aboutsummaryrefslogtreecommitdiffstats
path: root/kernel/auditsc.c
diff options
context:
space:
mode:
Diffstat (limited to 'kernel/auditsc.c')
-rw-r--r--kernel/auditsc.c297
1 files changed, 144 insertions, 153 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 4b96415527b8..f4a7756f999c 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -113,8 +113,8 @@ struct audit_names {
113 unsigned long ino; 113 unsigned long ino;
114 dev_t dev; 114 dev_t dev;
115 umode_t mode; 115 umode_t mode;
116 uid_t uid; 116 kuid_t uid;
117 gid_t gid; 117 kgid_t gid;
118 dev_t rdev; 118 dev_t rdev;
119 u32 osid; 119 u32 osid;
120 struct audit_cap_data fcap; 120 struct audit_cap_data fcap;
@@ -149,8 +149,8 @@ struct audit_aux_data_execve {
149struct audit_aux_data_pids { 149struct audit_aux_data_pids {
150 struct audit_aux_data d; 150 struct audit_aux_data d;
151 pid_t target_pid[AUDIT_AUX_PIDS]; 151 pid_t target_pid[AUDIT_AUX_PIDS];
152 uid_t target_auid[AUDIT_AUX_PIDS]; 152 kuid_t target_auid[AUDIT_AUX_PIDS];
153 uid_t target_uid[AUDIT_AUX_PIDS]; 153 kuid_t target_uid[AUDIT_AUX_PIDS];
154 unsigned int target_sessionid[AUDIT_AUX_PIDS]; 154 unsigned int target_sessionid[AUDIT_AUX_PIDS];
155 u32 target_sid[AUDIT_AUX_PIDS]; 155 u32 target_sid[AUDIT_AUX_PIDS];
156 char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN]; 156 char target_comm[AUDIT_AUX_PIDS][TASK_COMM_LEN];
@@ -208,14 +208,14 @@ struct audit_context {
208 size_t sockaddr_len; 208 size_t sockaddr_len;
209 /* Save things to print about task_struct */ 209 /* Save things to print about task_struct */
210 pid_t pid, ppid; 210 pid_t pid, ppid;
211 uid_t uid, euid, suid, fsuid; 211 kuid_t uid, euid, suid, fsuid;
212 gid_t gid, egid, sgid, fsgid; 212 kgid_t gid, egid, sgid, fsgid;
213 unsigned long personality; 213 unsigned long personality;
214 int arch; 214 int arch;
215 215
216 pid_t target_pid; 216 pid_t target_pid;
217 uid_t target_auid; 217 kuid_t target_auid;
218 uid_t target_uid; 218 kuid_t target_uid;
219 unsigned int target_sessionid; 219 unsigned int target_sessionid;
220 u32 target_sid; 220 u32 target_sid;
221 char target_comm[TASK_COMM_LEN]; 221 char target_comm[TASK_COMM_LEN];
@@ -231,8 +231,8 @@ struct audit_context {
231 long args[6]; 231 long args[6];
232 } socketcall; 232 } socketcall;
233 struct { 233 struct {
234 uid_t uid; 234 kuid_t uid;
235 gid_t gid; 235 kgid_t gid;
236 umode_t mode; 236 umode_t mode;
237 u32 osid; 237 u32 osid;
238 int has_perm; 238 int has_perm;
@@ -464,37 +464,47 @@ static int match_tree_refs(struct audit_context *ctx, struct audit_tree *tree)
464 return 0; 464 return 0;
465} 465}
466 466
467static int audit_compare_id(uid_t uid1, 467static int audit_compare_uid(kuid_t uid,
468 struct audit_names *name, 468 struct audit_names *name,
469 unsigned long name_offset, 469 struct audit_field *f,
470 struct audit_field *f, 470 struct audit_context *ctx)
471 struct audit_context *ctx)
472{ 471{
473 struct audit_names *n; 472 struct audit_names *n;
474 unsigned long addr;
475 uid_t uid2;
476 int rc; 473 int rc;
477 474
478 BUILD_BUG_ON(sizeof(uid_t) != sizeof(gid_t));
479
480 if (name) { 475 if (name) {
481 addr = (unsigned long)name; 476 rc = audit_uid_comparator(uid, f->op, name->uid);
482 addr += name_offset;
483
484 uid2 = *(uid_t *)addr;
485 rc = audit_comparator(uid1, f->op, uid2);
486 if (rc) 477 if (rc)
487 return rc; 478 return rc;
488 } 479 }
489 480
490 if (ctx) { 481 if (ctx) {
491 list_for_each_entry(n, &ctx->names_list, list) { 482 list_for_each_entry(n, &ctx->names_list, list) {
492 addr = (unsigned long)n; 483 rc = audit_uid_comparator(uid, f->op, n->uid);
493 addr += name_offset; 484 if (rc)
494 485 return rc;
495 uid2 = *(uid_t *)addr; 486 }
487 }
488 return 0;
489}
496 490
497 rc = audit_comparator(uid1, f->op, uid2); 491static int audit_compare_gid(kgid_t gid,
492 struct audit_names *name,
493 struct audit_field *f,
494 struct audit_context *ctx)
495{
496 struct audit_names *n;
497 int rc;
498
499 if (name) {
500 rc = audit_gid_comparator(gid, f->op, name->gid);
501 if (rc)
502 return rc;
503 }
504
505 if (ctx) {
506 list_for_each_entry(n, &ctx->names_list, list) {
507 rc = audit_gid_comparator(gid, f->op, n->gid);
498 if (rc) 508 if (rc)
499 return rc; 509 return rc;
500 } 510 }
@@ -511,80 +521,62 @@ static int audit_field_compare(struct task_struct *tsk,
511 switch (f->val) { 521 switch (f->val) {
512 /* process to file object comparisons */ 522 /* process to file object comparisons */
513 case AUDIT_COMPARE_UID_TO_OBJ_UID: 523 case AUDIT_COMPARE_UID_TO_OBJ_UID:
514 return audit_compare_id(cred->uid, 524 return audit_compare_uid(cred->uid, name, f, ctx);
515 name, offsetof(struct audit_names, uid),
516 f, ctx);
517 case AUDIT_COMPARE_GID_TO_OBJ_GID: 525 case AUDIT_COMPARE_GID_TO_OBJ_GID:
518 return audit_compare_id(cred->gid, 526 return audit_compare_gid(cred->gid, name, f, ctx);
519 name, offsetof(struct audit_names, gid),
520 f, ctx);
521 case AUDIT_COMPARE_EUID_TO_OBJ_UID: 527 case AUDIT_COMPARE_EUID_TO_OBJ_UID:
522 return audit_compare_id(cred->euid, 528 return audit_compare_uid(cred->euid, name, f, ctx);
523 name, offsetof(struct audit_names, uid),
524 f, ctx);
525 case AUDIT_COMPARE_EGID_TO_OBJ_GID: 529 case AUDIT_COMPARE_EGID_TO_OBJ_GID:
526 return audit_compare_id(cred->egid, 530 return audit_compare_gid(cred->egid, name, f, ctx);
527 name, offsetof(struct audit_names, gid),
528 f, ctx);
529 case AUDIT_COMPARE_AUID_TO_OBJ_UID: 531 case AUDIT_COMPARE_AUID_TO_OBJ_UID:
530 return audit_compare_id(tsk->loginuid, 532 return audit_compare_uid(tsk->loginuid, name, f, ctx);
531 name, offsetof(struct audit_names, uid),
532 f, ctx);
533 case AUDIT_COMPARE_SUID_TO_OBJ_UID: 533 case AUDIT_COMPARE_SUID_TO_OBJ_UID:
534 return audit_compare_id(cred->suid, 534 return audit_compare_uid(cred->suid, name, f, ctx);
535 name, offsetof(struct audit_names, uid),
536 f, ctx);
537 case AUDIT_COMPARE_SGID_TO_OBJ_GID: 535 case AUDIT_COMPARE_SGID_TO_OBJ_GID:
538 return audit_compare_id(cred->sgid, 536 return audit_compare_gid(cred->sgid, name, f, ctx);
539 name, offsetof(struct audit_names, gid),
540 f, ctx);
541 case AUDIT_COMPARE_FSUID_TO_OBJ_UID: 537 case AUDIT_COMPARE_FSUID_TO_OBJ_UID:
542 return audit_compare_id(cred->fsuid, 538 return audit_compare_uid(cred->fsuid, name, f, ctx);
543 name, offsetof(struct audit_names, uid),
544 f, ctx);
545 case AUDIT_COMPARE_FSGID_TO_OBJ_GID: 539 case AUDIT_COMPARE_FSGID_TO_OBJ_GID:
546 return audit_compare_id(cred->fsgid, 540 return audit_compare_gid(cred->fsgid, name, f, ctx);
547 name, offsetof(struct audit_names, gid),
548 f, ctx);
549 /* uid comparisons */ 541 /* uid comparisons */
550 case AUDIT_COMPARE_UID_TO_AUID: 542 case AUDIT_COMPARE_UID_TO_AUID:
551 return audit_comparator(cred->uid, f->op, tsk->loginuid); 543 return audit_uid_comparator(cred->uid, f->op, tsk->loginuid);
552 case AUDIT_COMPARE_UID_TO_EUID: 544 case AUDIT_COMPARE_UID_TO_EUID:
553 return audit_comparator(cred->uid, f->op, cred->euid); 545 return audit_uid_comparator(cred->uid, f->op, cred->euid);
554 case AUDIT_COMPARE_UID_TO_SUID: 546 case AUDIT_COMPARE_UID_TO_SUID:
555 return audit_comparator(cred->uid, f->op, cred->suid); 547 return audit_uid_comparator(cred->uid, f->op, cred->suid);
556 case AUDIT_COMPARE_UID_TO_FSUID: 548 case AUDIT_COMPARE_UID_TO_FSUID:
557 return audit_comparator(cred->uid, f->op, cred->fsuid); 549 return audit_uid_comparator(cred->uid, f->op, cred->fsuid);
558 /* auid comparisons */ 550 /* auid comparisons */
559 case AUDIT_COMPARE_AUID_TO_EUID: 551 case AUDIT_COMPARE_AUID_TO_EUID:
560 return audit_comparator(tsk->loginuid, f->op, cred->euid); 552 return audit_uid_comparator(tsk->loginuid, f->op, cred->euid);
561 case AUDIT_COMPARE_AUID_TO_SUID: 553 case AUDIT_COMPARE_AUID_TO_SUID:
562 return audit_comparator(tsk->loginuid, f->op, cred->suid); 554 return audit_uid_comparator(tsk->loginuid, f->op, cred->suid);
563 case AUDIT_COMPARE_AUID_TO_FSUID: 555 case AUDIT_COMPARE_AUID_TO_FSUID:
564 return audit_comparator(tsk->loginuid, f->op, cred->fsuid); 556 return audit_uid_comparator(tsk->loginuid, f->op, cred->fsuid);
565 /* euid comparisons */ 557 /* euid comparisons */
566 case AUDIT_COMPARE_EUID_TO_SUID: 558 case AUDIT_COMPARE_EUID_TO_SUID:
567 return audit_comparator(cred->euid, f->op, cred->suid); 559 return audit_uid_comparator(cred->euid, f->op, cred->suid);
568 case AUDIT_COMPARE_EUID_TO_FSUID: 560 case AUDIT_COMPARE_EUID_TO_FSUID:
569 return audit_comparator(cred->euid, f->op, cred->fsuid); 561 return audit_uid_comparator(cred->euid, f->op, cred->fsuid);
570 /* suid comparisons */ 562 /* suid comparisons */
571 case AUDIT_COMPARE_SUID_TO_FSUID: 563 case AUDIT_COMPARE_SUID_TO_FSUID:
572 return audit_comparator(cred->suid, f->op, cred->fsuid); 564 return audit_uid_comparator(cred->suid, f->op, cred->fsuid);
573 /* gid comparisons */ 565 /* gid comparisons */
574 case AUDIT_COMPARE_GID_TO_EGID: 566 case AUDIT_COMPARE_GID_TO_EGID:
575 return audit_comparator(cred->gid, f->op, cred->egid); 567 return audit_gid_comparator(cred->gid, f->op, cred->egid);
576 case AUDIT_COMPARE_GID_TO_SGID: 568 case AUDIT_COMPARE_GID_TO_SGID:
577 return audit_comparator(cred->gid, f->op, cred->sgid); 569 return audit_gid_comparator(cred->gid, f->op, cred->sgid);
578 case AUDIT_COMPARE_GID_TO_FSGID: 570 case AUDIT_COMPARE_GID_TO_FSGID:
579 return audit_comparator(cred->gid, f->op, cred->fsgid); 571 return audit_gid_comparator(cred->gid, f->op, cred->fsgid);
580 /* egid comparisons */ 572 /* egid comparisons */
581 case AUDIT_COMPARE_EGID_TO_SGID: 573 case AUDIT_COMPARE_EGID_TO_SGID:
582 return audit_comparator(cred->egid, f->op, cred->sgid); 574 return audit_gid_comparator(cred->egid, f->op, cred->sgid);
583 case AUDIT_COMPARE_EGID_TO_FSGID: 575 case AUDIT_COMPARE_EGID_TO_FSGID:
584 return audit_comparator(cred->egid, f->op, cred->fsgid); 576 return audit_gid_comparator(cred->egid, f->op, cred->fsgid);
585 /* sgid comparison */ 577 /* sgid comparison */
586 case AUDIT_COMPARE_SGID_TO_FSGID: 578 case AUDIT_COMPARE_SGID_TO_FSGID:
587 return audit_comparator(cred->sgid, f->op, cred->fsgid); 579 return audit_gid_comparator(cred->sgid, f->op, cred->fsgid);
588 default: 580 default:
589 WARN(1, "Missing AUDIT_COMPARE define. Report as a bug\n"); 581 WARN(1, "Missing AUDIT_COMPARE define. Report as a bug\n");
590 return 0; 582 return 0;
@@ -630,28 +622,28 @@ static int audit_filter_rules(struct task_struct *tsk,
630 } 622 }
631 break; 623 break;
632 case AUDIT_UID: 624 case AUDIT_UID:
633 result = audit_comparator(cred->uid, f->op, f->val); 625 result = audit_uid_comparator(cred->uid, f->op, f->uid);
634 break; 626 break;
635 case AUDIT_EUID: 627 case AUDIT_EUID:
636 result = audit_comparator(cred->euid, f->op, f->val); 628 result = audit_uid_comparator(cred->euid, f->op, f->uid);
637 break; 629 break;
638 case AUDIT_SUID: 630 case AUDIT_SUID:
639 result = audit_comparator(cred->suid, f->op, f->val); 631 result = audit_uid_comparator(cred->suid, f->op, f->uid);
640 break; 632 break;
641 case AUDIT_FSUID: 633 case AUDIT_FSUID:
642 result = audit_comparator(cred->fsuid, f->op, f->val); 634 result = audit_uid_comparator(cred->fsuid, f->op, f->uid);
643 break; 635 break;
644 case AUDIT_GID: 636 case AUDIT_GID:
645 result = audit_comparator(cred->gid, f->op, f->val); 637 result = audit_gid_comparator(cred->gid, f->op, f->gid);
646 break; 638 break;
647 case AUDIT_EGID: 639 case AUDIT_EGID:
648 result = audit_comparator(cred->egid, f->op, f->val); 640 result = audit_gid_comparator(cred->egid, f->op, f->gid);
649 break; 641 break;
650 case AUDIT_SGID: 642 case AUDIT_SGID:
651 result = audit_comparator(cred->sgid, f->op, f->val); 643 result = audit_gid_comparator(cred->sgid, f->op, f->gid);
652 break; 644 break;
653 case AUDIT_FSGID: 645 case AUDIT_FSGID:
654 result = audit_comparator(cred->fsgid, f->op, f->val); 646 result = audit_gid_comparator(cred->fsgid, f->op, f->gid);
655 break; 647 break;
656 case AUDIT_PERS: 648 case AUDIT_PERS:
657 result = audit_comparator(tsk->personality, f->op, f->val); 649 result = audit_comparator(tsk->personality, f->op, f->val);
@@ -717,10 +709,10 @@ static int audit_filter_rules(struct task_struct *tsk,
717 break; 709 break;
718 case AUDIT_OBJ_UID: 710 case AUDIT_OBJ_UID:
719 if (name) { 711 if (name) {
720 result = audit_comparator(name->uid, f->op, f->val); 712 result = audit_uid_comparator(name->uid, f->op, f->uid);
721 } else if (ctx) { 713 } else if (ctx) {
722 list_for_each_entry(n, &ctx->names_list, list) { 714 list_for_each_entry(n, &ctx->names_list, list) {
723 if (audit_comparator(n->uid, f->op, f->val)) { 715 if (audit_uid_comparator(n->uid, f->op, f->uid)) {
724 ++result; 716 ++result;
725 break; 717 break;
726 } 718 }
@@ -729,10 +721,10 @@ static int audit_filter_rules(struct task_struct *tsk,
729 break; 721 break;
730 case AUDIT_OBJ_GID: 722 case AUDIT_OBJ_GID:
731 if (name) { 723 if (name) {
732 result = audit_comparator(name->gid, f->op, f->val); 724 result = audit_gid_comparator(name->gid, f->op, f->gid);
733 } else if (ctx) { 725 } else if (ctx) {
734 list_for_each_entry(n, &ctx->names_list, list) { 726 list_for_each_entry(n, &ctx->names_list, list) {
735 if (audit_comparator(n->gid, f->op, f->val)) { 727 if (audit_gid_comparator(n->gid, f->op, f->gid)) {
736 ++result; 728 ++result;
737 break; 729 break;
738 } 730 }
@@ -750,7 +742,7 @@ static int audit_filter_rules(struct task_struct *tsk,
750 case AUDIT_LOGINUID: 742 case AUDIT_LOGINUID:
751 result = 0; 743 result = 0;
752 if (ctx) 744 if (ctx)
753 result = audit_comparator(tsk->loginuid, f->op, f->val); 745 result = audit_uid_comparator(tsk->loginuid, f->op, f->uid);
754 break; 746 break;
755 case AUDIT_SUBJ_USER: 747 case AUDIT_SUBJ_USER:
756 case AUDIT_SUBJ_ROLE: 748 case AUDIT_SUBJ_ROLE:
@@ -1154,13 +1146,43 @@ error_path:
1154 1146
1155EXPORT_SYMBOL(audit_log_task_context); 1147EXPORT_SYMBOL(audit_log_task_context);
1156 1148
1157static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) 1149void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
1158{ 1150{
1151 const struct cred *cred;
1159 char name[sizeof(tsk->comm)]; 1152 char name[sizeof(tsk->comm)];
1160 struct mm_struct *mm = tsk->mm; 1153 struct mm_struct *mm = tsk->mm;
1161 struct vm_area_struct *vma; 1154 char *tty;
1155
1156 if (!ab)
1157 return;
1162 1158
1163 /* tsk == current */ 1159 /* tsk == current */
1160 cred = current_cred();
1161
1162 spin_lock_irq(&tsk->sighand->siglock);
1163 if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
1164 tty = tsk->signal->tty->name;
1165 else
1166 tty = "(none)";
1167 spin_unlock_irq(&tsk->sighand->siglock);
1168
1169
1170 audit_log_format(ab,
1171 " ppid=%ld pid=%d auid=%u uid=%u gid=%u"
1172 " euid=%u suid=%u fsuid=%u"
1173 " egid=%u sgid=%u fsgid=%u ses=%u tty=%s",
1174 sys_getppid(),
1175 tsk->pid,
1176 from_kuid(&init_user_ns, tsk->loginuid),
1177 from_kuid(&init_user_ns, cred->uid),
1178 from_kgid(&init_user_ns, cred->gid),
