diff options
-rw-r--r-- | include/linux/audit.h | 2 | ||||
-rw-r--r-- | kernel/auditsc.c | 74 |
2 files changed, 36 insertions, 40 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h index 36abf2aa7e68..2a5073cf548a 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h | |||
@@ -529,6 +529,7 @@ extern int audit_set_loginuid(uid_t loginuid); | |||
529 | #define audit_get_loginuid(t) ((t)->loginuid) | 529 | #define audit_get_loginuid(t) ((t)->loginuid) |
530 | #define audit_get_sessionid(t) ((t)->sessionid) | 530 | #define audit_get_sessionid(t) ((t)->sessionid) |
531 | extern void audit_log_task_context(struct audit_buffer *ab); | 531 | extern void audit_log_task_context(struct audit_buffer *ab); |
532 | extern void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk); | ||
532 | extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); | 533 | extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); |
533 | extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode); | 534 | extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode); |
534 | extern int __audit_bprm(struct linux_binprm *bprm); | 535 | extern int __audit_bprm(struct linux_binprm *bprm); |
@@ -640,6 +641,7 @@ extern int audit_signals; | |||
640 | #define audit_get_loginuid(t) (-1) | 641 | #define audit_get_loginuid(t) (-1) |
641 | #define audit_get_sessionid(t) (-1) | 642 | #define audit_get_sessionid(t) (-1) |
642 | #define audit_log_task_context(b) do { ; } while (0) | 643 | #define audit_log_task_context(b) do { ; } while (0) |
644 | #define audit_log_task_info(b, t) do { ; } while (0) | ||
643 | #define audit_ipc_obj(i) ((void)0) | 645 | #define audit_ipc_obj(i) ((void)0) |
644 | #define audit_ipc_set_perm(q,u,g,m) ((void)0) | 646 | #define audit_ipc_set_perm(q,u,g,m) ((void)0) |
645 | #define audit_bprm(p) ({ 0; }) | 647 | #define audit_bprm(p) ({ 0; }) |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 4b96415527b8..37f52f27828d 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -1154,13 +1154,38 @@ error_path: | |||
1154 | 1154 | ||
1155 | EXPORT_SYMBOL(audit_log_task_context); | 1155 | EXPORT_SYMBOL(audit_log_task_context); |
1156 | 1156 | ||
1157 | static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) | 1157 | void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) |
1158 | { | 1158 | { |
1159 | const struct cred *cred; | ||
1159 | char name[sizeof(tsk->comm)]; | 1160 | char name[sizeof(tsk->comm)]; |
1160 | struct mm_struct *mm = tsk->mm; | 1161 | struct mm_struct *mm = tsk->mm; |
1161 | struct vm_area_struct *vma; | 1162 | struct vm_area_struct *vma; |
1163 | char *tty; | ||
1164 | |||
1165 | if (!ab) | ||
1166 | return; | ||
1162 | 1167 | ||
1163 | /* tsk == current */ | 1168 | /* tsk == current */ |
1169 | cred = current_cred(); | ||
1170 | |||
1171 | spin_lock_irq(&tsk->sighand->siglock); | ||
1172 | if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name) | ||
1173 | tty = tsk->signal->tty->name; | ||
1174 | else | ||
1175 | tty = "(none)"; | ||
1176 | spin_unlock_irq(&tsk->sighand->siglock); | ||
1177 | |||
1178 | |||
1179 | audit_log_format(ab, | ||
1180 | " ppid=%ld pid=%d auid=%u uid=%u gid=%u" | ||
1181 | " euid=%u suid=%u fsuid=%u" | ||
1182 | " egid=%u sgid=%u fsgid=%u ses=%u tty=%s", | ||
1183 | sys_getppid(), | ||
1184 | tsk->pid, | ||
1185 | tsk->loginuid, cred->uid, cred->gid, | ||
1186 | cred->euid, cred->suid, cred->fsuid, | ||
1187 | cred->egid, cred->sgid, cred->fsgid, | ||
1188 | tsk->sessionid, tty); | ||
1164 | 1189 | ||
1165 | get_task_comm(name, tsk); | 1190 | get_task_comm(name, tsk); |
1166 | audit_log_format(ab, " comm="); | 1191 | audit_log_format(ab, " comm="); |
@@ -1183,6 +1208,8 @@ static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk | |||
1183 | audit_log_task_context(ab); | 1208 | audit_log_task_context(ab); |
1184 | } | 1209 | } |
1185 | 1210 | ||
1211 | EXPORT_SYMBOL(audit_log_task_info); | ||
1212 | |||
1186 | static int audit_log_pid_context(struct audit_context *context, pid_t pid, | 1213 | static int audit_log_pid_context(struct audit_context *context, pid_t pid, |
1187 | uid_t auid, uid_t uid, unsigned int sessionid, | 1214 | uid_t auid, uid_t uid, unsigned int sessionid, |
1188 | u32 sid, char *comm) | 1215 | u32 sid, char *comm) |
@@ -1585,26 +1612,12 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n, | |||
1585 | 1612 | ||
1586 | static void audit_log_exit(struct audit_context *context, struct task_struct *tsk) | 1613 | static void audit_log_exit(struct audit_context *context, struct task_struct *tsk) |
1587 | { | 1614 | { |
1588 | const struct cred *cred; | ||
1589 | int i, call_panic = 0; | 1615 | int i, call_panic = 0; |
1590 | struct audit_buffer *ab; | 1616 | struct audit_buffer *ab; |
1591 | struct audit_aux_data *aux; | 1617 | struct audit_aux_data *aux; |
1592 | const char *tty; | ||
1593 | struct audit_names *n; | 1618 | struct audit_names *n; |
1594 | 1619 | ||
1595 | /* tsk == current */ | 1620 | /* tsk == current */ |
1596 | context->pid = tsk->pid; | ||
1597 | if (!context->ppid) | ||
1598 | context->ppid = sys_getppid(); | ||
1599 | cred = current_cred(); | ||
1600 | context->uid = cred->uid; | ||
1601 | context->gid = cred->gid; | ||
1602 | context->euid = cred->euid; | ||
1603 | context->suid = cred->suid; | ||
1604 | context->fsuid = cred->fsuid; | ||
1605 | context->egid = cred->egid; | ||
1606 | context->sgid = cred->sgid; | ||
1607 | context->fsgid = cred->fsgid; | ||
1608 | context->personality = tsk->personality; | 1621 | context->personality = tsk->personality; |
1609 | 1622 | ||
1610 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL); | 1623 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL); |
@@ -1619,32 +1632,13 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
1619 | (context->return_valid==AUDITSC_SUCCESS)?"yes":"no", | 1632 | (context->return_valid==AUDITSC_SUCCESS)?"yes":"no", |
1620 | context->return_code); | 1633 | context->return_code); |
1621 | 1634 | ||
1622 | spin_lock_irq(&tsk->sighand->siglock); | ||
1623 | if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name) | ||
1624 | tty = tsk->signal->tty->name; | ||
1625 | else | ||
1626 | tty = "(none)"; | ||
1627 | spin_unlock_irq(&tsk->sighand->siglock); | ||
1628 | |||
1629 | audit_log_format(ab, | 1635 | audit_log_format(ab, |
1630 | " a0=%lx a1=%lx a2=%lx a3=%lx items=%d" | 1636 | " a0=%lx a1=%lx a2=%lx a3=%lx items=%d", |
1631 | " ppid=%d pid=%d auid=%u uid=%u gid=%u" | 1637 | context->argv[0], |
1632 | " euid=%u suid=%u fsuid=%u" | 1638 | context->argv[1], |
1633 | " egid=%u sgid=%u fsgid=%u tty=%s ses=%u", | 1639 | context->argv[2], |
1634 | context->argv[0], | 1640 | context->argv[3], |
1635 | context->argv[1], | 1641 | context->name_count); |
1636 | context->argv[2], | ||
1637 | context->argv[3], | ||
1638 | context->name_count, | ||
1639 | context->ppid, | ||
1640 | context->pid, | ||
1641 | tsk->loginuid, | ||
1642 | context->uid, | ||
1643 | context->gid, | ||
1644 | context->euid, context->suid, context->fsuid, | ||
1645 | context->egid, context->sgid, context->fsgid, tty, | ||
1646 | tsk->sessionid); | ||
1647 | |||
1648 | 1642 | ||
1649 | audit_log_task_info(ab, tsk); | 1643 | audit_log_task_info(ab, tsk); |
1650 | audit_log_key(ab, context->filterkey); | 1644 | audit_log_key(ab, context->filterkey); |