tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge git://git.infradead.org/users/eparis/audit

Pull audit changes from Eric Paris:
"Al used to send pull requests every couple of years but he told me to
just start pushing them to you directly.

Our touching outside of core audit code is pretty straight forward. A
couple of interface changes which hit net/. A simple argument bug
calling audit functions in namei.c and the removal of some assembly
branch prediction code on ppc"

* git://git.infradead.org/users/eparis/audit: (31 commits)
audit: fix message spacing printing auid
Revert "audit: move kaudit thread start from auditd registration to kaudit init"
audit: vfs: fix audit_inode call in O_CREAT case of do_last
audit: Make testing for a valid loginuid explicit.
audit: fix event coverage of AUDIT_ANOM_LINK
audit: use spin_lock in audit_receive_msg to process tty logging
audit: do not needlessly take a lock in tty_audit_exit
audit: do not needlessly take a spinlock in copy_signal
audit: add an option to control logging of passwords with pam_tty_audit
audit: use spin_lock_irqsave/restore in audit tty code
helper for some session id stuff
audit: use a consistent audit helper to log lsm information
audit: push loginuid and sessionid processing down
audit: stop pushing loginid, uid, sessionid as arguments
audit: remove the old depricated kernel interface
audit: make validity checking generic
audit: allow checking the type of audit message in the user filter
audit: fix build break when AUDIT_DEBUG == 2
audit: remove duplicate export of audit_enabled
Audit: do not print error when LSMs disabled
...

Linus Torvalds c4cc75c3 2dbd3cac

+745 -867
+1 -1
arch/powerpc/kernel/entry_64.S
··· 150 150 CURRENT_THREAD_INFO(r11, r1) 151 151 ld r10,TI_FLAGS(r11) 152 152 andi. r11,r10,_TIF_SYSCALL_T_OR_A 153 - bne- syscall_dotrace 153 + bne syscall_dotrace 154 154 .Lsyscall_dotrace_cont: 155 155 cmpldi 0,r0,NR_syscalls 156 156 bge- syscall_enosys
+44 -58
drivers/tty/tty_audit.c
··· 60 60 tty_audit_buf_free(buf); 61 61 } 62 62 63 - static void tty_audit_log(const char *description, struct task_struct *tsk, 64 - kuid_t loginuid, unsigned sessionid, int major, 65 - int minor, unsigned char *data, size_t size) 63 + static void tty_audit_log(const char *description, int major, int minor, 64 + unsigned char *data, size_t size) 66 65 { 67 66 struct audit_buffer *ab; 67 + struct task_struct *tsk = current; 68 + uid_t uid = from_kuid(&init_user_ns, task_uid(tsk)); 69 + uid_t loginuid = from_kuid(&init_user_ns, audit_get_loginuid(tsk)); 70 + u32 sessionid = audit_get_sessionid(tsk); 68 71 69 72 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY); 70 73 if (ab) { 71 74 char name[sizeof(tsk->comm)]; 72 - kuid_t uid = task_uid(tsk); 73 75 74 - audit_log_format(ab, "%s pid=%u uid=%u auid=%u ses=%u " 75 - "major=%d minor=%d comm=", description, 76 - tsk->pid, 77 - from_kuid(&init_user_ns, uid), 78 - from_kuid(&init_user_ns, loginuid), 79 - sessionid, 80 - major, minor); 76 + audit_log_format(ab, "%s pid=%u uid=%u auid=%u ses=%u major=%d" 77 + " minor=%d comm=", description, tsk->pid, uid, 78 + loginuid, sessionid, major, minor); 81 79 get_task_comm(name, tsk); 82 80 audit_log_untrustedstring(ab, name); 83 81 audit_log_format(ab, " data="); ··· 88 90 * tty_audit_buf_push - Push buffered data out 89 91 * 90 92 * Generate an audit message from the contents of @buf, which is owned by 91 - * @tsk with @loginuid. @buf->mutex must be locked. 93 + * the current task. @buf->mutex must be locked. 92 94 */ 93 - static void tty_audit_buf_push(struct task_struct *tsk, kuid_t loginuid, 94 - unsigned int sessionid, 95 - struct tty_audit_buf *buf) 95 + static void tty_audit_buf_push(struct tty_audit_buf *buf) 96 96 { 97 97 if (buf->valid == 0) 98 98 return; ··· 98 102 buf->valid = 0; 99 103 return; 100 104 } 101 - tty_audit_log("tty", tsk, loginuid, sessionid, buf->major, buf->minor, 102 - buf->data, buf->valid); 105 + tty_audit_log("tty", buf->major, buf->minor, buf->data, buf->valid); 103 106 buf->valid = 0; 104 - } 105 - 106 - /** 107 - * tty_audit_buf_push_current - Push buffered data out 108 - * 109 - * Generate an audit message from the contents of @buf, which is owned by 110 - * the current task. @buf->mutex must be locked. 111 - */ 112 - static void tty_audit_buf_push_current(struct tty_audit_buf *buf) 113 - { 114 - kuid_t auid = audit_get_loginuid(current); 115 - unsigned int sessionid = audit_get_sessionid(current); 116 - tty_audit_buf_push(current, auid, sessionid, buf); 117 107 } 118 108 119 109 /** ··· 112 130 { 113 131 struct tty_audit_buf *buf; 114 132 115 - spin_lock_irq(&current->sighand->siglock); 116 133 buf = current->signal->tty_audit_buf; 117 134 current->signal->tty_audit_buf = NULL; 118 - spin_unlock_irq(&current->sighand->siglock); 119 135 if (!buf) 120 136 return; 121 137 122 138 mutex_lock(&buf->mutex); 123 - tty_audit_buf_push_current(buf); 139 + tty_audit_buf_push(buf); 124 140 mutex_unlock(&buf->mutex); 125 141 126 142 tty_audit_buf_put(buf); ··· 131 151 */ 132 152 void tty_audit_fork(struct signal_struct *sig) 133 153 { 134 - spin_lock_irq(&current->sighand->siglock); 135 154 sig->audit_tty = current->signal->audit_tty; 136 - spin_unlock_irq(&current->sighand->siglock); 155 + sig->audit_tty_log_passwd = current->signal->audit_tty_log_passwd; 137 156 } 138 157 139 158 /** ··· 142 163 { 143 164 struct tty_audit_buf *buf; 144 165 int major, minor, should_audit; 166 + unsigned long flags; 145 167 146 - spin_lock_irq(&current->sighand->siglock); 168 + spin_lock_irqsave(&current->sighand->siglock, flags); 147 169 should_audit = current->signal->audit_tty; 148 170 buf = current->signal->tty_audit_buf; 149 171 if (buf) 150 172 atomic_inc(&buf->count); 151 - spin_unlock_irq(&current->sighand->siglock); 173 + spin_unlock_irqrestore(&current->sighand->siglock, flags); 152 174 153 175 major = tty->driver->major; 154 176 minor = tty->driver->minor_start + tty->index; 155 177 if (buf) { 156 178 mutex_lock(&buf->mutex); 157 179 if (buf->major == major && buf->minor == minor) 158 - tty_audit_buf_push_current(buf); 180 + tty_audit_buf_push(buf); 159 181 mutex_unlock(&buf->mutex); 160 182 tty_audit_buf_put(buf); 161 183 } ··· 167 187 168 188 auid = audit_get_loginuid(current); 169 189 sessionid = audit_get_sessionid(current); 170 - tty_audit_log("ioctl=TIOCSTI", current, auid, sessionid, major, 171 - minor, &ch, 1); 190 + tty_audit_log("ioctl=TIOCSTI", major, minor, &ch, 1); 172 191 } 173 192 } 174 193 175 194 /** 176 - * tty_audit_push_task - Flush task's pending audit data 177 - * @tsk: task pointer 178 - * @loginuid: sender login uid 179 - * @sessionid: sender session id 195 + * tty_audit_push_current - Flush current's pending audit data 180 196 * 181 - * Called with a ref on @tsk held. Try to lock sighand and get a 182 - * reference to the tty audit buffer if available. 197 + * Try to lock sighand and get a reference to the tty audit buffer if available. 183 198 * Flush the buffer or return an appropriate error code. 184 199 */ 185 - int tty_audit_push_task(struct task_struct *tsk, kuid_t loginuid, u32 sessionid) 200 + int tty_audit_push_current(void) 186 201 { 187 202 struct tty_audit_buf *buf = ERR_PTR(-EPERM); 203 + struct task_struct *tsk = current; 188 204 unsigned long flags; 189 205 190 206 if (!lock_task_sighand(tsk, &flags)) ··· 201 225 return PTR_ERR(buf); 202 226 203 227 mutex_lock(&buf->mutex); 204 - tty_audit_buf_push(tsk, loginuid, sessionid, buf); 228 + tty_audit_buf_push(buf); 205 229 mutex_unlock(&buf->mutex); 206 230 207 231 tty_audit_buf_put(buf); ··· 219 243 unsigned icanon) 220 244 { 221 245 struct tty_audit_buf *buf, *buf2; 246 + unsigned long flags; 222 247 223 248 buf = NULL; 224 249 buf2 = NULL; 225 - spin_lock_irq(&current->sighand->siglock); 250 + spin_lock_irqsave(&current->sighand->siglock, flags); 226 251 if (likely(!current->signal->audit_tty)) 227 252 goto out; 228 253 buf = current->signal->tty_audit_buf; ··· 231 254 atomic_inc(&buf->count); 232 255 goto out; 233 256 } 234 - spin_unlock_irq(&current->sighand->siglock); 257 + spin_unlock_irqrestore(&current->sighand->siglock, flags); 235 258 236 259 buf2 = tty_audit_buf_alloc(tty->driver->major, 237 260 tty->driver->minor_start + tty->index, ··· 241 264 return NULL; 242 265 } 243 266 244 - spin_lock_irq(&current->sighand->siglock); 267 + spin_lock_irqsave(&current->sighand->siglock, flags); 245 268 if (!current->signal->audit_tty) 246 269 goto out; 247 270 buf = current->signal->tty_audit_buf; ··· 253 276 atomic_inc(&buf->count); 254 277 /* Fall through */ 255 278 out: 256 - spin_unlock_irq(&current->sighand->siglock); 279 + spin_unlock_irqrestore(&current->sighand->siglock, flags); 257 280 if (buf2) 258 281 tty_audit_buf_free(buf2); 259 282 return buf; ··· 269 292 { 270 293 struct tty_audit_buf *buf; 271 294 int major, minor; 295 + int audit_log_tty_passwd; 296 + unsigned long flags; 272 297 273 298 if (unlikely(size == 0)) 299 + return; 300 + 301 + spin_lock_irqsave(&current->sighand->siglock, flags); 302 + audit_log_tty_passwd = current->signal->audit_tty_log_passwd; 303 + spin_unlock_irqrestore(&current->sighand->siglock, flags); 304 + if (!audit_log_tty_passwd && icanon && !L_ECHO(tty)) 274 305 return; 275 306 276 307 if (tty->driver->type == TTY_DRIVER_TYPE_PTY ··· 294 309 minor = tty->driver->minor_start + tty->index; 295 310 if (buf->major != major || buf->minor != minor 296 311 || buf->icanon != icanon) { 297 - tty_audit_buf_push_current(buf); 312 + tty_audit_buf_push(buf); 298 313 buf->major = major; 299 314 buf->minor = minor; 300 315 buf->icanon = icanon; ··· 310 325 data += run; 311 326 size -= run; 312 327 if (buf->valid == N_TTY_BUF_SIZE) 313 - tty_audit_buf_push_current(buf); 328 + tty_audit_buf_push(buf); 314 329 } while (size != 0); 315 330 mutex_unlock(&buf->mutex); 316 331 tty_audit_buf_put(buf); ··· 324 339 void tty_audit_push(struct tty_struct *tty) 325 340 { 326 341 struct tty_audit_buf *buf; 342 + unsigned long flags; 327 343 328 - spin_lock_irq(&current->sighand->siglock); 344 + spin_lock_irqsave(&current->sighand->siglock, flags); 329 345 if (likely(!current->signal->audit_tty)) { 330 - spin_unlock_irq(&current->sighand->siglock); 346 + spin_unlock_irqrestore(&current->sighand->siglock, flags); 331 347 return; 332 348 } 333 349 buf = current->signal->tty_audit_buf; 334 350 if (buf) 335 351 atomic_inc(&buf->count); 336 - spin_unlock_irq(&current->sighand->siglock); 352 + spin_unlock_irqrestore(&current->sighand->siglock, flags); 337 353 338 354 if (buf) { 339 355 int major, minor; ··· 343 357 minor = tty->driver->minor_start + tty->index; 344 358 mutex_lock(&buf->mutex); 345 359 if (buf->major == major && buf->minor == minor) 346 - tty_audit_buf_push_current(buf); 360 + tty_audit_buf_push(buf); 347 361 mutex_unlock(&buf->mutex); 348 362 tty_audit_buf_put(buf); 349 363 }
+1 -1
fs/namei.c
··· 2740 2740 if (error) 2741 2741 return error; 2742 2742 2743 - audit_inode(name, dir, 0); 2743 + audit_inode(name, dir, LOOKUP_PARENT); 2744 2744 error = -EISDIR; 2745 2745 /* trailing slashes? */ 2746 2746 if (nd->last.name[nd->last.len])
+32 -16
include/linux/audit.h
··· 84 84 #define AUDIT_TYPE_CHILD_DELETE 3 /* a child being deleted */ 85 85 #define AUDIT_TYPE_CHILD_CREATE 4 /* a child being created */ 86 86 87 + /* maximized args number that audit_socketcall can process */ 88 + #define AUDITSC_ARGS 6 89 + 87 90 struct filename; 91 + 92 + extern void audit_log_session_info(struct audit_buffer *ab); 88 93 89 94 #ifdef CONFIG_AUDITSYSCALL 90 95 /* These are defined in auditsc.c */ ··· 125 120 unsigned long a1, unsigned long a2, 126 121 unsigned long a3) 127 122 { 128 - if (unlikely(!audit_dummy_context())) 123 + if (unlikely(current->audit_context)) 129 124 __audit_syscall_entry(arch, major, a0, a1, a2, a3); 130 125 } 131 126 static inline void audit_syscall_exit(void *pt_regs) ··· 190 185 return tsk->sessionid; 191 186 } 192 187 193 - extern void audit_log_task_context(struct audit_buffer *ab); 194 - extern void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk); 195 188 extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp); 196 189 extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode); 197 190 extern int __audit_bprm(struct linux_binprm *bprm); 198 - extern void __audit_socketcall(int nargs, unsigned long *args); 191 + extern int __audit_socketcall(int nargs, unsigned long *args); 199 192 extern int __audit_sockaddr(int len, void *addr); 200 193 extern void __audit_fd_pair(int fd1, int fd2); 201 194 extern void __audit_mq_open(int oflag, umode_t mode, struct mq_attr *attr); ··· 227 224 return __audit_bprm(bprm); 228 225 return 0; 229 226 } 230 - static inline void audit_socketcall(int nargs, unsigned long *args) 227 + static inline int audit_socketcall(int nargs, unsigned long *args) 231 228 { 232 229 if (unlikely(!audit_dummy_context())) 233 - __audit_socketcall(nargs, args); 230 + return __audit_socketcall(nargs, args); 231 + return 0; 234 232 } 235 233 static inline int audit_sockaddr(int len, void *addr) 236 234 { ··· 344 340 { 345 341 return -1; 346 342 } 347 - static inline void audit_log_task_context(struct audit_buffer *ab) 348 - { } 349 - static inline void audit_log_task_info(struct audit_buffer *ab, 350 - struct task_struct *tsk) 351 - { } 352 343 static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp) 353 344 { } 354 345 static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid, ··· 353 354 { 354 355 return 0; 355 356 } 356 - static inline void audit_socketcall(int nargs, unsigned long *args) 357 - { } 357 + static inline int audit_socketcall(int nargs, unsigned long *args) 358 + { 359 + return 0; 360 + } 358 361 static inline void audit_fd_pair(int fd1, int fd2) 359 362 { } 360 363 static inline int audit_sockaddr(int len, void *addr) ··· 390 389 #define audit_n_rules 0 391 390 #define audit_signals 0 392 391 #endif /* CONFIG_AUDITSYSCALL */ 392 + 393 + static inline bool audit_loginuid_set(struct task_struct *tsk) 394 + { 395 + return uid_valid(audit_get_loginuid(tsk)); 396 + } 393 397 394 398 #ifdef CONFIG_AUDIT 395 399 /* These are defined in audit.c */ ··· 435 429 { } 436 430 #endif 437 431 432 + extern int audit_log_task_context(struct audit_buffer *ab); 433 + extern void audit_log_task_info(struct audit_buffer *ab, 434 + struct task_struct *tsk); 435 + 438 436 extern int audit_update_lsm_rules(void); 439 437 440 438 /* Private API (for audit.c only) */ 441 - extern int audit_filter_user(void); 439 + extern int audit_filter_user(int type); 442 440 extern int audit_filter_type(int type); 443 441 extern int audit_receive_filter(int type, int pid, int seq, 444 - void *data, size_t datasz, kuid_t loginuid, 445 - u32 sessionid, u32 sid); 442 + void *data, size_t datasz); 446 443 extern int audit_enabled; 447 444 #else /* CONFIG_AUDIT */ 448 445 static inline __printf(4, 5) ··· 484 475 const struct path *link) 485 476 { } 486 477 static inline void audit_log_secctx(struct audit_buffer *ab, u32 secid) 478 + { } 479 + static inline int audit_log_task_context(struct audit_buffer *ab) 480 + { 481 + return 0; 482 + } 483 + static inline void audit_log_task_info(struct audit_buffer *ab, 484 + struct task_struct *tsk) 487 485 { } 488 486 #define audit_enabled 0 489 487 #endif /* CONFIG_AUDIT */
+1
include/linux/sched.h
··· 593 593 #endif 594 594 #ifdef CONFIG_AUDIT 595 595 unsigned audit_tty; 596 + unsigned audit_tty_log_passwd; 596 597 struct tty_audit_buf *tty_audit_buf; 597 598 #endif 598 599 #ifdef CONFIG_CGROUPS
+2 -4
include/linux/tty.h
··· 575 575 extern void tty_audit_fork(struct signal_struct *sig); 576 576 extern void tty_audit_tiocsti(struct tty_struct *tty, char ch); 577 577 extern void tty_audit_push(struct tty_struct *tty); 578 - extern int tty_audit_push_task(struct task_struct *tsk, 579 - kuid_t loginuid, u32 sessionid); 578 + extern int tty_audit_push_current(void); 580 579 #else 581 580 static inline void tty_audit_add_data(struct tty_struct *tty, 582 581 unsigned char *data, size_t size, unsigned icanon) ··· 593 594 static inline void tty_audit_push(struct tty_struct *tty) 594 595 { 595 596 } 596 - static inline int tty_audit_push_task(struct task_struct *tsk, 597 - kuid_t loginuid, u32 sessionid) 597 + static inline int tty_audit_push_current(void) 598 598 { 599 599 return 0; 600 600 }
+3 -1
include/uapi/linux/audit.h
··· 246 246 #define AUDIT_OBJ_TYPE 21 247 247 #define AUDIT_OBJ_LEV_LOW 22 248 248 #define AUDIT_OBJ_LEV_HIGH 23 249 + #define AUDIT_LOGINUID_SET 24 249 250 250 251 /* These are ONLY useful when checking 251 252 * at syscall exit time (AUDIT_AT_EXIT). */ ··· 370 369 }; 371 370 372 371 struct audit_tty_status { 373 - __u32 enabled; /* 1 = enabled, 0 = disabled */ 372 + __u32 enabled; /* 1 = enabled, 0 = disabled */ 373 + __u32 log_passwd; /* 1 = enabled, 0 = disabled */ 374 374 }; 375 375 376 376 /* audit_rule_data supports filter rules with both integer and string
+351 -167
kernel/audit.c
··· 49 49 #include <linux/slab.h> 50 50 #include <linux/err.h> 51 51 #include <linux/kthread.h> 52 + #include <linux/kernel.h> 53 + #include <linux/syscalls.h> 52 54 53 55 #include <linux/audit.h> 54 56 ··· 267 265 } 268 266 269 267 static int audit_log_config_change(char *function_name, int new, int old, 270 - kuid_t loginuid, u32 sessionid, u32 sid, 271 268 int allow_changes) 272 269 { 273 270 struct audit_buffer *ab; ··· 275 274 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); 276 275 if (unlikely(!ab)) 277 276 return rc; 278 - audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new, 279 - old, from_kuid(&init_user_ns, loginuid), sessionid); 280 - if (sid) { 281 - char *ctx = NULL; 282 - u32 len; 283 - 284 - rc = security_secid_to_secctx(sid, &ctx, &len); 285 - if (rc) { 286 - audit_log_format(ab, " sid=%u", sid); 287 - allow_changes = 0; /* Something weird, deny request */ 288 - } else { 289 - audit_log_format(ab, " subj=%s", ctx); 290 - security_release_secctx(ctx, len); 291 - } 292 - } 277 + audit_log_format(ab, "%s=%d old=%d", function_name, new, old); 278 + audit_log_session_info(ab); 279 + rc = audit_log_task_context(ab); 280 + if (rc) 281 + allow_changes = 0; /* Something weird, deny request */ 293 282 audit_log_format(ab, " res=%d", allow_changes); 294 283 audit_log_end(ab); 295 284 return rc; 296 285 } 297 286 298 - static int audit_do_config_change(char *function_name, int *to_change, 299 - int new, kuid_t loginuid, u32 sessionid, 300 - u32 sid) 287 + static int audit_do_config_change(char *function_name, int *to_change, int new) 301 288 { 302 289 int allow_changes, rc = 0, old = *to_change; 303 290 ··· 296 307 allow_changes = 1; 297 308 298 309 if (audit_enabled != AUDIT_OFF) { 299 - rc = audit_log_config_change(function_name, new, old, loginuid, 300 - sessionid, sid, allow_changes); 310 + rc = audit_log_config_change(function_name, new, old, allow_changes); 301 311 if (rc) 302 312 allow_changes = 0; 303 313 } ··· 310 322 return rc; 311 323 } 312 324 313 - static int audit_set_rate_limit(int limit, kuid_t loginuid, u32 sessionid, 314 - u32 sid) 325 + static int audit_set_rate_limit(int limit) 315 326 { 316 - return audit_do_config_change("audit_rate_limit", &audit_rate_limit, 317 - limit, loginuid, sessionid, sid); 327 + return audit_do_config_change("audit_rate_limit", &audit_rate_limit, limit); 318 328 } 319 329 320 - static int audit_set_backlog_limit(int limit, kuid_t loginuid, u32 sessionid, 321 - u32 sid) 330 + static int audit_set_backlog_limit(int limit) 322 331 { 323 - return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit, 324 - limit, loginuid, sessionid, sid); 332 + return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit, limit); 325 333 } 326 334 327 - static int audit_set_enabled(int state, kuid_t loginuid, u32 sessionid, u32 sid) 335 + static int audit_set_enabled(int state) 328 336 { 329 337 int rc; 330 338 if (state < AUDIT_OFF || state > AUDIT_LOCKED) 331 339 return -EINVAL; 332 340 333 - rc = audit_do_config_change("audit_enabled", &audit_enabled, state, 334 - loginuid, sessionid, sid); 335 - 341 + rc = audit_do_config_change("audit_enabled", &audit_enabled, state); 336 342 if (!rc) 337 343 audit_ever_enabled |= !!state; 338 344 339 345 return rc; 340 346 } 341 347 342 - static int audit_set_failure(int state, kuid_t loginuid, u32 sessionid, u32 sid) 348 + static int audit_set_failure(int state) 343 349 { 344 350 if (state != AUDIT_FAIL_SILENT 345 351 && state != AUDIT_FAIL_PRINTK 346 352 && state != AUDIT_FAIL_PANIC) 347 353 return -EINVAL; 348 354 349 - return audit_do_config_change("audit_failure", &audit_failure, state, 350 - loginuid, sessionid, sid); 355 + return audit_do_config_change("audit_failure", &audit_failure, state); 351 356 } 352 357 353 358 /* ··· 398 417 consume_skb(skb); 399 418 } 400 419 401 - static int kauditd_thread(void *dummy) 420 + /* 421 + * flush_hold_queue - empty the hold queue if auditd appears 422 + * 423 + * If auditd just started, drain the queue of messages already 424 + * sent to syslog/printk. Remember loss here is ok. We already 425 + * called audit_log_lost() if it didn't go out normally. so the 426 + * race between the skb_dequeue and the next check for audit_pid 427 + * doesn't matter. 