aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/auditsc.c
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r--kernel/auditsc.c42
1 files changed, 21 insertions, 21 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index ae8ef88ade3f..bc1e2d854bf6 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -2546,18 +2546,17 @@ int __audit_signal_info(int sig, struct task_struct *t)
2546 2546
2547/** 2547/**
2548 * __audit_log_bprm_fcaps - store information about a loading bprm and relevant fcaps 2548 * __audit_log_bprm_fcaps - store information about a loading bprm and relevant fcaps
2549 * @bprm pointer to the bprm being processed 2549 * @bprm: pointer to the bprm being processed
2550 * @caps the caps read from the disk 2550 * @new: the proposed new credentials
2551 * @old: the old credentials
2551 * 2552 *
2552 * Simply check if the proc already has the caps given by the file and if not 2553 * Simply check if the proc already has the caps given by the file and if not
2553 * store the priv escalation info for later auditing at the end of the syscall 2554 * store the priv escalation info for later auditing at the end of the syscall
2554 * 2555 *
2555 * this can fail and we don't care. See the note in audit.h for
2556 * audit_log_bprm_fcaps() for my explaination....
2557 *
2558 * -Eric 2556 * -Eric
2559 */ 2557 */
2560void __audit_log_bprm_fcaps(struct linux_binprm *bprm, kernel_cap_t *pP, kernel_cap_t *pE) 2558int __audit_log_bprm_fcaps(struct linux_binprm *bprm,
2559 const struct cred *new, const struct cred *old)
2561{ 2560{
2562 struct audit_aux_data_bprm_fcaps *ax; 2561 struct audit_aux_data_bprm_fcaps *ax;
2563 struct audit_context *context = current->audit_context; 2562 struct audit_context *context = current->audit_context;
@@ -2566,7 +2565,7 @@ void __audit_log_bprm_fcaps(struct linux_binprm *bprm, kernel_cap_t *pP, kernel_
2566 2565
2567 ax = kmalloc(sizeof(*ax), GFP_KERNEL); 2566 ax = kmalloc(sizeof(*ax), GFP_KERNEL);
2568 if (!ax) 2567 if (!ax)
2569 return; 2568 return -ENOMEM;
2570 2569
2571 ax->d.type = AUDIT_BPRM_FCAPS; 2570 ax->d.type = AUDIT_BPRM_FCAPS;
2572 ax->d.next = context->aux; 2571 ax->d.next = context->aux;
@@ -2581,26 +2580,27 @@ void __audit_log_bprm_fcaps(struct linux_binprm *bprm, kernel_cap_t *pP, kernel_
2581 ax->fcap.fE = !!(vcaps.magic_etc & VFS_CAP_FLAGS_EFFECTIVE); 2580 ax->fcap.fE = !!(vcaps.magic_etc & VFS_CAP_FLAGS_EFFECTIVE);
2582 ax->fcap_ver = (vcaps.magic_etc & VFS_CAP_REVISION_MASK) >> VFS_CAP_REVISION_SHIFT; 2581 ax->fcap_ver = (vcaps.magic_etc & VFS_CAP_REVISION_MASK) >> VFS_CAP_REVISION_SHIFT;
2583 2582
2584 ax->old_pcap.permitted = *pP; 2583 ax->old_pcap.permitted = old->cap_permitted;
2585 ax->old_pcap.inheritable = current->cred->cap_inheritable; 2584 ax->old_pcap.inheritable = old->cap_inheritable;
2586 ax->old_pcap.effective = *pE; 2585 ax->old_pcap.effective = old->cap_effective;
2587 2586
2588 ax->new_pcap.permitted = current->cred->cap_permitted; 2587 ax->new_pcap.permitted = new->cap_permitted;
2589 ax->new_pcap.inheritable = current->cred->cap_inheritable; 2588 ax->new_pcap.inheritable = new->cap_inheritable;
2590 ax->new_pcap.effective = current->cred->cap_effective; 2589 ax->new_pcap.effective = new->cap_effective;
2590 return 0;
2591} 2591}
2592 2592
2593/** 2593/**
2594 * __audit_log_capset - store information about the arguments to the capset syscall 2594 * __audit_log_capset - store information about the arguments to the capset syscall
2595 * @pid target pid of the capset call 2595 * @pid: target pid of the capset call
2596 * @eff effective cap set 2596 * @new: the new credentials
2597 * @inh inheritible cap set 2597 * @old: the old (current) credentials
2598 * @perm permited cap set
2599 * 2598 *
2600 * Record the aguments userspace sent to sys_capset for later printing by the 2599 * Record the aguments userspace sent to sys_capset for later printing by the
2601 * audit system if applicable 2600 * audit system if applicable
2602 */ 2601 */
2603int __audit_log_capset(pid_t pid, kernel_cap_t *eff, kernel_cap_t *inh, kernel_cap_t *perm) 2602int __audit_log_capset(pid_t pid,
2603 const struct cred *new, const struct cred *old)
2604{ 2604{
2605 struct audit_aux_data_capset *ax; 2605 struct audit_aux_data_capset *ax;
2606 struct audit_context *context = current->audit_context; 2606 struct audit_context *context = current->audit_context;
@@ -2617,9 +2617,9 @@ int __audit_log_capset(pid_t pid, kernel_cap_t *eff, kernel_cap_t *inh, kernel_c
2617 context->aux = (void *)ax; 2617 context->aux = (void *)ax;
2618 2618
2619 ax->pid = pid; 2619 ax->pid = pid;
2620 ax->cap.effective = *eff; 2620 ax->cap.effective = new->cap_effective;
2621 ax->cap.inheritable = *eff; 2621 ax->cap.inheritable = new->cap_effective;
2622 ax->cap.permitted = *perm; 2622 ax->cap.permitted = new->cap_permitted;
2623 2623
2624 return 0; 2624 return 0;
2625} 2625}