Commit 5d54e69c authored by Linus Torvalds's avatar Linus Torvalds

Merge master.kernel.org:/pub/scm/linux/kernel/git/dwmw2/audit-2.6

parents 63f3d1df b6ddc518
...@@ -370,7 +370,10 @@ W: http://atmelwlandriver.sourceforge.net/ ...@@ -370,7 +370,10 @@ W: http://atmelwlandriver.sourceforge.net/
S: Maintained S: Maintained
AUDIT SUBSYSTEM AUDIT SUBSYSTEM
L: linux-audit@redhat.com (subscribers-only) P: David Woodhouse
M: dwmw2@infradead.org
L: linux-audit@redhat.com
W: http://people.redhat.com/sgrubb/audit/
S: Maintained S: Maintained
AX.25 NETWORK LAYER AX.25 NETWORK LAYER
......
...@@ -68,6 +68,7 @@ int main(void) ...@@ -68,6 +68,7 @@ int main(void)
DEFINE(THREAD_USED_VR, offsetof(struct thread_struct, used_vr)); DEFINE(THREAD_USED_VR, offsetof(struct thread_struct, used_vr));
#endif /* CONFIG_ALTIVEC */ #endif /* CONFIG_ALTIVEC */
DEFINE(MM, offsetof(struct task_struct, mm)); DEFINE(MM, offsetof(struct task_struct, mm));
DEFINE(AUDITCONTEXT, offsetof(struct task_struct, audit_context));
DEFINE(DCACHEL1LINESIZE, offsetof(struct ppc64_caches, dline_size)); DEFINE(DCACHEL1LINESIZE, offsetof(struct ppc64_caches, dline_size));
DEFINE(DCACHEL1LOGLINESIZE, offsetof(struct ppc64_caches, log_dline_size)); DEFINE(DCACHEL1LOGLINESIZE, offsetof(struct ppc64_caches, log_dline_size));
......
...@@ -276,12 +276,22 @@ _GLOBAL(ppc64_rt_sigsuspend) ...@@ -276,12 +276,22 @@ _GLOBAL(ppc64_rt_sigsuspend)
_GLOBAL(ppc32_rt_sigsuspend) _GLOBAL(ppc32_rt_sigsuspend)
bl .save_nvgprs bl .save_nvgprs
bl .sys32_rt_sigsuspend bl .sys32_rt_sigsuspend
/* If sigsuspend() returns zero, we are going into a signal handler */
70: cmpdi 0,r3,0 70: cmpdi 0,r3,0
beq .ret_from_except /* If it returned an error, we need to return via syscall_exit to set
/* If it returned -EINTR, we need to return via syscall_exit to set
the SO bit in cr0 and potentially stop for ptrace. */ the SO bit in cr0 and potentially stop for ptrace. */
b syscall_exit bne syscall_exit
/* If sigsuspend() returns zero, we are going into a signal handler. We
may need to call audit_syscall_exit() to mark the exit from sigsuspend() */
#ifdef CONFIG_AUDIT
ld r3,PACACURRENT(r13)
ld r4,AUDITCONTEXT(r3)
cmpdi 0,r4,0
beq .ret_from_except /* No audit_context: Leave immediately. */
li r4, 2 /* AUDITSC_FAILURE */
li r5,-4 /* It's always -EINTR */
bl .audit_syscall_exit
#endif
b .ret_from_except
_GLOBAL(ppc_fork) _GLOBAL(ppc_fork)
bl .save_nvgprs bl .save_nvgprs
......
...@@ -1048,7 +1048,7 @@ int fastcall path_lookup(const char *name, unsigned int flags, struct nameidata ...@@ -1048,7 +1048,7 @@ int fastcall path_lookup(const char *name, unsigned int flags, struct nameidata
out: out:
if (unlikely(current->audit_context if (unlikely(current->audit_context
&& nd && nd->dentry && nd->dentry->d_inode)) && nd && nd->dentry && nd->dentry->d_inode))
audit_inode(name, nd->dentry->d_inode); audit_inode(name, nd->dentry->d_inode, flags);
return retval; return retval;
} }
......
