1 files changed, 47 insertions, 1 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 3749193aed..6c61263ff9 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -311,6 +311,43 @@ int audit_match_class(int class, unsigned syscall)
        return classes[class][AUDIT_WORD(syscall)] & AUDIT_BIT(syscall);
 }
+static inline int audit_match_class_bits(int class, u32 *mask)
+{
+        int i;
+        if (classes[class]) {
+                for (i = 0; i < AUDIT_BITMASK_SIZE; i++)
+                        if (mask[i] & classes[class][i])
+                                return 0;
+        }
+        return 1;
+}
+static int audit_match_signal(struct audit_entry *entry)
+{
+        struct audit_field *arch = entry->rule.arch_f;
+        if (!arch) {
+                /* When arch is unspecified, we must check both masks on biarch
+                 * as syscall number alone is ambiguous. */
+                return (audit_match_class_bits(AUDIT_CLASS_SIGNAL,
+                                               entry->rule.mask) &&
+                        audit_match_class_bits(AUDIT_CLASS_SIGNAL_32,
+                                               entry->rule.mask));
+        }
+        switch(audit_classify_arch(arch->val)) {
+        case 0: /* native */
+                return (audit_match_class_bits(AUDIT_CLASS_SIGNAL,
+                                               entry->rule.mask));
+        case 1: /* 32bit on biarch */
+                return (audit_match_class_bits(AUDIT_CLASS_SIGNAL_32,
+                                               entry->rule.mask));
+        default:
+                return 1;
+        }
+}
 /* Common user-space to kernel rule translation. */
 static inline struct audit_entry *audit_to_entry_common(struct audit_rule *rule)
 {
@@ -429,6 +466,7 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule)
                                err = -EINVAL;
                                goto exit_free;
                        }
+                        entry->rule.arch_f = f;
                        break;
                case AUDIT_PERM:
                        if (f->val & ~15)
@@ -519,7 +557,6 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
                case AUDIT_FSGID:
                case AUDIT_LOGINUID:
                case AUDIT_PERS:
-                case AUDIT_ARCH:
                case AUDIT_MSGTYPE:
                case AUDIT_PPID:
                case AUDIT_DEVMAJOR:
@@ -531,6 +568,9 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
                case AUDIT_ARG2:
                case AUDIT_ARG3:
                        break;
+                case AUDIT_ARCH:
+                        entry->rule.arch_f = f;
+                        break;
                case AUDIT_SUBJ_USER:
                case AUDIT_SUBJ_ROLE:
                case AUDIT_SUBJ_TYPE:
@@ -1221,6 +1261,9 @@ static inline int audit_add_rule(struct audit_entry *entry,
 #ifdef CONFIG_AUDITSYSCALL
        if (!dont_count)
                audit_n_rules++;
+        if (!audit_match_signal(entry))
+                audit_signals++;
 #endif
        mutex_unlock(&audit_filter_mutex);
@@ -1294,6 +1337,9 @@ static inline int audit_del_rule(struct audit_entry *entry,
 #ifdef CONFIG_AUDITSYSCALL
        if (!dont_count)
                audit_n_rules--;
+        if (!audit_match_signal(entry))
+                audit_signals--;
 #endif
        mutex_unlock(&audit_filter_mutex);

diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 3749193aed..6c61263ff9 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c
