diff options
Diffstat (limited to 'kernel/auditsc.c')
| -rw-r--r-- | kernel/auditsc.c | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index cf5bc2f5f9c3..2a3f0afc4d2a 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -1459,7 +1459,6 @@ void audit_free(struct task_struct *tsk) | |||
| 1459 | 1459 | ||
| 1460 | /** | 1460 | /** |
| 1461 | * audit_syscall_entry - fill in an audit record at syscall entry | 1461 | * audit_syscall_entry - fill in an audit record at syscall entry |
| 1462 | * @tsk: task being audited | ||
| 1463 | * @arch: architecture type | 1462 | * @arch: architecture type |
| 1464 | * @major: major syscall type (function) | 1463 | * @major: major syscall type (function) |
| 1465 | * @a1: additional syscall register 1 | 1464 | * @a1: additional syscall register 1 |
| @@ -1548,9 +1547,25 @@ void audit_syscall_entry(int arch, int major, | |||
| 1548 | context->ppid = 0; | 1547 | context->ppid = 0; |
| 1549 | } | 1548 | } |
| 1550 | 1549 | ||
| 1550 | void audit_finish_fork(struct task_struct *child) | ||
| 1551 | { | ||
| 1552 | struct audit_context *ctx = current->audit_context; | ||
| 1553 | struct audit_context *p = child->audit_context; | ||
| 1554 | if (!p || !ctx || !ctx->auditable) | ||
| 1555 | return; | ||
| 1556 | p->arch = ctx->arch; | ||
| 1557 | p->major = ctx->major; | ||
| 1558 | memcpy(p->argv, ctx->argv, sizeof(ctx->argv)); | ||
| 1559 | p->ctime = ctx->ctime; | ||
| 1560 | p->dummy = ctx->dummy; | ||
| 1561 | p->auditable = ctx->auditable; | ||
| 1562 | p->in_syscall = ctx->in_syscall; | ||
| 1563 | p->filterkey = kstrdup(ctx->filterkey, GFP_KERNEL); | ||
| 1564 | p->ppid = current->pid; | ||
| 1565 | } | ||
| 1566 | |||
| 1551 | /** | 1567 | /** |
| 1552 | * audit_syscall_exit - deallocate audit context after a system call | 1568 | * audit_syscall_exit - deallocate audit context after a system call |
| 1553 | * @tsk: task being audited | ||
| 1554 | * @valid: success/failure flag | 1569 | * @valid: success/failure flag |
| 1555 | * @return_code: syscall return value | 1570 | * @return_code: syscall return value |
| 1556 | * | 1571 | * |
| @@ -1942,15 +1957,18 @@ EXPORT_SYMBOL_GPL(__audit_inode_child); | |||
| 1942 | * | 1957 | * |
| 1943 | * Also sets the context as auditable. | 1958 | * Also sets the context as auditable. |
| 1944 | */ | 1959 | */ |
| 1945 | void auditsc_get_stamp(struct audit_context *ctx, | 1960 | int auditsc_get_stamp(struct audit_context *ctx, |
| 1946 | struct timespec *t, unsigned int *serial) | 1961 | struct timespec *t, unsigned int *serial) |
| 1947 | { | 1962 | { |
| 1963 | if (!ctx->in_syscall) | ||
| 1964 | return 0; | ||
| 1948 | if (!ctx->serial) | 1965 | if (!ctx->serial) |
| 1949 | ctx->serial = audit_serial(); | 1966 | ctx->serial = audit_serial(); |
| 1950 | t->tv_sec = ctx->ctime.tv_sec; | 1967 | t->tv_sec = ctx->ctime.tv_sec; |
| 1951 | t->tv_nsec = ctx->ctime.tv_nsec; | 1968 | t->tv_nsec = ctx->ctime.tv_nsec; |
| 1952 | *serial = ctx->serial; | 1969 | *serial = ctx->serial; |
| 1953 | ctx->auditable = 1; | 1970 | ctx->auditable = 1; |
| 1971 | return 1; | ||
| 1954 | } | 1972 | } |
| 1955 | 1973 | ||
| 1956 | /* global counter which is incremented every time something logs in */ | 1974 | /* global counter which is incremented every time something logs in */ |