428 + * 429 + * If you ever find kauditd to be too slow we can get a perf win 430 + * by doing our own locking and keeping better track if there 431 + * are messages in this queue. I don't see the need now, but 432 + * in 5 years when I want to play with this again I'll see this 433 + * note and still have no friggin idea what i'm thinking today. 434 + */ 435 + static void flush_hold_queue(void) 402 436 { 403 437 struct sk_buff *skb; 404 438 439 + if (!audit_default || !audit_pid) 440 + return; 441 + 442 + skb = skb_dequeue(&audit_skb_hold_queue); 443 + if (likely(!skb)) 444 + return; 445 + 446 + while (skb && audit_pid) { 447 + kauditd_send_skb(skb); 448 + skb = skb_dequeue(&audit_skb_hold_queue); 449 + } 450 + 451 + /* 452 + * if auditd just disappeared but we 453 + * dequeued an skb we need to drop ref 454 + */ 455 + if (skb) 456 + consume_skb(skb); 457 + } 458 + 459 + static int kauditd_thread(void *dummy) 460 + { 405 461 set_freezable(); 406 462 while (!kthread_should_stop()) { 407 - /* 408 - * if auditd just started drain the queue of messages already 409 - * sent to syslog/printk. remember loss here is ok. we already 410 - * called audit_log_lost() if it didn't go out normally. so the 411 - * race between the skb_dequeue and the next check for audit_pid 412 - * doesn't matter. 413 - * 414 - * if you ever find kauditd to be too slow we can get a perf win 415 - * by doing our own locking and keeping better track if there 416 - * are messages in this queue. I don't see the need now, but 417 - * in 5 years when I want to play with this again I'll see this 418 - * note and still have no friggin idea what i'm thinking today. 419 - */ 420 - if (audit_default && audit_pid) { 421 - skb = skb_dequeue(&audit_skb_hold_queue); 422 - if (unlikely(skb)) { 423 - while (skb && audit_pid) { 424 - kauditd_send_skb(skb); 425 - skb = skb_dequeue(&audit_skb_hold_queue); 426 - } 427 - } 428 - } 463 + struct sk_buff *skb; 464 + DECLARE_WAITQUEUE(wait, current); 465 + 466 + flush_hold_queue(); 429 467 430 468 skb = skb_dequeue(&audit_skb_queue); 431 469 wake_up(&audit_backlog_wait); ··· 453 453 kauditd_send_skb(skb); 454 454 else 455 455 audit_printk_skb(skb); 456 - } else { 457 - DECLARE_WAITQUEUE(wait, current); 458 - set_current_state(TASK_INTERRUPTIBLE); 459 - add_wait_queue(&kauditd_wait, &wait); 460 - 461 - if (!skb_queue_len(&audit_skb_queue)) { 462 - try_to_freeze(); 463 - schedule(); 464 - } 465 - 466 - __set_current_state(TASK_RUNNING); 467 - remove_wait_queue(&kauditd_wait, &wait); 456 + continue; 468 457 } 458 + set_current_state(TASK_INTERRUPTIBLE); 459 + add_wait_queue(&kauditd_wait, &wait); 460 + 461 + if (!skb_queue_len(&audit_skb_queue)) { 462 + try_to_freeze(); 463 + schedule(); 464 + } 465 + 466 + __set_current_state(TASK_RUNNING); 467 + remove_wait_queue(&kauditd_wait, &wait); 469 468 } 470 469 return 0; 471 470 } ··· 578 579 return -EPERM; 579 580 580 581 switch (msg_type) { 581 - case AUDIT_GET: 582 582 case AUDIT_LIST: 583 - case AUDIT_LIST_RULES: 584 - case AUDIT_SET: 585 583 case AUDIT_ADD: 586 - case AUDIT_ADD_RULE: 587 584 case AUDIT_DEL: 585 + return -EOPNOTSUPP; 586 + case AUDIT_GET: 587 + case AUDIT_SET: 588 + case AUDIT_LIST_RULES: 589 + case AUDIT_ADD_RULE: 588 590 case AUDIT_DEL_RULE: 589 591 case AUDIT_SIGNAL_INFO: 590 592 case AUDIT_TTY_GET: ··· 608 608 return err; 609 609 } 610 610 611 - static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type, 612 - kuid_t auid, u32 ses, u32 sid) 611 + static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type) 613 612 { 614 613 int rc = 0; 615 - char *ctx = NULL; 616 - u32 len; 614 + uid_t uid = from_kuid(&init_user_ns, current_uid()); 617 615 618 616 if (!audit_enabled) { 619 617 *ab = NULL; ··· 621 623 *ab = audit_log_start(NULL, GFP_KERNEL, msg_type); 622 624 if (unlikely(!