1 files changed, 51 insertions, 13 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 298897559ca4..628c7ac590a0 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -170,6 +170,11 @@ struct audit_aux_data_sockaddr {
        char                    a[0];
 };
+struct audit_aux_data_fd_pair {
+        struct  audit_aux_data d;
+        int     fd[2];
+};
 struct audit_aux_data_path {
        struct audit_aux_data   d;
        struct dentry           *dentry;
@@ -734,28 +739,26 @@ static inline void audit_free_context(struct audit_context *context)
 void audit_log_task_context(struct audit_buffer *ab)
 {
        char *ctx = NULL;
-        ssize_t len = 0;
+        unsigned len;
+        int error;
+        u32 sid;
+        selinux_get_task_sid(current, &sid);
+        if (!sid)
+                return;
-        len = security_getprocattr(current, "current", NULL, 0);
+        error = selinux_sid_to_string(sid, &ctx, &len);
-        if (len < 0) {
+        if (error) {
-                if (len != -EINVAL)
+                if (error != -EINVAL)
                        goto error_path;
                return;
        }
-        ctx = kmalloc(len, GFP_KERNEL);
-        if (!ctx)
-                goto error_path;
-        len = security_getprocattr(current, "current", ctx, len);
-        if (len < 0 )
-                goto error_path;
        audit_log_format(ab, " subj=%s", ctx);
+        kfree(ctx);
        return;
 error_path:
-        kfree(ctx);
        audit_panic("error in audit_log_task_context");
        return;
 }
@@ -961,6 +964,11 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
                        audit_log_d_path(ab, "path=", axi->dentry, axi->mnt);
                        break; }
+                case AUDIT_FD_PAIR: {
+                        struct audit_aux_data_fd_pair *axs = (void *)aux;
+                        audit_log_format(ab, "fd0=%d fd1=%d", axs->fd[0], axs->fd[1]);
+                        break; }
                }
                audit_log_end(ab);
        }
@@ -1815,6 +1823,36 @@ int audit_socketcall(int nargs, unsigned long *args)
 }
 /**
+ * __audit_fd_pair - record audit data for pipe and socketpair
+ * @fd1: the first file descriptor
+ * @fd2: the second file descriptor
+ *
+ * Returns 0 for success or NULL context or < 0 on error.
+ */
+int __audit_fd_pair(int fd1, int fd2)
+{
+        struct audit_context *context = current->audit_context;
+        struct audit_aux_data_fd_pair *ax;
+        if (likely(!context)) {
+                return 0;
+        }
+        ax = kmalloc(sizeof(*ax), GFP_KERNEL);
+        if (!ax) {
+                return -ENOMEM;
+        }
+        ax->fd[0] = fd1;
+        ax->fd[1] = fd2;
+        ax->d.type = AUDIT_FD_PAIR;
+        ax->d.next = context->aux;
+        context->aux = (void *)ax;
+        return 0;
+}
+/**
 * audit_sockaddr - record audit data for sys_bind, sys_connect, sys_sendto
 * @len: data length in user space
 * @a: data address in kernel space

diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 298897559ca4..628c7ac590a0 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c
@@ -170,6 +170,11 @@ struct audit_aux_data_sockaddr {
170	char a[0];	170	char a[0];
171	};	171	};
172		172
		173	struct audit_aux_data_fd_pair {
		174	struct audit_aux_data d;
		175	int fd[2];
		176	};
		177
173	struct audit_aux_data_path {	178	struct audit_aux_data_path {
174	struct audit_aux_data d;	179	struct audit_aux_data d;
175	struct dentry *dentry;	180	struct dentry *dentry;
@@ -734,28 +739,26 @@ static inline void audit_free_context(struct audit_context *context)
734	void audit_log_task_context(struct audit_buffer *ab)	739	void audit_log_task_context(struct audit_buffer *ab)
735	{	740	{
736	char *ctx = NULL;	741	char *ctx = NULL;
737	ssize_t len = 0;	742	unsigned len;
		743	int error;
		744	u32 sid;
		745
		746	selinux_get_task_sid(current, &sid);
		747	if (!sid)
		748	return;
738		749
739	len = security_getprocattr(current, "current", NULL, 0);	750	error = selinux_sid_to_string(sid, &ctx, &len);
740	if (len < 0) {	751	if (error) {
741	if (len != -EINVAL)	752	if (error != -EINVAL)
742	goto error_path;	753	goto error_path;
743	return;	754	return;
744	}	755	}
745		756
746	ctx = kmalloc(len, GFP_KERNEL);
747	if (!ctx)
748	goto error_path;
749
750	len = security_getprocattr(current, "current", ctx, len);
751	if (len < 0 )
752	goto error_path;
753
754	audit_log_format(ab, " subj=%s", ctx);	757	audit_log_format(ab, " subj=%s", ctx);
		758	kfree(ctx);
755	return;	759	return;
756		760
757	error_path:	761	error_path:
758	kfree(ctx);
759	audit_panic("error in audit_log_task_context");	762	audit_panic("error in audit_log_task_context");
760	return;	763	return;
761	}	764	}
@@ -961,6 +964,11 @@ static void audit_log_exit(struct audit_context context, struct task_struct ts
961	audit_log_d_path(ab, "path=", axi->dentry, axi->mnt);	964	audit_log_d_path(ab, "path=", axi->dentry, axi->mnt);
962	break; }	965	break; }
963		966
		967	case AUDIT_FD_PAIR: {
		968	struct audit_aux_data_fd_pair axs = (void )aux;
		969	audit_log_format(ab, "fd0=%d fd1=%d", axs->fd[0], axs->fd[1]);
		970	break; }
		971
964	}	972	}
965	audit_log_end(ab);	973	audit_log_end(ab);
966	}	974	}
@@ -1815,6 +1823,36 @@ int audit_socketcall(int nargs, unsigned long *args)
1815	}	1823	}
1816		1824
1817	/**	1825	/**
		1826	* __audit_fd_pair - record audit data for pipe and socketpair
		1827	* @fd1: the first file descriptor
		1828	* @fd2: the second file descriptor
		1829	*
		1830	* Returns 0 for success or NULL context or < 0 on error.
		1831	*/
		1832	int __audit_fd_pair(int fd1, int fd2)
		1833	{
		1834	struct audit_context *context = current->audit_context;
		1835	struct audit_aux_data_fd_pair *ax;
		1836
		1837	if (likely(!context)) {
		1838	return 0;
		1839	}
		1840
		1841	ax = kmalloc(sizeof(*ax), GFP_KERNEL);
		1842	if (!ax) {
		1843	return -ENOMEM;
		1844	}
		1845
		1846	ax->fd[0] = fd1;
		1847	ax->fd[1] = fd2;
		1848
		1849	ax->d.type = AUDIT_FD_PAIR;
		1850	ax->d.next = context->aux;
		1851	context->aux = (void *)ax;
		1852	return 0;
		1853	}
		1854
		1855	/**
1818	* audit_sockaddr - record audit data for sys_bind, sys_connect, sys_sendto	1856	* audit_sockaddr - record audit data for sys_bind, sys_connect, sys_sendto
1819	* @len: data length in user space	1857	* @len: data length in user space
1820	* @a: data address in kernel space	1858	* @a: data address in kernel space