aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/auditsc.c
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r--kernel/auditsc.c92
1 files changed, 54 insertions, 38 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index e75f84e1a1a0..6b4fbb1c0129 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -167,9 +167,16 @@ struct audit_context {
167/* There are three lists of rules -- one to search at task creation 167/* There are three lists of rules -- one to search at task creation
168 * time, one to search at syscall entry time, and another to search at 168 * time, one to search at syscall entry time, and another to search at
169 * syscall exit time. */ 169 * syscall exit time. */
170static LIST_HEAD(audit_tsklist); 170static struct list_head audit_filter_list[AUDIT_NR_FILTERS] = {
171static LIST_HEAD(audit_entlist); 171 LIST_HEAD_INIT(audit_filter_list[0]),
172static LIST_HEAD(audit_extlist); 172 LIST_HEAD_INIT(audit_filter_list[1]),
173 LIST_HEAD_INIT(audit_filter_list[2]),
174 LIST_HEAD_INIT(audit_filter_list[3]),
175 LIST_HEAD_INIT(audit_filter_list[4]),
176#if AUDIT_NR_FILTERS != 5
177#error Fix audit_filter_list initialiser
178#endif
179};
173 180
174struct audit_entry { 181struct audit_entry {
175 struct list_head list; 182 struct list_head list;
@@ -210,16 +217,15 @@ static int audit_compare_rule(struct audit_rule *a, struct audit_rule *b)
210/* Note that audit_add_rule and audit_del_rule are called via 217/* Note that audit_add_rule and audit_del_rule are called via
211 * audit_receive() in audit.c, and are protected by 218 * audit_receive() in audit.c, and are protected by
212 * audit_netlink_sem. */ 219 * audit_netlink_sem. */
213static inline int audit_add_rule(struct audit_entry *entry, 220static inline void audit_add_rule(struct audit_entry *entry,
214 struct list_head *list) 221 struct list_head *list)
215{ 222{
216 if (entry->rule.flags & AUDIT_PREPEND) { 223 if (entry->rule.flags & AUDIT_FILTER_PREPEND) {
217 entry->rule.flags &= ~AUDIT_PREPEND; 224 entry->rule.flags &= ~AUDIT_FILTER_PREPEND;
218 list_add_rcu(&entry->list, list); 225 list_add_rcu(&entry->list, list);
219 } else { 226 } else {
220 list_add_tail_rcu(&entry->list, list); 227 list_add_tail_rcu(&entry->list, list);
221 } 228 }
222 return 0;
223} 229}
224 230
225static void audit_free_rule(struct rcu_head *head) 231static void audit_free_rule(struct rcu_head *head)
@@ -245,7 +251,7 @@ static inline int audit_del_rule(struct audit_rule *rule,
245 return 0; 251 return 0;
246 } 252 }
247 } 253 }
248 return -EFAULT; /* No matching rule */ 254 return -ENOENT; /* No matching rule */
249} 255}
250 256
251/* Copy rule from user-space to kernel-space. Called during 257/* Copy rule from user-space to kernel-space. Called during
@@ -260,6 +266,8 @@ static int audit_copy_rule(struct audit_rule *d, struct audit_rule *s)
260 return -1; 266 return -1;
261 if (s->field_count < 0 || s->field_count > AUDIT_MAX_FIELDS) 267 if (s->field_count < 0 || s->field_count > AUDIT_MAX_FIELDS)
262 return -1; 268 return -1;
269 if ((s->flags & ~AUDIT_FILTER_PREPEND) >= AUDIT_NR_FILTERS)
270 return -1;
263 271
264 d->flags = s->flags; 272 d->flags = s->flags;
265 d->action = s->action; 273 d->action = s->action;
@@ -275,23 +283,20 @@ static int audit_copy_rule(struct audit_rule *d, struct audit_rule *s)
275int audit_receive_filter(int type, int pid, int uid, int seq, void *data, 283int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
276 uid_t loginuid) 284 uid_t loginuid)
277{ 285{
278 u32 flags;
279 struct audit_entry *entry; 286 struct audit_entry *entry;
280 int err = 0; 287 int err = 0;
288 int i;
289 unsigned listnr;
281 290
282 switch (type) { 291 switch (type) {
283 case AUDIT_LIST: 292 case AUDIT_LIST:
284 /* The *_rcu iterators not needed here because we are 293 /* The *_rcu iterators not needed here because we are
285 always called with audit_netlink_sem held. */ 294 always called with audit_netlink_sem held. */
286 list_for_each_entry(entry, &audit_tsklist, list) 295 for (i=0; i<AUDIT_NR_FILTERS; i++) {
287 audit_send_reply(pid, seq, AUDIT_LIST, 0, 1, 296 list_for_each_entry(entry, &audit_filter_list[i], list)
288 &entry->rule, sizeof(entry->rule)); 297 audit_send_reply(pid, seq, AUDIT_LIST, 0, 1,
289 list_for_each_entry(entry, &audit_entlist, list) 298 &entry->rule, sizeof(entry->rule));
290 audit_send_reply(pid, seq, AUDIT_LIST, 0, 1, 299 }
291 &entry->rule, sizeof(entry->rule));
