diff options
Diffstat (limited to 'kernel/auditsc.c')
| -rw-r--r-- | kernel/auditsc.c | 739 |
1 files changed, 290 insertions, 449 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 4819f3711973..8cbddff6c283 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -124,43 +124,6 @@ struct audit_aux_data { | |||
| 124 | /* Number of target pids per aux struct. */ | 124 | /* Number of target pids per aux struct. */ |
| 125 | #define AUDIT_AUX_PIDS 16 | 125 | #define AUDIT_AUX_PIDS 16 |
| 126 | 126 | ||
| 127 | struct audit_aux_data_mq_open { | ||
| 128 | struct audit_aux_data d; | ||
| 129 | int oflag; | ||
| 130 | mode_t mode; | ||
| 131 | struct mq_attr attr; | ||
| 132 | }; | ||
| 133 | |||
| 134 | struct audit_aux_data_mq_sendrecv { | ||
| 135 | struct audit_aux_data d; | ||
| 136 | mqd_t mqdes; | ||
| 137 | size_t msg_len; | ||
| 138 | unsigned int msg_prio; | ||
| 139 | struct timespec abs_timeout; | ||
| 140 | }; | ||
| 141 | |||
| 142 | struct audit_aux_data_mq_notify { | ||
| 143 | struct audit_aux_data d; | ||
| 144 | mqd_t mqdes; | ||
| 145 | struct sigevent notification; | ||
| 146 | }; | ||
| 147 | |||
| 148 | struct audit_aux_data_mq_getsetattr { | ||
| 149 | struct audit_aux_data d; | ||
| 150 | mqd_t mqdes; | ||
| 151 | struct mq_attr mqstat; | ||
| 152 | }; | ||
| 153 | |||
| 154 | struct audit_aux_data_ipcctl { | ||
| 155 | struct audit_aux_data d; | ||
| 156 | struct ipc_perm p; | ||
| 157 | unsigned long qbytes; | ||
| 158 | uid_t uid; | ||
| 159 | gid_t gid; | ||
| 160 | mode_t mode; | ||
| 161 | u32 osid; | ||
| 162 | }; | ||
| 163 | |||
| 164 | struct audit_aux_data_execve { | 127 | struct audit_aux_data_execve { |
| 165 | struct audit_aux_data d; | 128 | struct audit_aux_data d; |
| 166 | int argc; | 129 | int argc; |
| @@ -168,23 +131,6 @@ struct audit_aux_data_execve { | |||
| 168 | struct mm_struct *mm; | 131 | struct mm_struct *mm; |
| 169 | }; | 132 | }; |
| 170 | 133 | ||
| 171 | struct audit_aux_data_socketcall { | ||
| 172 | struct audit_aux_data d; | ||
| 173 | int nargs; | ||
| 174 | unsigned long args[0]; | ||
| 175 | }; | ||
| 176 | |||
| 177 | struct audit_aux_data_sockaddr { | ||
| 178 | struct audit_aux_data d; | ||
| 179 | int len; | ||
| 180 | char a[0]; | ||
| 181 | }; | ||
| 182 | |||
| 183 | struct audit_aux_data_fd_pair { | ||
| 184 | struct audit_aux_data d; | ||
| 185 | int fd[2]; | ||
| 186 | }; | ||
| 187 | |||
| 188 | struct audit_aux_data_pids { | 134 | struct audit_aux_data_pids { |
| 189 | struct audit_aux_data d; | 135 | struct audit_aux_data d; |
| 190 | pid_t target_pid[AUDIT_AUX_PIDS]; | 136 | pid_t target_pid[AUDIT_AUX_PIDS]; |
| @@ -219,14 +165,14 @@ struct audit_tree_refs { | |||
| 219 | struct audit_context { | 165 | struct audit_context { |
| 220 | int dummy; /* must be the first element */ | 166 | int dummy; /* must be the first element */ |
| 221 | int in_syscall; /* 1 if task is in a syscall */ | 167 | int in_syscall; /* 1 if task is in a syscall */ |
| 222 | enum audit_state state; | 168 | enum audit_state state, current_state; |
| 223 | unsigned int serial; /* serial number for record */ | 169 | unsigned int serial; /* serial number for record */ |
| 224 | struct timespec ctime; /* time of syscall entry */ | 170 | struct timespec ctime; /* time of syscall entry */ |
| 225 | int major; /* syscall number */ | 171 | int major; /* syscall number */ |
| 226 | unsigned long argv[4]; /* syscall arguments */ | 172 | unsigned long argv[4]; /* syscall arguments */ |
| 227 | int return_valid; /* return code is valid */ | 173 | int return_valid; /* return code is valid */ |
| 228 | long return_code;/* syscall return code */ | 174 | long return_code;/* syscall return code */ |
| 229 | int auditable; /* 1 if record should be written */ | 175 | u64 prio; |
| 230 | int name_count; | 176 | int name_count; |
| 231 | struct audit_names names[AUDIT_NAMES]; | 177 | struct audit_names names[AUDIT_NAMES]; |
| 232 | char * filterkey; /* key for rule that triggered record */ | 178 | char * filterkey; /* key for rule that triggered record */ |
| @@ -234,7 +180,8 @@ struct audit_context { | |||
| 234 | struct audit_context *previous; /* For nested syscalls */ | 180 | struct audit_context *previous; /* For nested syscalls */ |
| 235 | struct audit_aux_data *aux; | 181 | struct audit_aux_data *aux; |
| 236 | struct audit_aux_data *aux_pids; | 182 | struct audit_aux_data *aux_pids; |
| 237 | 183 | struct sockaddr_storage *sockaddr; | |
| 184 | size_t sockaddr_len; | ||
| 238 | /* Save things to print about task_struct */ | 185 | /* Save things to print about task_struct */ |
| 239 | pid_t pid, ppid; | 186 | pid_t pid, ppid; |
| 240 | uid_t uid, euid, suid, fsuid; | 187 | uid_t uid, euid, suid, fsuid; |
| @@ -252,6 +199,49 @@ struct audit_context { | |||
| 252 | struct audit_tree_refs *trees, *first_trees; | 199 | struct audit_tree_refs *trees, *first_trees; |
| 253 | int tree_count; | 200 | int tree_count; |
| 254 | 201 | ||
| 202 | int type; | ||
| 203 | union { | ||
| 204 | struct { | ||
| 205 | int nargs; | ||
| 206 | long args[6]; | ||
| 207 | } socketcall; | ||
| 208 | struct { | ||
| 209 | uid_t uid; | ||
| 210 | gid_t gid; | ||
| 211 | mode_t mode; | ||
| 212 | u32 osid; | ||
| 213 | int has_perm; | ||
| 214 | uid_t perm_uid; | ||
| 215 | gid_t perm_gid; | ||
| 216 | mode_t perm_mode; | ||
| 217 | unsigned long qbytes; | ||
| 218 | } ipc; | ||
| 219 | struct { | ||
| 220 | mqd_t mqdes; | ||
| 221 | struct mq_attr mqstat; | ||
| 222 | } mq_getsetattr; | ||
| 223 | struct { | ||
| 224 | mqd_t mqdes; | ||
| 225 | int sigev_signo; | ||
| 226 | } mq_notify; | ||
| 227 | struct { | ||
| 228 | mqd_t mqdes; | ||
| 229 | size_t msg_len; | ||
| 230 | unsigned int msg_prio; | ||
| 231 | struct timespec abs_timeout; | ||
| 232 | } mq_sendrecv; | ||
| 233 | struct { | ||
| 234 | int oflag; | ||
| 235 | mode_t mode; | ||
| 236 | struct mq_attr attr; | ||
| 237 | } mq_open; | ||
| 238 | struct { | ||
| 239 | pid_t pid; | ||
| 240 | struct audit_cap_data cap; | ||
| 241 | } capset; | ||
| 242 | }; | ||
| 243 | int fds[2]; | ||
| 244 | |||
| 255 | #if AUDIT_DEBUG | 245 | #if AUDIT_DEBUG |
| 256 | int put_count; | 246 | int put_count; |
| 257 | int ino_count; | 247 | int ino_count; |
| @@ -608,19 +598,12 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
