Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
linux
Commits
5d54e69c
Commit
5d54e69c
authored
Sep 13, 2005
by
Linus Torvalds
Browse files
Options
Browse Files
Download
Plain Diff
Merge master.kernel.org:/pub/scm/linux/kernel/git/dwmw2/audit-2.6
parents
63f3d1df
b6ddc518
Changes
10
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
356 additions
and
171 deletions
+356
-171
MAINTAINERS
MAINTAINERS
+4
-1
arch/ppc64/kernel/asm-offsets.c
arch/ppc64/kernel/asm-offsets.c
+1
-0
arch/ppc64/kernel/entry.S
arch/ppc64/kernel/entry.S
+14
-4
fs/namei.c
fs/namei.c
+1
-1
include/linux/audit.h
include/linux/audit.h
+23
-13
kernel/audit.c
kernel/audit.c
+79
-49
kernel/auditsc.c
kernel/auditsc.c
+229
-98
security/selinux/avc.c
security/selinux/avc.c
+2
-2
security/selinux/hooks.c
security/selinux/hooks.c
+1
-1
security/selinux/ss/services.c
security/selinux/ss/services.c
+2
-2
No files found.
MAINTAINERS
View file @
5d54e69c
...
@@ -370,7 +370,10 @@ W: http://atmelwlandriver.sourceforge.net/
...
@@ -370,7 +370,10 @@ W: http://atmelwlandriver.sourceforge.net/
S: Maintained
S: Maintained
AUDIT SUBSYSTEM
AUDIT SUBSYSTEM
L: linux-audit@redhat.com (subscribers-only)
P: David Woodhouse
M: dwmw2@infradead.org
L: linux-audit@redhat.com
W: http://people.redhat.com/sgrubb/audit/
S: Maintained
S: Maintained
AX.25 NETWORK LAYER
AX.25 NETWORK LAYER
...
...
arch/ppc64/kernel/asm-offsets.c
View file @
5d54e69c
...
@@ -68,6 +68,7 @@ int main(void)
...
@@ -68,6 +68,7 @@ int main(void)
DEFINE
(
THREAD_USED_VR
,
offsetof
(
struct
thread_struct
,
used_vr
));
DEFINE
(
THREAD_USED_VR
,
offsetof
(
struct
thread_struct
,
used_vr
));
#endif
/* CONFIG_ALTIVEC */
#endif
/* CONFIG_ALTIVEC */
DEFINE
(
MM
,
offsetof
(
struct
task_struct
,
mm
));
DEFINE
(
MM
,
offsetof
(
struct
task_struct
,
mm
));
DEFINE
(
AUDITCONTEXT
,
offsetof
(
struct
task_struct
,
audit_context
));
DEFINE
(
DCACHEL1LINESIZE
,
offsetof
(
struct
ppc64_caches
,
dline_size
));
DEFINE
(
DCACHEL1LINESIZE
,
offsetof
(
struct
ppc64_caches
,
dline_size
));
DEFINE
(
DCACHEL1LOGLINESIZE
,
offsetof
(
struct
ppc64_caches
,
log_dline_size
));
DEFINE
(
DCACHEL1LOGLINESIZE
,
offsetof
(
struct
ppc64_caches
,
log_dline_size
));
...
...
arch/ppc64/kernel/entry.S
View file @
5d54e69c
...
@@ -276,12 +276,22 @@ _GLOBAL(ppc64_rt_sigsuspend)
...
@@ -276,12 +276,22 @@ _GLOBAL(ppc64_rt_sigsuspend)
_GLOBAL
(
ppc32_rt_sigsuspend
)
_GLOBAL
(
ppc32_rt_sigsuspend
)
bl
.
save_nvgprs
bl
.
save_nvgprs
bl
.
sys32_rt_sigsuspend
bl
.
sys32_rt_sigsuspend
/
*
If
sigsuspend
()
returns
zero
,
we
are
going
into
a
signal
handler
*/
70
:
cmpdi
0
,
r3
,
0
70
:
cmpdi
0
,
r3
,
0
beq
.
ret_from_except
/
*
If
it
returned
an
error
,
we
need
to
return
via
syscall_exit
to
set
/
*
If
it
returned
-
EINTR
,
we
need
to
return
via
syscall_exit
to
set
the
SO
bit
in
cr0
and
potentially
stop
for
ptrace
.
