From 1322b9def91ab8e9e673b58a64e13d6effaaa652 Mon Sep 17 00:00:00 2001 From: Yuichi Nakamura Date: Sat, 10 Nov 2007 19:21:34 +0900 Subject: sh: syscall audit support. Support syscall auditing.. Signed-off-by: Yuichi Nakamura Signed-off-by: Paul Mundt --- arch/sh/kernel/ptrace_32.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) (limited to 'arch/sh/kernel/ptrace_32.c') diff --git a/arch/sh/kernel/ptrace_32.c b/arch/sh/kernel/ptrace_32.c index ac725f0aeb72..ce0664a58b49 100644 --- a/arch/sh/kernel/ptrace_32.c +++ b/arch/sh/kernel/ptrace_32.c @@ -6,7 +6,7 @@ * edited by Linus Torvalds * * SuperH version: Copyright (C) 1999, 2000 Kaz Kojima & Niibe Yutaka - * + * Audit support: Yuichi Nakamura */ #include #include @@ -19,6 +19,7 @@ #include #include #include +#include #include #include #include @@ -248,15 +249,20 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data) return ret; } -asmlinkage void do_syscall_trace(void) +asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit) { struct task_struct *tsk = current; + if (unlikely(current->audit_context) && entryexit) + audit_syscall_exit(AUDITSC_RESULT(regs->regs[0]), + regs->regs[0]); + if (!test_thread_flag(TIF_SYSCALL_TRACE) && !test_thread_flag(TIF_SINGLESTEP)) - return; + goto out; if (!(tsk->ptrace & PT_PTRACED)) - return; + goto out; + /* the 0x80 provides a way for the tracing parent to distinguish between a syscall stop and SIGTRAP delivery */ ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) && @@ -271,4 +277,11 @@ asmlinkage void do_syscall_trace(void) send_sig(tsk->exit_code, tsk, 1); tsk->exit_code = 0; } + +out: + if (unlikely(current->audit_context) && !entryexit) + audit_syscall_entry(AUDIT_ARCH_SH, regs->regs[3], + regs->regs[4], regs->regs[5], + regs->regs[6], regs->regs[7]); + } -- cgit v1.2.2