| 608 | } | 598 | } |
| 609 | } | 599 | } |
| 610 | /* Find ipc objects that match */ | 600 | /* Find ipc objects that match */ |
| 611 | if (ctx) { | 601 | if (!ctx || ctx->type != AUDIT_IPC) |
| 612 | struct audit_aux_data *aux; | 602 | break; |
| 613 | for (aux = ctx->aux; aux; | 603 | if (security_audit_rule_match(ctx->ipc.osid, |
| 614 | aux = aux->next) { | 604 | f->type, f->op, |
| 615 | if (aux->type == AUDIT_IPC) { | 605 | f->lsm_rule, ctx)) |
| 616 | struct audit_aux_data_ipcctl *axi = (void *)aux; | 606 | ++result; |
| 617 | if (security_audit_rule_match(axi->osid, f->type, f->op, f->lsm_rule, ctx)) { | ||
| 618 | ++result; | ||
| 619 | break; | ||
| 620 | } | ||
| 621 | } | ||
| 622 | } | ||
| 623 | } | ||
| 624 | } | 607 | } |
| 625 | break; | 608 | break; |
| 626 | case AUDIT_ARG0: | 609 | case AUDIT_ARG0: |
| @@ -647,8 +630,16 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
| 647 | return 0; | 630 | return 0; |
| 648 | } | 631 | } |
| 649 | } | 632 | } |
| 650 | if (rule->filterkey && ctx) | 633 | |
| 651 | ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC); | 634 | if (ctx) { |
| 635 | if (rule->prio <= ctx->prio) | ||
| 636 | return 0; | ||
| 637 | if (rule->filterkey) { | ||
| 638 | kfree(ctx->filterkey); | ||
| 639 | ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC); | ||
| 640 | } | ||
| 641 | ctx->prio = rule->prio; | ||
| 642 | } | ||
| 652 | switch (rule->action) { | 643 | switch (rule->action) { |
| 653 | case AUDIT_NEVER: *state = AUDIT_DISABLED; break; | 644 | case AUDIT_NEVER: *state = AUDIT_DISABLED; break; |
| 654 | case AUDIT_ALWAYS: *state = AUDIT_RECORD_CONTEXT; break; | 645 | case AUDIT_ALWAYS: *state = AUDIT_RECORD_CONTEXT; break; |
| @@ -661,7 +652,7 @@ static int audit_filter_rules(struct task_struct *tsk, | |||
| 661 | * completely disabled for this task. Since we only have the task | 652 | * completely disabled for this task. Since we only have the task |
| 662 | * structure at this point, we can only check uid and gid. | 653 | * structure at this point, we can only check uid and gid. |
| 663 | */ | 654 | */ |
| 664 | static enum audit_state audit_filter_task(struct task_struct *tsk) | 655 | static enum audit_state audit_filter_task(struct task_struct *tsk, char **key) |
| 665 | { | 656 | { |
| 666 | struct audit_entry *e; | 657 | struct audit_entry *e; |
| 667 | enum audit_state state; | 658 | enum audit_state state; |
| @@ -669,6 +660,8 @@ static enum audit_state audit_filter_task(struct task_struct *tsk) | |||
| 669 | rcu_read_lock(); | 660 | rcu_read_lock(); |
| 670 | list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TASK], list) { | 661 | list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TASK], list) { |
| 671 | if (audit_filter_rules(tsk, &e->rule, NULL, NULL, &state)) { | 662 | if (audit_filter_rules(tsk, &e->rule, NULL, NULL, &state)) { |
| 663 | if (state == AUDIT_RECORD_CONTEXT) | ||
| 664 | *key = kstrdup(e->rule.filterkey, GFP_ATOMIC); | ||
| 672 | rcu_read_unlock(); | 665 | rcu_read_unlock(); |
| 673 | return state; | 666 | return state; |
| 674 | } | 667 | } |
| @@ -702,6 +695,7 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, | |||
| 702 | audit_filter_rules(tsk, &e->rule, ctx, NULL, | 695 | audit_filter_rules(tsk, &e->rule, ctx, NULL, |
| 703 | &state)) { | 696 | &state)) { |
| 704 | rcu_read_unlock(); | 697 | rcu_read_unlock(); |
| 698 | ctx->current_state = state; | ||
| 705 | return state; | 699 | return state; |
| 706 | } | 700 | } |
| 707 | } | 701 | } |
| @@ -715,15 +709,14 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, | |||
| 715 | * buckets applicable to the inode numbers in audit_names[]. | 709 | * buckets applicable to the inode numbers in audit_names[]. |
| 716 | * Regarding audit_state, same rules apply as for audit_filter_syscall(). | 710 | * Regarding audit_state, same rules apply as for audit_filter_syscall(). |
| 717 | */ | 711 | */ |
| 718 | enum audit_state audit_filter_inodes(struct task_struct *tsk, | 712 | void audit_filter_inodes(struct task_struct *tsk, struct audit_context *ctx) |
| 719 | struct audit_context *ctx) | ||
| 720 | { | 713 | { |
| 721 | int i; | 714 | int i; |
| 722 | struct audit_entry *e; | 715 | struct audit_entry *e; |
| 723 | enum audit_state state; | 716 | enum audit_state state; |
| 724 | 717 | ||
| 725 | if (audit_pid && tsk->tgid == audit_pid) | 718 | if (audit_pid && tsk->tgid == audit_pid) |
| 726 | return AUDIT_DISABLED; | 719 | return; |
| 727 | 720 | ||
| 728 | rcu_read_lock(); | 721 | rcu_read_lock(); |
| 729 | for (i = 0; i < ctx->name_count; i++) { | 722 | for (i = 0; i < ctx->name_count; i++) { |
| @@ -740,17 +733,20 @@ enum audit_state audit_filter_inodes(struct task_struct *tsk, | |||
| 740 | if ((e->rule.mask[word] & bit) == bit && | 733 | if ((e->rule.mask[word] & bit) == bit && |
| 741 | audit_filter_rules(tsk, &e->rule, ctx, n, &state)) { | 734 | audit_filter_rules(tsk, &e->rule, ctx, n, &state)) { |
| 742 | rcu_read_unlock(); | 735 | rcu_read_unlock(); |
| 743 | return state; | 736 | ctx->current_state = state; |
| 737 | return; | ||
| 744 | } | 738 | } |
| 745 | } | 739 | } |
| 746 | } | 740 | } |
| 747 | rcu_read_unlock(); | 741 | rcu_read_unlock(); |
| 748 | return AUDIT_BUILD_CONTEXT; | ||
| 749 | } | 742 | } |
| 750 | 743 | ||
| 751 | void audit_set_auditable(struct audit_context *ctx) | 744 | static void audit_set_auditable(struct audit_context *ctx) |
| 752 | { | 745 | { |
| 753 | ctx->auditable = 1; | 746 | if (!ctx->prio) { |
| 747 | ctx->prio = 1; | ||
| 748 | ctx->current_state = AUDIT_RECORD_CONTEXT; | ||
| 749 | } | ||
| 754 | } | 750 | } |
| 755 | 751 | ||
| 756 | static inline struct audit_context *audit_get_context(struct task_struct *tsk, | 752 | static inline struct audit_context *audit_get_context(struct task_struct *tsk, |
| @@ -781,23 +777,11 @@ static inline struct audit_context *audit_get_context(struct task_struct *tsk, | |||
| 781 | else | 777 | else |
| 782 | context->return_code = return_code; | 778 | context->return_code = return_code; |
| 783 | 779 | ||
| 784 | if (context->in_syscall && !context->dummy && !context->auditable) { | 780 | if (context->in_syscall && !context->dummy) { |