@@ -311,6 +311,43 @@ int audit_match_class(int class, unsigned syscall)
311	return classes[class][AUDIT_WORD(syscall)] & AUDIT_BIT(syscall);	311	return classes[class][AUDIT_WORD(syscall)] & AUDIT_BIT(syscall);
312	}	312	}
313		313
		314	static inline int audit_match_class_bits(int class, u32 *mask)
		315	{
		316	int i;
		317
		318	if (classes[class]) {
		319	for (i = 0; i < AUDIT_BITMASK_SIZE; i++)
		320	if (mask[i] & classes[class][i])
		321	return 0;
		322	}
		323	return 1;
		324	}
		325
		326	static int audit_match_signal(struct audit_entry *entry)
		327	{
		328	struct audit_field *arch = entry->rule.arch_f;
		329
		330	if (!arch) {
		331	/* When arch is unspecified, we must check both masks on biarch
		332	* as syscall number alone is ambiguous. */
		333	return (audit_match_class_bits(AUDIT_CLASS_SIGNAL,
		334	entry->rule.mask) &&
		335	audit_match_class_bits(AUDIT_CLASS_SIGNAL_32,
		336	entry->rule.mask));
		337	}
		338
		339	switch(audit_classify_arch(arch->val)) {
		340	case 0: /* native */
		341	return (audit_match_class_bits(AUDIT_CLASS_SIGNAL,
		342	entry->rule.mask));
		343	case 1: /* 32bit on biarch */
		344	return (audit_match_class_bits(AUDIT_CLASS_SIGNAL_32,
		345	entry->rule.mask));
		346	default:
		347	return 1;
		348	}
		349	}
		350
314	/* Common user-space to kernel rule translation. */	351	/* Common user-space to kernel rule translation. */
315	static inline struct audit_entry audit_to_entry_common(struct audit_rule rule)	352	static inline struct audit_entry audit_to_entry_common(struct audit_rule rule)
316	{	353	{
@@ -429,6 +466,7 @@ static struct audit_entry audit_rule_to_entry(struct audit_rule rule)
429	err = -EINVAL;	466	err = -EINVAL;
430	goto exit_free;	467	goto exit_free;
431	}	468	}
		469	entry->rule.arch_f = f;
432	break;	470	break;
433	case AUDIT_PERM:	471	case AUDIT_PERM:
434	if (f->val & ~15)	472	if (f->val & ~15)
@@ -519,7 +557,6 @@ static struct audit_entry audit_data_to_entry(struct audit_rule_data data,
519	case AUDIT_FSGID:	557	case AUDIT_FSGID:
520	case AUDIT_LOGINUID:	558	case AUDIT_LOGINUID:
521	case AUDIT_PERS:	559	case AUDIT_PERS:
522	case AUDIT_ARCH:
523	case AUDIT_MSGTYPE:	560	case AUDIT_MSGTYPE:
524	case AUDIT_PPID:	561	case AUDIT_PPID:
525	case AUDIT_DEVMAJOR:	562	case AUDIT_DEVMAJOR:
@@ -531,6 +568,9 @@ static struct audit_entry audit_data_to_entry(struct audit_rule_data data,
531	case AUDIT_ARG2:	568	case AUDIT_ARG2:
532	case AUDIT_ARG3:	569	case AUDIT_ARG3:
533	break;	570	break;
		571	case AUDIT_ARCH:
		572	entry->rule.arch_f = f;
		573	break;
534	case AUDIT_SUBJ_USER:	574	case AUDIT_SUBJ_USER:
535	case AUDIT_SUBJ_ROLE:	575	case AUDIT_SUBJ_ROLE:
536	case AUDIT_SUBJ_TYPE:	576	case AUDIT_SUBJ_TYPE:
@@ -1221,6 +1261,9 @@ static inline int audit_add_rule(struct audit_entry *entry,
1221	#ifdef CONFIG_AUDITSYSCALL	1261	#ifdef CONFIG_AUDITSYSCALL
1222	if (!dont_count)	1262	if (!dont_count)
1223	audit_n_rules++;	1263	audit_n_rules++;
		1264
		1265	if (!audit_match_signal(entry))
		1266	audit_signals++;
1224	#endif	1267	#endif
1225	mutex_unlock(&audit_filter_mutex);	1268	mutex_unlock(&audit_filter_mutex);
1226		1269
@@ -1294,6 +1337,9 @@ static inline int audit_del_rule(struct audit_entry *entry,
1294	#ifdef CONFIG_AUDITSYSCALL	1337	#ifdef CONFIG_AUDITSYSCALL
1295	if (!dont_count)	1338	if (!dont_count)
1296	audit_n_rules--;	1339	audit_n_rules--;
		1340
		1341	if (!audit_match_signal(entry))
		1342	audit_signals--;
1297	#endif	1343	#endif
1298	mutex_unlock(&audit_filter_mutex);	1344	mutex_unlock(&audit_filter_mutex);
1299		1345