aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/audit.c
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/audit.c')
-rw-r--r--kernel/audit.c48
1 files changed, 15 insertions, 33 deletions
diff --git a/kernel/audit.c b/kernel/audit.c
index c18b769e23a2..060b554f481e 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -140,18 +140,6 @@ struct audit_buffer {
140 struct audit_context *ctx; /* NULL or associated context */ 140 struct audit_context *ctx; /* NULL or associated context */
141}; 141};
142 142
143void audit_set_type(struct audit_buffer *ab, int type)
144{
145 struct nlmsghdr *nlh = (struct nlmsghdr *)ab->skb->data;
146 nlh->nlmsg_type = type;
147}
148
149static void audit_set_pid(struct audit_buffer *ab, pid_t pid)
150{
151 struct nlmsghdr *nlh = (struct nlmsghdr *)ab->skb->data;
152 nlh->nlmsg_pid = pid;
153}
154
155struct audit_entry { 143struct audit_entry {
156 struct list_head list; 144 struct list_head list;
157 struct audit_rule rule; 145 struct audit_rule rule;
@@ -344,7 +332,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
344 void *data; 332 void *data;
345 struct audit_status *status_get, status_set; 333 struct audit_status *status_get, status_set;
346 int err; 334 int err;
347 struct audit_buffer *ab;
348 u16 msg_type = nlh->nlmsg_type; 335 u16 msg_type = nlh->nlmsg_type;
349 uid_t loginuid; /* loginuid of sender */ 336 uid_t loginuid; /* loginuid of sender */
350 struct audit_sig_info sig_data; 337 struct audit_sig_info sig_data;
@@ -396,19 +383,13 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
396 loginuid); 383 loginuid);
397 break; 384 break;
398 case AUDIT_USER: 385 case AUDIT_USER:
399 ab = audit_log_start(NULL); 386 audit_log_type(NULL, AUDIT_USER, pid,
400 if (!ab)
401 break; /* audit_panic has been called */
402 audit_log_format(ab,
403 "user pid=%d uid=%d length=%d loginuid=%u" 387 "user pid=%d uid=%d length=%d loginuid=%u"
404 " msg='%.1024s'", 388 " msg='%.1024s'",
405 pid, uid, 389 pid, uid,
406 (int)(nlh->nlmsg_len 390 (int)(nlh->nlmsg_len
407 - ((char *)data - (char *)nlh)), 391 - ((char *)data - (char *)nlh)),
408 loginuid, (char *)data); 392 loginuid, (char *)data);
409 audit_set_type(ab, AUDIT_USER);
410 audit_set_pid(ab, pid);
411 audit_log_end(ab);
412 break; 393 break;
413 case AUDIT_ADD: 394 case AUDIT_ADD:
414 case AUDIT_DEL: 395 case AUDIT_DEL:
@@ -560,12 +541,10 @@ static void audit_buffer_free(struct audit_buffer *ab)
560 spin_unlock_irqrestore(&audit_freelist_lock, flags); 541 spin_unlock_irqrestore(&audit_freelist_lock, flags);
561} 542}
562 543
563static struct audit_buffer * audit_buffer_alloc(struct audit_context *ctx, 544static struct audit_buffer * audit_buffer_alloc(int gfp_mask)
564 int gfp_mask)
565{ 545{
566 unsigned long flags; 546 unsigned long flags;
567 struct audit_buffer *ab = NULL; 547 struct audit_buffer *ab = NULL;
568 struct nlmsghdr *nlh;
569 548
570 spin_lock_irqsave(&audit_freelist_lock, flags); 549 spin_lock_irqsave(&audit_freelist_lock, flags);
571 if (!list_empty(&audit_freelist)) { 550 if (!list_empty(&audit_freelist)) {
@@ -587,12 +566,6 @@ static struct audit_buffer * audit_buffer_alloc(struct audit_context *ctx,
587 if (!ab->skb) 566 if (!ab->skb)
588 goto err; 567 goto err;
589 568
590 ab->ctx = ctx;
591 nlh = (struct nlmsghdr *)skb_put(ab->skb, NLMSG_SPACE(0));
592 nlh->nlmsg_type = AUDIT_KERNEL;
593 nlh->nlmsg_flags = 0;
594 nlh->nlmsg_pid = 0;
595 nlh->nlmsg_seq = 0;
596 return ab; 569 return ab;
597err: 570err:
598 audit_buffer_free(ab); 571 audit_buffer_free(ab);
@@ -605,11 +578,12 @@ err:
605 * syscall, then the syscall is marked as auditable and an audit record 578 * syscall, then the syscall is marked as auditable and an audit record
606 * will be written at syscall exit. If there is no associated task, tsk 579 * will be written at syscall exit. If there is no associated task, tsk
607 * should be NULL. */ 580 * should be NULL. */
608struct audit_buffer *audit_log_start(struct audit_context *ctx) 581struct audit_buffer *audit_log_start(struct audit_context *ctx, int type, int pid)
609{ 582{
610 struct audit_buffer *ab = NULL; 583 struct audit_buffer *ab = NULL;
611 struct timespec t; 584 struct timespec t;
612 unsigned int serial; 585 unsigned int serial;
586 struct nlmsghdr *nlh;
613 587
614 if (!audit_initialized) 588 if (!audit_initialized)
615 return NULL; 589 return NULL;
@@ -626,12 +600,19 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx)
626 return NULL; 600 return NULL;
627 } 601 }
628 602
629 ab = audit_buffer_alloc(ctx, GFP_ATOMIC); 603 ab = audit_buffer_alloc(GFP_ATOMIC);
630 if (!ab) { 604 if (!ab) {
631 audit_log_lost("out of memory in audit_log_start"); 605 audit_log_lost("out of memory in audit_log_start");
632 return NULL; 606 return NULL;
633 } 607 }
634 608
609 ab->ctx = ctx;
610 nlh = (struct nlmsghdr *)skb_put(ab->skb, NLMSG_SPACE(0));
611 nlh->nlmsg_type = type;
612 nlh->nlmsg_flags = 0;
613 nlh->nlmsg_pid = pid;
614 nlh->nlmsg_seq = 0;
615
635 if (!audit_get_stamp(ab->ctx, &t, &serial)) { 616 if (!audit_get_stamp(ab->ctx, &t, &serial)) {
636 t = CURRENT_TIME; 617 t = CURRENT_TIME;
637 serial = 0; 618 serial = 0;
@@ -828,12 +809,13 @@ void audit_log_end(struct audit_buffer *ab)
828/* Log an audit record. This is a convenience function that calls 809/* Log an audit record. This is a convenience function that calls
829 * audit_log_start, audit_log_vformat, and audit_log_end. It may be 810 * audit_log_start, audit_log_vformat, and audit_log_end. It may be
830 * called in any context. */ 811 * called in any context. */
831void audit_log(struct audit_context *ctx, const char *fmt, ...) 812void audit_log_type(struct audit_context *ctx, int type, int pid,
813 const char *fmt, ...)
832{ 814{
833 struct audit_buffer *ab; 815 struct audit_buffer *ab;
834 va_list args; 816 va_list args;
835 817
836 ab = audit_log_start(ctx); 818 ab = audit_log_start(ctx, type, pid);
837 if (ab) { 819 if (ab) {
838 va_start(args, fmt); 820 va_start(args, fmt);
839 audit_log_vformat(ab, fmt, args); 821 audit_log_vformat(ab, fmt, args);