*/
the
SO
bit
in
cr0
and
potentially
stop
for
ptrace
.
*/
b
syscall_exit
bne
syscall_exit
/
*
If
sigsuspend
()
returns
zero
,
we
are
going
into
a
signal
handler
.
We
may
need
to
call
audit_syscall_exit
()
to
mark
the
exit
from
sigsuspend
()
*/
#ifdef CONFIG_AUDIT
ld
r3
,
PACACURRENT
(
r13
)
ld
r4
,
AUDITCONTEXT
(
r3
)
cmpdi
0
,
r4
,
0
beq
.
ret_from_except
/*
No
audit_context
:
Leave
immediately
.
*/
li
r4
,
2
/*
AUDITSC_FAILURE
*/
li
r5
,-
4
/*
It
's always -EINTR */
bl
.
audit_syscall_exit
#endif
b
.
ret_from_except
_GLOBAL
(
ppc_fork
)
_GLOBAL
(
ppc_fork
)
bl
.
save_nvgprs
bl
.
save_nvgprs
...
...
fs/namei.c
View file @
5d54e69c
...
@@ -1048,7 +1048,7 @@ int fastcall path_lookup(const char *name, unsigned int flags, struct nameidata
...
@@ -1048,7 +1048,7 @@ int fastcall path_lookup(const char *name, unsigned int flags, struct nameidata
out:
out:
if
(
unlikely
(
current
->
audit_context
if
(
unlikely
(
current
->
audit_context
&&
nd
&&
nd
->
dentry
&&
nd
->
dentry
->
d_inode
))
&&
nd
&&
nd
->
dentry
&&
nd
->
dentry
->
d_inode
))
audit_inode
(
name
,
nd
->
dentry
->
d_inode
);
audit_inode
(
name
,
nd
->
dentry
->
d_inode
,
flags
);
return
retval
;
return
retval
;
}
}
...
...
include/linux/audit.h
View file @
5d54e69c
...
@@ -51,7 +51,8 @@
...
@@ -51,7 +51,8 @@
#define AUDIT_WATCH_LIST 1009
/* List all file/dir watches */
#define AUDIT_WATCH_LIST 1009
/* List all file/dir watches */
#define AUDIT_SIGNAL_INFO 1010
/* Get info about sender of signal to auditd */
#define AUDIT_SIGNAL_INFO 1010
/* Get info about sender of signal to auditd */
#define AUDIT_FIRST_USER_MSG 1100
/* Userspace messages uninteresting to kernel */
#define AUDIT_FIRST_USER_MSG 1100
/* Userspace messages mostly uninteresting to kernel */
#define AUDIT_USER_AVC 1107
/* We filter this differently */
#define AUDIT_LAST_USER_MSG 1199
#define AUDIT_LAST_USER_MSG 1199
#define AUDIT_DAEMON_START 1200
/* Daemon startup record */
#define AUDIT_DAEMON_START 1200
/* Daemon startup record */
...
@@ -75,10 +76,15 @@
...
@@ -75,10 +76,15 @@
#define AUDIT_KERNEL 2000
/* Asynchronous audit record. NOT A REQUEST. */
#define AUDIT_KERNEL 2000
/* Asynchronous audit record. NOT A REQUEST. */
/* Rule flags */
/* Rule flags */
#define AUDIT_PER_TASK 0x01
/* Apply rule at task creation (not syscall) */
#define AUDIT_FILTER_USER 0x00
/* Apply rule to user-generated messages */
#define AUDIT_AT_ENTRY 0x02
/* Apply rule at syscall entry */
#define AUDIT_FILTER_TASK 0x01
/* Apply rule at task creation (not syscall) */
#define AUDIT_AT_EXIT 0x04
/* Apply rule at syscall exit */
#define AUDIT_FILTER_ENTRY 0x02
/* Apply rule at syscall entry */
#define AUDIT_PREPEND 0x10
/* Prepend to front of list */
#define AUDIT_FILTER_WATCH 0x03
/* Apply rule to file system watches */
#define AUDIT_FILTER_EXIT 0x04
/* Apply rule at syscall exit */
#define AUDIT_NR_FILTERS 5
#define AUDIT_FILTER_PREPEND 0x10
/* Prepend to front of list */
/* Rule actions */
/* Rule actions */
#define AUDIT_NEVER 0
/* Do not build context if rule matches */
#define AUDIT_NEVER 0
/* Do not build context if rule matches */
...
