ( ((long)(x))<0?AUDITSC_FAILURE:AUDITSC_SUCCESS ) | 341 | #define AUDITSC_RESULT(x) ( ((long)(x))<0?AUDITSC_FAILURE:AUDITSC_SUCCESS ) |
338 | extern int __init audit_register_class(int class, unsigned *list); | 342 | extern int __init audit_register_class(int class, unsigned *list); |
339 | extern int audit_classify_syscall(int abi, unsigned syscall); | 343 | extern int audit_classify_syscall(int abi, unsigned syscall); |
344 | extern int audit_classify_arch(int arch); | ||
340 | #ifdef CONFIG_AUDITSYSCALL | 345 | #ifdef CONFIG_AUDITSYSCALL |
341 | /* These are defined in auditsc.c */ | 346 | /* These are defined in auditsc.c */ |
342 | /* Public API */ | 347 | /* Public API */ |
@@ -351,7 +356,8 @@ extern void audit_putname(const char *name); | |||
351 | extern void __audit_inode(const char *name, const struct inode *inode); | 356 | extern void __audit_inode(const char *name, const struct inode *inode); |
352 | extern void __audit_inode_child(const char *dname, const struct inode *inode, | 357 | extern void __audit_inode_child(const char *dname, const struct inode *inode, |
353 | const struct inode *parent); | 358 | const struct inode *parent); |
354 | extern void __audit_inode_update(const struct inode *inode); | 359 | extern void __audit_ptrace(struct task_struct *t); |
360 | |||
355 | static inline int audit_dummy_context(void) | 361 | static inline int audit_dummy_context(void) |
356 | { | 362 | { |
357 | void *p = current->audit_context; | 363 | void *p = current->audit_context; |
@@ -372,9 +378,12 @@ static inline void audit_inode_child(const char *dname, | |||
372 | if (unlikely(!audit_dummy_context())) | 378 | if (unlikely(!audit_dummy_context())) |
373 | __audit_inode_child(dname, inode, parent); | 379 | __audit_inode_child(dname, inode, parent); |
374 | } | 380 | } |
375 | static inline void audit_inode_update(const struct inode *inode) { | 381 | void audit_core_dumps(long signr); |
382 | |||
383 | static inline void audit_ptrace(struct task_struct *t) | ||
384 | { | ||
376 | if (unlikely(!audit_dummy_context())) | 385 | if (unlikely(!audit_dummy_context())) |
377 | __audit_inode_update(inode); | 386 | __audit_ptrace(t); |
378 | } | 387 | } |
379 | 388 | ||
380 | /* Private API (for audit.c only) */ | 389 | /* Private API (for audit.c only) */ |
@@ -447,6 +456,7 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) | |||
447 | return 0; | 456 | return 0; |
448 | } | 457 | } |
449 | extern int audit_n_rules; | 458 | extern int audit_n_rules; |
459 | extern int audit_signals; | ||
450 | #else | 460 | #else |
451 | #define audit_alloc(t) ({ 0; }) | 461 | #define audit_alloc(t) ({ 0; }) |
452 | #define audit_free(t) do { ; } while (0) | 462 | #define audit_free(t) do { ; } while (0) |
@@ -457,10 +467,9 @@ extern int audit_n_rules; | |||
457 | #define audit_putname(n) do { ; } while (0) | 467 | #define audit_putname(n) do { ; } while (0) |
458 | #define __audit_inode(n,i) do { ; } while (0) | 468 | #define __audit_inode(n,i) do { ; } while (0) |
459 | #define __audit_inode_child(d,i,p) do { ; } while (0) | 469 | #define __audit_inode_child(d,i,p) do { ; } while (0) |
460 | #define __audit_inode_update(i) do { ; } while (0) | ||
461 | #define audit_inode(n,i) do { ; } while (0) | 470 | #define audit_inode(n,i) do { ; } while (0) |
462 | #define audit_inode_child(d,i,p) do { ; } while (0) | 471 | #define audit_inode_child(d,i,p) do { ; } while (0) |
463 | #define audit_inode_update(i) do { ; } while (0) | 472 | #define audit_core_dumps(i) do { ; } while (0) |
464 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) | 473 | #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) |
465 | #define audit_get_loginuid(c) ({ -1; }) | 474 | #define audit_get_loginuid(c) ({ -1; }) |
466 | #define audit_log_task_context(b) do { ; } while (0) | 475 | #define audit_log_task_context(b) do { ; } while (0) |
@@ -477,7 +486,9 @@ extern int audit_n_rules; | |||
477 | #define audit_mq_timedreceive(d,l,p,t) ({ 0; }) | 486 | #define audit_mq_timedreceive(d,l,p,t) ({ 0; }) |
478 | #define audit_mq_notify(d,n) ({ 0; }) | 487 | #define audit_mq_notify(d,n) ({ 0; }) |
479 | #define audit_mq_getsetattr(d,s) ({ 0; }) | 488 | #define audit_mq_getsetattr(d,s) ({ 0; }) |
489 | #define audit_ptrace(t) ((void)0) | ||
480 | #define audit_n_rules 0 | 490 | #define audit_n_rules 0 |
491 | #define audit_signals 0 | ||
481 | #endif | 492 | #endif |
482 | 493 | ||
483 | #ifdef CONFIG_AUDIT | 494 | #ifdef CONFIG_AUDIT |
diff --git a/ipc/mqueue.c b/ipc/mqueue.c index d17821d3f483..fab5707cb5f7 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c | |||