| 785 | enum audit_state state; | 781 | audit_filter_syscall(tsk, context, &audit_filter_list[AUDIT_FILTER_EXIT]); |
| 786 | 782 | audit_filter_inodes(tsk, context); | |
| 787 | state = audit_filter_syscall(tsk, context, &audit_filter_list[AUDIT_FILTER_EXIT]); | ||
| 788 | if (state == AUDIT_RECORD_CONTEXT) { | ||
| 789 | context->auditable = 1; | ||
| 790 | goto get_context; | ||
| 791 | } | ||
| 792 | |||
| 793 | state = audit_filter_inodes(tsk, context); | ||
| 794 | if (state == AUDIT_RECORD_CONTEXT) | ||
| 795 | context->auditable = 1; | ||
| 796 | |||
| 797 | } | 783 | } |
| 798 | 784 | ||
| 799 | get_context: | ||
| 800 | |||
| 801 | tsk->audit_context = NULL; | 785 | tsk->audit_context = NULL; |
| 802 | return context; | 786 | return context; |
| 803 | } | 787 | } |
| @@ -807,8 +791,7 @@ static inline void audit_free_names(struct audit_context *context) | |||
| 807 | int i; | 791 | int i; |
| 808 | 792 | ||
| 809 | #if AUDIT_DEBUG == 2 | 793 | #if AUDIT_DEBUG == 2 |
| 810 | if (context->auditable | 794 | if (context->put_count + context->ino_count != context->name_count) { |
| 811 | ||context->put_count + context->ino_count != context->name_count) { | ||
| 812 | printk(KERN_ERR "%s:%d(:%d): major=%d in_syscall=%d" | 795 | printk(KERN_ERR "%s:%d(:%d): major=%d in_syscall=%d" |
| 813 | " name_count=%d put_count=%d" | 796 | " name_count=%d put_count=%d" |
| 814 | " ino_count=%d [NOT freeing]\n", | 797 | " ino_count=%d [NOT freeing]\n", |
| @@ -859,6 +842,7 @@ static inline void audit_zero_context(struct audit_context *context, | |||
| 859 | { | 842 | { |
| 860 | memset(context, 0, sizeof(*context)); | 843 | memset(context, 0, sizeof(*context)); |
| 861 | context->state = state; | 844 | context->state = state; |
| 845 | context->prio = state == AUDIT_RECORD_CONTEXT ? ~0ULL : 0; | ||
| 862 | } | 846 | } |
| 863 | 847 | ||
| 864 | static inline struct audit_context *audit_alloc_context(enum audit_state state) | 848 | static inline struct audit_context *audit_alloc_context(enum audit_state state) |
| @@ -884,18 +868,21 @@ int audit_alloc(struct task_struct *tsk) | |||
| 884 | { | 868 | { |
| 885 | struct audit_context *context; | 869 | struct audit_context *context; |
| 886 | enum audit_state state; | 870 | enum audit_state state; |
| 871 | char *key = NULL; | ||
| 887 | 872 | ||
| 888 | if (likely(!audit_ever_enabled)) | 873 | if (likely(!audit_ever_enabled)) |
| 889 | return 0; /* Return if not auditing. */ | 874 | return 0; /* Return if not auditing. */ |
| 890 | 875 | ||
| 891 | state = audit_filter_task(tsk); | 876 | state = audit_filter_task(tsk, &key); |
| 892 | if (likely(state == AUDIT_DISABLED)) | 877 | if (likely(state == AUDIT_DISABLED)) |
| 893 | return 0; | 878 | return 0; |
| 894 | 879 | ||
| 895 | if (!(context = audit_alloc_context(state))) { | 880 | if (!(context = audit_alloc_context(state))) { |
| 881 | kfree(key); | ||
| 896 | audit_log_lost("out of memory in audit_alloc"); | 882 | audit_log_lost("out of memory in audit_alloc"); |
| 897 | return -ENOMEM; | 883 | return -ENOMEM; |
| 898 | } | 884 | } |
| 885 | context->filterkey = key; | ||
| 899 | 886 | ||
| 900 | tsk->audit_context = context; | 887 | tsk->audit_context = context; |
| 901 | set_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT); | 888 | set_tsk_thread_flag(tsk, TIF_SYSCALL_AUDIT); |
| @@ -921,6 +908,7 @@ static inline void audit_free_context(struct audit_context *context) | |||
| 921 | free_tree_refs(context); | 908 | free_tree_refs(context); |
| 922 | audit_free_aux(context); | 909 | audit_free_aux(context); |
| 923 | kfree(context->filterkey); | 910 | kfree(context->filterkey); |
| 911 | kfree(context->sockaddr); | ||
| 924 | kfree(context); | 912 | kfree(context); |
| 925 | context = previous; | 913 | context = previous; |
| 926 | } while (context); | 914 | } while (context); |
| @@ -1230,6 +1218,97 @@ static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) | |||
| 1230 | audit_log_format(ab, " cap_fe=%d cap_fver=%x", name->fcap.fE, name->fcap_ver); | 1218 | audit_log_format(ab, " cap_fe=%d cap_fver=%x", name->fcap.fE, name->fcap_ver); |
| 1231 | } | 1219 | } |
| 1232 | 1220 | ||
| 1221 | static void show_special(struct audit_context *context, int *call_panic) | ||
| 1222 | { | ||
| 1223 | struct audit_buffer *ab; | ||
| 1224 | int i; | ||
| 1225 | |||
| 1226 | ab = audit_log_start(context, GFP_KERNEL, context->type); | ||
| 1227 | if (!ab) | ||
| 1228 | return; | ||
| 1229 | |||
| 1230 | switch (context->type) { | ||
| 1231 | case AUDIT_SOCKETCALL: { | ||
| 1232 | int nargs = context->socketcall.nargs; | ||
| 1233 | audit_log_format(ab, "nargs=%d", nargs); | ||
| 1234 | for (i = 0; i < nargs; i++) | ||
| 1235 | audit_log_format(ab, " a%d=%lx", i, | ||
| 1236 | context->socketcall.args[i]); | ||
| 1237 | break; } | ||
| 1238 | case AUDIT_IPC: { | ||
| 1239 | u32 osid = context->ipc.osid; | ||
| 1240 | |||
| 1241 | audit_log_format(ab, "ouid=%u ogid=%u mode=%#o", | ||
| 1242 | context->ipc.uid, context->ipc.gid, context->ipc.mode); | ||
| 1243 | if (osid) { | ||
| 1244 | char *ctx = NULL; | ||
| 1245 | u32 len; | ||
| 1246 | if (security_secid_to_secctx(osid, &ctx, &len)) { | ||
| 1247 | audit_log_format(ab, " osid=%u", osid); | ||
| 1248 | *call_panic = 1; | ||
| 1249 | } else { | ||
| 1250 | audit_log_format(ab, " obj=%s", ctx); | ||
| 1251 | security_release_secctx(ctx, len); | ||
| 1252 | } | ||
| 1253 | } | ||
| 1254 | if (context->ipc.has_perm) { | ||
| 1255 | audit_log_end(ab); | ||
| 1256 | ab = audit_log_start(context, GFP_KERNEL, | ||
| 1257 | AUDIT_IPC_SET_PERM); | ||
| 1258 | audit_log_format(ab, | ||
| 1259 | "qbytes=%lx ouid=%u ogid=%u mode=%#o", | ||
| 1260 | context->ipc.qbytes, | ||
| 1261 | context->ipc.perm_uid, | ||
| 1262 | context->ipc.perm_gid, | ||
| 1263 | context->ipc.perm_mode); | ||
| 1264 | if (!ab) | ||
| 1265 | return; | ||
| 1266 | } | ||
| 1267 | break; } | ||
| 1268 | case AUDIT_MQ_OPEN: { | ||
| 1269 | audit_log_format(ab, | ||
| 1270 | "oflag=0x%x mode=%#o mq_flags=0x%lx mq_maxmsg=%ld " | ||
| 1271 | "mq_msgsize=%ld mq_curmsgs=%ld", | ||
| 1272 | context->mq_open.oflag, context->mq_open.mode, | ||
| 1273 | context->mq_open.attr.mq_flags, | ||
| 1274 | context->mq_open.attr.mq_maxmsg, | ||
| 1275 | context->mq_open.attr.mq_msgsize, | ||
| 1276 | context->mq_open.attr.mq_curmsgs); | ||
| 1277 | break; } | ||
| 1278 | case AUDIT_MQ_SENDRECV: { | ||
| 1279 | audit_log_format(ab, | ||
| 1280 | "mqdes=%d msg_len=%zd msg_prio=%u " | ||
| 1281 | "abs_timeout_sec=%ld abs_timeout_nsec=%ld", | ||
| 1282 | context->mq_sendrecv.mqdes, | ||
| 1283 | context->mq_sendrecv.msg_len, | ||
| 1284 | context->mq_sendrecv.msg_prio, | ||
| 1285 | context->mq_sendrecv.abs_timeout.tv_sec, | ||
| 1286 | context->mq_sendrecv.abs_timeout.tv_nsec); | ||
| 1287 | break; } | ||
| 1288 | case AUDIT_MQ_NOTIFY: { | ||
| 1289 | audit_log_format(ab, "mqdes=%d sigev_signo=%d", | ||
| 1290 | context->mq_notify.mqdes, | ||
| 1291 | context->mq_notify.sigev_signo); | ||
| 1292 | break; } | ||
| 1293 | case AUDIT_MQ_GETSETATTR: { | ||
| 1294 | struct mq_attr *attr = &context->mq_getsetattr.mqstat; | ||
| 1295 | audit_log_format(ab, | ||
| 1296 | "mqdes=%d mq_flags=0x%lx mq_maxmsg=%ld mq_msgsize=%ld " | ||
| 1297 | "mq_curmsgs=%ld ", | ||
| 1298 | context->mq_getsetattr.mqdes, | ||
| 1299 | attr->mq_flags, attr->mq_maxmsg, | ||
| 1300 | attr->mq_msgsize, attr->mq_curmsgs); | ||
| 1301 | break; } | ||
| 1302 | case AUDIT_CAPSET: { | ||
| 1303 | audit_log_format(ab, "pid=%d", context->capset.pid); | ||
| 1304 | audit_log_cap(ab, "cap_pi", &context->capset.cap.inheritable); | ||
| 1305 | audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted); | ||
| 1306 | audit_log_cap(ab, "cap_pe", &context->capset.cap.effective); | ||
| 1307 | break; } | ||
| 1308 | } | ||
| 1309 | audit_log_end(ab); | ||
| 1310 | } | ||
| 1311 | |||
| 1233 | static void audit_log_exit(struct audit_context *context, struct task_struct *tsk) | 1312 | static void audit_log_exit(struct audit_context *context, struct task_struct *tsk) |
| 1234 | { | 1313 | { |
| 1235 | const struct cred *cred; | 1314 | const struct cred *cred; |
| @@ -1307,94 +1386,12 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
| 1307 | continue; /* audit_panic has been called */ | 1386 | continue; /* audit_panic has been called */ |
| 1308 | 1387 | ||
| 1309 | switch (aux->type) { | 1388 | switch (aux->type) { |
| 1310 | case AUDIT_MQ_OPEN: { | ||
| 1311 | struct audit_aux_data_mq_open *axi = (void *)aux; | ||
| 1312 | audit_log_format(ab, | ||
| 1313 | "oflag=0x%x mode=%#o mq_flags=0x%lx mq_maxmsg=%ld " | ||
| 1314 | "mq_msgsize=%ld mq_curmsgs=%ld", | ||
| 1315 | axi->oflag, axi->mode, axi->attr.mq_flags, | ||
| 1316 | axi->attr.mq_maxmsg, axi->attr.mq_msgsize, | ||
| 1317 | axi->attr.mq_curmsgs); | ||
| 1318 | break; } | ||
| 1319 | |||
| 1320 | case AUDIT_MQ_SENDRECV: { | ||
| 1321 | struct audit_aux_data_mq_sendrecv *axi = (void *)aux; | ||
| 1322 | audit_log_format(ab, | ||
| 1323 | "mqdes=%d msg_len=%zd msg_prio=%u " | ||
| 1324 | "abs_timeout_sec=%ld abs_timeout_nsec=%ld", | ||
| 1325 | axi->mqdes, axi->msg_len, axi->msg_prio, | ||
| 1326 | axi->abs_timeout.tv_sec, axi->abs_timeout.tv_nsec); | ||
| 1327 | break; } | ||
| 1328 | |||
| 1329 | case AUDIT_MQ_NOTIFY: { | ||
| 1330 | struct audit_aux_data_mq_notify *axi = (void *)aux; | ||
| 1331 | audit_log_format(ab, | ||
| 1332 | "mqdes=%d sigev_signo=%d", | ||
| 1333 | axi->mqdes, | ||
| 1334 | axi->notification.sigev_signo); | ||
| 1335 | break; } | ||
| 1336 | |||
| 1337 | case AUDIT_MQ_GETSETATTR: { | ||
| 1338 | struct audit_aux_data_mq_getsetattr *axi = (void *)aux; | ||
| 1339 | audit_log_format(ab, | ||
| 1340 | "mqdes=%d mq_flags=0x%lx mq_maxmsg=%ld mq_msgsize=%ld " | ||
| 1341 | "mq_curmsgs=%ld ", | ||
| 1342 | axi->mqdes, | ||
| 1343 | axi->mqstat.mq_flags, axi->mqstat.mq_maxmsg, | ||
| 1344 | axi->mqstat.mq_msgsize, axi->mqstat.mq_curmsgs); | ||
| 1345 | break; } | ||
| 1346 | |||
| 1347 | case AUDIT_IPC: { | ||
| 1348 | struct audit_aux_data_ipcctl *axi = (void *)aux; | ||
| 1349 | audit_log_format(ab, | ||
| 1350 | "ouid=%u ogid=%u mode=%#o", | ||
| 1351 | axi->uid, axi->gid, axi->mode); | ||
| 1352 | if (axi->osid != 0) { | ||
| 1353 | char *ctx = NULL; | ||
| 1354 | u32 len; | ||
| 1355 | if (security_secid_to_secctx( | ||
| 1356 | axi->osid, &ctx, &len)) { | ||
| 1357 | audit_log_format(ab, " osid=%u", | ||
| 1358 | axi->osid); | ||
| 1359 | call_panic = 1; | ||
| 1360 | } else { | ||
| 1361 | audit_log_format(ab, " obj=%s", ctx); | ||
| 1362 | security_release_secctx(ctx, len); | ||
| 1363 | } | ||
| 1364 | } | ||
| 1365 | break; } | ||
| 1366 | |||
| 1367 | case AUDIT_IPC_SET_PERM: { | ||
| 1368 | struct audit_aux_data_ipcctl *axi = (void *)aux; | ||
| 1369 | audit_log_format(ab, | ||
| 1370 | "qbytes=%lx ouid=%u ogid=%u mode=%#o", | ||
| 1371 | axi->qbytes, axi->uid, axi->gid, axi->mode); | ||
| 1372 | break; } | ||
| 1373 | 1389 | ||
| 1374 | case AUDIT_EXECVE: { | 1390 | case AUDIT_EXECVE: { |
| 1375 | struct audit_aux_data_execve *axi = (void *)aux; | 1391 | struct audit_aux_data_execve *axi = (void *)aux; |
| 1376 | audit_log_execve_info(context, &ab, axi); | 1392 | audit_log_execve_info(context, &ab, axi); |
| 1377 | break; } | 1393 | break; } |
| 1378 | 1394 | ||
| 1379 | case AUDIT_SOCKETCALL: { | ||
| 1380 | struct audit_aux_data_socketcall *axs = (void *)aux; | ||
| 1381 | audit_log_format(ab, "nargs=%d", axs->nargs); | ||
| 1382 | for (i=0; i<axs->nargs; i++) | ||
| 1383 | audit_log_format(ab, " a%d=%lx", i, axs->args[i]); | ||
| 1384 | break; } | ||
| 1385 | |||
| 1386 | case AUDIT_SOCKADDR: { | ||
| 1387 | struct audit_aux_data_sockaddr *axs = (void *)aux; | ||
| 1388 | |||
| 1389 | audit_log_format(ab, "saddr="); | ||
| 1390 | audit_log_n_hex(ab, axs->a, axs->len); | ||
| 1391 | break; } | ||
| 1392 | |||
| 1393 | case AUDIT_FD_PAIR: { | ||
| 1394 | struct audit_aux_data_fd_pair *axs = (void *)aux; | ||
| 1395 | audit_log_format(ab, "fd0=%d fd1=%d", axs->fd[0], axs->fd[1]); | ||
| 1396 | break; } | ||
| 1397 | |||
| 1398 | case AUDIT_BPRM_FCAPS: { | 1395 | case AUDIT_BPRM_FCAPS: { |
| 1399 | struct audit_aux_data_bprm_fcaps *axs = (void *)aux; | 1396 | struct audit_aux_data_bprm_fcaps *axs = (void *)aux; |
| 1400 | audit_log_format(ab, "fver=%x", axs->fcap_ver); | 1397 | audit_log_format(ab, "fver=%x", axs->fcap_ver); |
| @@ -1409,18 +1406,32 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
| 1409 | audit_log_cap(ab, "new_pe", &axs->new_pcap.effective); | 1406 | audit_log_cap(ab, "new_pe", &axs->new_pcap.effective); |