@@ -199,6 +205,7 @@ struct audit_sig_info {
...
@@ -199,6 +205,7 @@ struct audit_sig_info {
struct
audit_buffer
;
struct
audit_buffer
;
struct
audit_context
;
struct
audit_context
;
struct
inode
;
struct
inode
;
struct
netlink_skb_parms
;
#define AUDITSC_INVALID 0
#define AUDITSC_INVALID 0
#define AUDITSC_SUCCESS 1
#define AUDITSC_SUCCESS 1
...
@@ -215,7 +222,7 @@ extern void audit_syscall_entry(struct task_struct *task, int arch,
...
@@ -215,7 +222,7 @@ extern void audit_syscall_entry(struct task_struct *task, int arch,
extern
void
audit_syscall_exit
(
struct
task_struct
*
task
,
int
failed
,
long
return_code
);
extern
void
audit_syscall_exit
(
struct
task_struct
*
task
,
int
failed
,
long
return_code
);
extern
void
audit_getname
(
const
char
*
name
);
extern
void
audit_getname
(
const
char
*
name
);
extern
void
audit_putname
(
const
char
*
name
);
extern
void
audit_putname
(
const
char
*
name
);
extern
void
audit_inode
(
const
char
*
name
,
const
struct
inode
*
inode
);
extern
void
audit_inode
(
const
char
*
name
,
const
struct
inode
*
inode
,
unsigned
flags
);
/* Private API (for audit.c only) */
/* Private API (for audit.c only) */
extern
int
audit_receive_filter
(
int
type
,
int
pid
,
int
uid
,
int
seq
,
extern
int
audit_receive_filter
(
int
type
,
int
pid
,
int
uid
,
int
seq
,
...
@@ -230,6 +237,7 @@ extern int audit_socketcall(int nargs, unsigned long *args);
...
@@ -230,6 +237,7 @@ extern int audit_socketcall(int nargs, unsigned long *args);
extern
int
audit_sockaddr
(
int
len
,
void
*
addr
);
extern
int
audit_sockaddr
(
int
len
,
void
*
addr
);
extern
int
audit_avc_path
(
struct
dentry
*
dentry
,
struct
vfsmount
*
mnt
);
extern
int
audit_avc_path
(
struct
dentry
*
dentry
,
struct
vfsmount
*
mnt
);
extern
void
audit_signal_info
(
int
sig
,
struct
task_struct
*
t
);
extern
void
audit_signal_info
(
int
sig
,
struct
task_struct
*
t
);
extern
int
audit_filter_user
(
struct
netlink_skb_parms
*
cb
,
int
type
);
#else
#else
#define audit_alloc(t) ({ 0; })
#define audit_alloc(t) ({ 0; })
#define audit_free(t) do { ; } while (0)
#define audit_free(t) do { ; } while (0)
...
@@ -237,7 +245,7 @@ extern void audit_signal_info(int sig, struct task_struct *t);
...
@@ -237,7 +245,7 @@ extern void audit_signal_info(int sig, struct task_struct *t);
#define audit_syscall_exit(t,f,r) do { ; } while (0)
#define audit_syscall_exit(t,f,r) do { ; } while (0)
#define audit_getname(n) do { ; } while (0)
#define audit_getname(n) do { ; } while (0)
#define audit_putname(n) do { ; } while (0)
#define audit_putname(n) do { ; } while (0)
#define audit_inode(n,i) do { ; } while (0)
#define audit_inode(n,i
,f
) do { ; } while (0)
#define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; })
#define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; })
#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
#define audit_get_loginuid(c) ({ -1; })
#define audit_get_loginuid(c) ({ -1; })
...
@@ -246,16 +254,17 @@ extern void audit_signal_info(int sig, struct task_struct *t);
...
@@ -246,16 +254,17 @@ extern void audit_signal_info(int sig, struct task_struct *t);
#define audit_sockaddr(len, addr) ({ 0; })
#define audit_sockaddr(len, addr) ({ 0; })
#define audit_avc_path(dentry, mnt) ({ 0; })
#define audit_avc_path(dentry, mnt) ({ 0; })
#define audit_signal_info(s,t) do { ; } while (0)
#define audit_signal_info(s,t) do { ; } while (0)
#define audit_filter_user(cb,t) ({ 1; })
#endif
#endif
#ifdef CONFIG_AUDIT
#ifdef CONFIG_AUDIT
/* These are defined in audit.c */
/* These are defined in audit.c */
/* Public API */
/* Public API */
extern
void
audit_log
(
struct
audit_context
*
ctx
,
int
type
,
extern
void
audit_log
(
struct
audit_context
*
ctx
,
int
gfp_mask
,
const
char
*
fmt
,
...)
int
type
,
const
char
*
fmt
,
...)
__attribute__
((
format
(
printf
,
3
,
4
)));
__attribute__
((
format
(
printf
,
4
,
5
)));
extern
struct
audit_buffer
*
audit_log_start
(
struct
audit_context
*
ctx
,
int
type
);
extern
struct
audit_buffer
*
audit_log_start
(
struct
audit_context
*
ctx
,
int
gfp_mask
,
int
type
);
extern
void
audit_log_format
(
struct
audit_buffer
*
ab
,
extern
void
audit_log_format
(
struct
audit_buffer
*
ab
,
const
char
*
fmt
,
...)
const
char
*
fmt
,
...)
__attribute__
((
format
(
printf
,
2
,
3
)));
__attribute__
((
format
(
printf
,
2
,
3
)));
...
@@ -274,9 +283,10 @@ extern void audit_send_reply(int pid, int seq, int type,
...
@@ -274,9 +283,10 @@ extern void audit_send_reply(int pid, int seq, int type,
int
done
,
int
multi
,
int
done
,
int
multi
,
void
*
payload
,
int
size
);
void
*
payload
,
int
size
);
extern
void
audit_log_lost
(
const
char
*
message
);
extern
void
audit_log_lost
(
const
char
*
message
);
extern
struct
semaphore
audit_netlink_sem
;
#else
#else
#define audit_log(c,t,f,...) do { ; } while (0)
#define audit_log(c,
g,
t,f,...) do { ; } while (0)
#define audit_log_start(c,t) ({ NULL; })
#define audit_log_start(c,
g,
t) ({ NULL; })
#define audit_log_vformat(b,f,a) do { ; } while (0)
#define audit_log_vformat(b,f,a) do { ; } while (0)
#define audit_log_format(b,f,...) do { ; } while (0)
#define audit_log_format(b,f,...) do { ; } while (0)
#define audit_log_end(b) do { ; } while (0)
#define audit_log_end(b) do { ; } while (0)
...
...
kernel/audit.c
View file @
5d54e69c
This diff is collapsed.
Click to expand it.
kernel/auditsc.c
View file @
5d54e69c
This diff is collapsed.
Click to expand it.
security/selinux/avc.c
View file @
5d54e69c
...
@@ -242,7 +242,7 @@ void __init avc_init(void)
...
@@ -242,7 +242,7 @@ void __init avc_init(void)
avc_node_cachep
=
kmem_cache_create
(
"avc_node"
,
sizeof
(
struct
avc_node
),
avc_node_cachep
=
kmem_cache_create
(
"avc_node"
,
sizeof
(
struct
avc_node
),
0
,
SLAB_PANIC
,
NULL
,
NULL
);
0
,
SLAB_PANIC
,
NULL
,
NULL
);
audit_log
(
current
->
audit_context
,
AUDIT_KERNEL
,
"AVC INITIALIZED
\n
"
);
audit_log
(
current
->
audit_context
,
GFP_KERNEL
,
AUDIT_KERNEL
,
"AVC INITIALIZED
\n
"
);
}
}
int
avc_get_hash_stats
(
char
*
page
)
int
avc_get_hash_stats
(
char
*
page
)
...