...@@ -51,7 +51,8 @@ ...@@ -51,7 +51,8 @@
#define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */ #define AUDIT_WATCH_LIST 1009 /* List all file/dir watches */
#define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */ #define AUDIT_SIGNAL_INFO 1010 /* Get info about sender of signal to auditd */
#define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages uninteresting to kernel */ #define AUDIT_FIRST_USER_MSG 1100 /* Userspace messages mostly uninteresting to kernel */
#define AUDIT_USER_AVC 1107 /* We filter this differently */
#define AUDIT_LAST_USER_MSG 1199 #define AUDIT_LAST_USER_MSG 1199
#define AUDIT_DAEMON_START 1200 /* Daemon startup record */ #define AUDIT_DAEMON_START 1200 /* Daemon startup record */
...@@ -75,10 +76,15 @@ ...@@ -75,10 +76,15 @@
#define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */
/* Rule flags */ /* Rule flags */
#define AUDIT_PER_TASK 0x01 /* Apply rule at task creation (not syscall) */ #define AUDIT_FILTER_USER 0x00 /* Apply rule to user-generated messages */
#define AUDIT_AT_ENTRY 0x02 /* Apply rule at syscall entry */ #define AUDIT_FILTER_TASK 0x01 /* Apply rule at task creation (not syscall) */
#define AUDIT_AT_EXIT 0x04 /* Apply rule at syscall exit */ #define AUDIT_FILTER_ENTRY 0x02 /* Apply rule at syscall entry */
#define AUDIT_PREPEND 0x10 /* Prepend to front of list */ #define AUDIT_FILTER_WATCH 0x03 /* Apply rule to file system watches */
#define AUDIT_FILTER_EXIT 0x04 /* Apply rule at syscall exit */
#define AUDIT_NR_FILTERS 5
#define AUDIT_FILTER_PREPEND 0x10 /* Prepend to front of list */
/* Rule actions */ /* Rule actions */
#define AUDIT_NEVER 0 /* Do not build context if rule matches */ #define AUDIT_NEVER 0 /* Do not build context if rule matches */
...@@ -199,6 +205,7 @@ struct audit_sig_info { ...@@ -199,6 +205,7 @@ struct audit_sig_info {
struct audit_buffer; struct audit_buffer;
struct audit_context; struct audit_context;
struct inode; struct inode;
struct netlink_skb_parms;
#define AUDITSC_INVALID 0 #define AUDITSC_INVALID 0
#define AUDITSC_SUCCESS 1 #define AUDITSC_SUCCESS 1
...@@ -215,7 +222,7 @@ extern void audit_syscall_entry(struct task_struct *task, int arch, ...@@ -215,7 +222,7 @@ extern void audit_syscall_entry(struct task_struct *task, int arch,
extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code); extern void audit_syscall_exit(struct task_struct *task, int failed, long return_code);
extern void audit_getname(const char *name); extern void audit_getname(const char *name);
extern void audit_putname(const char *name); extern void audit_putname(const char *name);
extern void audit_inode(const char *name, const struct inode *inode); extern void audit_inode(const char *name, const struct inode *inode, unsigned flags);
/* Private API (for audit.c only) */ /* Private API (for audit.c only) */
extern int audit_receive_filter(int type, int pid, int uid, int seq, extern int audit_receive_filter(int type, int pid, int uid, int seq,
...@@ -230,6 +237,7 @@ extern int audit_socketcall(int nargs, unsigned long *args); ...@@ -230,6 +237,7 @@ extern int audit_socketcall(int nargs, unsigned long *args);
extern int audit_sockaddr(int len, void *addr); extern int audit_sockaddr(int len, void *addr);
extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt);
extern void audit_signal_info(int sig, struct task_struct *t); extern void audit_signal_info(int sig, struct task_struct *t);
extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
#else #else
#define audit_alloc(t) ({ 0; }) #define audit_alloc(t) ({ 0; })
#define audit_free(t) do { ; } while (0) #define audit_free(t) do { ; } while (0)
...@@ -237,7 +245,7 @@ extern void audit_signal_info(int sig, struct task_struct *t); ...@@ -237,7 +245,7 @@ extern void audit_signal_info(int sig, struct task_struct *t);
#define audit_syscall_exit(t,f,r) do { ; } while (0) #define audit_syscall_exit(t,f,r) do { ; } while (0)
#define audit_getname(n) do { ; } while (0) #define audit_getname(n) do { ; } while (0)
#define audit_putname(n) do { ; } while (0) #define audit_putname(n) do { ; } while (0)
#define audit_inode(n,i) do { ; } while (0) #define audit_inode(n,i,f) do { ; } while (0)
#define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; }) #define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; })
#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
#define audit_get_loginuid(c) ({ -1; }) #define audit_get_loginuid(c) ({ -1; })
...@@ -246,16 +254,17 @@ extern void audit_signal_info(int sig, struct task_struct *t); ...@@ -246,16 +254,17 @@ extern void audit_signal_info(int sig, struct task_struct *t);
#define audit_sockaddr(len, addr) ({ 0; }) #define audit_sockaddr(len, addr) ({ 0; })
#define audit_avc_path(dentry, mnt) ({ 0; }) #define audit_avc_path(dentry, mnt) ({ 0; })
#define audit_signal_info(s,t) do { ; } while (0) #define audit_signal_info(s,t) do { ; } while (0)
#define audit_filter_user(cb,t) ({ 1; })
#endif #endif
#ifdef CONFIG_AUDIT #ifdef CONFIG_AUDIT
/* These are defined in audit.c */ /* These are defined in audit.c */
/* Public API */ /* Public API */
extern void audit_log(struct audit_context *ctx, int type, extern void audit_log(struct audit_context *ctx, int gfp_mask,
const char *fmt, ...) int type, const char *fmt, ...)
__attribute__((format(printf,3,4))); __attribute__((format(printf,4,5)));
extern struct audit_buffer *audit_log_start(struct audit_context *ctx,int type); extern struct audit_buffer *audit_log_start(struct audit_context *ctx, int gfp_mask, int type);
extern void audit_log_format(struct audit_buffer *ab, extern void audit_log_format(struct audit_buffer *ab,
const char *fmt, ...) const char *fmt, ...)
__attribute__((format(printf,2,3))); __attribute__((format(printf,2,3)));
...@@ -274,9 +283,10 @@ extern void audit_send_reply(int pid, int seq, int type, ...@@ -274,9 +283,10 @@ extern void audit_send_reply(int pid, int seq, int type,
int done, int multi, int done, int multi,
void *payload, int size); void *payload, int size);
extern void audit_log_lost(const char *message); extern void audit_log_lost(const char *message);
extern struct semaphore audit_netlink_sem;
#else #else
#define audit_log(c,t,f,...) do { ; } while (0) #define audit_log(c,g,t,f,...) do { ; } while (0)
#define audit_log_start(c,t) ({ NULL; }) #define audit_log_start(c,g,t) ({ NULL; })
#define audit_log_vformat(b,f,a) do { ; } while (0) #define audit_log_vformat(b,f,a) do { ; } while (0)
#define audit_log_format(b,f,...) do { ; } while (0) #define audit_log_format(b,f,...) do { ; } while (0)
#define audit_log_end(b) do { ; } while (0) #define audit_log_end(b) do { ; } while (0)
......
This diff is collapsed.
This diff is collapsed.
...@@ -242,7 +242,7 @@ void __init avc_init(void) ...@@ -242,7 +242,7 @@ void __init avc_init(void)
avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node), avc_node_cachep = kmem_cache_create("avc_node", sizeof(struct avc_node),
0, SLAB_PANIC, NULL, NULL); 0, SLAB_PANIC, NULL, NULL);
audit_log(current->audit_context, AUDIT_KERNEL, "AVC INITIALIZED\n"); audit_log(current->audit_context, GFP_KERNEL, AUDIT_KERNEL, "AVC INITIALIZED\n");
} }
int avc_get_hash_stats(char *page) int avc_get_hash_stats(char *page)
...@@ -550,7 +550,7 @@ void avc_audit(u32 ssid, u32 tsid, ...@@ -550,7 +550,7 @@ void avc_audit(u32 ssid, u32 tsid,
return; return;
} }
ab = audit_log_start(current->audit_context, AUDIT_AVC); ab = audit_log_start(current->audit_context, GFP_ATOMIC, AUDIT_AVC);
if (!ab) if (!ab)
return; /* audit_panic has been called */ return; /* audit_panic has been called */
audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted"); audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted");
......
...@@ -3389,7 +3389,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb) ...@@ -3389,7 +3389,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm); err = selinux_nlmsg_lookup(isec->sclass, nlh->nlmsg_type, &perm);
if (err) { if (err) {
if (err == -EINVAL) { if (err == -EINVAL) {
audit_log(current->audit_context, AUDIT_SELINUX_ERR, audit_log(current->audit_context, GFP_KERNEL, AUDIT_SELINUX_ERR,
"SELinux: unrecognized netlink message" "SELinux: unrecognized netlink message"
" type=%hu for sclass=%hu\n", " type=%hu for sclass=%hu\n",
nlh->nlmsg_type, isec->sclass); nlh->nlmsg_type, isec->sclass);
......
...@@ -381,7 +381,7 @@ static int security_validtrans_handle_fail(struct context *ocontext, ...@@ -381,7 +381,7 @@ static int security_validtrans_handle_fail(struct context *ocontext,
goto out; goto out;
if (context_struct_to_string(tcontext, &t, &tlen) < 0) if (context_struct_to_string(tcontext, &t, &tlen) < 0)
goto out; goto out;
audit_log(current->audit_context, AUDIT_SELINUX_ERR, audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
"security_validate_transition: denied for" "security_validate_transition: denied for"
" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s", " oldcontext=%s newcontext=%s taskcontext=%s tclass=%s",
o, n, t, policydb.p_class_val_to_name[tclass-1]); o, n, t, policydb.p_class_val_to_name[tclass-1]);
...@@ -787,7 +787,7 @@ static int compute_sid_handle_invalid_context( ...@@ -787,7 +787,7 @@ static int compute_sid_handle_invalid_context(
goto out; goto out;
if (context_struct_to_string(newcontext, &n, &nlen) < 0) if (context_struct_to_string(newcontext, &n, &nlen) < 0)
goto out; goto out;
audit_log(current->audit_context, AUDIT_SELINUX_ERR, audit_log(current->audit_context, GFP_ATOMIC, AUDIT_SELINUX_ERR,
"security_compute_sid: invalid context %s" "security_compute_sid: invalid context %s"
" for scontext=%s" " for scontext=%s"
" tcontext=%s" " tcontext=%s"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment