aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/audit.h2
-rw-r--r--kernel/auditsc.c74
2 files changed, 36 insertions, 40 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 36abf2aa7e68..2a5073cf548a 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -529,6 +529,7 @@ extern int audit_set_loginuid(uid_t loginuid);
529#define audit_get_loginuid(t) ((t)->loginuid) 529#define audit_get_loginuid(t) ((t)->loginuid)
530#define audit_get_sessionid(t) ((t)->sessionid) 530#define audit_get_sessionid(t) ((t)->sessionid)
531extern void audit_log_task_context(struct audit_buffer *ab); 531extern void audit_log_task_context(struct audit_buffer *ab);
532extern void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk);
532extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); 533extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
533extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode); 534extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
534extern int __audit_bprm(struct linux_binprm *bprm); 535extern int __audit_bprm(struct linux_binprm *bprm);
@@ -640,6 +641,7 @@ extern int audit_signals;
640#define audit_get_loginuid(t) (-1) 641#define audit_get_loginuid(t) (-1)
641#define audit_get_sessionid(t) (-1) 642#define audit_get_sessionid(t) (-1)
642#define audit_log_task_context(b) do { ; } while (0) 643#define audit_log_task_context(b) do { ; } while (0)
644#define audit_log_task_info(b, t) do { ; } while (0)
643#define audit_ipc_obj(i) ((void)0) 645#define audit_ipc_obj(i) ((void)0)
644#define audit_ipc_set_perm(q,u,g,m) ((void)0) 646#define audit_ipc_set_perm(q,u,g,m) ((void)0)
645#define audit_bprm(p) ({ 0; }) 647#define audit_bprm(p) ({ 0; })
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 4b96415527b8..37f52f27828d 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1154,13 +1154,38 @@ error_path:
1154 1154
1155EXPORT_SYMBOL(audit_log_task_context); 1155EXPORT_SYMBOL(audit_log_task_context);
1156 1156
1157static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) 1157void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
1158{ 1158{
1159 const struct cred *cred;
1159 char name[sizeof(tsk->comm)]; 1160 char name[sizeof(tsk->comm)];
1160 struct mm_struct *mm = tsk->mm; 1161 struct mm_struct *mm = tsk->mm;
1161 struct vm_area_struct *vma; 1162 struct vm_area_struct *vma;
1163 char *tty;
1164
1165 if (!ab)
1166 return;
1162 1167
1163 /* tsk == current */ 1168 /* tsk == current */
1169 cred = current_cred();
1170
1171 spin_lock_irq(&tsk->sighand->siglock);
1172 if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
1173 tty = tsk->signal->tty->name;
1174 else
1175 tty = "(none)";
1176 spin_unlock_irq(&tsk->sighand->siglock);
1177
1178
1179 audit_log_format(ab,
1180 " ppid=%ld pid=%d auid=%u uid=%u gid=%u"
1181 " euid=%u suid=%u fsuid=%u"
1182 " egid=%u sgid=%u fsgid=%u ses=%u tty=%s",
1183 sys_getppid(),
1184 tsk->pid,
1185 tsk->loginuid, cred->uid, cred->gid,
1186 cred->euid, cred->suid, cred->fsuid,
1187 cred->egid, cred->sgid, cred->fsgid,
1188 tsk->sessionid, tty);
1164 1189
1165 get_task_comm(name, tsk); 1190 get_task_comm(name, tsk);
1166 audit_log_format(ab, " comm="); 1191 audit_log_format(ab, " comm=");
@@ -1183,6 +1208,8 @@ static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk
1183 audit_log_task_context(ab); 1208 audit_log_task_context(ab);
1184} 1209}
1185 1210
1211EXPORT_SYMBOL(audit_log_task_info);
1212
1186static int audit_log_pid_context(struct audit_context *context, pid_t pid, 1213static int audit_log_pid_context(struct audit_context *context, pid_t pid,
1187 uid_t auid, uid_t uid, unsigned int sessionid, 1214 uid_t auid, uid_t uid, unsigned int sessionid,
1188 u32 sid, char *comm) 1215 u32 sid, char *comm)
@@ -1585,26 +1612,12 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
1585 1612
1586static void audit_log_exit(struct audit_context *context, struct task_struct *tsk) 1613static void audit_log_exit(struct audit_context *context, struct task_struct *tsk)
1587{ 1614{
1588 const struct cred *cred;
1589 int i, call_panic = 0; 1615 int i, call_panic = 0;
1590 struct audit_buffer *ab; 1616 struct audit_buffer *ab;
1591 struct audit_aux_data *aux; 1617 struct audit_aux_data *aux;
1592 const char *tty;
1593 struct audit_names *n; 1618 struct audit_names *n;
1594 1619
1595 /* tsk == current */ 1620 /* tsk == current */
1596 context->pid = tsk->pid;
1597 if (!context->ppid)
1598 context->ppid = sys_getppid();
1599 cred = current_cred();
1600 context->uid = cred->uid;
1601 context->gid = cred->gid;
1602 context->euid = cred->euid;
1603 context->suid = cred->suid;
1604 context->fsuid = cred->fsuid;
1605 context->egid = cred->egid;
1606 context->sgid = cred->sgid;
1607 context->fsgid = cred->fsgid;
1608 context->personality = tsk->personality; 1621 context->personality = tsk->personality;
1609 1622
1610 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL); 1623 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL);
@@ -1619,32 +1632,13 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
1619 (context->return_valid==AUDITSC_SUCCESS)?"yes":"no", 1632 (context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
1620 context->return_code); 1633 context->return_code);
1621 1634
1622 spin_lock_irq(&tsk->sighand->siglock);
1623 if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
1624 tty = tsk->signal->tty->name;
1625 else
1626 tty = "(none)";
1627 spin_unlock_irq(&tsk->sighand->siglock);
1628
1629 audit_log_format(ab, 1635 audit_log_format(ab,
1630 " a0=%lx a1=%lx a2=%lx a3=%lx items=%d" 1636 " a0=%lx a1=%lx a2=%lx a3=%lx items=%d",
1631 " ppid=%d pid=%d auid=%u uid=%u gid=%u" 1637 context->argv[0],
1632 " euid=%u suid=%u fsuid=%u" 1638 context->argv[1],
1633 " egid=%u sgid=%u fsgid=%u tty=%s ses=%u", 1639 context->argv[2],
1634 context->argv[0], 1640 context->argv[3],
1635 context->argv[1], 1641 context->name_count);
1636 context->argv[2],
1637 context->argv[3],
1638 context->name_count,
1639 context->ppid,
1640 context->pid,
1641 tsk->loginuid,
1642 context->uid,
1643 context->gid,
1644 context->euid, context->suid, context->fsuid,
1645 context->egid, context->sgid, context->fsgid, tty,
1646 tsk->sessionid);
1647
1648 1642
1649 audit_log_task_info(ab, tsk); 1643 audit_log_task_info(ab, tsk);
1650 audit_log_key(ab, context->filterkey); 1644 audit_log_key(ab, context->filterkey);