1179 from_kuid(&init_user_ns, cred->euid),
1180 from_kuid(&init_user_ns, cred->suid),
1181 from_kuid(&init_user_ns, cred->fsuid),
1182 from_kgid(&init_user_ns, cred->egid),
1183 from_kgid(&init_user_ns, cred->sgid),
1184 from_kgid(&init_user_ns, cred->fsgid),
1185 tsk->sessionid, tty);
1164 1186
1165 get_task_comm(name, tsk); 1187 get_task_comm(name, tsk);
1166 audit_log_format(ab, " comm="); 1188 audit_log_format(ab, " comm=");
@@ -1168,23 +1190,17 @@ static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk
1168 1190
1169 if (mm) { 1191 if (mm) {
1170 down_read(&mm->mmap_sem); 1192 down_read(&mm->mmap_sem);
1171 vma = mm->mmap; 1193 if (mm->exe_file)
1172 while (vma) { 1194 audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);
1173 if ((vma->vm_flags & VM_EXECUTABLE) &&
1174 vma->vm_file) {
1175 audit_log_d_path(ab, " exe=",
1176 &vma->vm_file->f_path);
1177 break;
1178 }
1179 vma = vma->vm_next;
1180 }
1181 up_read(&mm->mmap_sem); 1195 up_read(&mm->mmap_sem);
1182 } 1196 }
1183 audit_log_task_context(ab); 1197 audit_log_task_context(ab);
1184} 1198}
1185 1199
1200EXPORT_SYMBOL(audit_log_task_info);
1201
1186static int audit_log_pid_context(struct audit_context *context, pid_t pid, 1202static int audit_log_pid_context(struct audit_context *context, pid_t pid,
1187 uid_t auid, uid_t uid, unsigned int sessionid, 1203 kuid_t auid, kuid_t uid, unsigned int sessionid,
1188 u32 sid, char *comm) 1204 u32 sid, char *comm)
1189{ 1205{
1190 struct audit_buffer *ab; 1206 struct audit_buffer *ab;
@@ -1196,8 +1212,9 @@ static int audit_log_pid_context(struct audit_context *context, pid_t pid,
1196 if (!ab) 1212 if (!ab)
1197 return rc; 1213 return rc;
1198 1214
1199 audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, auid, 1215 audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid,
1200 uid, sessionid); 1216 from_kuid(&init_user_ns, auid),
1217 from_kuid(&init_user_ns, uid), sessionid);
1201 if (security_secid_to_secctx(sid, &ctx, &len)) { 1218 if (security_secid_to_secctx(sid, &ctx, &len)) {
1202 audit_log_format(ab, " obj=(none)"); 1219 audit_log_format(ab, " obj=(none)");
1203 rc = 1; 1220 rc = 1;
@@ -1447,7 +1464,9 @@ static void show_special(struct audit_context *context, int *call_panic)
1447 u32 osid = context->ipc.osid; 1464 u32 osid = context->ipc.osid;
1448 1465
1449 audit_log_format(ab, "ouid=%u ogid=%u mode=%#ho", 1466 audit_log_format(ab, "ouid=%u ogid=%u mode=%#ho",
1450 context->ipc.uid, context->ipc.gid, context->ipc.mode); 1467 from_kuid(&init_user_ns, context->ipc.uid),
1468 from_kgid(&init_user_ns, context->ipc.gid),
1469 context->ipc.mode);
1451 if (osid) { 1470 if (osid) {
1452 char *ctx = NULL; 1471 char *ctx = NULL;
1453 u32 len; 1472 u32 len;
@@ -1560,8 +1579,8 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
1560 MAJOR(n->dev), 1579 MAJOR(n->dev),
1561 MINOR(n->dev), 1580 MINOR(n->dev),
1562 n->mode, 1581 n->mode,
1563 n->uid, 1582 from_kuid(&init_user_ns, n->uid),