| 1410 | break; } | 1407 | break; } |
| 1411 | 1408 | ||
| 1412 | case AUDIT_CAPSET: { | ||
| 1413 | struct audit_aux_data_capset *axs = (void *)aux; | ||
| 1414 | audit_log_format(ab, "pid=%d", axs->pid); | ||
| 1415 | audit_log_cap(ab, "cap_pi", &axs->cap.inheritable); | ||
| 1416 | audit_log_cap(ab, "cap_pp", &axs->cap.permitted); | ||
| 1417 | audit_log_cap(ab, "cap_pe", &axs->cap.effective); | ||
| 1418 | break; } | ||
| 1419 | |||
| 1420 | } | 1409 | } |
| 1421 | audit_log_end(ab); | 1410 | audit_log_end(ab); |
| 1422 | } | 1411 | } |
| 1423 | 1412 | ||
| 1413 | if (context->type) | ||
| 1414 | show_special(context, &call_panic); | ||
| 1415 | |||
| 1416 | if (context->fds[0] >= 0) { | ||
| 1417 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_FD_PAIR); | ||
| 1418 | if (ab) { | ||
| 1419 | audit_log_format(ab, "fd0=%d fd1=%d", | ||
| 1420 | context->fds[0], context->fds[1]); | ||
| 1421 | audit_log_end(ab); | ||
| 1422 | } | ||
| 1423 | } | ||
| 1424 | |||
| 1425 | if (context->sockaddr_len) { | ||
| 1426 | ab = audit_log_start(context, GFP_KERNEL, AUDIT_SOCKADDR); | ||
| 1427 | if (ab) { | ||
| 1428 | audit_log_format(ab, "saddr="); | ||
| 1429 | audit_log_n_hex(ab, (void *)context->sockaddr, | ||
| 1430 | context->sockaddr_len); | ||
| 1431 | audit_log_end(ab); | ||
| 1432 | } | ||
| 1433 | } | ||
| 1434 | |||
| 1424 | for (aux = context->aux_pids; aux; aux = aux->next) { | 1435 | for (aux = context->aux_pids; aux; aux = aux->next) { |
| 1425 | struct audit_aux_data_pids *axs = (void *)aux; | 1436 | struct audit_aux_data_pids *axs = (void *)aux; |
| 1426 | 1437 | ||
| @@ -1536,7 +1547,7 @@ void audit_free(struct task_struct *tsk) | |||
| 1536 | * We use GFP_ATOMIC here because we might be doing this | 1547 | * We use GFP_ATOMIC here because we might be doing this |
| 1537 | * in the context of the idle thread */ | 1548 | * in the context of the idle thread */ |
| 1538 | /* that can happen only if we are called from do_exit() */ | 1549 | /* that can happen only if we are called from do_exit() */ |
| 1539 | if (context->in_syscall && context->auditable) | 1550 | if (context->in_syscall && context->current_state == AUDIT_RECORD_CONTEXT) |
| 1540 | audit_log_exit(context, tsk); | 1551 | audit_log_exit(context, tsk); |
| 1541 | 1552 | ||
| 1542 | audit_free_context(context); | 1553 | audit_free_context(context); |
| @@ -1620,15 +1631,17 @@ void audit_syscall_entry(int arch, int major, | |||
| 1620 | 1631 | ||
| 1621 | state = context->state; | 1632 | state = context->state; |
| 1622 | context->dummy = !audit_n_rules; | 1633 | context->dummy = !audit_n_rules; |
| 1623 | if (!context->dummy && (state == AUDIT_SETUP_CONTEXT || state == AUDIT_BUILD_CONTEXT)) | 1634 | if (!context->dummy && state == AUDIT_BUILD_CONTEXT) { |
| 1635 | context->prio = 0; | ||
| 1624 | state = audit_filter_syscall(tsk, context, &audit_filter_list[AUDIT_FILTER_ENTRY]); | 1636 | state = audit_filter_syscall(tsk, context, &audit_filter_list[AUDIT_FILTER_ENTRY]); |
| 1637 | } | ||
| 1625 | if (likely(state == AUDIT_DISABLED)) | 1638 | if (likely(state == AUDIT_DISABLED)) |
| 1626 | return; | 1639 | return; |
| 1627 | 1640 | ||
| 1628 | context->serial = 0; | 1641 | context->serial = 0; |
| 1629 | context->ctime = CURRENT_TIME; | 1642 | context->ctime = CURRENT_TIME; |
| 1630 | context->in_syscall = 1; | 1643 | context->in_syscall = 1; |
| 1631 | context->auditable = !!(state == AUDIT_RECORD_CONTEXT); | 1644 | context->current_state = state; |
| 1632 | context->ppid = 0; | 1645 | context->ppid = 0; |
| 1633 | } | 1646 | } |
| 1634 | 1647 | ||
| @@ -1636,17 +1649,20 @@ void audit_finish_fork(struct task_struct *child) | |||
| 1636 | { | 1649 | { |
| 1637 | struct audit_context *ctx = current->audit_context; | 1650 | struct audit_context *ctx = current->audit_context; |
| 1638 | struct audit_context *p = child->audit_context; | 1651 | struct audit_context *p = child->audit_context; |
| 1639 | if (!p || !ctx || !ctx->auditable) | 1652 | if (!p || !ctx) |
| 1653 | return; | ||
| 1654 | if (!ctx->in_syscall || ctx->current_state != AUDIT_RECORD_CONTEXT) | ||
| 1640 | return; | 1655 | return; |
| 1641 | p->arch = ctx->arch; | 1656 | p->arch = ctx->arch; |
| 1642 | p->major = ctx->major; | 1657 | p->major = ctx->major; |
| 1643 | memcpy(p->argv, ctx->argv, sizeof(ctx->argv)); | 1658 | memcpy(p->argv, ctx->argv, sizeof(ctx->argv)); |
| 1644 | p->ctime = ctx->ctime; | 1659 | p->ctime = ctx->ctime; |
| 1645 | p->dummy = ctx->dummy; | 1660 | p->dummy = ctx->dummy; |
| 1646 | p->auditable = ctx->auditable; | ||
| 1647 | p->in_syscall = ctx->in_syscall; | 1661 | p->in_syscall = ctx->in_syscall; |
| 1648 | p->filterkey = kstrdup(ctx->filterkey, GFP_KERNEL); | 1662 | p->filterkey = kstrdup(ctx->filterkey, GFP_KERNEL); |
| 1649 | p->ppid = current->pid; | 1663 | p->ppid = current->pid; |
| 1664 | p->prio = ctx->prio; | ||
| 1665 | p->current_state = ctx->current_state; | ||
| 1650 | } | 1666 | } |
| 1651 | 1667 | ||
| 1652 | /** | 1668 | /** |
| @@ -1670,11 +1686,11 @@ void audit_syscall_exit(int valid, long return_code) | |||
| 1670 | if (likely(!context)) | 1686 | if (likely(!context)) |
| 1671 | return; | 1687 | return; |
| 1672 | 1688 | ||
| 1673 | if (context->in_syscall && context->auditable) | 1689 | if (context->in_syscall && context->current_state == AUDIT_RECORD_CONTEXT) |
| 1674 | audit_log_exit(context, tsk); | 1690 | audit_log_exit(context, tsk); |
| 1675 | 1691 | ||
| 1676 | context->in_syscall = 0; | 1692 | context->in_syscall = 0; |
| 1677 | context->auditable = 0; | 1693 | context->prio = context->state == AUDIT_RECORD_CONTEXT ? ~0ULL : 0; |
| 1678 | 1694 | ||
| 1679 | if (context->previous) { | 1695 | if (context->previous) { |
| 1680 | struct audit_context *new_context = context->previous; | 1696 | struct audit_context *new_context = context->previous; |
| @@ -1689,8 +1705,13 @@ void audit_syscall_exit(int valid, long return_code) | |||
| 1689 | context->aux_pids = NULL; | 1705 | context->aux_pids = NULL; |
| 1690 | context->target_pid = 0; | 1706 | context->target_pid = 0; |
| 1691 | context->target_sid = 0; | 1707 | context->target_sid = 0; |
| 1692 | kfree(context->filterkey); | 1708 | context->sockaddr_len = 0; |
| 1693 | context->filterkey = NULL; | 1709 | context->type = 0; |
