aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
Diffstat (limited to 'kernel')
-rw-r--r--kernel/auditsc.c53
1 files changed, 16 insertions, 37 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index d3d97d28b69a..2e123a8a0d60 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -90,7 +90,7 @@ struct audit_names {
90 uid_t uid; 90 uid_t uid;
91 gid_t gid; 91 gid_t gid;
92 dev_t rdev; 92 dev_t rdev;
93 char *ctx; 93 u32 osid;
94}; 94};
95 95
96struct audit_aux_data { 96struct audit_aux_data {
@@ -410,9 +410,6 @@ static inline void audit_free_names(struct audit_context *context)
410#endif 410#endif
411 411
412 for (i = 0; i < context->name_count; i++) { 412 for (i = 0; i < context->name_count; i++) {
413 char *p = context->names[i].ctx;
414 context->names[i].ctx = NULL;
415 kfree(p);
416 if (context->names[i].name) 413 if (context->names[i].name)
417 __putname(context->names[i].name); 414 __putname(context->names[i].name);
418 } 415 }
@@ -674,6 +671,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
674 } 671 }
675 } 672 }
676 for (i = 0; i < context->name_count; i++) { 673 for (i = 0; i < context->name_count; i++) {
674 int call_panic = 0;
677 unsigned long ino = context->names[i].ino; 675 unsigned long ino = context->names[i].ino;
678 unsigned long pino = context->names[i].pino; 676 unsigned long pino = context->names[i].pino;
679 677
@@ -703,12 +701,22 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
703 context->names[i].gid, 701 context->names[i].gid,
704 MAJOR(context->names[i].rdev), 702 MAJOR(context->names[i].rdev),
705 MINOR(context->names[i].rdev)); 703 MINOR(context->names[i].rdev));
706 if (context->names[i].ctx) { 704 if (context->names[i].osid != 0) {
707 audit_log_format(ab, " obj=%s", 705 char *ctx = NULL;
708 context->names[i].ctx); 706 u32 len;
707 if (selinux_ctxid_to_string(
708 context->names[i].osid, &ctx, &len)) {
709 audit_log_format(ab, " obj=%u",
710 context->names[i].osid);
711 call_panic = 1;
712 } else
713 audit_log_format(ab, " obj=%s", ctx);
714 kfree(ctx);
709 } 715 }
710 716
711 audit_log_end(ab); 717 audit_log_end(ab);
718 if (call_panic)
719 audit_panic("error converting sid to string");
712 } 720 }
713} 721}
714 722
@@ -946,37 +954,8 @@ void audit_putname(const char *name)
946void audit_inode_context(int idx, const struct inode *inode) 954void audit_inode_context(int idx, const struct inode *inode)
947{ 955{
948 struct audit_context *context = current->audit_context; 956 struct audit_context *context = current->audit_context;
949 const char *suffix = security_inode_xattr_getsuffix();
950 char *ctx = NULL;
951 int len = 0;
952
953 if (!suffix)
954 goto ret;
955
956 len = security_inode_getsecurity(inode, suffix, NULL, 0, 0);
957 if (len == -EOPNOTSUPP)
958 goto ret;
959 if (len < 0)
960 goto error_path;
961
962 ctx = kmalloc(len, GFP_KERNEL);
963 if (!ctx)
964 goto error_path;
965
966 len = security_inode_getsecurity(inode, suffix, ctx, len, 0);
967 if (len < 0)
968 goto error_path;
969
970 kfree(context->names[idx].ctx);
971 context->names[idx].ctx = ctx;
972 goto ret;
973 957
974error_path: 958 selinux_get_inode_sid(inode, &context->names[idx].osid);
975 if (ctx)
976 kfree(ctx);
977 audit_panic("error in audit_inode_context");
978ret:
979 return;
980} 959}
981 960
982 961