292 list_for_each_entry(entry, &audit_extlist, list)
293 audit_send_reply(pid, seq, AUDIT_LIST, 0, 1,
294 &entry->rule, sizeof(entry->rule));
295 audit_send_reply(pid, seq, AUDIT_LIST, 1, 1, NULL, 0); 300 audit_send_reply(pid, seq, AUDIT_LIST, 1, 1, NULL, 0);
296 break; 301 break;
297 case AUDIT_ADD: 302 case AUDIT_ADD:
@@ -301,26 +306,20 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
301 kfree(entry); 306 kfree(entry);
302 return -EINVAL; 307 return -EINVAL;
303 } 308 }
304 flags = entry->rule.flags; 309 listnr = entry->rule.flags & ~AUDIT_FILTER_PREPEND;
305 if (!err && (flags & AUDIT_PER_TASK)) 310 audit_add_rule(entry, &audit_filter_list[listnr]);
306 err = audit_add_rule(entry, &audit_tsklist);
307 if (!err && (flags & AUDIT_AT_ENTRY))
308 err = audit_add_rule(entry, &audit_entlist);
309 if (!err && (flags & AUDIT_AT_EXIT))
310 err = audit_add_rule(entry, &audit_extlist);
311 audit_log(NULL, AUDIT_CONFIG_CHANGE, 311 audit_log(NULL, AUDIT_CONFIG_CHANGE,
312 "auid=%u added an audit rule\n", loginuid); 312 "auid=%u added an audit rule\n", loginuid);
313 break; 313 break;
314 case AUDIT_DEL: 314 case AUDIT_DEL:
315 flags =((struct audit_rule *)data)->flags; 315 listnr =((struct audit_rule *)data)->flags & ~AUDIT_FILTER_PREPEND;
316 if (!err && (flags & AUDIT_PER_TASK)) 316 if (listnr >= AUDIT_NR_FILTERS)
317 err = audit_del_rule(data, &audit_tsklist); 317 return -EINVAL;
318 if (!err && (flags & AUDIT_AT_ENTRY)) 318
319 err = audit_del_rule(data, &audit_entlist); 319 err = audit_del_rule(data, &audit_filter_list[listnr]);
320 if (!err && (flags & AUDIT_AT_EXIT)) 320 if (!err)
321 err = audit_del_rule(data, &audit_extlist); 321 audit_log(NULL, AUDIT_CONFIG_CHANGE,
322 audit_log(NULL, AUDIT_CONFIG_CHANGE, 322 "auid=%u removed an audit rule\n", loginuid);
323 "auid=%u removed an audit rule\n", loginuid);
324 break; 323 break;
325 default: 324 default:
326 return -EINVAL; 325 return -EINVAL;
@@ -454,7 +453,7 @@ static enum audit_state audit_filter_task(struct task_struct *tsk)
454 enum audit_state state; 453 enum audit_state state;
455 454
456 rcu_read_lock(); 455 rcu_read_lock();
457 list_for_each_entry_rcu(e, &audit_tsklist, list) { 456 list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TASK], list) {
458 if (audit_filter_rules(tsk, &e->rule, NULL, &state)) { 457 if (audit_filter_rules(tsk, &e->rule, NULL, &state)) {
459 rcu_read_unlock(); 458 rcu_read_unlock();
460 return state; 459 return state;
@@ -490,6 +489,23 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk,
490 return AUDIT_BUILD_CONTEXT; 489 return AUDIT_BUILD_CONTEXT;
491} 490}
492 491
492int audit_filter_user(struct task_struct *tsk, int type)
493{
494 struct audit_entry *e;
495 enum audit_state state;
496
497 rcu_read_lock();
498 list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) {
499 if (audit_filter_rules(tsk, &e->rule, NULL, &state)) {
500 rcu_read_unlock();
501 return state != AUDIT_DISABLED;
502 }
503 }
504 rcu_read_unlock();
505 return 1; /* Audit by default */
506
507}
508
493/* This should be called with task_lock() held. */ 509/* This should be called with task_lock() held. */
494static inline struct audit_context *audit_get_context(struct task_struct *tsk, 510static inline struct audit_context *audit_get_context(struct task_struct *tsk,
495 int return_valid, 511 int return_valid,
@@ -504,7 +520,7 @@ static inline struct audit_context *audit_get_context(struct task_struct *tsk,
504 520
505 if (context->in_syscall && !context->auditable) { 521 if (context->in_syscall && !context->auditable) {
506 enum audit_state state; 522 enum audit_state state;
507 state = audit_filter_syscall(tsk, context, &audit_extlist); 523 state = audit_filter_syscall(tsk, context, &audit_filter_list[AUDIT_FILTER_EXIT]);
508 if (state == AUDIT_RECORD_CONTEXT) 524 if (state == AUDIT_RECORD_CONTEXT)
509 context->auditable = 1; 525 context->auditable = 1;
510 } 526 }
@@ -876,7 +892,7 @@ void audit_syscall_entry(struct task_struct *tsk, int arch, int major,
876 892
877 state = context->state; 893 state = context->state;
878 if (state == AUDIT_SETUP_CONTEXT || state == AUDIT_BUILD_CONTEXT) 894 if (state == AUDIT_SETUP_CONTEXT || state == AUDIT_BUILD_CONTEXT)
879 state = audit_filter_syscall(tsk, context, &audit_entlist); 895 state = audit_filter_syscall(tsk, context, &audit_filter_list[AUDIT_FILTER_ENTRY]);
880 if (likely(state == AUDIT_DISABLED)) 896 if (likely(state == AUDIT_DISABLED))
881 return; 897 return;
882 898