diff options
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r-- | kernel/auditsc.c | 42 |
1 files changed, 21 insertions, 21 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index ae8ef88ade3f..bc1e2d854bf6 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -2546,18 +2546,17 @@ int __audit_signal_info(int sig, struct task_struct *t) | |||
2546 | 2546 | ||
2547 | /** | 2547 | /** |
2548 | * __audit_log_bprm_fcaps - store information about a loading bprm and relevant fcaps | 2548 | * __audit_log_bprm_fcaps - store information about a loading bprm and relevant fcaps |
2549 | * @bprm pointer to the bprm being processed | 2549 | * @bprm: pointer to the bprm being processed |
2550 | * @caps the caps read from the disk | 2550 | * @new: the proposed new credentials |
2551 | * @old: the old credentials | ||
2551 | * | 2552 | * |
2552 | * Simply check if the proc already has the caps given by the file and if not | 2553 | * Simply check if the proc already has the caps given by the file and if not |
2553 | * store the priv escalation info for later auditing at the end of the syscall | 2554 | * store the priv escalation info for later auditing at the end of the syscall |
2554 | * | 2555 | * |
2555 | * this can fail and we don't care. See the note in audit.h for | ||
2556 | * audit_log_bprm_fcaps() for my explaination.... | ||
2557 | * | ||
2558 | * -Eric | 2556 | * -Eric |
2559 | */ | 2557 | */ |
2560 | void __audit_log_bprm_fcaps(struct linux_binprm *bprm, kernel_cap_t *pP, kernel_cap_t *pE) | 2558 | int __audit_log_bprm_fcaps(struct linux_binprm *bprm, |
2559 | const struct cred *new, const struct cred *old) | ||
2561 | { | 2560 | { |
2562 | struct audit_aux_data_bprm_fcaps *ax; | 2561 | struct audit_aux_data_bprm_fcaps *ax; |
2563 | struct audit_context *context = current->audit_context; | 2562 | struct audit_context *context = current->audit_context; |
@@ -2566,7 +2565,7 @@ void __audit_log_bprm_fcaps(struct linux_binprm *bprm, kernel_cap_t *pP, kernel_ | |||
2566 | 2565 | ||
2567 | ax = kmalloc(sizeof(*ax), GFP_KERNEL); | 2566 | ax = kmalloc(sizeof(*ax), GFP_KERNEL); |
2568 | if (!ax) | 2567 | if (!ax) |
2569 | return; | 2568 | return -ENOMEM; |
2570 | 2569 | ||
2571 | ax->d.type = AUDIT_BPRM_FCAPS; | 2570 | ax->d.type = AUDIT_BPRM_FCAPS; |
2572 | ax->d.next = context->aux; | 2571 | ax->d.next = context->aux; |
@@ -2581,26 +2580,27 @@ void __audit_log_bprm_fcaps(struct linux_binprm *bprm, kernel_cap_t *pP, kernel_ | |||
2581 | ax->fcap.fE = !!(vcaps.magic_etc & VFS_CAP_FLAGS_EFFECTIVE); | 2580 | ax->fcap.fE = !!(vcaps.magic_etc & VFS_CAP_FLAGS_EFFECTIVE); |
2582 | ax->fcap_ver = (vcaps.magic_etc & VFS_CAP_REVISION_MASK) >> VFS_CAP_REVISION_SHIFT; | 2581 | ax->fcap_ver = (vcaps.magic_etc & VFS_CAP_REVISION_MASK) >> VFS_CAP_REVISION_SHIFT; |
2583 | 2582 | ||
2584 | ax->old_pcap.permitted = *pP; | 2583 | ax->old_pcap.permitted = old->cap_permitted; |
2585 | ax->old_pcap.inheritable = current->cred->cap_inheritable; | 2584 | ax->old_pcap.inheritable = old->cap_inheritable; |
2586 | ax->old_pcap.effective = *pE; | 2585 | ax->old_pcap.effective = old->cap_effective; |
2587 | 2586 | ||
2588 | ax->new_pcap.permitted = current->cred->cap_permitted; | 2587 | ax->new_pcap.permitted = new->cap_permitted; |
2589 | ax->new_pcap.inheritable = current->cred->cap_inheritable; | 2588 | ax->new_pcap.inheritable = new->cap_inheritable; |
2590 | ax->new_pcap.effective = current->cred->cap_effective; | 2589 | ax->new_pcap.effective = new->cap_effective; |
2590 | return 0; | ||
2591 | } | 2591 | } |
2592 | 2592 | ||
2593 | /** | 2593 | /** |
2594 | * __audit_log_capset - store information about the arguments to the capset syscall | 2594 | * __audit_log_capset - store information about the arguments to the capset syscall |
2595 | * @pid target pid of the capset call | 2595 | * @pid: target pid of the capset call |
2596 | * @eff effective cap set | 2596 | * @new: the new credentials |
2597 | * @inh inheritible cap set | 2597 | * @old: the old (current) credentials |
2598 | * @perm permited cap set | ||
2599 | * | 2598 | * |
2600 | * Record the aguments userspace sent to sys_capset for later printing by the | 2599 | * Record the aguments userspace sent to sys_capset for later printing by the |
2601 | * audit system if applicable | 2600 | * audit system if applicable |
2602 | */ | 2601 | */ |
2603 | int __audit_log_capset(pid_t pid, kernel_cap_t *eff, kernel_cap_t *inh, kernel_cap_t *perm) | 2602 | int __audit_log_capset(pid_t pid, |
2603 | const struct cred *new, const struct cred *old) | ||
2604 | { | 2604 | { |
2605 | struct audit_aux_data_capset *ax; | 2605 | struct audit_aux_data_capset *ax; |
2606 | struct audit_context *context = current->audit_context; | 2606 | struct audit_context *context = current->audit_context; |
@@ -2617,9 +2617,9 @@ int __audit_log_capset(pid_t pid, kernel_cap_t *eff, kernel_cap_t *inh, kernel_c | |||
2617 | context->aux = (void *)ax; | 2617 | context->aux = (void *)ax; |
2618 | 2618 | ||
2619 | ax->pid = pid; | 2619 | ax->pid = pid; |
2620 | ax->cap.effective = *eff; | 2620 | ax->cap.effective = new->cap_effective; |
2621 | ax->cap.inheritable = *eff; | 2621 | ax->cap.inheritable = new->cap_effective; |
2622 | ax->cap.permitted = *perm; | 2622 | ax->cap.permitted = new->cap_permitted; |
2623 | 2623 | ||
2624 | return 0; | 2624 | return 0; |
2625 | } | 2625 | } |