1564 n->gid, 1583 from_kgid(&init_user_ns, n->gid),
1565 MAJOR(n->rdev), 1584 MAJOR(n->rdev),
1566 MINOR(n->rdev)); 1585 MINOR(n->rdev));
1567 } 1586 }
@@ -1585,26 +1604,12 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
1585 1604
1586static void audit_log_exit(struct audit_context *context, struct task_struct *tsk) 1605static void audit_log_exit(struct audit_context *context, struct task_struct *tsk)
1587{ 1606{
1588 const struct cred *cred;
1589 int i, call_panic = 0; 1607 int i, call_panic = 0;
1590 struct audit_buffer *ab; 1608 struct audit_buffer *ab;
1591 struct audit_aux_data *aux; 1609 struct audit_aux_data *aux;
1592 const char *tty;
1593 struct audit_names *n; 1610 struct audit_names *n;
1594 1611
1595 /* tsk == current */ 1612 /* tsk == current */
1596 context->pid = tsk->pid;
1597 if (!context->ppid)
1598 context->ppid = sys_getppid();
1599 cred = current_cred();
1600 context->uid = cred->uid;
1601 context->gid = cred->gid;
1602 context->euid = cred->euid;
1603 context->suid = cred->suid;
1604 context->fsuid = cred->fsuid;
1605 context->egid = cred->egid;
1606 context->sgid = cred->sgid;
1607 context->fsgid = cred->fsgid;
1608 context->personality = tsk->personality; 1613 context->personality = tsk->personality;
1609 1614
1610 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL); 1615 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL);
@@ -1619,32 +1624,13 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
1619 (context->return_valid==AUDITSC_SUCCESS)?"yes":"no", 1624 (context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
1620 context->return_code); 1625 context->return_code);
1621 1626
1622 spin_lock_irq(&tsk->sighand->siglock);
1623 if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
1624 tty = tsk->signal->tty->name;
1625 else
1626 tty = "(none)";
1627 spin_unlock_irq(&tsk->sighand->siglock);
1628
1629 audit_log_format(ab, 1627 audit_log_format(ab,
1630 " a0=%lx a1=%lx a2=%lx a3=%lx items=%d" 1628 " a0=%lx a1=%lx a2=%lx a3=%lx items=%d",
1631 " ppid=%d pid=%d auid=%u uid=%u gid=%u" 1629 context->argv[0],
1632 " euid=%u suid=%u fsuid=%u" 1630 context->argv[1],
1633 " egid=%u sgid=%u fsgid=%u tty=%s ses=%u", 1631 context->argv[2],
1634 context->argv[0], 1632 context->argv[3],
1635 context->argv[1], 1633 context->name_count);
1636 context->argv[2],
1637 context->argv[3],
1638 context->name_count,
1639 context->ppid,
1640 context->pid,
1641 tsk->loginuid,
1642 context->uid,
1643 context->gid,
1644 context->euid, context->suid, context->fsuid,
1645 context->egid, context->sgid, context->fsgid, tty,
1646 tsk->sessionid);
1647
1648 1634
1649 audit_log_task_info(ab, tsk); 1635 audit_log_task_info(ab, tsk);
1650 audit_log_key(ab, context->filterkey); 1636 audit_log_key(ab, context->filterkey);
@@ -2299,14 +2285,14 @@ static atomic_t session_id = ATOMIC_INIT(0);
2299 * 2285 *
2300 * Called (set) from fs/proc/base.c::proc_loginuid_write(). 2286 * Called (set) from fs/proc/base.c::proc_loginuid_write().