@@ -681,6 +681,7 @@ asmlinkage long sys_mq_open(const char __user *u_name, int oflag, mode_t mode, | |||
681 | 681 | ||
682 | if (oflag & O_CREAT) { | 682 | if (oflag & O_CREAT) { |
683 | if (dentry->d_inode) { /* entry already exists */ | 683 | if (dentry->d_inode) { /* entry already exists */ |
684 | audit_inode(name, dentry->d_inode); | ||
684 | error = -EEXIST; | 685 | error = -EEXIST; |
685 | if (oflag & O_EXCL) | 686 | if (oflag & O_EXCL) |
686 | goto out; | 687 | goto out; |
@@ -693,6 +694,7 @@ asmlinkage long sys_mq_open(const char __user *u_name, int oflag, mode_t mode, | |||
693 | error = -ENOENT; | 694 | error = -ENOENT; |
694 | if (!dentry->d_inode) | 695 | if (!dentry->d_inode) |
695 | goto out; | 696 | goto out; |
697 | audit_inode(name, dentry->d_inode); | ||
696 | filp = do_open(dentry, oflag); | 698 | filp = do_open(dentry, oflag); |
697 | } | 699 | } |
698 | 700 | ||
@@ -840,6 +842,7 @@ asmlinkage long sys_mq_timedsend(mqd_t mqdes, const char __user *u_msg_ptr, | |||
840 | if (unlikely(filp->f_op != &mqueue_file_operations)) | 842 | if (unlikely(filp->f_op != &mqueue_file_operations)) |
841 | goto out_fput; | 843 | goto out_fput; |
842 | info = MQUEUE_I(inode); | 844 | info = MQUEUE_I(inode); |
845 | audit_inode(NULL, inode); | ||
843 | 846 | ||
844 | if (unlikely(!(filp->f_mode & FMODE_WRITE))) | 847 | if (unlikely(!(filp->f_mode & FMODE_WRITE))) |
845 | goto out_fput; | 848 | goto out_fput; |
@@ -923,6 +926,7 @@ asmlinkage ssize_t sys_mq_timedreceive(mqd_t mqdes, char __user *u_msg_ptr, | |||
923 | if (unlikely(filp->f_op != &mqueue_file_operations)) | 926 | if (unlikely(filp->f_op != &mqueue_file_operations)) |
924 | goto out_fput; | 927 | goto out_fput; |
925 | info = MQUEUE_I(inode); | 928 | info = MQUEUE_I(inode); |
929 | audit_inode(NULL, inode); | ||
926 | 930 | ||
927 | if (unlikely(!(filp->f_mode & FMODE_READ))) | 931 | if (unlikely(!(filp->f_mode & FMODE_READ))) |
928 | goto out_fput; | 932 | goto out_fput; |
diff --git a/kernel/audit.h b/kernel/audit.h index a3370232a390..815d6f5c04ee 100644 --- a/kernel/audit.h +++ b/kernel/audit.h | |||
@@ -83,6 +83,7 @@ struct audit_krule { | |||
83 | u32 field_count; | 83 | u32 field_count; |
84 | char *filterkey; /* ties events to rules */ | 84 | char *filterkey; /* ties events to rules */ |
85 | struct audit_field *fields; | 85 | struct audit_field *fields; |
86 | struct audit_field *arch_f; /* quick access to arch field */ | ||
86 | struct audit_field *inode_f; /* quick access to an inode field */ | 87 | struct audit_field *inode_f; /* quick access to an inode field */ |
87 | struct audit_watch *watch; /* associated watch */ | 88 | struct audit_watch *watch; /* associated watch */ |
88 | struct list_head rlist; /* entry in audit_watch.rules list */ | 89 | struct list_head rlist; /* entry in audit_watch.rules list */ |
@@ -131,17 +132,19 @@ extern void audit_handle_ievent(struct inotify_watch *, u32, u32, u32, | |||
131 | extern int selinux_audit_rule_update(void); | 132 | extern int selinux_audit_rule_update(void); |
132 | 133 | ||
133 | #ifdef CONFIG_AUDITSYSCALL | 134 | #ifdef CONFIG_AUDITSYSCALL |
134 | extern void __audit_signal_info(int sig, struct task_struct *t); | 135 | extern int __audit_signal_info(int sig, struct task_struct *t); |
135 | static inline void audit_signal_info(int sig, struct task_struct *t) | 136 | static inline int audit_signal_info(int sig, struct task_struct *t) |
136 | { | 137 | { |
137 | if (unlikely(audit_pid && t->tgid == audit_pid)) | 138 | if (unlikely((audit_pid && t->tgid == audit_pid) || |
138 | __audit_signal_info(sig, t); | 139 | (audit_signals && !audit_dummy_context()))) |
140 | return __audit_signal_info(sig, t); | ||
141 | return 0; | ||
139 | } | 142 | } |
140 | extern enum audit_state audit_filter_inodes(struct task_struct *, | 143 | extern enum audit_state audit_filter_inodes(struct task_struct *, |
141 | struct audit_context *); | 144 | struct audit_context *); |
142 | extern void audit_set_auditable(struct audit_context *); | 145 | extern void audit_set_auditable(struct audit_context *); |
143 | #else | 146 | #else |
144 | #define audit_signal_info(s,t) | 147 | #define audit_signal_info(s,t) AUDIT_DISABLED |
145 | #define audit_filter_inodes(t,c) AUDIT_DISABLED | 148 | #define audit_filter_inodes(t,c) AUDIT_DISABLED |
146 | #define audit_set_auditable(c) | 149 | #define audit_set_auditable(c) |
147 | #endif | 150 | #endif |
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 3749193aed8c..6c61263ff96d 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