@@ -550,7 +550,7 @@ void avc_audit(u32 ssid, u32 tsid,
...
@@ -550,7 +550,7 @@ void avc_audit(u32 ssid, u32 tsid,
return
;
return
;
}
}
ab
=
audit_log_start
(
current
->
audit_context
,
AUDIT_AVC
);
ab
=
audit_log_start
(
current
->
audit_context
,
GFP_ATOMIC
,
AUDIT_AVC
);
if
(
!
ab
)
if
(
!
ab
)
return
;
/* audit_panic has been called */
return
;
/* audit_panic has been called */
audit_log_format
(
ab
,
"avc: %s "
,
denied
?
"denied"
:
"granted"
);
audit_log_format
(
ab
,
"avc: %s "
,
denied
?
"denied"
:
"granted"
);
...
...
security/selinux/hooks.c
View file @
5d54e69c
...
@@ -3389,7 +3389,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
...
@@ -3389,7 +3389,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
err
=
selinux_nlmsg_lookup
(
isec
->
sclass
,
nlh
->
nlmsg_type
,
&
perm
);
err
=
selinux_nlmsg_lookup
(
isec
->
sclass
,
nlh
->
nlmsg_type
,
&
perm
);
if
(
err
)
{
if
(
err
)
{
if
(
err
==
-
EINVAL
)
{
if
(
err
==
-
EINVAL
)
{
audit_log
(
current
->
audit_context
,
AUDIT_SELINUX_ERR
,
audit_log
(
current
->
audit_context
,
GFP_KERNEL
,
AUDIT_SELINUX_ERR
,
"SELinux: unrecognized netlink message"
"SELinux: unrecognized netlink message"
" type=%hu for sclass=%hu
\n
"
,
" type=%hu for sclass=%hu
\n
"
,
nlh
->
nlmsg_type
,
isec
->
sclass
);
nlh
->
nlmsg_type
,
isec
->
sclass
);
...
...
security/selinux/ss/services.c
View file @
5d54e69c
...
@@ -381,7 +381,7 @@ static int security_validtrans_handle_fail(struct context *ocontext,
...
@@ -381,7 +381,7 @@ static int security_validtrans_handle_fail(struct context *ocontext,
goto
out
;
goto
out
;
if
(
context_struct_to_string
(
tcontext
,
&
t
,
&
tlen
)
<
0
)
if
(
context_struct_to_string
(
tcontext
,
&
t
,
&
tlen
)
<
0
)
goto
out
;
goto
out
;
audit_log
(
current
->
audit_context
,
AUDIT_SELINUX_ERR
,
audit_log
(
current
->
audit_context
,
GFP_ATOMIC
,
AUDIT_SELINUX_ERR
,
"security_validate_transition: denied for"
"security_validate_transition: denied for"
" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s"
,
" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s"
,
o
,
n
,
t
,
policydb
.
p_class_val_to_name
[
tclass
-
1
]);
o
,
n
,
t
,
policydb
.
p_class_val_to_name
[
tclass
-
1
]);
...
@@ -787,7 +787,7 @@ static int compute_sid_handle_invalid_context(
...
@@ -787,7 +787,7 @@ static int compute_sid_handle_invalid_context(
goto
out
;
goto
out
;
if
(
context_struct_to_string
(
newcontext
,
&
n
,
&
nlen
)
<
0
)
if
(
context_struct_to_string
(
newcontext
,
&
n
,
&
nlen
)
<
0
)
goto
out
;
goto
out
;
audit_log
(
current
->
audit_context
,
AUDIT_SELINUX_ERR
,
audit_log
(
current
->
audit_context
,
GFP_ATOMIC
,
AUDIT_SELINUX_ERR
,
"security_compute_sid: invalid context %s"
"security_compute_sid: invalid context %s"
" for scontext=%s"
" for scontext=%s"
" tcontext=%s"
" tcontext=%s"
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment