diff options
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/auditsc.c | 53 |
1 files changed, 16 insertions, 37 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c index d3d97d28b69a..2e123a8a0d60 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c | |||
@@ -90,7 +90,7 @@ struct audit_names { | |||
90 | uid_t uid; | 90 | uid_t uid; |
91 | gid_t gid; | 91 | gid_t gid; |
92 | dev_t rdev; | 92 | dev_t rdev; |
93 | char *ctx; | 93 | u32 osid; |
94 | }; | 94 | }; |
95 | 95 | ||
96 | struct audit_aux_data { | 96 | struct audit_aux_data { |
@@ -410,9 +410,6 @@ static inline void audit_free_names(struct audit_context *context) | |||
410 | #endif | 410 | #endif |
411 | 411 | ||
412 | for (i = 0; i < context->name_count; i++) { | 412 | for (i = 0; i < context->name_count; i++) { |
413 | char *p = context->names[i].ctx; | ||
414 | context->names[i].ctx = NULL; | ||
415 | kfree(p); | ||
416 | if (context->names[i].name) | 413 | if (context->names[i].name) |
417 | __putname(context->names[i].name); | 414 | __putname(context->names[i].name); |
418 | } | 415 | } |
@@ -674,6 +671,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
674 | } | 671 | } |
675 | } | 672 | } |
676 | for (i = 0; i < context->name_count; i++) { | 673 | for (i = 0; i < context->name_count; i++) { |
674 | int call_panic = 0; | ||
677 | unsigned long ino = context->names[i].ino; | 675 | unsigned long ino = context->names[i].ino; |
678 | unsigned long pino = context->names[i].pino; | 676 | unsigned long pino = context->names[i].pino; |
679 | 677 | ||
@@ -703,12 +701,22 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts | |||
703 | context->names[i].gid, | 701 | context->names[i].gid, |
704 | MAJOR(context->names[i].rdev), | 702 | MAJOR(context->names[i].rdev), |
705 | MINOR(context->names[i].rdev)); | 703 | MINOR(context->names[i].rdev)); |
706 | if (context->names[i].ctx) { | 704 | if (context->names[i].osid != 0) { |
707 | audit_log_format(ab, " obj=%s", | 705 | char *ctx = NULL; |
708 | context->names[i].ctx); | 706 | u32 len; |
707 | if (selinux_ctxid_to_string( | ||
708 | context->names[i].osid, &ctx, &len)) { | ||
709 | audit_log_format(ab, " obj=%u", | ||
710 | context->names[i].osid); | ||
711 | call_panic = 1; | ||
712 | } else | ||
713 | audit_log_format(ab, " obj=%s", ctx); | ||
714 | kfree(ctx); | ||
709 | } | 715 | } |
710 | 716 | ||
711 | audit_log_end(ab); | 717 | audit_log_end(ab); |
718 | if (call_panic) | ||
719 | audit_panic("error converting sid to string"); | ||
712 | } | 720 | } |
713 | } | 721 | } |
714 | 722 | ||
@@ -946,37 +954,8 @@ void audit_putname(const char *name) | |||
946 | void audit_inode_context(int idx, const struct inode *inode) | 954 | void audit_inode_context(int idx, const struct inode *inode) |
947 | { | 955 | { |
948 | struct audit_context *context = current->audit_context; | 956 | struct audit_context *context = current->audit_context; |
949 | const char *suffix = security_inode_xattr_getsuffix(); | ||
950 | char *ctx = NULL; | ||
951 | int len = 0; | ||
952 | |||
953 | if (!suffix) | ||
954 | goto ret; | ||
955 | |||
956 | len = security_inode_getsecurity(inode, suffix, NULL, 0, 0); | ||
957 | if (len == -EOPNOTSUPP) | ||
958 | goto ret; | ||
959 | if (len < 0) | ||
960 | goto error_path; | ||
961 | |||
962 | ctx = kmalloc(len, GFP_KERNEL); | ||
963 | if (!ctx) | ||
964 | goto error_path; | ||
965 | |||
966 | len = security_inode_getsecurity(inode, suffix, ctx, len, 0); | ||
967 | if (len < 0) | ||
968 | goto error_path; | ||
969 | |||
970 | kfree(context->names[idx].ctx); | ||
971 | context->names[idx].ctx = ctx; | ||
972 | goto ret; | ||
973 | 957 | ||
974 | error_path: | 958 | selinux_get_inode_sid(inode, &context->names[idx].osid); |
975 | if (ctx) | ||
976 | kfree(ctx); | ||
977 | audit_panic("error in audit_inode_context"); | ||
978 | ret: | ||
979 | return; | ||
980 | } | 959 | } |
981 | 960 | ||
982 | 961 | ||