@@ -311,6 +311,43 @@ int audit_match_class(int class, unsigned syscall) | |||
311 | return classes[class][AUDIT_WORD(syscall)] & AUDIT_BIT(syscall); | 311 | return classes[class][AUDIT_WORD(syscall)] & AUDIT_BIT(syscall); |
312 | } | 312 | } |
313 | 313 | ||
314 | static inline int audit_match_class_bits(int class, u32 *mask) | ||
315 | { | ||
316 | int i; | ||
317 | |||
318 | if (classes[class]) { | ||
319 | for (i = 0; i < AUDIT_BITMASK_SIZE; i++) | ||
320 | if (mask[i] & classes[class][i]) | ||
321 | return 0; | ||
322 | } | ||
323 | return 1; | ||
324 | } | ||
325 | |||
326 | static int audit_match_signal(struct audit_entry *entry) | ||
327 | { | ||
328 | struct audit_field *arch = entry->rule.arch_f; | ||
329 | |||
330 | if (!arch) { | ||
331 | /* When arch is unspecified, we must check both masks on biarch | ||
332 | * as syscall number alone is ambiguous. */ | ||
333 | return (audit_match_class_bits(AUDIT_CLASS_SIGNAL, | ||
334 | entry->rule.mask) && | ||
335 | audit_match_class_bits(AUDIT_CLASS_SIGNAL_32, | ||
336 | entry->rule.mask)); | ||
337 | } | ||
338 | |||
339 | switch(audit_classify_arch(arch->val)) { | ||
340 | case 0: /* native */ | ||
341 | return (audit_match_class_bits(AUDIT_CLASS_SIGNAL, | ||
342 | entry->rule.mask)); | ||
343 | case 1: /* 32bit on biarch */ | ||
344 | return (audit_match_class_bits(AUDIT_CLASS_SIGNAL_32, | ||
345 | entry->rule.mask)); | ||
346 | default: | ||
347 | return 1; | ||
348 | } | ||
349 | } | ||
350 | |||
314 | /* Common user-space to kernel rule translation. */ | 351 | /* Common user-space to kernel rule translation. */ |
315 | static inline struct audit_entry *audit_to_entry_common(struct audit_rule *rule) | 352 | static inline struct audit_entry *audit_to_entry_common(struct audit_rule *rule) |
316 | { | 353 | { |
@@ -429,6 +466,7 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule) | |||
429 | err = -EINVAL; | 466 | err = -EINVAL; |
430 | goto exit_free; | 467 | goto exit_free; |
431 | } | 468 | } |
469 | entry->rule.arch_f = f; | ||
432 | break; | 470 | break; |
433 | case AUDIT_PERM: | 471 | case AUDIT_PERM: |
434 | if (f->val & ~15) | 472 | if (f->val & ~15) |
@@ -519,7 +557,6 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, | |||
519 | case AUDIT_FSGID: | 557 | case AUDIT_FSGID: |
520 | case AUDIT_LOGINUID: | 558 | case AUDIT_LOGINUID: |
521 | case AUDIT_PERS: | 559 | case AUDIT_PERS: |
522 | case AUDIT_ARCH: | ||
523 | case AUDIT_MSGTYPE: | 560 | case AUDIT_MSGTYPE: |
524 | case AUDIT_PPID: | 561 | case AUDIT_PPID: |
525 | case AUDIT_DEVMAJOR: | 562 | case AUDIT_DEVMAJOR: |
@@ -531,6 +568,9 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, | |||
531 | case AUDIT_ARG2: | 568 | case AUDIT_ARG2: |
532 | case AUDIT_ARG3: | 569 | case AUDIT_ARG3: |
533 | break; | 570 | break; |
571 | case AUDIT_ARCH: | ||
572 | entry->rule.arch_f = f; | ||
573 | break; | ||
534 | case AUDIT_SUBJ_USER: | 574 | case AUDIT_SUBJ_USER: |
535 | case AUDIT_SUBJ_ROLE: | 575 | case AUDIT_SUBJ_ROLE: |
536 | case AUDIT_SUBJ_TYPE: | 576 | case AUDIT_SUBJ_TYPE: |
@@ -1221,6 +1261,9 @@ static inline int audit_add_rule(struct audit_entry *entry, | |||
1221 | #ifdef CONFIG_AUDITSYSCALL | 1261 | #ifdef CONFIG_AUDITSYSCALL |
1222 | if (!dont_count) | 1262 | if (!dont_count) |
1223 | audit_n_rules++; | 1263 | audit_n_rules++; |
1264 | |||
1265 | if (!audit_match_signal(entry)) | ||
1266 | audit_signals++; | ||
1224 | #endif | 1267 | #endif |
1225 | mutex_unlock(&audit_filter_mutex); | 1268 | mutex_unlock(&audit_filter_mutex); |
1226 | 1269 | ||
@@ -1294,6 +1337,9 @@ static inline int audit_del_rule(struct audit_entry *entry, | |||
1294 | #ifdef CONFIG_AUDITSYSCALL | 1337 | #ifdef CONFIG_AUDITSYSCALL |
1295 | if (!dont_count) | 1338 | if (!dont_count) |
1296 | audit_n_rules--; | 1339 | audit_n_rules--; |
1340 | |||
1341 | if (!audit_match_signal(entry)) | ||
1342 | audit_signals--; | ||
1297 | #endif | 1343 | #endif |
1298 | mutex_unlock(&audit_filter_mutex); | 1344 | mutex_unlock(&audit_filter_mutex); |
1299 | 1345 | ||
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 628c7ac590a0..e36481ed61b4 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -78,17 +78,15 @@ extern int audit_enabled; | |||
78 | * for saving names from getname(). */ | 78 | * for saving names from getname(). */ |
79 | #define AUDIT_NAMES 20 | 79 | #define AUDIT_NAMES 20 |
80 | 80 | ||
81 | /* AUDIT_NAMES_RESERVED is the number of slots we reserve in the | ||
82 | * audit_context from being used for nameless inodes from | ||
83 | * path_lookup. */ | ||
84 | #define AUDIT_NAMES_RESERVED 7 | ||
85 | |||
86 | /* Indicates that audit should log the full pathname. */ | 81 | /* Indicates that audit should log the full pathname. */ |
87 | #define AUDIT_NAME_FULL -1 | 82 | #define AUDIT_NAME_FULL -1 |
88 | 83 | ||
89 | /* number of audit rules */ | 84 | /* number of audit rules */ |
90 | int audit_n_rules; | 85 | int audit_n_rules; |
91 | 86 | ||
87 | /* determines whether we collect data for signals sent */ | ||
88 | int audit_signals; | ||
89 | |||
92 | /* When fs/namei.c:getname() is called, we store the pointer in name and | 90 | /* When fs/namei.c:getname() is called, we store the pointer in name and |
93 | * we don't let putname() free it (instead we free all of the saved | 91 | * we don't let putname() free it (instead we free all of the saved |
94 | * pointers at syscall exit time). | 92 | * pointers at syscall exit time). |
@@ -114,6 +112,9 @@ struct audit_aux_data { | |||
114 | 112 | ||
115 | #define AUDIT_AUX_IPCPERM 0 | 113 | #define AUDIT_AUX_IPCPERM 0 |
116 | 114 | ||
115 | /* Number of target pids per aux struct. */ | ||
116 | #define AUDIT_AUX_PIDS 16 | ||
117 | |||
117 | struct audit_aux_data_mq_open { | 118 | struct audit_aux_data_mq_open { |
118 | struct audit_aux_data d; | 119 | struct audit_aux_data d; |
119 | int oflag; | 120 | int oflag; |
@@ -181,6 +182,13 @@ struct audit_aux_data_path { | |||
181 | struct vfsmount *mnt; | 182 | struct vfsmount *mnt; |
182 | }; | 183 | }; |
183 | 184 | ||
185 | struct audit_aux_data_pids { | ||
186 | struct audit_aux_data d; | ||
187 | pid_t target_pid[AUDIT_AUX_PIDS]; | ||
188 | u32 target_sid[AUDIT_AUX_PIDS]; | ||
189 | int pid_count; | ||
190 | }; | ||
191 | |||
184 | /* The per-task audit context. */ | 192 | /* The per-task audit context. */ |
185 | struct audit_context { | 193 | struct audit_context { |
186 | int dummy; /* must be the first element */ | 194 | int dummy; /* must be the first element */ |
@@ -201,6 +209,7 @@ struct audit_context { | |||
201 | struct vfsmount * pwdmnt; | 209 | struct vfsmount * pwdmnt; |
202 | struct audit_context *previous; /* For nested syscalls */ | 210 | struct audit_context *previous; /* For nested syscalls */ |
203 | struct audit_aux_data *aux; | 211 | struct audit_aux_data *aux; |
212 | struct audit_aux_data *aux_pids; | ||
204 | 213 | ||
205 | /* Save things to print about task_struct */ | 214 | /* Save things to print about task_struct */ |
206 | pid_t pid, ppid; | 215 | pid_t pid, ppid; |
@@ -209,6 +218,9 @@ struct audit_context { | |||
209 | unsigned long personality; | 218 | unsigned long personality; |
210 | int arch; | 219 | int arch; |
211 | 220 | ||
221 | pid_t target_pid; | ||
222 | u32 target_sid; | ||
223 | |||
212 | #if AUDIT_DEBUG | 224 | #if AUDIT_DEBUG |
213 | int put_count; | 225 | int put_count; |
214 | int ino_count; | 226 | int ino_count; |
@@ -654,6 +666,10 @@ static inline void audit_free_aux(struct audit_context *context) | |||
654 | context->aux = aux->next; | 666 | context->aux = aux->next; |
655 | kfree(aux); | 667 | kfree(aux); |
656 | } | 668 | } |
669 | while ((aux = context->aux_pids)) { | ||
670 | context->aux_pids = aux->next; | ||
671 | kfree(aux); | ||
672 | } | ||
657 | } | 673 | } |
658 | 674 | ||
659 | static inline void audit_zero_context(struct audit_context *context, | 675 | static inline void audit_zero_context(struct audit_context *context, |
@@ -795,6 +811,29 @@ static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk | |||
795 | audit_log_task_context(ab); | 811 | audit_log_task_context(ab); |
796 | } | 812 | } |
797 | 813 | ||
814 | static int audit_log_pid_context(struct audit_context *context, pid_t pid, | ||
815 | u32 sid) | ||
816 | { | ||
817 | struct audit_buffer *ab; | ||
818 | char *s = NULL; | ||
819 | u32 len; | ||
820 | int rc = 0; | ||
821 | |||
822 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); | ||
823 | if (!ab) | ||
824 | return 1; | ||
825 | |||
826 | if (selinux_sid_to_string(sid, &s, &len)) { | ||
827 | audit_log_format(ab, "opid=%d obj=(none)", pid); | ||
828 | rc = 1; | ||
829 | } else | ||
830 | audit_log_format(ab, "opid=%d obj=%s", pid, s); | ||
831 | audit_log_end(ab); | ||
832 | kfree(s); | ||
833 | |||
834 | return rc; | ||
835 | } | ||
836 | |||
798 | static void audit_log_exit(struct audit_context *context, struct task_struct *tsk) | 837 | static void audit_log_exit(struct audit_context *context, struct task_struct *tsk) |
799 | { | 838 | { |
800 | int i, call_panic = 0; | 839 | int i, call_panic = 0; |
@@ -973,6 +1012,21 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
973 | audit_log_end(ab); | 1012 | audit_log_end(ab); |
974 | } | 1013 | } |
975 | 1014 | ||
