aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/audit.c
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/audit.c')
-rw-r--r--kernel/audit.c34
1 files changed, 19 insertions, 15 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index 7dfac7031bd7..f9889ee77825 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -244,7 +244,7 @@ static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sid)
244 char *ctx = NULL; 244 char *ctx = NULL;
245 u32 len; 245 u32 len;
246 int rc; 246 int rc;
247 if ((rc = selinux_ctxid_to_string(sid, &ctx, &len))) 247 if ((rc = selinux_sid_to_string(sid, &ctx, &len)))
248 return rc; 248 return rc;
249 else 249 else
250 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, 250 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
@@ -267,7 +267,7 @@ static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid)
267 char *ctx = NULL; 267 char *ctx = NULL;
268 u32 len; 268 u32 len;
269 int rc; 269 int rc;
270 if ((rc = selinux_ctxid_to_string(sid, &ctx, &len))) 270 if ((rc = selinux_sid_to_string(sid, &ctx, &len)))
271 return rc; 271 return rc;
272 else 272 else
273 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, 273 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
@@ -293,7 +293,7 @@ static int audit_set_enabled(int state, uid_t loginuid, u32 sid)
293 char *ctx = NULL; 293 char *ctx = NULL;
294 u32 len; 294 u32 len;
295 int rc; 295 int rc;
296 if ((rc = selinux_ctxid_to_string(sid, &ctx, &len))) 296 if ((rc = selinux_sid_to_string(sid, &ctx, &len)))
297 return rc; 297 return rc;
298 else 298 else
299 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, 299 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
@@ -321,7 +321,7 @@ static int audit_set_failure(int state, uid_t loginuid, u32 sid)
321 char *ctx = NULL; 321 char *ctx = NULL;
322 u32 len; 322 u32 len;
323 int rc; 323 int rc;
324 if ((rc = selinux_ctxid_to_string(sid, &ctx, &len))) 324 if ((rc = selinux_sid_to_string(sid, &ctx, &len)))
325 return rc; 325 return rc;
326 else 326 else
327 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE, 327 audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
@@ -445,7 +445,7 @@ void audit_send_reply(int pid, int seq, int type, int done, int multi,
445 * Check for appropriate CAP_AUDIT_ capabilities on incoming audit 445 * Check for appropriate CAP_AUDIT_ capabilities on incoming audit
446 * control messages. 446 * control messages.
447 */ 447 */
448static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type) 448static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
449{ 449{
450 int err = 0; 450 int err = 0;
451 451
@@ -459,13 +459,13 @@ static int audit_netlink_ok(kernel_cap_t eff_cap, u16 msg_type)
459 case AUDIT_DEL: 459 case AUDIT_DEL:
460 case AUDIT_DEL_RULE: 460 case AUDIT_DEL_RULE:
461 case AUDIT_SIGNAL_INFO: 461 case AUDIT_SIGNAL_INFO:
462 if (!cap_raised(eff_cap, CAP_AUDIT_CONTROL)) 462 if (security_netlink_recv(skb, CAP_AUDIT_CONTROL))
463 err = -EPERM; 463 err = -EPERM;
464 break; 464 break;
465 case AUDIT_USER: 465 case AUDIT_USER:
466 case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: 466 case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG:
467 case AUDIT_FIRST_USER_MSG2...AUDIT_LAST_USER_MSG2: 467 case AUDIT_FIRST_USER_MSG2...AUDIT_LAST_USER_MSG2:
468 if (!cap_raised(eff_cap, CAP_AUDIT_WRITE)) 468 if (security_netlink_recv(skb, CAP_AUDIT_WRITE))
469 err = -EPERM; 469 err = -EPERM;
470 break; 470 break;
471 default: /* bad msg */ 471 default: /* bad msg */
@@ -488,7 +488,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
488 char *ctx; 488 char *ctx;
489 u32 len; 489 u32 len;
490 490
491 err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type); 491 err = audit_netlink_ok(skb, msg_type);