2301 */ 2287 */
2302int audit_set_loginuid(uid_t loginuid) 2288int audit_set_loginuid(kuid_t loginuid)
2303{ 2289{
2304 struct task_struct *task = current; 2290 struct task_struct *task = current;
2305 struct audit_context *context = task->audit_context; 2291 struct audit_context *context = task->audit_context;
2306 unsigned int sessionid; 2292 unsigned int sessionid;
2307 2293
2308#ifdef CONFIG_AUDIT_LOGINUID_IMMUTABLE 2294#ifdef CONFIG_AUDIT_LOGINUID_IMMUTABLE
2309 if (task->loginuid != -1) 2295 if (uid_valid(task->loginuid))
2310 return -EPERM; 2296 return -EPERM;
2311#else /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */ 2297#else /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */
2312 if (!capable(CAP_AUDIT_CONTROL)) 2298 if (!capable(CAP_AUDIT_CONTROL))
@@ -2322,8 +2308,10 @@ int audit_set_loginuid(uid_t loginuid)
2322 audit_log_format(ab, "login pid=%d uid=%u " 2308 audit_log_format(ab, "login pid=%d uid=%u "
2323 "old auid=%u new auid=%u" 2309 "old auid=%u new auid=%u"
2324 " old ses=%u new ses=%u", 2310 " old ses=%u new ses=%u",
2325 task->pid, task_uid(task), 2311 task->pid,
2326 task->loginuid, loginuid, 2312 from_kuid(&init_user_ns, task_uid(task)),
2313 from_kuid(&init_user_ns, task->loginuid),
2314 from_kuid(&init_user_ns, loginuid),
2327 task->sessionid, sessionid); 2315 task->sessionid, sessionid);
2328 audit_log_end(ab); 2316 audit_log_end(ab);
2329 } 2317 }
@@ -2546,12 +2534,12 @@ int __audit_signal_info(int sig, struct task_struct *t)
2546 struct audit_aux_data_pids *axp; 2534 struct audit_aux_data_pids *axp;
2547 struct task_struct *tsk = current; 2535 struct task_struct *tsk = current;
2548 struct audit_context *ctx = tsk->audit_context; 2536 struct audit_context *ctx = tsk->audit_context;
2549 uid_t uid = current_uid(), t_uid = task_uid(t); 2537 kuid_t uid = current_uid(), t_uid = task_uid(t);
2550 2538
2551 if (audit_pid && t->tgid == audit_pid) { 2539 if (audit_pid && t->tgid == audit_pid) {
2552 if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) { 2540 if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) {
2553 audit_sig_pid = tsk->pid; 2541 audit_sig_pid = tsk->pid;
2554 if (tsk->loginuid != -1) 2542 if (uid_valid(tsk->loginuid))
2555 audit_sig_uid = tsk->loginuid; 2543 audit_sig_uid = tsk->loginuid;
2556 else 2544 else
2557 audit_sig_uid = uid; 2545 audit_sig_uid = uid;
@@ -2672,8 +2660,8 @@ void __audit_mmap_fd(int fd, int flags)
2672 2660
2673static void audit_log_abend(struct audit_buffer *ab, char *reason, long signr) 2661static void audit_log_abend(struct audit_buffer *ab, char *reason, long signr)
2674{ 2662{
2675 uid_t auid, uid; 2663 kuid_t auid, uid;
2676 gid_t gid; 2664 kgid_t gid;
2677 unsigned int sessionid; 2665 unsigned int sessionid;
2678 2666
2679 auid = audit_get_loginuid(current); 2667 auid = audit_get_loginuid(current);
@@ -2681,7 +2669,10 @@ static void audit_log_abend(struct audit_buffer *ab, char *reason, long signr)
2681 current_uid_gid(&uid, &gid); 2669 current_uid_gid(&uid, &gid);
2682 2670
2683 audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u", 2671 audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u",
2684 auid, uid, gid, sessionid); 2672 from_kuid(&init_user_ns, auid),
2673 from_kuid(&init_user_ns, uid),
2674 from_kgid(&init_user_ns, gid),
2675 sessionid);
2685 audit_log_task_context(ab); 2676 audit_log_task_context(ab);
2686 audit_log_format(ab, " pid=%d comm=", current->pid); 2677 audit_log_format(ab, " pid=%d comm=", current->pid);
2687 audit_log_untrustedstring(ab, current->comm); 2678 audit_log_untrustedstring(ab, current->comm);
generated by cgit v1.2.2 (git 2.25.0) at 2025-11-16 19:30:47 -0500