1015 | for (aux = context->aux_pids; aux; aux = aux->next) { | ||
1016 | struct audit_aux_data_pids *axs = (void *)aux; | ||
1017 | int i; | ||
1018 | |||
1019 | for (i = 0; i < axs->pid_count; i++) | ||
1020 | if (audit_log_pid_context(context, axs->target_pid[i], | ||
1021 | axs->target_sid[i])) | ||
1022 | call_panic = 1; | ||
1023 | } | ||
1024 | |||
1025 | if (context->target_pid && | ||
1026 | audit_log_pid_context(context, context->target_pid, | ||
1027 | context->target_sid)) | ||
1028 | call_panic = 1; | ||
1029 | |||
976 | if (context->pwd && context->pwdmnt) { | 1030 | if (context->pwd && context->pwdmnt) { |
977 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD); | 1031 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD); |
978 | if (ab) { | 1032 | if (ab) { |
@@ -1193,6 +1247,10 @@ void audit_syscall_exit(int valid, long return_code) | |||
1193 | } else { | 1247 | } else { |
1194 | audit_free_names(context); | 1248 | audit_free_names(context); |
1195 | audit_free_aux(context); | 1249 | audit_free_aux(context); |
1250 | context->aux = NULL; | ||
1251 | context->aux_pids = NULL; | ||
1252 | context->target_pid = 0; | ||
1253 | context->target_sid = 0; | ||
1196 | kfree(context->filterkey); | 1254 | kfree(context->filterkey); |
1197 | context->filterkey = NULL; | 1255 | context->filterkey = NULL; |
1198 | tsk->audit_context = context; | 1256 | tsk->audit_context = context; |
@@ -1226,6 +1284,7 @@ void __audit_getname(const char *name) | |||
1226 | context->names[context->name_count].name_len = AUDIT_NAME_FULL; | 1284 | context->names[context->name_count].name_len = AUDIT_NAME_FULL; |
1227 | context->names[context->name_count].name_put = 1; | 1285 | context->names[context->name_count].name_put = 1; |
1228 | context->names[context->name_count].ino = (unsigned long)-1; | 1286 | context->names[context->name_count].ino = (unsigned long)-1; |
1287 | context->names[context->name_count].osid = 0; | ||
1229 | ++context->name_count; | 1288 | ++context->name_count; |
1230 | if (!context->pwd) { | 1289 | if (!context->pwd) { |
1231 | read_lock(¤t->fs->lock); | 1290 | read_lock(¤t->fs->lock); |
@@ -1279,6 +1338,28 @@ void audit_putname(const char *name) | |||
1279 | #endif | 1338 | #endif |
1280 | } | 1339 | } |
1281 | 1340 | ||
1341 | static int audit_inc_name_count(struct audit_context *context, | ||
1342 | const struct inode *inode) | ||
1343 | { | ||
1344 | if (context->name_count >= AUDIT_NAMES) { | ||
1345 | if (inode) | ||
1346 | printk(KERN_DEBUG "name_count maxed, losing inode data: " | ||
1347 | "dev=%02x:%02x, inode=%lu", | ||
1348 | MAJOR(inode->i_sb->s_dev), | ||
1349 | MINOR(inode->i_sb->s_dev), | ||
1350 | inode->i_ino); | ||
1351 | |||
1352 | else | ||
1353 | printk(KERN_DEBUG "name_count maxed, losing inode data"); | ||
1354 | return 1; | ||
1355 | } | ||
1356 | context->name_count++; | ||
1357 | #if AUDIT_DEBUG | ||
1358 | context->ino_count++; | ||
1359 | #endif | ||
1360 | return 0; | ||
1361 | } | ||
1362 | |||
1282 | /* Copy inode data into an audit_names. */ | 1363 | /* Copy inode data into an audit_names. */ |
1283 | static void audit_copy_inode(struct audit_names *name, const struct inode *inode) | 1364 | static void audit_copy_inode(struct audit_names *name, const struct inode *inode) |
1284 | { | 1365 | { |
@@ -1316,13 +1397,10 @@ void __audit_inode(const char *name, const struct inode *inode) | |||
1316 | else { | 1397 | else { |
1317 | /* FIXME: how much do we care about inodes that have no | 1398 | /* FIXME: how much do we care about inodes that have no |
1318 | * associated name? */ | 1399 | * associated name? */ |
1319 | if (context->name_count >= AUDIT_NAMES - AUDIT_NAMES_RESERVED) | 1400 | if (audit_inc_name_count(context, inode)) |
1320 | return; | 1401 | return; |
1321 | idx = context->name_count++; | 1402 | idx = context->name_count - 1; |
1322 | context->names[idx].name = NULL; | 1403 | context->names[idx].name = NULL; |
1323 | #if AUDIT_DEBUG | ||
1324 | ++context->ino_count; | ||
1325 | #endif | ||
1326 | } | 1404 | } |
1327 | audit_copy_inode(&context->names[idx], inode); | 1405 | audit_copy_inode(&context->names[idx], inode); |
1328 | } | 1406 | } |
@@ -1346,7 +1424,7 @@ void __audit_inode_child(const char *dname, const struct inode *inode, | |||
1346 | { | 1424 | { |
1347 | int idx; | 1425 | int idx; |
1348 | struct audit_context *context = current->audit_context; | 1426 | struct audit_context *context = current->audit_context; |
1349 | const char *found_name = NULL; | 1427 | const char *found_parent = NULL, *found_child = NULL; |
1350 | int dirlen = 0; | 1428 | int dirlen = 0; |