492 if (err) 492 if (err)
493 return err; 493 return err;
494 494
@@ -538,7 +538,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
538 if (status_get->mask & AUDIT_STATUS_PID) { 538 if (status_get->mask & AUDIT_STATUS_PID) {
539 int old = audit_pid; 539 int old = audit_pid;
540 if (sid) { 540 if (sid) {
541 if ((err = selinux_ctxid_to_string( 541 if ((err = selinux_sid_to_string(
542 sid, &ctx, &len))) 542 sid, &ctx, &len)))
543 return err; 543 return err;
544 else 544 else
@@ -576,7 +576,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
576 "user pid=%d uid=%u auid=%u", 576 "user pid=%d uid=%u auid=%u",
577 pid, uid, loginuid); 577 pid, uid, loginuid);
578 if (sid) { 578 if (sid) {
579 if (selinux_ctxid_to_string( 579 if (selinux_sid_to_string(
580 sid, &ctx, &len)) { 580 sid, &ctx, &len)) {
581 audit_log_format(ab, 581 audit_log_format(ab,
582 " ssid=%u", sid); 582 " ssid=%u", sid);
@@ -614,7 +614,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
614 loginuid, sid); 614 loginuid, sid);
615 break; 615 break;
616 case AUDIT_SIGNAL_INFO: 616 case AUDIT_SIGNAL_INFO:
617 err = selinux_ctxid_to_string(audit_sig_sid, &ctx, &len); 617 err = selinux_sid_to_string(audit_sig_sid, &ctx, &len);
618 if (err) 618 if (err)
619 return err; 619 return err;
620 sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL); 620 sig_data = kmalloc(sizeof(*sig_data) + len, GFP_KERNEL);
@@ -690,9 +690,7 @@ static const struct inotify_operations audit_inotify_ops = {
690/* Initialize audit support at boot time. */ 690/* Initialize audit support at boot time. */
691static int __init audit_init(void) 691static int __init audit_init(void)
692{ 692{
693#ifdef CONFIG_AUDITSYSCALL
694 int i; 693 int i;
695#endif
696 694
697 printk(KERN_INFO "audit: initializing netlink socket (%s)\n", 695 printk(KERN_INFO "audit: initializing netlink socket (%s)\n",
698 audit_default ? "enabled" : "disabled"); 696 audit_default ? "enabled" : "disabled");
@@ -717,10 +715,10 @@ static int __init audit_init(void)
717 audit_ih = inotify_init(&audit_inotify_ops); 715 audit_ih = inotify_init(&audit_inotify_ops);
718 if (IS_ERR(audit_ih)) 716 if (IS_ERR(audit_ih))
719 audit_panic("cannot initialize inotify handle"); 717 audit_panic("cannot initialize inotify handle");
718#endif
720 719
721 for (i = 0; i < AUDIT_INODE_BUCKETS; i++) 720 for (i = 0; i < AUDIT_INODE_BUCKETS; i++)
722 INIT_LIST_HEAD(&audit_inode_hash[i]); 721 INIT_LIST_HEAD(&audit_inode_hash[i]);
723#endif
724 722
725 return 0; 723 return 0;
726} 724}
@@ -818,7 +816,7 @@ err:
818 */ 816 */
819unsigned int audit_serial(void) 817unsigned int audit_serial(void)
820{ 818{
821 static spinlock_t serial_lock = SPIN_LOCK_UNLOCKED; 819 static DEFINE_SPINLOCK(serial_lock);
822 static unsigned int serial = 0; 820 static unsigned int serial = 0;
823 821
824 unsigned long flags; 822 unsigned long flags;
@@ -1030,6 +1028,9 @@ void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf,
1030 struct sk_buff *skb; 1028 struct sk_buff *skb;
1031 static const unsigned char *hex = "0123456789ABCDEF"; 1029 static const unsigned char *hex = "0123456789ABCDEF";
1032 1030
1031 if (!ab)
1032 return;
1033
1033 BUG_ON(!ab->skb); 1034 BUG_ON(!ab->skb);
1034 skb = ab->skb; 1035 skb = ab->skb;
1035 avail = skb_tailroom(skb); 1036 avail = skb_tailroom(skb);
@@ -1062,6 +1063,9 @@ static void audit_log_n_string(struct audit_buffer *ab, size_t slen,
1062 unsigned char *ptr; 1063 unsigned char *ptr;
1063 struct sk_buff *skb; 1064 struct sk_buff *skb;
1064 1065
1066 if (!ab)
1067 return;
1068
1065 BUG_ON(!ab->skb); 1069 BUG_ON(!ab->skb);
1066 skb = ab->skb; 1070 skb = ab->skb;
1067 avail = skb_tailroom(skb); 1071 avail = skb_tailroom(skb);
generated by cgit v1.2.2 (git 2.25.0) at 2025-11-06 02:22:59 -0500