diff options
Diffstat (limited to 'kernel/auditsc.c')
| -rw-r--r-- | kernel/auditsc.c | 24 |
1 files changed, 21 insertions, 3 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index bc1e2d854bf6..4819f3711973 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
| @@ -1544,7 +1544,6 @@ void audit_free(struct task_struct *tsk) | |||
| 1544 | 1544 | ||
| 1545 | /** | 1545 | /** |
| 1546 | * audit_syscall_entry - fill in an audit record at syscall entry | 1546 | * audit_syscall_entry - fill in an audit record at syscall entry |
| 1547 | * @tsk: task being audited | ||
| 1548 | * @arch: architecture type | 1547 | * @arch: architecture type |
| 1549 | * @major: major syscall type (function) | 1548 | * @major: major syscall type (function) |
| 1550 | * @a1: additional syscall register 1 | 1549 | * @a1: additional syscall register 1 |
| @@ -1633,9 +1632,25 @@ void audit_syscall_entry(int arch, int major, | |||
| 1633 | context->ppid = 0; | 1632 | context->ppid = 0; |
| 1634 | } | 1633 | } |
| 1635 | 1634 | ||
| 1635 | void audit_finish_fork(struct task_struct *child) | ||
| 1636 | { | ||
| 1637 | struct audit_context *ctx = current->audit_context; | ||
| 1638 | struct audit_context *p = child->audit_context; | ||
| 1639 | if (!p || !ctx || !ctx->auditable) | ||
| 1640 | return; | ||
| 1641 | p->arch = ctx->arch; | ||
| 1642 | p->major = ctx->major; | ||
| 1643 | memcpy(p->argv, ctx->argv, sizeof(ctx->argv)); | ||
| 1644 | p->ctime = ctx->ctime; | ||
| 1645 | p->dummy = ctx->dummy; | ||
| 1646 | p->auditable = ctx->auditable; | ||
| 1647 | p->in_syscall = ctx->in_syscall; | ||
| 1648 | p->filterkey = kstrdup(ctx->filterkey, GFP_KERNEL); | ||
| 1649 | p->ppid = current->pid; | ||
| 1650 | } | ||
| 1651 | |||
| 1636 | /** | 1652 | /** |
| 1637 | * audit_syscall_exit - deallocate audit context after a system call | 1653 | * audit_syscall_exit - deallocate audit context after a system call |
| 1638 | * @tsk: task being audited | ||
| 1639 | * @valid: success/failure flag | 1654 | * @valid: success/failure flag |
| 1640 | * @return_code: syscall return value | 1655 | * @return_code: syscall return value |
| 1641 | * | 1656 | * |
| @@ -2056,15 +2071,18 @@ EXPORT_SYMBOL_GPL(__audit_inode_child); | |||
| 2056 | * | 2071 | * |
| 2057 | * Also sets the context as auditable. | 2072 | * Also sets the context as auditable. |
| 2058 | */ | 2073 | */ |
| 2059 | void auditsc_get_stamp(struct audit_context *ctx, | 2074 | int auditsc_get_stamp(struct audit_context *ctx, |
| 2060 | struct timespec *t, unsigned int *serial) | 2075 | struct timespec *t, unsigned int *serial) |
| 2061 | { | 2076 | { |
| 2077 | if (!ctx->in_syscall) | ||
| 2078 | return 0; | ||
| 2062 | if (!ctx->serial) | 2079 | if (!ctx->serial) |
| 2063 | ctx->serial = audit_serial(); | 2080 | ctx->serial = audit_serial(); |
| 2064 | t->tv_sec = ctx->ctime.tv_sec; | 2081 | t->tv_sec = ctx->ctime.tv_sec; |
| 2065 | t->tv_nsec = ctx->ctime.tv_nsec; | 2082 | t->tv_nsec = ctx->ctime.tv_nsec; |
| 2066 | *serial = ctx->serial; | 2083 | *serial = ctx->serial; |
| 2067 | ctx->auditable = 1; | 2084 | ctx->auditable = 1; |
| 2085 | return 1; | ||
| 2068 | } | 2086 | } |
| 2069 | 2087 | ||
| 2070 | /* global counter which is incremented every time something logs in */ | 2088 | /* global counter which is incremented every time something logs in */ |