1351 | 1429 | ||
1352 | if (!context->in_syscall) | 1430 | if (!context->in_syscall) |
@@ -1354,88 +1432,73 @@ void __audit_inode_child(const char *dname, const struct inode *inode, | |||
1354 | 1432 | ||
1355 | /* determine matching parent */ | 1433 | /* determine matching parent */ |
1356 | if (!dname) | 1434 | if (!dname) |
1357 | goto update_context; | 1435 | goto add_names; |
1358 | for (idx = 0; idx < context->name_count; idx++) | ||
1359 | if (context->names[idx].ino == parent->i_ino) { | ||
1360 | const char *name = context->names[idx].name; | ||
1361 | 1436 | ||
1362 | if (!name) | 1437 | /* parent is more likely, look for it first */ |
1363 | continue; | 1438 | for (idx = 0; idx < context->name_count; idx++) { |
1439 | struct audit_names *n = &context->names[idx]; | ||
1364 | 1440 | ||
1365 | if (audit_compare_dname_path(dname, name, &dirlen) == 0) { | 1441 | if (!n->name) |
1366 | context->names[idx].name_len = dirlen; | 1442 | continue; |
1367 | found_name = name; | 1443 | |
1368 | break; | 1444 | if (n->ino == parent->i_ino && |
1369 | } | 1445 | !audit_compare_dname_path(dname, n->name, &dirlen)) { |
1446 | n->name_len = dirlen; /* update parent data in place */ | ||
1447 | found_parent = n->name; | ||
1448 | goto add_names; | ||
1370 | } | 1449 | } |
1450 | } | ||
1371 | 1451 | ||
1372 | update_context: | 1452 | /* no matching parent, look for matching child */ |
1373 | idx = context->name_count; | 1453 | for (idx = 0; idx < context->name_count; idx++) { |
1374 | if (context->name_count == AUDIT_NAMES) { | 1454 | struct audit_names *n = &context->names[idx]; |
1375 | printk(KERN_DEBUG "name_count maxed and losing %s\n", | 1455 | |
1376 | found_name ?: "(null)"); | 1456 | if (!n->name) |
1377 | return; | 1457 | continue; |
1458 | |||
1459 | /* strcmp() is the more likely scenario */ | ||
1460 | if (!strcmp(dname, n->name) || | ||
1461 | !audit_compare_dname_path(dname, n->name, &dirlen)) { | ||
1462 | if (inode) | ||
1463 | audit_copy_inode(n, inode); | ||
1464 | else | ||
1465 | n->ino = (unsigned long)-1; | ||
1466 | found_child = n->name; | ||
1467 | goto add_names; | ||
1468 | } | ||
1378 | } | 1469 | } |
1379 | context->name_count++; | 1470 | |
1380 | #if AUDIT_DEBUG | 1471 | add_names: |
1381 | context->ino_count++; | 1472 | if (!found_parent) { |
1382 | #endif | 1473 | if (audit_inc_name_count(context, parent)) |
1383 | /* Re-use the name belonging to the slot for a matching parent directory. | ||
1384 | * All names for this context are relinquished in audit_free_names() */ | ||
1385 | context->names[idx].name = found_name; | ||
1386 | context->names[idx].name_len = AUDIT_NAME_FULL; | ||
1387 | context->names[idx].name_put = 0; /* don't call __putname() */ | ||
1388 | |||
1389 | if (!inode) | ||
1390 | context->names[idx].ino = (unsigned long)-1; | ||
1391 | else | ||
1392 | audit_copy_inode(&context->names[idx], inode); | ||
1393 | |||
1394 | /* A parent was not found in audit_names, so copy the inode data for the | ||
1395 | * provided parent. */ | ||
1396 | if (!found_name) { | ||
1397 | idx = context->name_count; | ||
1398 | if (context->name_count == AUDIT_NAMES) { | ||
1399 | printk(KERN_DEBUG | ||
1400 | "name_count maxed and losing parent inode data: dev=%02x:%02x, inode=%lu", | ||
1401 | MAJOR(parent->i_sb->s_dev), | ||
1402 | MINOR(parent->i_sb->s_dev), | ||
1403 | parent->i_ino); | ||
1404 | return; | 1474 | return; |
1405 | } | 1475 | idx = context->name_count - 1; |
1406 | context->name_count++; | 1476 | context->names[idx].name = NULL; |
1407 | #if AUDIT_DEBUG | ||
1408 | context->ino_count++; | ||
1409 | #endif | ||
1410 | audit_copy_inode(&context->names[idx], parent); | 1477 | audit_copy_inode(&context->names[idx], parent); |
1411 | } | 1478 | } |
1412 | } | ||
1413 | 1479 | ||
1414 | /** | 1480 | if (!found_child) { |
1415 | * audit_inode_update - update inode info for last collected name | 1481 | if (audit_inc_name_count(context, inode)) |
1416 | * @inode: inode being audited | 1482 | return; |
1417 | * | 1483 | idx = context->name_count - 1; |
1418 | * When open() is called on an existing object with the O_CREAT flag, the inode | ||
1419 | * data audit initially collects is incorrect. This additional hook ensures | ||
1420 | * audit has the inode data for the actual object to be opened. | ||
1421 | */ | ||
1422 | void __audit_inode_update(const struct inode *inode) | ||
1423 | { | ||
1424 | struct audit_context *context = current->audit_context; | ||
1425 | int idx; | ||
1426 | 1484 | ||
1427 | if (!context->in_syscall || !inode) | 1485 | /* Re-use the name belonging to the slot for a matching parent |
1428 | return; | 1486 | * directory. All names for this context are relinquished in |
1487 | * audit_free_names() */ | ||
1488 | if (found_parent) { | ||
1489 | context->names[idx].name = found_parent; | ||
1490 | context->names[idx].name_len = AUDIT_NAME_FULL; | ||
1491 | /* don't call __putname() */ | ||
1492 | context->names[idx].name_put = 0; | ||
1493 | } else { | ||
1494 | context->names[idx].name = NULL; | ||
1495 | } | ||
1429 | 1496 | ||
1430 | if (context->name_count == 0) { | 1497 | if (inode) |
1431 | context->name_count++; | 1498 | audit_copy_inode(&context->names[idx], inode); |
1432 | #if AUDIT_DEBUG | 1499 | else |
1433 | context->ino_count++; | 1500 | context->names[idx].ino = (unsigned long)-1; |
1434 | #endif | ||
1435 | } | 1501 | } |
1436 | idx = context->name_count - 1; | ||
1437 | |||
1438 | audit_copy_inode(&context->names[idx], inode); | ||
1439 | } | 1502 | } |
1440 | 1503 | ||
1441 | /** | 1504 | /** |
@@ -1880,6 +1943,14 @@ int audit_sockaddr(int len, void *a) | |||
1880 | return 0; | 1943 | return 0; |
1881 | } | 1944 | } |
1882 | 1945 | ||
1946 | void __audit_ptrace(struct task_struct *t) | ||
1947 | { | ||
1948 | struct audit_context *context = current->audit_context; | ||
1949 | |||
1950 | context->target_pid = t->pid; | ||
1951 | selinux_get_task_sid(t, &context->target_sid); | ||
1952 | } | ||
1953 | |||
1883 | /** | 1954 | /** |
1884 | * audit_avc_path - record the granting or denial of permissions | 1955 | * audit_avc_path - record the granting or denial of permissions |
1885 | * @dentry: dentry to record | 1956 | * @dentry: dentry to record |
@@ -1918,15 +1989,17 @@ int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt) | |||
1918 | * If the audit subsystem is being terminated, record the task (pid) | 1989 | * If the audit subsystem is being terminated, record the task (pid) |
1919 | * and uid that is doing that. | 1990 | * and uid that is doing that. |
1920 | */ | 1991 | */ |
1921 | void __audit_signal_info(int sig, struct task_struct *t) | 1992 | int __audit_signal_info(int sig, struct task_struct *t) |
1922 | { | 1993 | { |
1994 | struct audit_aux_data_pids *axp; | ||
1995 | struct task_struct *tsk = current; | ||
1996 | struct audit_context *ctx = tsk->audit_context; | ||
1923 | extern pid_t audit_sig_pid; | 1997 | extern pid_t audit_sig_pid; |
1924 | extern uid_t audit_sig_uid; | 1998 | extern uid_t audit_sig_uid; |
1925 | extern u32 audit_sig_sid; | 1999 | extern u32 audit_sig_sid; |
1926 | 2000 | ||
1927 | if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1) { | 2001 | if (audit_pid && t->tgid == audit_pid && |
1928 | struct task_struct *tsk = current; | 2002 | (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1)) { |
1929 | struct audit_context *ctx = tsk->audit_context; | ||
1930 | audit_sig_pid = tsk->pid; | 2003 | audit_sig_pid = tsk->pid; |
1931 | if (ctx) | 2004 | if (ctx) |
1932 | audit_sig_uid = ctx->loginuid; | 2005 | audit_sig_uid = ctx->loginuid; |
@@ -1934,4 +2007,72 @@ void __audit_signal_info(int sig, struct task_struct *t) | |||
1934 | audit_sig_uid = tsk->uid; | 2007 | audit_sig_uid = tsk->uid; |
1935 | selinux_get_task_sid(tsk, &audit_sig_sid); | 2008 | selinux_get_task_sid(tsk, &audit_sig_sid); |
1936 | } | 2009 | } |
2010 | |||
2011 | if (!audit_signals) /* audit_context checked in wrapper */ | ||
2012 | return 0; | ||
2013 | |||
2014 | /* optimize the common case by putting first signal recipient directly | ||
2015 | * in audit_context */ | ||
2016 | if (!ctx->target_pid) { | ||
2017 | ctx->target_pid = t->tgid; | ||
2018 | selinux_get_task_sid(t, &ctx->target_sid); | ||
2019 | return 0; | ||
2020 | } | ||
2021 | |||
2022 | axp = (void *)ctx->aux_pids; | ||
2023 | if (!axp || axp->pid_count == AUDIT_AUX_PIDS) { | ||
2024 | axp = kzalloc(sizeof(*axp), GFP_ATOMIC); | ||
2025 | if (!axp) | ||
2026 | return -ENOMEM; | ||
2027 | |||
2028 | axp->d.type = AUDIT_OBJ_PID; | ||
2029 | axp->d.next = ctx->aux_pids; | ||
2030 | ctx->aux_pids = (void *)axp; | ||
2031 | } | ||
2032 | BUG_ON(axp->pid_count > AUDIT_AUX_PIDS); | ||
2033 | |||
2034 | axp->target_pid[axp->pid_count] = t->tgid; | ||
2035 | selinux_get_task_sid(t, &axp->target_sid[axp->pid_count]); | ||
2036 | axp->pid_count++; | ||
2037 | |||
2038 | return 0; | ||
2039 | } | ||
2040 | |||
2041 | /** | ||
2042 | * audit_core_dumps - record information about processes that end abnormally | ||
2043 | * @sig: signal value | ||
2044 | * | ||
2045 | * If a process ends with a core dump, something fishy is going on and we | ||
