aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--drivers/char/tty_audit.c18
-rw-r--r--include/linux/audit.h2
-rw-r--r--include/linux/init_task.h3
-rw-r--r--include/linux/sched.h1
-rw-r--r--kernel/auditsc.c36
-rw-r--r--net/core/dev.c5
-rw-r--r--security/selinux/selinuxfs.c17
-rw-r--r--security/selinux/ss/services.c5
8 files changed, 61 insertions, 26 deletions
diff --git a/drivers/char/tty_audit.c b/drivers/char/tty_audit.c
index c590fc45b2fd..bacded0eefab 100644
--- a/drivers/char/tty_audit.c
+++ b/drivers/char/tty_audit.c
@@ -73,6 +73,7 @@ static void tty_audit_buf_put(struct tty_audit_buf *buf)
73 * @tsk with @loginuid. @buf->mutex must be locked. 73 * @tsk with @loginuid. @buf->mutex must be locked.
74 */ 74 */
75static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid, 75static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
76 unsigned int sessionid,
76 struct tty_audit_buf *buf) 77 struct tty_audit_buf *buf)
77{ 78{
78 struct audit_buffer *ab; 79 struct audit_buffer *ab;
@@ -85,9 +86,9 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
85 if (ab) { 86 if (ab) {
86 char name[sizeof(tsk->comm)]; 87 char name[sizeof(tsk->comm)];
87 88
88 audit_log_format(ab, "tty pid=%u uid=%u auid=%u major=%d " 89 audit_log_format(ab, "tty pid=%u uid=%u auid=%u ses=%u "
89 "minor=%d comm=", tsk->pid, tsk->uid, 90 "major=%d minor=%d comm=", tsk->pid, tsk->uid,
90 loginuid, buf->major, buf->minor); 91 loginuid, sessionid, buf->major, buf->minor);
91 get_task_comm(name, tsk); 92 get_task_comm(name, tsk);
92 audit_log_untrustedstring(ab, name); 93 audit_log_untrustedstring(ab, name);
93 audit_log_format(ab, " data="); 94 audit_log_format(ab, " data=");
@@ -105,7 +106,9 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
105 */ 106 */
106static void tty_audit_buf_push_current(struct tty_audit_buf *buf) 107static void tty_audit_buf_push_current(struct tty_audit_buf *buf)
107{ 108{
108 tty_audit_buf_push(current, audit_get_loginuid(current), buf); 109 uid_t auid = audit_get_loginuid(current);
110 unsigned int sessionid = audit_get_sessionid(current);
111 tty_audit_buf_push(current, auid, sessionid, buf);
109} 112}
110 113
111/** 114/**
@@ -151,6 +154,11 @@ void tty_audit_fork(struct signal_struct *sig)
151void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid) 154void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid)
152{ 155{
153 struct tty_audit_buf *buf; 156 struct tty_audit_buf *buf;
157 /* FIXME I think this is correct. Check against netlink once that is
158 * I really need to read this code more closely. But that's for
159 * another patch.
160 */
161 unsigned int sessionid = audit_get_sessionid(tsk);
154 162
155 spin_lock_irq(&tsk->sighand->siglock); 163 spin_lock_irq(&tsk->sighand->siglock);
156 buf = tsk->signal->tty_audit_buf; 164 buf = tsk->signal->tty_audit_buf;
@@ -161,7 +169,7 @@ void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid)
161 return; 169 return;
162 170
163 mutex_lock(&buf->mutex); 171 mutex_lock(&buf->mutex);
164 tty_audit_buf_push(tsk, loginuid, buf); 172 tty_audit_buf_push(tsk, loginuid, sessionid, buf);
165 mutex_unlock(&buf->mutex); 173 mutex_unlock(&buf->mutex);
166 174
167 tty_audit_buf_put(buf); 175 tty_audit_buf_put(buf);
diff --git a/include/linux/audit.h b/include/linux/audit.h
index d7c6a12f4d1c..52f1b12505a9 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -410,6 +410,7 @@ extern void auditsc_get_stamp(struct audit_context *ctx,
410 struct timespec *t, unsigned int *serial); 410 struct timespec *t, unsigned int *serial);
411extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); 411extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid);
412#define audit_get_loginuid(t) ((t)->loginuid) 412#define audit_get_loginuid(t) ((t)->loginuid)
413#define audit_get_sessionid(t) ((t)->sessionid)
413extern void audit_log_task_context(struct audit_buffer *ab); 414extern void audit_log_task_context(struct audit_buffer *ab);
414extern int __audit_ipc_obj(struct kern_ipc_perm *ipcp); 415extern int __audit_ipc_obj(struct kern_ipc_perm *ipcp);
415extern int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); 416extern int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode);
@@ -489,6 +490,7 @@ extern int audit_signals;
489#define audit_core_dumps(i) do { ; } while (0) 490#define audit_core_dumps(i) do { ; } while (0)
490#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) 491#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
491#define audit_get_loginuid(t) (-1) 492#define audit_get_loginuid(t) (-1)
493#define audit_get_sessionid(t) (-1)
492#define audit_log_task_context(b) do { ; } while (0) 494#define audit_log_task_context(b) do { ; } while (0)
493#define audit_ipc_obj(i) ({ 0; }) 495#define audit_ipc_obj(i) ({ 0; })
494#define audit_ipc_set_perm(q,u,g,m) ({ 0; }) 496#define audit_ipc_set_perm(q,u,g,m) ({ 0; })
diff --git a/include/linux/init_task.h b/include/linux/init_task.h
index ea3e9efd7396..f42663eaf655 100644
--- a/include/linux/init_task.h
+++ b/include/linux/init_task.h
@@ -116,7 +116,8 @@ extern struct group_info init_groups;
116 116
117#ifdef CONFIG_AUDITSYSCALL 117#ifdef CONFIG_AUDITSYSCALL
118#define INIT_IDS \ 118#define INIT_IDS \
119 .loginuid = -1, 119 .loginuid = -1, \
120 .sessionid = -1,
120#else 121#else
121#define INIT_IDS 122#define INIT_IDS
122#endif 123#endif
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 5e2730389089..af6947e69b40 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -1141,6 +1141,7 @@ struct task_struct {
1141 struct audit_context *audit_context; 1141 struct audit_context *audit_context;
1142#ifdef CONFIG_AUDITSYSCALL 1142#ifdef CONFIG_AUDITSYSCALL
1143 uid_t loginuid; 1143 uid_t loginuid;
1144 unsigned int sessionid;
1144#endif 1145#endif
1145 seccomp_t seccomp; 1146 seccomp_t seccomp;
1146 1147
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index a222e73fec74..4e67abb02904 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -178,6 +178,7 @@ struct audit_aux_data_pids {
178 pid_t target_pid[AUDIT_AUX_PIDS]; 178 pid_t target_pid[AUDIT_AUX_PIDS];
179 uid_t target_auid[AUDIT_AUX_PIDS]; 179 uid_t target_auid[AUDIT_AUX_PIDS];
180 uid_t target_uid[AUDIT_AUX_PIDS]; 180 uid_t target_uid[AUDIT_AUX_PIDS];
181 unsigned int target_sessionid[AUDIT_AUX_PIDS];
181 u32 target_sid[AUDIT_AUX_PIDS]; 182 u32 target_sid[AUDIT_AUX_PIDS];
182 char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; 183 char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN];
183 int pid_count; 184 int pid_count;
@@ -219,6 +220,7 @@ struct audit_context {
219 pid_t target_pid; 220 pid_t target_pid;
220 uid_t target_auid; 221 uid_t target_auid;
221 uid_t target_uid; 222 uid_t target_uid;
223 unsigned int target_sessionid;
222 u32 target_sid; 224 u32 target_sid;
223 char target_comm[TASK_COMM_LEN]; 225 char target_comm[TASK_COMM_LEN];
224 226
@@ -936,7 +938,8 @@ static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk
936} 938}
937 939
938static int audit_log_pid_context(struct audit_context *context, pid_t pid, 940static int audit_log_pid_context(struct audit_context *context, pid_t pid,
939 uid_t auid, uid_t uid, u32 sid, char *comm) 941 uid_t auid, uid_t uid, unsigned int sessionid,
942 u32 sid, char *comm)
940{ 943{
941 struct audit_buffer *ab; 944 struct audit_buffer *ab;
942 char *s = NULL; 945 char *s = NULL;
@@ -947,7 +950,8 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
947 if (!ab) 950 if (!ab)
948 return 1; 951 return 1;
949 952
950 audit_log_format(ab, "opid=%d oauid=%d ouid=%d", pid, auid, uid); 953 audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, auid,
954 uid, sessionid);
951 if (selinux_sid_to_string(sid, &s, &len)) { 955 if (selinux_sid_to_string(sid, &s, &len)) {
952 audit_log_format(ab, " obj=(none)"); 956 audit_log_format(ab, " obj=(none)");
953 rc = 1; 957 rc = 1;
@@ -1056,7 +1060,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
1056 " a0=%lx a1=%lx a2=%lx a3=%lx items=%d" 1060 " a0=%lx a1=%lx a2=%lx a3=%lx items=%d"
1057 " ppid=%d pid=%d auid=%u uid=%u gid=%u" 1061 " ppid=%d pid=%d auid=%u uid=%u gid=%u"
1058 " euid=%u suid=%u fsuid=%u" 1062 " euid=%u suid=%u fsuid=%u"
1059 " egid=%u sgid=%u fsgid=%u tty=%s", 1063 " egid=%u sgid=%u fsgid=%u tty=%s ses=%u",
1060 context->argv[0], 1064 context->argv[0],
1061 context->argv[1], 1065 context->argv[1],
1062 context->argv[2], 1066 context->argv[2],
@@ -1068,7 +1072,8 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
1068 context->uid, 1072 context->uid,
1069 context->gid, 1073 context->gid,
1070 context->euid, context->suid, context->fsuid, 1074 context->euid, context->suid, context->fsuid,
1071 context->egid, context->sgid, context->fsgid, tty); 1075 context->egid, context->sgid, context->fsgid, tty,
1076 tsk->sessionid);
1072 1077
1073 mutex_unlock(&tty_mutex); 1078 mutex_unlock(&tty_mutex);
1074 1079
@@ -1187,6 +1192,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
1187 if (audit_log_pid_context(context, axs->target_pid[i], 1192 if (audit_log_pid_context(context, axs->target_pid[i],
1188 axs->target_auid[i], 1193 axs->target_auid[i],
1189 axs->target_uid[i], 1194 axs->target_uid[i],
1195 axs->target_sessionid[i],
1190 axs->target_sid[i], 1196 axs->target_sid[i],
1191 axs->target_comm[i])) 1197 axs->target_comm[i]))
1192 call_panic = 1; 1198 call_panic = 1;
@@ -1195,6 +1201,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
1195 if (context->target_pid && 1201 if (context->target_pid &&
1196 audit_log_pid_context(context, context->target_pid, 1202 audit_log_pid_context(context, context->target_pid,
1197 context->target_auid, context->target_uid, 1203 context->target_auid, context->target_uid,
1204 context->target_sessionid,
1198 context->target_sid, context->target_comm)) 1205 context->target_sid, context->target_comm))
1199 call_panic = 1; 1206 call_panic = 1;
1200 1207
@@ -1787,6 +1794,9 @@ void auditsc_get_stamp(struct audit_context *ctx,
1787 ctx->auditable = 1; 1794 ctx->auditable = 1;
1788} 1795}
1789 1796
1797/* global counter which is incremented every time something logs in */
1798static atomic_t session_id = ATOMIC_INIT(0);
1799
1790/** 1800/**
1791 * audit_set_loginuid - set a task's audit_context loginuid 1801 * audit_set_loginuid - set a task's audit_context loginuid
1792 * @task: task whose audit context is being modified 1802 * @task: task whose audit context is being modified
@@ -1798,6 +1808,7 @@ void auditsc_get_stamp(struct audit_context *ctx,
1798 */ 1808 */
1799int audit_set_loginuid(struct task_struct *task, uid_t loginuid) 1809int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
1800{ 1810{
1811 unsigned int sessionid = atomic_inc_return(&session_id);
1801 struct audit_context *context = task->audit_context; 1812 struct audit_context *context = task->audit_context;
1802 1813
1803 if (context && context->in_syscall) { 1814 if (context && context->in_syscall) {
@@ -1806,12 +1817,15 @@ int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
1806 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN); 1817 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN);
1807 if (ab) { 1818 if (ab) {
1808 audit_log_format(ab, "login pid=%d uid=%u " 1819 audit_log_format(ab, "login pid=%d uid=%u "
1809 "old auid=%u new auid=%u", 1820 "old auid=%u new auid=%u"
1821 " old ses=%u new ses=%u",
1810 task->pid, task->uid, 1822 task->pid, task->uid,
1811 task->loginuid, loginuid); 1823 task->loginuid, loginuid,
1824 task->sessionid, sessionid);
1812 audit_log_end(ab); 1825 audit_log_end(ab);
1813 } 1826 }
1814 } 1827 }
1828 task->sessionid = sessionid;
1815 task->loginuid = loginuid; 1829 task->loginuid = loginuid;
1816 return 0; 1830 return 0;
1817} 1831}
@@ -2200,6 +2214,7 @@ void __audit_ptrace(struct task_struct *t)
2200 context->target_pid = t->pid; 2214 context->target_pid = t->pid;
2201 context->target_auid = audit_get_loginuid(t); 2215 context->target_auid = audit_get_loginuid(t);
2202 context->target_uid = t->uid; 2216 context->target_uid = t->uid;
2217 context->target_sessionid = audit_get_sessionid(t);
2203 selinux_get_task_sid(t, &context->target_sid); 2218 selinux_get_task_sid(t, &context->target_sid);
2204 memcpy(context->target_comm, t->comm, TASK_COMM_LEN); 2219 memcpy(context->target_comm, t->comm, TASK_COMM_LEN);
2205} 2220}
@@ -2240,6 +2255,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
2240 ctx->target_pid = t->tgid; 2255 ctx->target_pid = t->tgid;
2241 ctx->target_auid = audit_get_loginuid(t); 2256 ctx->target_auid = audit_get_loginuid(t);
2242 ctx->target_uid = t->uid; 2257 ctx->target_uid = t->uid;
2258 ctx->target_sessionid = audit_get_sessionid(t);
2243 selinux_get_task_sid(t, &ctx->target_sid); 2259 selinux_get_task_sid(t, &ctx->target_sid);
2244 memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); 2260 memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN);
2245 return 0; 2261 return 0;
@@ -2260,6 +2276,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
2260 axp->target_pid[axp->pid_count] = t->tgid; 2276 axp->target_pid[axp->pid_count] = t->tgid;
2261 axp->target_auid[axp->pid_count] = audit_get_loginuid(t); 2277 axp->target_auid[axp->pid_count] = audit_get_loginuid(t);
2262 axp->target_uid[axp->pid_count] = t->uid; 2278 axp->target_uid[axp->pid_count] = t->uid;
2279 axp->target_sessionid[axp->pid_count] = audit_get_sessionid(t);
2263 selinux_get_task_sid(t, &axp->target_sid[axp->pid_count]); 2280 selinux_get_task_sid(t, &axp->target_sid[axp->pid_count]);
2264 memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN); 2281 memcpy(axp->target_comm[axp->pid_count], t->comm, TASK_COMM_LEN);
2265 axp->pid_count++; 2282 axp->pid_count++;
@@ -2278,6 +2295,8 @@ void audit_core_dumps(long signr)
2278{ 2295{
2279 struct audit_buffer *ab; 2296 struct audit_buffer *ab;
2280 u32 sid; 2297 u32 sid;
2298 uid_t auid = audit_get_loginuid(current);
2299 unsigned int sessionid = audit_get_sessionid(current);
2281 2300
2282 if (!audit_enabled) 2301 if (!audit_enabled)
2283 return; 2302 return;
@@ -2286,9 +2305,8 @@ void audit_core_dumps(long signr)
2286 return; 2305 return;
2287 2306
2288 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND); 2307 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
2289 audit_log_format(ab, "auid=%u uid=%u gid=%u", 2308 audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u",
2290 audit_get_loginuid(current), 2309 auid, current->uid, current->gid, sessionid);
2291 current->uid, current->gid);
2292 selinux_get_task_sid(current, &sid); 2310 selinux_get_task_sid(current, &sid);
2293 if (sid) { 2311 if (sid) {
2294 char *ctx = NULL; 2312 char *ctx = NULL;
diff --git a/net/core/dev.c b/net/core/dev.c
index c0b69b3bb041..ba075a9dcecb 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -2754,10 +2754,11 @@ static void __dev_set_promiscuity(struct net_device *dev, int inc)
2754 "left"); 2754 "left");
2755 audit_log(current->audit_context, GFP_ATOMIC, 2755 audit_log(current->audit_context, GFP_ATOMIC,
2756 AUDIT_ANOM_PROMISCUOUS, 2756 AUDIT_ANOM_PROMISCUOUS,
2757 "dev=%s prom=%d old_prom=%d auid=%u", 2757 "dev=%s prom=%d old_prom=%d auid=%u ses=%u",
2758 dev->name, (dev->flags & IFF_PROMISC), 2758 dev->name, (dev->flags & IFF_PROMISC),
2759 (old_flags & IFF_PROMISC), 2759 (old_flags & IFF_PROMISC),
2760 audit_get_loginuid(current)); 2760 audit_get_loginuid(current),
2761 audit_get_sessionid(current));
2761 2762
2762 if (dev->change_rx_flags) 2763 if (dev->change_rx_flags)
2763 dev->change_rx_flags(dev, IFF_PROMISC); 2764 dev->change_rx_flags(dev, IFF_PROMISC);
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index bee969432979..0341567665b3 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -172,9 +172,10 @@ static ssize_t sel_write_enforce(struct file * file, const char __user * buf,
172 if (length) 172 if (length)
173 goto out; 173 goto out;
174 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, 174 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
175 "enforcing=%d old_enforcing=%d auid=%u", new_value, 175 "enforcing=%d old_enforcing=%d auid=%u ses=%u",
176 selinux_enforcing, 176 new_value, selinux_enforcing,
177 audit_get_loginuid(current)); 177 audit_get_loginuid(current),
178 audit_get_sessionid(current));
178 selinux_enforcing = new_value; 179 selinux_enforcing = new_value;
179 if (selinux_enforcing) 180 if (selinux_enforcing)
180 avc_ss_reset(0); 181 avc_ss_reset(0);
@@ -243,8 +244,9 @@ static ssize_t sel_write_disable(struct file * file, const char __user * buf,
243 if (length < 0) 244 if (length < 0)
244 goto out; 245 goto out;
245 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, 246 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
246 "selinux=0 auid=%u", 247 "selinux=0 auid=%u ses=%u",
247 audit_get_loginuid(current)); 248 audit_get_loginuid(current),
249 audit_get_sessionid(current));
248 } 250 }
249 251
250 length = count; 252 length = count;
@@ -356,8 +358,9 @@ out1:
356 (security_get_allow_unknown() ? "allow" : "deny"))); 358 (security_get_allow_unknown() ? "allow" : "deny")));
357 359
358 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, 360 audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
359 "policy loaded auid=%u", 361 "policy loaded auid=%u ses=%u",
360 audit_get_loginuid(current)); 362 audit_get_loginuid(current),
363 audit_get_sessionid(current));
361out: 364out:
362 mutex_unlock(&sel_mutex); 365 mutex_unlock(&sel_mutex);
363 vfree(data); 366 vfree(data);
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 819a6f91e801..fced6bccee76 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1905,11 +1905,12 @@ int security_set_bools(int len, int *values)
1905 if (!!values[i] != policydb.bool_val_to_struct[i]->state) { 1905 if (!!values[i] != policydb.bool_val_to_struct[i]->state) {
1906 audit_log(current->audit_context, GFP_ATOMIC, 1906 audit_log(current->audit_context, GFP_ATOMIC,
1907 AUDIT_MAC_CONFIG_CHANGE, 1907 AUDIT_MAC_CONFIG_CHANGE,
1908 "bool=%s val=%d old_val=%d auid=%u", 1908 "bool=%s val=%d old_val=%d auid=%u ses=%u",
1909 policydb.p_bool_val_to_name[i], 1909 policydb.p_bool_val_to_name[i],
1910 !!values[i], 1910 !!values[i],
1911 policydb.bool_val_to_struct[i]->state, 1911 policydb.bool_val_to_struct[i]->state,
1912 audit_get_loginuid(current)); 1912 audit_get_loginuid(current),
1913 audit_get_sessionid(current));
1913 } 1914 }
1914 if (values[i]) { 1915 if (values[i]) {
1915 policydb.bool_val_to_struct[i]->state = 1; 1916 policydb.bool_val_to_struct[i]->state = 1;
generated by cgit v1.2.2 (git 2.25.0) at 2024-09-22 22:27:09 -0400