| 1710 | context->fds[0] = -1; | ||
| 1711 | if (context->state != AUDIT_RECORD_CONTEXT) { | ||
| 1712 | kfree(context->filterkey); | ||
| 1713 | context->filterkey = NULL; | ||
| 1714 | } | ||
| 1694 | tsk->audit_context = context; | 1715 | tsk->audit_context = context; |
| 1695 | } | 1716 | } |
| 1696 | } | 1717 | } |
| @@ -2081,7 +2102,10 @@ int auditsc_get_stamp(struct audit_context *ctx, | |||
| 2081 | t->tv_sec = ctx->ctime.tv_sec; | 2102 | t->tv_sec = ctx->ctime.tv_sec; |
| 2082 | t->tv_nsec = ctx->ctime.tv_nsec; | 2103 | t->tv_nsec = ctx->ctime.tv_nsec; |
| 2083 | *serial = ctx->serial; | 2104 | *serial = ctx->serial; |
| 2084 | ctx->auditable = 1; | 2105 | if (!ctx->prio) { |
| 2106 | ctx->prio = 1; | ||
| 2107 | ctx->current_state = AUDIT_RECORD_CONTEXT; | ||
| 2108 | } | ||
| 2085 | return 1; | 2109 | return 1; |
| 2086 | } | 2110 | } |
| 2087 | 2111 | ||
| @@ -2127,132 +2151,46 @@ int audit_set_loginuid(struct task_struct *task, uid_t loginuid) | |||
| 2127 | * @mode: mode bits | 2151 | * @mode: mode bits |
| 2128 | * @u_attr: queue attributes | 2152 | * @u_attr: queue attributes |
| 2129 | * | 2153 | * |
| 2130 | * Returns 0 for success or NULL context or < 0 on error. | ||
| 2131 | */ | 2154 | */ |
| 2132 | int __audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr) | 2155 | void __audit_mq_open(int oflag, mode_t mode, struct mq_attr *attr) |
| 2133 | { | 2156 | { |
| 2134 | struct audit_aux_data_mq_open *ax; | ||
| 2135 | struct audit_context *context = current->audit_context; | 2157 | struct audit_context *context = current->audit_context; |
| 2136 | 2158 | ||
| 2137 | if (!audit_enabled) | 2159 | if (attr) |
| 2138 | return 0; | 2160 | memcpy(&context->mq_open.attr, attr, sizeof(struct mq_attr)); |
| 2139 | 2161 | else | |
| 2140 | if (likely(!context)) | 2162 | memset(&context->mq_open.attr, 0, sizeof(struct mq_attr)); |
| 2141 | return 0; | ||
| 2142 | |||
| 2143 | ax = kmalloc(sizeof(*ax), GFP_ATOMIC); | ||
| 2144 | if (!ax) | ||
| 2145 | return -ENOMEM; | ||
| 2146 | |||
| 2147 | if (u_attr != NULL) { | ||
| 2148 | if (copy_from_user(&ax->attr, u_attr, sizeof(ax->attr))) { | ||
| 2149 | kfree(ax); | ||
| 2150 | return -EFAULT; | ||
| 2151 | } | ||
| 2152 | } else | ||
| 2153 | memset(&ax->attr, 0, sizeof(ax->attr)); | ||
| 2154 | 2163 | ||
| 2155 | ax->oflag = oflag; | 2164 | context->mq_open.oflag = oflag; |
| 2156 | ax->mode = mode; | 2165 | context->mq_open.mode = mode; |
| 2157 | 2166 | ||
| 2158 | ax->d.type = AUDIT_MQ_OPEN; | 2167 | context->type = AUDIT_MQ_OPEN; |
| 2159 | ax->d.next = context->aux; | ||
| 2160 | context->aux = (void *)ax; | ||
| 2161 | return 0; | ||
| 2162 | } | 2168 | } |
| 2163 | 2169 | ||
| 2164 | /** | 2170 | /** |
| 2165 | * __audit_mq_timedsend - record audit data for a POSIX MQ timed send | 2171 | * __audit_mq_sendrecv - record audit data for a POSIX MQ timed send/receive |
| 2166 | * @mqdes: MQ descriptor | 2172 | * @mqdes: MQ descriptor |
| 2167 | * @msg_len: Message length | 2173 | * @msg_len: Message length |
| 2168 | * @msg_prio: Message priority | 2174 | * @msg_prio: Message priority |
| 2169 | * @u_abs_timeout: Message timeout in absolute time | 2175 | * @abs_timeout: Message timeout in absolute time |
| 2170 | * | 2176 | * |
| 2171 | * Returns 0 for success or NULL context or < 0 on error. | ||
| 2172 | */ | 2177 | */ |
| 2173 | int __audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, | 2178 | void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, |
| 2174 | const struct timespec __user *u_abs_timeout) | 2179 | const struct timespec *abs_timeout) |
| 2175 | { | 2180 | { |
| 2176 | struct audit_aux_data_mq_sendrecv *ax; | ||
| 2177 | struct audit_context *context = current->audit_context; | 2181 | struct audit_context *context = current->audit_context; |
| 2182 | struct timespec *p = &context->mq_sendrecv.abs_timeout; | ||
| 2178 | 2183 | ||
| 2179 | if (!audit_enabled) | 2184 | if (abs_timeout) |
| 2180 | return 0; | 2185 | memcpy(p, abs_timeout, sizeof(struct timespec)); |
| 2181 | 2186 | else | |
| 2182 | if (likely(!context)) | 2187 | memset(p, 0, sizeof(struct timespec)); |
| 2183 | return 0; | ||
| 2184 | |||
| 2185 | ax = kmalloc(sizeof(*ax), GFP_ATOMIC); | ||
| 2186 | if (!ax) | ||
| 2187 | return -ENOMEM; | ||
| 2188 | |||
| 2189 | if (u_abs_timeout != NULL) { | ||
| 2190 | if (copy_from_user(&ax->abs_timeout, u_abs_timeout, sizeof(ax->abs_timeout))) { | ||
| 2191 | kfree(ax); | ||
| 2192 | return -EFAULT; | ||
| 2193 | } | ||
| 2194 | } else | ||
| 2195 | memset(&ax->abs_timeout, 0, sizeof(ax->abs_timeout)); | ||
| 2196 | |||
| 2197 | ax->mqdes = mqdes; | ||
| 2198 | ax->msg_len = msg_len; | ||
| 2199 | ax->msg_prio = msg_prio; | ||
| 2200 | |||
| 2201 | ax->d.type = AUDIT_MQ_SENDRECV; | ||
| 2202 | ax->d.next = context->aux; | ||
| 2203 | context->aux = (void *)ax; | ||
| 2204 | return 0; | ||
| 2205 | } | ||
| 2206 | |||
| 2207 | /** | ||
| 2208 | * __audit_mq_timedreceive - record audit data for a POSIX MQ timed receive | ||
| 2209 | * @mqdes: MQ descriptor | ||
| 2210 | * @msg_len: Message length | ||
| 2211 | * @u_msg_prio: Message priority | ||
| 2212 | * @u_abs_timeout: Message timeout in absolute time | ||
| 2213 | * | ||
| 2214 | * Returns 0 for success or NULL context or < 0 on error. | ||
| 2215 | */ | ||
| 2216 | int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, | ||
| 2217 | unsigned int __user *u_msg_prio, | ||
| 2218 | const struct timespec __user *u_abs_timeout) | ||
| 2219 | { | ||
| 2220 | struct audit_aux_data_mq_sendrecv *ax; | ||
| 2221 | struct audit_context *context = current->audit_context; | ||
| 2222 | |||
| 2223 | if (!audit_enabled) | ||
| 2224 | return 0; | ||
| 2225 | |||
| 2226 | if (likely(!context)) | ||
| 2227 | return 0; | ||
| 2228 | |||
| 2229 | ax = kmalloc(sizeof(*ax), GFP_ATOMIC); | ||
| 2230 | if (!ax) | ||
| 2231 | return -ENOMEM; | ||
| 2232 | |||
| 2233 | if (u_msg_prio != NULL) { | ||
| 2234 | if (get_user(ax->msg_prio, u_msg_prio)) { | ||
| 2235 | kfree(ax); | ||
| 2236 | return -EFAULT; | ||
| 2237 | } | ||
| 2238 | } else | ||
| 2239 | ax->msg_prio = 0; | ||
| 2240 | |||
| 2241 | if (u_abs_timeout != NULL) { | ||
| 2242 | if (copy_from_user(&ax->abs_timeout, u_abs_timeout, sizeof(ax->abs_timeout))) { | ||
| 2243 | kfree(ax); | ||
| 2244 | return -EFAULT; | ||
| 2245 | } | ||
| 2246 | } else | ||
| 2247 | memset(&ax->abs_timeout, 0, sizeof(ax->abs_timeout)); | ||
| 2248 | 2188 | ||
| 2249 | ax->mqdes = mqdes; | 2189 | context->mq_sendrecv.mqdes = mqdes; |
| 2250 | ax->msg_len = msg_len; | 2190 | context->mq_sendrecv.msg_len = msg_len; |
| 2191 | context->mq_sendrecv.msg_prio = msg_prio; | ||
| 2251 | 2192 | ||
| 2252 | ax->d.type = AUDIT_MQ_SENDRECV; | 2193 | context->type = AUDIT_MQ_SENDRECV; |
| 2253 | ax->d.next = context->aux; | ||
| 2254 | context->aux = (void *)ax; | ||
| 2255 | return 0; | ||
| 2256 | } | 2194 | } |
| 2257 | 2195 | ||
| 2258 | /** | 2196 | /** |
| @@ -2260,38 +2198,19 @@ int __audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, | |||
| 2260 | * @mqdes: MQ descriptor | 2198 | * @mqdes: MQ descriptor |
| 2261 | * @u_notification: Notification event | 2199 | * @u_notification: Notification event |
| 2262 | * | 2200 | * |
| 2263 | * Returns 0 for success or NULL context or < 0 on error. | ||
| 2264 | */ | 2201 | */ |
| 2265 | 2202 | ||
| 2266 | int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification) | 2203 | void __audit_mq_notify(mqd_t mqdes, const struct sigevent *notification) |
| 2267 | { | 2204 | { |
| 2268 | struct audit_aux_data_mq_notify *ax; | ||
| 2269 | struct audit_context *context = current->audit_context; | 2205 | struct audit_context *context = current->audit_context; |
| 2270 | 2206 | ||
| 2271 | if (!audit_enabled) | 2207 | if (notification) |
| 2272 | return 0; | 2208 | context->mq_notify.sigev_signo = notification->sigev_signo; |
| 2273 | 2209 | else | |
| 2274 | if (likely(!context)) | 2210 | context->mq_notify.sigev_signo = 0; |
| 2275 | return 0; | ||
| 2276 | |||
| 2277 | ax = kmalloc(sizeof(*ax), GFP_ATOMIC); | ||
| 2278 | if (!ax) | ||
| 2279 | return -ENOMEM; | ||
| 2280 | |||
| 2281 | if (u_notification != NULL) { | ||
| 2282 | if (copy_from_user(&ax->notification, u_notification, sizeof(ax->notification))) { | ||
| 2283 | kfree(ax); | ||
| 2284 | return -EFAULT; | ||
| 2285 | } | ||
| 2286 | } else | ||
| 2287 | memset(&ax->notification, 0, sizeof(ax->notification)); | ||
| 2288 | |||
| 2289 | ax->mqdes = mqdes; | ||
| 2290 | 2211 | ||
| 2291 | ax->d.type = AUDIT_MQ_NOTIFY; | 2212 | context->mq_notify.mqdes = mqdes; |
| 2292 | ax->d.next = context->aux; | 2213 | context->type = AUDIT_MQ_NOTIFY; |
| 2293 | context->aux = (void *)ax; | ||
| 2294 | return 0; | ||
| 2295 | } | 2214 | } |
| 2296 | 2215 | ||
| 2297 | /** | 2216 | /** |
| @@ -2299,55 +2218,29 @@ int __audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification) | |||
| 2299 | * @mqdes: MQ descriptor | 2218 | * @mqdes: MQ descriptor |
| 2300 | * @mqstat: MQ flags | 2219 | * @mqstat: MQ flags |
| 2301 | * | 2220 | * |
| 2302 | * Returns 0 for success or NULL context or < 0 on error. | ||
| 2303 | */ | 2221 | */ |
| 2304 | int __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) | 2222 | void __audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) |
| 2305 | { | 2223 | { |
| 2306 | struct audit_aux_data_mq_getsetattr *ax; | ||
| 2307 | struct audit_context *context = current->audit_context; | 2224 | struct audit_context *context = current->audit_context; |
| 2308 | 2225 | context->mq_getsetattr.mqdes = mqdes; | |
| 2309 | if (!audit_enabled) | 2226 | context->mq_getsetattr.mqstat = *mqstat; |
| 2310 | return 0; | 2227 | context->type = AUDIT_MQ_GETSETATTR; |
| 2311 | |||
| 2312 | if (likely(!context)) | ||
| 2313 | return 0; | ||
| 2314 | |||
| 2315 | ax = kmalloc(sizeof(*ax), GFP_ATOMIC); | ||
| 2316 | if (!ax) | ||
| 2317 | return -ENOMEM; | ||
| 2318 | |||
| 2319 | ax->mqdes = mqdes; | ||
| 2320 | ax->mqstat = *mqstat; | ||
| 2321 | |||
| 2322 | ax->d.type = AUDIT_MQ_GETSETATTR; | ||
| 2323 | ax->d.next = context->aux; | ||
| 2324 | context->aux = (void *)ax; | ||
| 2325 | return 0; | ||
| 2326 | } | 2228 | } |
| 2327 | 2229 | ||
| 2328 | /** | 2230 | /** |
| 2329 | * audit_ipc_obj - record audit data for ipc object | 2231 | * audit_ipc_obj - record audit data for ipc object |
| 2330 | * @ipcp: ipc permissions | 2232 | * @ipcp: ipc permissions |
| 2331 | * | 2233 | * |
| 2332 | * Returns 0 for success or NULL context or < 0 on error. | ||
| 2333 | */ | 2234 | */ |
| 2334 | int __audit_ipc_obj(struct kern_ipc_perm *ipcp) | 2235 | void __audit_ipc_obj(struct kern_ipc_perm *ipcp) |
| 2335 | { | 2236 | { |
| 2336 | struct audit_aux_data_ipcctl *ax; | ||
| 2337 | struct audit_context *context = current->audit_context; | 2237 | struct audit_context *context = current->audit_context; |
| 2338 | 2238 | context->ipc.uid = ipcp->uid; | |
| 2339 | ax = kmalloc(sizeof(*ax), GFP_ATOMIC); | 2239 | context->ipc.gid = ipcp->gid; |
| 2340 | if (!ax) | 2240 | context->ipc.mode = ipcp->mode; |
| 2341 | return -ENOMEM; | 2241 | context->ipc.has_perm = 0; |
| 2342 | 2242 | security_ipc_getsecid(ipcp, &context->ipc.osid); | |
| 2343 | ax->uid = ipcp->uid; | 2243 | context->type = AUDIT_IPC; |
| 2344 | ax->gid = ipcp->gid; | ||
| 2345 | ax->mode = ipcp->mode; | ||
| 2346 | security_ipc_getsecid(ipcp, &ax->osid); | ||
| 2347 | ax->d.type = AUDIT_IPC; | ||
| 2348 | ax->d.next = context->aux; | ||
| 2349 | context->aux = (void *)ax; | ||
| 2350 | return 0; | ||
| 2351 | } | 2244 | } |
| 2352 | 2245 | ||
| 2353 | /** | 2246 | /** |
| @@ -2357,26 +2250,17 @@ int __audit_ipc_obj(struct kern_ipc_perm *ipcp) | |||
| 2357 | * @gid: msgq group id | 2250 | * @gid: msgq group id |
| 2358 | * @mode: msgq mode (permissions) | 2251 | * @mode: msgq mode (permissions) |
| 2359 | * | 2252 | * |
| 2360 | * Returns 0 for success or NULL context or < 0 on error. | 2253 | * Called only after audit_ipc_obj(). |
| 2361 | */ | 2254 | */ |
| 2362 | int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode) | 2255 | void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode) |
| 2363 | { | 2256 | { |
| 2364 | struct audit_aux_data_ipcctl *ax; | ||
| 2365 | struct audit_context *context = current->audit_context; | 2257 | struct audit_context *context = current->audit_context; |
| 2366 | 2258 | ||
| 2367 | ax = kmalloc(sizeof(*ax), GFP_ATOMIC); | 2259 | context->ipc.qbytes = qbytes; |
| 2368 | if (!ax) | 2260 | context->ipc.perm_uid = uid; |
| 2369 | return -ENOMEM; | 2261 | context->ipc.perm_gid = gid; |
| 2370 | 2262 | context->ipc.perm_mode = mode; | |
| 2371 | ax->qbytes = qbytes; | 2263 | context->ipc.has_perm = 1; |
| 2372 | ax->uid = uid; | ||
| 2373 | ax->gid = gid; | ||
| 2374 | ax->mode = mode; | ||
| 2375 | |||
| 2376 | ax->d.type = AUDIT_IPC_SET_PERM; | ||
| 2377 | ax->d.next = context->aux; | ||
| 2378 | context->aux = (void *)ax; | ||
| 2379 | return 0; | ||
| 2380 | } | 2264 | } |
| 2381 | 2265 | ||
| 2382 | int audit_bprm(struct linux_binprm *bprm) | 2266 | int audit_bprm(struct linux_binprm *bprm) |
| @@ -2406,27 +2290,17 @@ int audit_bprm(struct linux_binprm *bprm) | |||
| 2406 | * @nargs: number of args | 2290 | * @nargs: number of args |
| 2407 | * @args: args array | 2291 | * @args: args array |
| 2408 | * | 2292 | * |
| 2409 | * Returns 0 for success or NULL context or < 0 on error. | ||
| 2410 | */ | 2293 | */ |
| 2411 | int audit_socketcall(int nargs, unsigned long *args) | 2294 | void audit_socketcall(int nargs, unsigned long *args) |
| 2412 | { | 2295 | { |
| 2413 | struct audit_aux_data_socketcall *ax; | ||
| 2414 | struct audit_context *context = current->audit_context; | 2296 | struct audit_context *context = current->audit_context; |
| 2415 | 2297 | ||
| 2416 | if (likely(!context || context->dummy)) | 2298 | if (likely(!context || context->dummy)) |
| 2417 | return 0; | 2299 | return; |
| 2418 | |||
| 2419 | ax = kmalloc(sizeof(*ax) + nargs * sizeof(unsigned long), GFP_KERNEL); | ||
| 2420 | if (!ax) | ||
| 2421 | return -ENOMEM; | ||
| 2422 | |||
| 2423 | ax->nargs = nargs; | ||
| 2424 | memcpy(ax->args, args, nargs * sizeof(unsigned long)); | ||
| 2425 | 2300 | ||
| 2426 | ax->d.type = AUDIT_SOCKETCALL; | 2301 | context->type = AUDIT_SOCKETCALL; |
| 2427 | ax->d.next = context->aux; | 2302 | context->socketcall.nargs = nargs; |
| 2428 | context->aux = (void *)ax; | 2303 | memcpy(context->socketcall.args, args, nargs * sizeof(unsigned long)); |
| 2429 | return 0; | ||
| 2430 | } | 2304 | } |
| 2431 | 2305 | ||
| 2432 | /** | 2306 | /** |
| @@ -2434,29 +2308,12 @@ int audit_socketcall(int nargs, unsigned long *args) | |||
| 2434 | * @fd1: the first file descriptor | 2308 | * @fd1: the first file descriptor |
| 2435 | * @fd2: the second file descriptor | 2309 | * @fd2: the second file descriptor |
| 2436 | * | 2310 | * |
| 2437 | * Returns 0 for success or NULL context or < 0 on error. | ||
| 2438 | */ | 2311 | */ |
| 2439 | int __audit_fd_pair(int fd1, int fd2) | 2312 | void __audit_fd_pair(int fd1, int fd2) |
| 2440 | { | 2313 | { |
| 2441 | struct audit_context *context = current->audit_context; | 2314 | struct audit_context *context = current->audit_context; |
| 2442 | struct audit_aux_data_fd_pair *ax; | 2315 | context->fds[0] = fd1; |
| 2443 | 2316 | context->fds[1] = fd2; | |
| 2444 | if (likely(!context)) { | ||
| 2445 | return 0; | ||
| 2446 | } | ||
| 2447 | |||
| 2448 | ax = kmalloc(sizeof(*ax), GFP_KERNEL); | ||
| 2449 | if (!ax) { | ||
| 2450 | return -ENOMEM; | ||
| 2451 | } | ||
| 2452 | |||
| 2453 | ax->fd[0] = fd1; | ||
| 2454 | ax->fd[1] = fd2; | ||
| 2455 | |||
| 2456 | ax->d.type = AUDIT_FD_PAIR; | ||
| 2457 | ax->d.next = context->aux; | ||
| 2458 | context->aux = (void *)ax; | ||
| 2459 | return 0; | ||
| 2460 | } | 2317 | } |
| 2461 | 2318 | ||
| 2462 | /** | 2319 | /** |
| @@ -2468,22 +2325,20 @@ int __audit_fd_pair(int fd1, int fd2) | |||
| 2468 | */ | 2325 | */ |
| 2469 | int audit_sockaddr(int len, void *a) | 2326 | int audit_sockaddr(int len, void *a) |
| 2470 | { | 2327 | { |
| 2471 | struct audit_aux_data_sockaddr *ax; | ||
| 2472 | struct audit_context *context = current->audit_context; | 2328 | struct audit_context *context = current->audit_context; |
| 2473 | 2329 | ||
| 2474 | if (likely(!context || context->dummy)) | 2330 | if (likely(!context || context->dummy)) |
| 2475 | return 0; | 2331 | return 0; |
| 2476 | 2332 | ||
| 2477 | ax = kmalloc(sizeof(*ax) + len, GFP_KERNEL); | 2333 | if (!context->sockaddr) { |
| 2478 | if (!ax) | 2334 | void *p = kmalloc(sizeof(struct sockaddr_storage), GFP_KERNEL); |
| 2479 | return -ENOMEM; | 2335 | if (!p) |
| 2480 | 2336 | return -ENOMEM; | |
| 2481 | ax->len = len; | 2337 | context->sockaddr = p; |
| 2482 | memcpy(ax->a, a, len); | 2338 | } |
| 2483 | 2339 | ||
| 2484 | ax->d.type = AUDIT_SOCKADDR; | 2340 | context->sockaddr_len = len; |
| 2485 | ax->d.next = context->aux; | 2341 | memcpy(context->sockaddr, a, len); |
| 2486 | context->aux = (void *)ax; | ||
| 2487 | return 0; | 2342 | return 0; |
| 2488 | } | 2343 | } |
| 2489 | 2344 | ||
| @@ -2617,29 +2472,15 @@ int __audit_log_bprm_fcaps(struct linux_binprm *bprm, | |||
| 2617 | * Record the aguments userspace sent to sys_capset for later printing by the | 2472 | * Record the aguments userspace sent to sys_capset for later printing by the |
| 2618 | * audit system if applicable | 2473 | * audit system if applicable |
| 2619 | */ | 2474 | */ |
| 2620 | int __audit_log_capset(pid_t pid, | 2475 | void __audit_log_capset(pid_t pid, |
| 2621 | const struct cred *new, const struct cred *old) | 2476 | const struct cred *new, const struct cred *old) |
| 2622 | { | 2477 | { |
| 2623 | struct audit_aux_data_capset *ax; | ||
| 2624 | struct audit_context *context = current->audit_context; | 2478 | struct audit_context *context = current->audit_context; |
| 2625 | 2479 | context->capset.pid = pid; | |
| 2626 | if (likely(!audit_enabled || !context || context->dummy)) | 2480 | context->capset.cap.effective = new->cap_effective; |
| 2627 | return 0; | 2481 | context->capset.cap.inheritable = new->cap_effective; |
| 2628 | 2482 | context->capset.cap.permitted = new->cap_permitted; | |
| 2629 | ax = kmalloc(sizeof(*ax), GFP_KERNEL); | 2483 | context->type = AUDIT_CAPSET; |
| 2630 | if (!ax) | ||
| 2631 | return -ENOMEM; | ||
| 2632 | |||
| 2633 | ax->d.type = AUDIT_CAPSET; | ||
| 2634 | ax->d.next = context->aux; | ||
| 2635 | context->aux = (void *)ax; | ||
| 2636 | |||
| 2637 | ax->pid = pid; | ||
| 2638 | ax->cap.effective = new->cap_effective; | ||
| 2639 | ax->cap.inheritable = new->cap_effective; | ||
| 2640 | ax->cap.permitted = new->cap_permitted; | ||
| 2641 | |||
| 2642 | return 0; | ||
| 2643 | } | 2484 | } |
| 2644 | 2485 | ||
| 2645 | /** | 2486 | /** |