2046 | * should record the event for investigation. | ||
2047 | */ | ||
2048 | void audit_core_dumps(long signr) | ||
2049 | { | ||
2050 | struct audit_buffer *ab; | ||
2051 | u32 sid; | ||
2052 | |||
2053 | if (!audit_enabled) | ||
2054 | return; | ||
2055 | |||
2056 | if (signr == SIGQUIT) /* don't care for those */ | ||
2057 | return; | ||
2058 | |||
2059 | ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND); | ||
2060 | audit_log_format(ab, "auid=%u uid=%u gid=%u", | ||
2061 | audit_get_loginuid(current->audit_context), | ||
2062 | current->uid, current->gid); | ||
2063 | selinux_get_task_sid(current, &sid); | ||
2064 | if (sid) { | ||
2065 | char *ctx = NULL; | ||
2066 | u32 len; | ||
2067 | |||
2068 | if (selinux_sid_to_string(sid, &ctx, &len)) | ||
2069 | audit_log_format(ab, " ssid=%u", sid); | ||
2070 | else | ||
2071 | audit_log_format(ab, " subj=%s", ctx); | ||
2072 | kfree(ctx); | ||
2073 | } | ||
2074 | audit_log_format(ab, " pid=%d comm=", current->pid); | ||
2075 | audit_log_untrustedstring(ab, current->comm); | ||
2076 | audit_log_format(ab, " sig=%ld", signr); | ||
2077 | audit_log_end(ab); | ||
1937 | } | 2078 | } |
diff --git a/kernel/ptrace.c b/kernel/ptrace.c index 4d50e06fd745..ad7949a589dd 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c | |||
@@ -18,6 +18,7 @@ | |||
18 | #include <linux/ptrace.h> | 18 | #include <linux/ptrace.h> |
19 | #include <linux/security.h> | 19 | #include <linux/security.h> |
20 | #include <linux/signal.h> | 20 | #include <linux/signal.h> |
21 | #include <linux/audit.h> | ||
21 | 22 | ||
22 | #include <asm/pgtable.h> | 23 | #include <asm/pgtable.h> |
23 | #include <asm/uaccess.h> | 24 | #include <asm/uaccess.h> |
@@ -161,6 +162,8 @@ int ptrace_attach(struct task_struct *task) | |||
161 | { | 162 | { |
162 | int retval; | 163 | int retval; |
163 | 164 | ||
165 | audit_ptrace(task); | ||
166 | |||
164 | retval = -EPERM; | 167 | retval = -EPERM; |
165 | if (task->pid <= 1) | 168 | if (task->pid <= 1) |
166 | goto out; | 169 | goto out; |
diff --git a/kernel/signal.c b/kernel/signal.c index 34b7d6abce8f..364fc95bf97c 100644 --- a/kernel/signal.c +++ b/kernel/signal.c | |||
@@ -497,6 +497,11 @@ static int check_kill_permission(int sig, struct siginfo *info, | |||
497 | int error = -EINVAL; | 497 | int error = -EINVAL; |
498 | if (!valid_signal(sig)) | 498 | if (!valid_signal(sig)) |
499 | return error; | 499 | return error; |
500 | |||
501 | error = audit_signal_info(sig, t); /* Let audit system see the signal */ | ||
502 | if (error) | ||
503 | return error; | ||
504 | |||
500 | error = -EPERM; | 505 | error = -EPERM; |
501 | if ((info == SEND_SIG_NOINFO || (!is_si_special(info) && SI_FROMUSER(info))) | 506 | if ((info == SEND_SIG_NOINFO || (!is_si_special(info) && SI_FROMUSER(info))) |
502 | && ((sig != SIGCONT) || | 507 | && ((sig != SIGCONT) || |
@@ -506,10 +511,7 @@ static int check_kill_permission(int sig, struct siginfo *info, | |||
506 | && !capable(CAP_KILL)) | 511 | && !capable(CAP_KILL)) |
507 | return error; | 512 | return error; |
508 | 513 | ||
509 | error = security_task_kill(t, info, sig, 0); | 514 | return security_task_kill(t, info, sig, 0); |
510 | if (!error) | ||
511 | audit_signal_info(sig, t); /* Let audit system see the signal */ | ||
512 | return error; | ||
513 | } | 515 | } |
514 | 516 | ||
515 | /* forward decl */ | 517 | /* forward decl */ |
diff --git a/lib/audit.c b/lib/audit.c index 3b1289fadf06..8e7dc1c63aa9 100644 --- a/lib/audit.c +++ b/lib/audit.c | |||
@@ -23,6 +23,16 @@ static unsigned chattr_class[] = { | |||
23 | ~0U | 23 | ~0U |
24 | }; | 24 | }; |
25 | 25 | ||
26 | static unsigned signal_class[] = { | ||
27 | #include <asm-generic/audit_signal.h> | ||
28 | ~0U | ||
29 | }; | ||
30 | |||
31 | int audit_classify_arch(int arch) | ||
32 | { | ||
33 | return 0; | ||
34 | } | ||
35 | |||
26 | int audit_classify_syscall(int abi, unsigned syscall) | 36 | int audit_classify_syscall(int abi, unsigned syscall) |
27 | { | 37 | { |
28 | switch(syscall) { | 38 | switch(syscall) { |
@@ -49,6 +59,7 @@ static int __init audit_classes_init(void) | |||
49 | audit_register_class(AUDIT_CLASS_READ, read_class); | 59 | audit_register_class(AUDIT_CLASS_READ, read_class); |
50 | audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); | 60 | audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); |
51 | audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); | 61 | audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); |
62 | audit_register_class(AUDIT_CLASS_SIGNAL, signal_class); | ||
52 | return 0; | 63 | return 0; |
53 | } | 64 | } |
54 | 65 | ||