diff options
Diffstat (limited to 'kernel/auditsc.c')
| -rw-r--r-- | kernel/auditsc.c | 33 |
1 files changed, 22 insertions, 11 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 7d6ac7c1f414..68d3c6a0ecd6 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -199,6 +199,7 @@ struct audit_context { | |||
| 199 | 199 | ||
| 200 | struct audit_tree_refs *trees, *first_trees; | 200 | struct audit_tree_refs *trees, *first_trees; |
| 201 | int tree_count; | 201 | int tree_count; |
| 202 | struct list_head killed_trees; | ||
| 202 | 203 | ||
| 203 | int type; | 204 | int type; |
| 204 | union { | 205 | union { |
| @@ -548,9 +549,9 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
| 548 | } | 549 | } |
| 549 | break; | 550 | break; |
| 550 | case AUDIT_WATCH: | 551 | case AUDIT_WATCH: |
| 551 | if (name && rule->watch->ino != (unsigned long)-1) | 552 | if (name && audit_watch_inode(rule->watch) != (unsigned long)-1) |
| 552 | result = (name->dev == rule->watch->dev && | 553 | result = (name->dev == audit_watch_dev(rule->watch) && |
| 553 | name->ino == rule->watch->ino); | 554 | name->ino == audit_watch_inode(rule->watch)); |
| 554 | break; | 555 | break; |
| 555 | case AUDIT_DIR: | 556 | case AUDIT_DIR: |
| 556 | if (ctx) | 557 | if (ctx) |
| @@ -853,6 +854,7 @@ static inline struct audit_context *audit_alloc_context(enum audit_state state) | |||
| 853 | if (!(context = kmalloc(sizeof(*context), GFP_KERNEL))) | 854 | if (!(context = kmalloc(sizeof(*context), GFP_KERNEL))) |
| 854 | return NULL; | 855 | return NULL; |
| 855 | audit_zero_context(context, state); | 856 | audit_zero_context(context, state); |
| 857 | INIT_LIST_HEAD(&context->killed_trees); | ||
| 856 | return context; | 858 | return context; |
| 857 | } | 859 | } |
| 858 | 860 | ||
| @@ -1024,8 +1026,8 @@ static int audit_log_single_execve_arg(struct audit_context *context, | |||
| 1024 | { | 1026 | { |
| 1025 | char arg_num_len_buf[12]; | 1027 | char arg_num_len_buf[12]; |
| 1026 | const char __user *tmp_p = p; | 1028 | const char __user *tmp_p = p; |
| 1027 | /* how many digits are in arg_num? 3 is the length of " a=" */ | 1029 | /* how many digits are in arg_num? 5 is the length of ' a=""' */ |
| 1028 | size_t arg_num_len = snprintf(arg_num_len_buf, 12, "%d", arg_num) + 3; | 1030 | size_t arg_num_len = snprintf(arg_num_len_buf, 12, "%d", arg_num) + 5; |
| 1029 | size_t len, len_left, to_send; | 1031 | size_t len, len_left, to_send; |
| 1030 | size_t max_execve_audit_len = MAX_EXECVE_AUDIT_LEN; | 1032 | size_t max_execve_audit_len = MAX_EXECVE_AUDIT_LEN; |
| 1031 | unsigned int i, has_cntl = 0, too_long = 0; | 1033 | unsigned int i, has_cntl = 0, too_long = 0; |
| @@ -1137,7 +1139,7 @@ static int audit_log_single_execve_arg(struct audit_context *context, | |||
| 1137 | if (has_cntl) | 1139 | if (has_cntl) |
| 1138 | audit_log_n_hex(*ab, buf, to_send); | 1140 | audit_log_n_hex(*ab, buf, to_send); |
| 1139 | else | 1141 | else |
| 1140 | audit_log_format(*ab, "\"%s\"", buf); | 1142 | audit_log_string(*ab, buf); |
| 1141 | 1143 | ||
| 1142 | p += to_send; | 1144 | p += to_send; |
| 1143 | len_left -= to_send; | 1145 | len_left -= to_send; |
| @@ -1372,11 +1374,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
| 1372 | 1374 | ||
| 1373 | 1375 | ||
| 1374 | audit_log_task_info(ab, tsk); | 1376 | audit_log_task_info(ab, tsk); |
| 1375 | if (context->filterkey) { | 1377 | audit_log_key(ab, context->filterkey); |
| 1376 | audit_log_format(ab, " key="); | ||
| 1377 | audit_log_untrustedstring(ab, context->filterkey); | ||
| 1378 | } else | ||
| 1379 | audit_log_format(ab, " key=(null)"); | ||
| 1380 | audit_log_end(ab); | 1378 | audit_log_end(ab); |
| 1381 | 1379 | ||
| 1382 | for (aux = context->aux; aux; aux = aux->next) { | 1380 | for (aux = context->aux; aux; aux = aux->next) { |
| @@ -1549,6 +1547,8 @@ void audit_free(struct task_struct *tsk) | |||
| 1549 | /* that can happen only if we are called from do_exit() */ | 1547 | /* that can happen only if we are called from do_exit() */ |
| 1550 | if (context->in_syscall && context->current_state == AUDIT_RECORD_CONTEXT) | 1548 | if (context->in_syscall && context->current_state == AUDIT_RECORD_CONTEXT) |
| 1551 | audit_log_exit(context, tsk); | 1549 | audit_log_exit(context, tsk); |
| 1550 | if (!list_empty(&context->killed_trees)) | ||
| 1551 | audit_kill_trees(&context->killed_trees); | ||
| 1552 | 1552 | ||
| 1553 | audit_free_context(context); | 1553 | audit_free_context(context); |
| 1554 | } | 1554 | } |
| @@ -1692,6 +1692,9 @@ void audit_syscall_exit(int valid, long return_code) | |||
| 1692 | context->in_syscall = 0; | 1692 | context->in_syscall = 0; |
| 1693 | context->prio = context->state == AUDIT_RECORD_CONTEXT ? ~0ULL : 0; | 1693 | context->prio = context->state == AUDIT_RECORD_CONTEXT ? ~0ULL : 0; |
| 1694 | 1694 | ||
| 1695 | if (!list_empty(&context->killed_trees)) | ||
| 1696 | audit_kill_trees(&context->killed_trees); | ||
| 1697 | |||
| 1695 | if (context->previous) { | 1698 | if (context->previous) { |
| 1696 | struct audit_context *new_context = context->previous; | 1699 | struct audit_context *new_context = context->previous; |
| 1697 | context->previous = NULL; | 1700 | context->previous = NULL; |
| @@ -2525,3 +2528,11 @@ void audit_core_dumps(long signr) | |||
| 2525 | audit_log_format(ab, " sig=%ld", signr); | 2528 | audit_log_format(ab, " sig=%ld", signr); |
| 2526 | audit_log_end(ab); | 2529 | audit_log_end(ab); |
| 2527 | } | 2530 | } |
| 2531 | |||
| 2532 | struct list_head *audit_killed_trees(void) | ||
| 2533 | { | ||
| 2534 | struct audit_context *ctx = current->audit_context; | ||
| 2535 | if (likely(!ctx || !ctx->in_syscall)) | ||
| 2536 | return NULL; | ||
| 2537 | return &ctx->killed_trees; | ||
| 2538 | } | ||