diff options
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/audit.c | 32 | ||||
-rw-r--r-- | kernel/auditsc.c | 21 |
2 files changed, 30 insertions, 23 deletions
diff --git a/kernel/audit.c b/kernel/audit.c index c1ab8dbbb67b..09a37581213b 100644 --- a/kernel/audit.c +++ b/kernel/audit.c | |||
@@ -429,25 +429,21 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) | |||
429 | break; | 429 | break; |
430 | case AUDIT_USER: | 430 | case AUDIT_USER: |
431 | case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: | 431 | case AUDIT_FIRST_USER_MSG...AUDIT_LAST_USER_MSG: |
432 | read_lock(&tasklist_lock); | 432 | if (!audit_enabled && msg_type != AUDIT_USER_AVC) |
433 | tsk = find_task_by_pid(pid); | 433 | return 0; |
434 | if (tsk) | 434 | |
435 | get_task_struct(tsk); | 435 | err = audit_filter_user(pid, msg_type); |
436 | read_unlock(&tasklist_lock); | 436 | if (err == 1) { |
437 | if (!tsk) | 437 | err = 0; |
438 | return -ESRCH; | 438 | ab = audit_log_start(NULL, msg_type); |
439 | 439 | if (ab) { | |
440 | if (audit_enabled && audit_filter_user(tsk, msg_type)) { | 440 | audit_log_format(ab, |
441 | ab = audit_log_start(NULL, msg_type); | 441 | "user pid=%d uid=%u auid=%u msg='%.1024s'", |
442 | if (ab) { | 442 | pid, uid, loginuid, (char *)data); |
443 | audit_log_format(ab, | 443 | audit_set_pid(ab, pid); |
444 | "user pid=%d uid=%u auid=%u msg='%.1024s'", | 444 | audit_log_end(ab); |
445 | pid, uid, loginuid, (char *)data); | 445 | } |
446 | audit_set_pid(ab, pid); | ||
447 | audit_log_end(ab); | ||
448 | } | ||
449 | } | 446 | } |
450 | put_task_struct(tsk); | ||
451 | break; | 447 | break; |
452 | case AUDIT_ADD: | 448 | case AUDIT_ADD: |
453 | case AUDIT_DEL: | 449 | case AUDIT_DEL: |
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index cb8a44945157..fc858b0c044a 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -530,22 +530,33 @@ static enum audit_state audit_filter_syscall(struct task_struct *tsk, | |||
530 | return AUDIT_BUILD_CONTEXT; | 530 | return AUDIT_BUILD_CONTEXT; |
531 | } | 531 | } |
532 | 532 | ||
533 | int audit_filter_user(struct task_struct *tsk, int type) | 533 | int audit_filter_user(int pid, int type) |
534 | { | 534 | { |
535 | struct task_struct *tsk; | ||
535 | struct audit_entry *e; | 536 | struct audit_entry *e; |
536 | enum audit_state state; | 537 | enum audit_state state; |
538 | int ret = 1; | ||
537 | 539 | ||
538 | if (audit_pid && tsk->pid == audit_pid) | 540 | read_lock(&tasklist_lock); |
539 | return AUDIT_DISABLED; | 541 | tsk = find_task_by_pid(pid); |
542 | if (tsk) | ||
543 | get_task_struct(tsk); | ||
544 | read_unlock(&tasklist_lock); | ||
545 | |||
546 | if (!tsk) | ||
547 | return -ESRCH; | ||
540 | 548 | ||
541 | rcu_read_lock(); | 549 | rcu_read_lock(); |
542 | list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) { | 550 | list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) { |
543 | if (audit_filter_rules(tsk, &e->rule, NULL, &state)) { | 551 | if (audit_filter_rules(tsk, &e->rule, NULL, &state)) { |
544 | rcu_read_unlock(); | 552 | if (state == AUDIT_DISABLED) |
545 | return state != AUDIT_DISABLED; | 553 | ret = 0; |
554 | break; | ||
546 | } | 555 | } |
547 | } | 556 | } |
548 | rcu_read_unlock(); | 557 | rcu_read_unlock(); |
558 | put_task_struct(tsk); | ||
559 | |||
549 | return 1; /* Audit by default */ | 560 | return 1; /* Audit by default */ |
550 | 561 | ||
551 | } | 562 | } |