1 files changed, 66 insertions, 42 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 8f0672d13eb1..67e5dbfc2961 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -99,6 +99,8 @@
 #define AUDIT_OBJ_PID           1318    /* ptrace target */
 #define AUDIT_TTY               1319    /* Input on an administrative TTY */
 #define AUDIT_EOE               1320    /* End of multi-record event */
+#define AUDIT_BPRM_FCAPS        1321    /* Information about fcaps increasing perms */
+#define AUDIT_CAPSET            1322    /* Record showing argument to sys_capset */
 #define AUDIT_AVC               1400    /* SE Linux avc denial or grant */
 #define AUDIT_SELINUX_ERR       1401    /* Internal SE Linux Errors */
@@ -245,6 +247,18 @@
 #define AUDIT_GREATER_THAN_OR_EQUAL     (AUDIT_GREATER_THAN|AUDIT_EQUAL)
 #define AUDIT_OPERATORS                 (AUDIT_EQUAL|AUDIT_NOT_EQUAL|AUDIT_BIT_MASK)
+enum {
+        Audit_equal,
+        Audit_not_equal,
+        Audit_bitmask,
+        Audit_bittest,
+        Audit_lt,
+        Audit_gt,
+        Audit_le,
+        Audit_ge,
+        Audit_bad
+};
 /* Status symbols */
                                /* Mask values */
 #define AUDIT_STATUS_ENABLED            0x0001
@@ -371,6 +385,8 @@ struct audit_krule {
        struct audit_watch      *watch; /* associated watch */
        struct audit_tree       *tree;  /* associated watched tree */
        struct list_head        rlist;  /* entry in audit_{watch,tree}.rules list */
+        struct list_head        list;   /* for AUDIT_LIST* purposes only */
+        u64                     prio;
 };
 struct audit_field {
@@ -441,67 +457,74 @@ extern int  audit_set_loginuid(struct task_struct *task, uid_t loginuid);
 #define audit_get_loginuid(t) ((t)->loginuid)
 #define audit_get_sessionid(t) ((t)->sessionid)
 extern void audit_log_task_context(struct audit_buffer *ab);
-extern int __audit_ipc_obj(struct kern_ipc_perm *ipcp);
+extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
-extern int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode);
+extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode);
 extern int audit_bprm(struct linux_binprm *bprm);
-extern int audit_socketcall(int nargs, unsigned long *args);
+extern void audit_socketcall(int nargs, unsigned long *args);
 extern int audit_sockaddr(int len, void *addr);
-extern int __audit_fd_pair(int fd1, int fd2);
+extern void __audit_fd_pair(int fd1, int fd2);
 extern int audit_set_macxattr(const char *name);
-extern int __audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr);
+extern void __audit_mq_open(int oflag, mode_t mode, struct mq_attr *attr);
-extern int __audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout);
+extern void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec *abs_timeout);
-extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout);
+extern void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification);
-extern int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification);
+extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat);
-extern int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat);
+extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
+                                  const struct cred *new,
-static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp)
+                                  const struct cred *old);
+extern void __audit_log_capset(pid_t pid, const struct cred *new, const struct cred *old);
+static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
 {
        if (unlikely(!audit_dummy_context()))
-                return __audit_ipc_obj(ipcp);
+                __audit_ipc_obj(ipcp);
-        return 0;
 }
-static inline int audit_fd_pair(int fd1, int fd2)
+static inline void audit_fd_pair(int fd1, int fd2)
 {
        if (unlikely(!audit_dummy_context()))
-                return __audit_fd_pair(fd1, fd2);
+                __audit_fd_pair(fd1, fd2);
-        return 0;
 }
-static inline int audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode)
+static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode)
 {
        if (unlikely(!audit_dummy_context()))
-                return __audit_ipc_set_perm(qbytes, uid, gid, mode);
+                __audit_ipc_set_perm(qbytes, uid, gid, mode);
-        return 0;
 }
-static inline int audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr)
+static inline void audit_mq_open(int oflag, mode_t mode, struct mq_attr *attr)
 {
        if (unlikely(!audit_dummy_context()))
-                return __audit_mq_open(oflag, mode, u_attr);
+                __audit_mq_open(oflag, mode, attr);
-        return 0;
 }
-static inline int audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout)
+static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec *abs_timeout)
 {
        if (unlikely(!audit_dummy_context()))
-                return __audit_mq_timedsend(mqdes, msg_len, msg_prio, u_abs_timeout);
+                __audit_mq_sendrecv(mqdes, msg_len, msg_prio, abs_timeout);
-        return 0;
 }
-static inline int audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout)
+static inline void audit_mq_notify(mqd_t mqdes, const struct sigevent *notification)
 {
        if (unlikely(!audit_dummy_context()))
-                return __audit_mq_timedreceive(mqdes, msg_len, u_msg_prio, u_abs_timeout);
+                __audit_mq_notify(mqdes, notification);
-        return 0;
 }
-static inline int audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification)
+static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
 {
        if (unlikely(!audit_dummy_context()))
-                return __audit_mq_notify(mqdes, u_notification);
+                __audit_mq_getsetattr(mqdes, mqstat);
-        return 0;
 }
-static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
+static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm,
+                                       const struct cred *new,
+                                       const struct cred *old)
 {
        if (unlikely(!audit_dummy_context()))
-                return __audit_mq_getsetattr(mqdes, mqstat);
+                return __audit_log_bprm_fcaps(bprm, new, old);
        return 0;
 }
+static inline void audit_log_capset(pid_t pid, const struct cred *new,
+                                   const struct cred *old)
+{
+        if (unlikely(!audit_dummy_context()))
+                __audit_log_capset(pid, new, old);
+}
 extern int audit_n_rules;
 extern int audit_signals;
 #else
@@ -522,18 +545,19 @@ extern int audit_signals;
 #define audit_get_loginuid(t) (-1)
 #define audit_get_sessionid(t) (-1)
 #define audit_log_task_context(b) do { ; } while (0)
-#define audit_ipc_obj(i) ({ 0; })
+#define audit_ipc_obj(i) ((void)0)
-#define audit_ipc_set_perm(q,u,g,m) ({ 0; })
+#define audit_ipc_set_perm(q,u,g,m) ((void)0)
 #define audit_bprm(p) ({ 0; })
-#define audit_socketcall(n,a) ({ 0; })
+#define audit_socketcall(n,a) ((void)0)
-#define audit_fd_pair(n,a) ({ 0; })
+#define audit_fd_pair(n,a) ((void)0)
 #define audit_sockaddr(len, addr) ({ 0; })
 #define audit_set_macxattr(n) do { ; } while (0)
-#define audit_mq_open(o,m,a) ({ 0; })
+#define audit_mq_open(o,m,a) ((void)0)
-#define audit_mq_timedsend(d,l,p,t) ({ 0; })
+#define audit_mq_sendrecv(d,l,p,t) ((void)0)
-#define audit_mq_timedreceive(d,l,p,t) ({ 0; })
+#define audit_mq_notify(d,n) ((void)0)
-#define audit_mq_notify(d,n) ({ 0; })
+#define audit_mq_getsetattr(d,s) ((void)0)
-#define audit_mq_getsetattr(d,s) ({ 0; })
+#define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; })
+#define audit_log_capset(pid, ncr, ocr) ((void)0)
 #define audit_ptrace(t) ((void)0)
 #define audit_n_rules 0
 #define audit_signals 0

diff --git a/include/linux/audit.h b/include/linux/audit.h index 8f0672d13eb1..67e5dbfc2961 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h
@@ -99,6 +99,8 @@
99	#define AUDIT_OBJ_PID 1318 /* ptrace target */	99	#define AUDIT_OBJ_PID 1318 /* ptrace target */
100	#define AUDIT_TTY 1319 /* Input on an administrative TTY */	100	#define AUDIT_TTY 1319 /* Input on an administrative TTY */
101	#define AUDIT_EOE 1320 /* End of multi-record event */	101	#define AUDIT_EOE 1320 /* End of multi-record event */
		102	#define AUDIT_BPRM_FCAPS 1321 /* Information about fcaps increasing perms */
		103	#define AUDIT_CAPSET 1322 /* Record showing argument to sys_capset */
102		104
103	#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */	105	#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
104	#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */	106	#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
@@ -245,6 +247,18 @@
245	#define AUDIT_GREATER_THAN_OR_EQUAL (AUDIT_GREATER_THAN\|AUDIT_EQUAL)	247	#define AUDIT_GREATER_THAN_OR_EQUAL (AUDIT_GREATER_THAN\|AUDIT_EQUAL)
246	#define AUDIT_OPERATORS (AUDIT_EQUAL\|AUDIT_NOT_EQUAL\|AUDIT_BIT_MASK)	248	#define AUDIT_OPERATORS (AUDIT_EQUAL\|AUDIT_NOT_EQUAL\|AUDIT_BIT_MASK)
247		249
		250	enum {
		251	Audit_equal,
		252	Audit_not_equal,
		253	Audit_bitmask,
		254	Audit_bittest,
		255	Audit_lt,
		256	Audit_gt,
		257	Audit_le,
		258	Audit_ge,
		259	Audit_bad
		260	};
		261
248	/* Status symbols */	262	/* Status symbols */
249	/* Mask values */	263	/* Mask values */
250	#define AUDIT_STATUS_ENABLED 0x0001	264	#define AUDIT_STATUS_ENABLED 0x0001
@@ -371,6 +385,8 @@ struct audit_krule {
371	struct audit_watch watch; / associated watch */	385	struct audit_watch watch; / associated watch */
372	struct audit_tree tree; / associated watched tree */	386	struct audit_tree tree; / associated watched tree */
373	struct list_head rlist; /* entry in audit_{watch,tree}.rules list */	387	struct list_head rlist; /* entry in audit_{watch,tree}.rules list */
		388	struct list_head list; /* for AUDIT_LIST* purposes only */
		389	u64 prio;
374	};	390	};
375		391
376	struct audit_field {	392	struct audit_field {
@@ -441,67 +457,74 @@ extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid);
441	#define audit_get_loginuid(t) ((t)->loginuid)	457	#define audit_get_loginuid(t) ((t)->loginuid)
442	#define audit_get_sessionid(t) ((t)->sessionid)	458	#define audit_get_sessionid(t) ((t)->sessionid)
443	extern void audit_log_task_context(struct audit_buffer *ab);	459	extern void audit_log_task_context(struct audit_buffer *ab);
444	extern int __audit_ipc_obj(struct kern_ipc_perm *ipcp);	460	extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
445	extern int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode);	461	extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode);
446	extern int audit_bprm(struct linux_binprm *bprm);	462	extern int audit_bprm(struct linux_binprm *bprm);
447	extern int audit_socketcall(int nargs, unsigned long *args);	463	extern void audit_socketcall(int nargs, unsigned long *args);
448	extern int audit_sockaddr(int len, void *addr);	464	extern int audit_sockaddr(int len, void *addr);
449	extern int __audit_fd_pair(int fd1, int fd2);	465	extern void __audit_fd_pair(int fd1, int fd2);
450	extern int audit_set_macxattr(const char *name);	466	extern int audit_set_macxattr(const char *name);
451	extern int __audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr);	467	extern void __audit_mq_open(int oflag, mode_t mode, struct mq_attr *attr);
452	extern int __audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout);	468	extern void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec *abs_timeout);
453	extern int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user u_msg_prio, const struct timespec __user u_abs_timeout);	469	extern void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification);
454	extern int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification);	470	extern void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat);
455	extern int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat);	471	extern int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
456		472	const struct cred *new,
457	static inline int audit_ipc_obj(struct kern_ipc_perm *ipcp)	473	const struct cred *old);
		474	extern void __audit_log_capset(pid_t pid, const struct cred new, const struct cred old);
		475
		476	static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)
458	{	477	{
459	if (unlikely(!audit_dummy_context()))	478	if (unlikely(!audit_dummy_context()))
460	return __audit_ipc_obj(ipcp);	479	__audit_ipc_obj(ipcp);
461	return 0;
462	}	480	}
463	static inline int audit_fd_pair(int fd1, int fd2)	481	static inline void audit_fd_pair(int fd1, int fd2)
464	{	482	{
465	if (unlikely(!audit_dummy_context()))	483	if (unlikely(!audit_dummy_context()))
466	return __audit_fd_pair(fd1, fd2);	484	__audit_fd_pair(fd1, fd2);
467	return 0;
468	}	485	}
469	static inline int audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode)	486	static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode)
470	{	487	{
471	if (unlikely(!audit_dummy_context()))	488	if (unlikely(!audit_dummy_context()))
472	return __audit_ipc_set_perm(qbytes, uid, gid, mode);	489	__audit_ipc_set_perm(qbytes, uid, gid, mode);
473	return 0;
474	}	490	}
475	static inline int audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr)	491	static inline void audit_mq_open(int oflag, mode_t mode, struct mq_attr *attr)
476	{	492	{
477	if (unlikely(!audit_dummy_context()))	493	if (unlikely(!audit_dummy_context()))
478	return __audit_mq_open(oflag, mode, u_attr);	494	__audit_mq_open(oflag, mode, attr);
479	return 0;
480	}	495	}
481	static inline int audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout)	496	static inline void audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec *abs_timeout)
482	{	497	{
483	if (unlikely(!audit_dummy_context()))	498	if (unlikely(!audit_dummy_context()))
484	return __audit_mq_timedsend(mqdes, msg_len, msg_prio, u_abs_timeout);	499	__audit_mq_sendrecv(mqdes, msg_len, msg_prio, abs_timeout);
485	return 0;
486	}	500	}
487	static inline int audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user u_msg_prio, const struct timespec __user u_abs_timeout)	501	static inline void audit_mq_notify(mqd_t mqdes, const struct sigevent *notification)
488	{	502	{
489	if (unlikely(!audit_dummy_context()))	503	if (unlikely(!audit_dummy_context()))
490	return __audit_mq_timedreceive(mqdes, msg_len, u_msg_prio, u_abs_timeout);	504	__audit_mq_notify(mqdes, notification);
491	return 0;
492	}	505	}
493	static inline int audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification)	506	static inline void audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
494	{	507	{
495	if (unlikely(!audit_dummy_context()))	508	if (unlikely(!audit_dummy_context()))
496	return __audit_mq_notify(mqdes, u_notification);	509	__audit_mq_getsetattr(mqdes, mqstat);
497	return 0;
498	}	510	}
499	static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)	511
		512	static inline int audit_log_bprm_fcaps(struct linux_binprm *bprm,
		513	const struct cred *new,
		514	const struct cred *old)
500	{	515	{
501	if (unlikely(!audit_dummy_context()))	516	if (unlikely(!audit_dummy_context()))
502	return __audit_mq_getsetattr(mqdes, mqstat);	517	return __audit_log_bprm_fcaps(bprm, new, old);
503	return 0;	518	return 0;
504	}	519	}
		520
		521	static inline void audit_log_capset(pid_t pid, const struct cred *new,
		522	const struct cred *old)
		523	{
		524	if (unlikely(!audit_dummy_context()))
		525	__audit_log_capset(pid, new, old);
		526	}
		527
505	extern int audit_n_rules;	528	extern int audit_n_rules;
506	extern int audit_signals;	529	extern int audit_signals;
507	#else	530	#else
@@ -522,18 +545,19 @@ extern int audit_signals;
522	#define audit_get_loginuid(t) (-1)	545	#define audit_get_loginuid(t) (-1)
523	#define audit_get_sessionid(t) (-1)	546	#define audit_get_sessionid(t) (-1)
524	#define audit_log_task_context(b) do { ; } while (0)	547	#define audit_log_task_context(b) do { ; } while (0)
525	#define audit_ipc_obj(i) ({ 0; })	548	#define audit_ipc_obj(i) ((void)0)
526	#define audit_ipc_set_perm(q,u,g,m) ({ 0; })	549	#define audit_ipc_set_perm(q,u,g,m) ((void)0)
527	#define audit_bprm(p) ({ 0; })	550	#define audit_bprm(p) ({ 0; })
528	#define audit_socketcall(n,a) ({ 0; })	551	#define audit_socketcall(n,a) ((void)0)
529	#define audit_fd_pair(n,a) ({ 0; })	552	#define audit_fd_pair(n,a) ((void)0)
530	#define audit_sockaddr(len, addr) ({ 0; })	553	#define audit_sockaddr(len, addr) ({ 0; })
531	#define audit_set_macxattr(n) do { ; } while (0)	554	#define audit_set_macxattr(n) do { ; } while (0)
532	#define audit_mq_open(o,m,a) ({ 0; })	555	#define audit_mq_open(o,m,a) ((void)0)
533	#define audit_mq_timedsend(d,l,p,t) ({ 0; })	556	#define audit_mq_sendrecv(d,l,p,t) ((void)0)
534	#define audit_mq_timedreceive(d,l,p,t) ({ 0; })	557	#define audit_mq_notify(d,n) ((void)0)
535	#define audit_mq_notify(d,n) ({ 0; })	558	#define audit_mq_getsetattr(d,s) ((void)0)
536	#define audit_mq_getsetattr(d,s) ({ 0; })	559	#define audit_log_bprm_fcaps(b, ncr, ocr) ({ 0; })
		560	#define audit_log_capset(pid, ncr, ocr) ((void)0)
537	#define audit_ptrace(t) ((void)0)	561	#define audit_ptrace(t) ((void)0)
538	#define audit_n_rules 0	562	#define audit_n_rules 0
539	#define audit_signals 0	563	#define audit_signals 0