*ab)) 623 625 return rc; 624 - audit_log_format(*ab, "pid=%d uid=%u auid=%u ses=%u", 625 - task_tgid_vnr(current), 626 - from_kuid(&init_user_ns, current_uid()), 627 - from_kuid(&init_user_ns, auid), ses); 628 - if (sid) { 629 - rc = security_secid_to_secctx(sid, &ctx, &len); 630 - if (rc) 631 - audit_log_format(*ab, " ssid=%u", sid); 632 - else { 633 - audit_log_format(*ab, " subj=%s", ctx); 634 - security_release_secctx(ctx, len); 635 - } 636 - } 626 + audit_log_format(*ab, "pid=%d uid=%u", task_tgid_vnr(current), uid); 627 + audit_log_session_info(*ab); 628 + audit_log_task_context(*ab); 637 629 638 630 return rc; 639 631 } 640 632 641 633 static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 642 634 { 643 - u32 seq, sid; 635 + u32 seq; 644 636 void *data; 645 637 struct audit_status *status_get, status_set; 646 638 int err; 647 639 struct audit_buffer *ab; 648 640 u16 msg_type = nlh->nlmsg_type; 649 - kuid_t loginuid; /* loginuid of sender */ 650 - u32 sessionid; 651 641 struct audit_sig_info *sig_data; 652 642 char *ctx = NULL; 653 643 u32 len; ··· 654 668 return err; 655 669 } 656 670 } 657 - loginuid = audit_get_loginuid(current); 658 - sessionid = audit_get_sessionid(current); 659 - security_task_getsecid(current, &sid); 660 671 seq = nlh->nlmsg_seq; 661 672 data = nlmsg_data(nlh); 662 673 ··· 674 691 return -EINVAL; 675 692 status_get = (struct audit_status *)data; 676 693 if (status_get->mask & AUDIT_STATUS_ENABLED) { 677 - err = audit_set_enabled(status_get->enabled, 678 - loginuid, sessionid, sid); 694 + err = audit_set_enabled(status_get->enabled); 679 695 if (err < 0) 680 696 return err; 681 697 } 682 698 if (status_get->mask & AUDIT_STATUS_FAILURE) { 683 - err = audit_set_failure(status_get->failure, 684 - loginuid, sessionid, sid); 699 + err = audit_set_failure(status_get->failure); 685 700 if (err < 0) 686 701 return err; 687 702 } ··· 687 706 int new_pid = status_get->pid; 688 707 689 708 if (audit_enabled != AUDIT_OFF) 690 - audit_log_config_change("audit_pid", new_pid, 691 - audit_pid, loginuid, 692 - sessionid, sid, 1); 693 - 709 + audit_log_config_change("audit_pid", new_pid, audit_pid, 1); 694 710 audit_pid = new_pid; 695 711 audit_nlk_portid = NETLINK_CB(skb).portid; 696 712 } 697 713 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) { 698 - err = audit_set_rate_limit(status_get->rate_limit, 699 - loginuid, sessionid, sid); 714 + err = audit_set_rate_limit(status_get->rate_limit); 700 715 if (err < 0) 701 716 return err; 702 717 } 703 718 if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) 704 - err = audit_set_backlog_limit(status_get->backlog_limit, 705 - loginuid, sessionid, sid); 719 + err = audit_set_backlog_limit(status_get->backlog_limit); 706 720 break; 707 721 case AUDIT_USER: 708 722 case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG: ··· 705 729 if (!audit_enabled && msg_type != AUDIT_USER_AVC) 706 730 return 0; 707 731 708 - err = audit_filter_user(); 732 + err = audit_filter_user(msg_type); 709 733 if (err == 1) { 710 734 err = 0; 711 735 if (msg_type == AUDIT_USER_TTY) { 712 - err = tty_audit_push_task(current, loginuid, 713 - sessionid); 736 + err = tty_audit_push_current(); 714 737 if (err) 715 738 break; 716 739 } 717 - audit_log_common_recv_msg(&ab, msg_type, 718 - loginuid, sessionid, sid); 719 - 740 + audit_log_common_recv_msg(&ab, msg_type); 720 741 if (msg_type != AUDIT_USER_TTY) 721 742 audit_log_format(ab, " msg='%.1024s'", 722 743 (char *)data); 723 744 else { 724 745 int size; 725 746 726 - audit_log_format(ab, " msg="); 747 + audit_log_format(ab, " data="); 727 748 size = nlmsg_len(nlh); 728 749 if (size > 0 && 729 750 ((unsigned char *)data)[size - 1] == '\0') ··· 731 758 audit_log_end(ab); 732 759 } 733 760 break; 734 - case AUDIT_ADD: 735 - case AUDIT_DEL: 736 - if (nlmsg_len(nlh) < sizeof(struct audit_rule)) 737 - return -EINVAL; 738 - if (audit_enabled == AUDIT_LOCKED) { 739 - audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, 740 - loginuid, sessionid, sid); 741 - 742 - audit_log_format(ab, " audit_enabled=%d res=0", 743 - audit_enabled); 744 - audit_log_end(ab); 745 - return -EPERM; 746 - } 747 - /* fallthrough */ 748 - case AUDIT_LIST: 749 - err = audit_receive_filter(msg_type, NETLINK_CB(skb).portid, 750 - seq, data, nlmsg_len(nlh), 751 - loginuid, sessionid, sid); 752 - break; 753 761 case AUDIT_ADD_RULE: 754 762 case AUDIT_DEL_RULE: 755 763 if (nlmsg_len(nlh) < sizeof(struct audit_rule_data)) 756 764 return -EINVAL; 757 765 if (audit_enabled == AUDIT_LOCKED) { 758 - audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, 759 - loginuid, sessionid, sid); 760 - 761 - audit_log_format(ab, " audit_enabled=%d res=0", 762 - audit_enabled); 766 + audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE); 767 + audit_log_format(ab, " audit_enabled=%d res=0", audit_enabled); 763 768 audit_log_end(ab); 764 769 return -EPERM; 765 770 } 766 771 /* fallthrough */ 767 772 case AUDIT_LIST_RULES: 768 773 err = audit_receive_filter(msg_type, NETLINK_CB(skb).portid, 769 - seq, data, nlmsg_len(nlh), 770 - loginuid, sessionid, sid); 774 + seq, data, nlmsg_len(nlh)); 771 775 break; 772 776 case AUDIT_TRIM: 773 777 audit_trim_trees(); 774 - 775 - audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, 776 - loginuid, sessionid, sid); 777 - 778 + audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE); 778 779 audit_log_format(ab, " op=trim res=1"); 779 780 audit_log_end(ab); 780 781 break; ··· 778 831 /* OK, here comes... */ 779 832 err = audit_tag_tree(old, new); 780 833 781 - audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, 782 - loginuid, sessionid, sid); 834 + audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE); 783 835 784 836 audit_log_format(ab, " op=make_equiv old="); 785 837 audit_log_untrustedstring(ab, old); ··· 817 871 struct audit_tty_status s; 818 872 struct task_struct *tsk = current; 819 873 820 - spin_lock_irq(&tsk->sighand->siglock); 874 + spin_lock(&tsk->sighand->siglock); 821 875 s.enabled = tsk->signal->audit_tty != 0; 822 - spin_unlock_irq(&tsk->sighand->siglock); 876 + s.log_passwd = tsk->signal->audit_tty_log_passwd; 877 + spin_unlock(&tsk->sighand->siglock); 823 878 824 879 audit_send_reply(NETLINK_CB(skb).portid, seq, 825 880 AUDIT_TTY_GET, 0, 0, &s, sizeof(s)); 826 881 break; 827 882 } 828 883 case AUDIT_TTY_SET: { 829 - struct audit_tty_status *s; 884 + struct audit_tty_status s; 830 885 struct task_struct *tsk = current; 831 886 832 - if (nlh->nlmsg_len < sizeof(struct audit_tty_status)) 833 - return -EINVAL; 834 - s = data; 835 - if (s->enabled != 0 && s->enabled != 1) 887 + memset(&s, 0, sizeof(s)); 888 + /* guard against past and future API changes */ 889 + memcpy(&s, data, min(sizeof(s), (size_t)nlh->nlmsg_len)); 890 + if ((s.enabled != 0 && s.enabled != 1) || 891 + (s.log_passwd != 0 && s.log_passwd != 1)) 836 892 return -EINVAL; 837 893 838 - spin_lock_irq(&tsk->sighand->siglock); 839 - tsk->signal->audit_tty = s->enabled != 0; 840 - spin_unlock_irq(&tsk->sighand->siglock); 894 + spin_lock(&tsk->sighand->siglock); 895 + tsk->signal->audit_tty = s.enabled; 896 + tsk->signal->audit_tty_log_passwd = s.log_passwd; 897 + spin_unlock(&tsk->sighand->siglock); 841 898 break; 842 899 } 843 900 default: ··· 1383 1434 kfree(pathname); 1384 1435 } 1385 1436 1437 + void audit_log_session_info(struct audit_buffer *ab) 1438 + { 1439 + u32 sessionid = audit_get_sessionid(current); 1440 + uid_t auid = from_kuid(&init_user_ns, audit_get_loginuid(current)); 1441 + 1442 + audit_log_format(ab, " auid=%u ses=%u\n", auid, sessionid); 1443 + } 1444 + 1386 1445 void audit_log_key(struct audit_buffer *ab, char *key) 1387 1446 { 1388 1447 audit_log_format(ab, " key="); ··· 1400 1443 audit_log_format(ab, "(null)"); 1401 1444 } 1402 1445 1446 + void audit_log_cap(struct audit_buffer *ab, char *prefix, kernel_cap_t *cap) 1447 + { 1448 + int i; 1449 + 1450 + audit_log_format(ab, " %s=", prefix); 1451 + CAP_FOR_EACH_U32(i) { 1452 + audit_log_format(ab, "%08x", 1453 + cap->cap[(_KERNEL_CAPABILITY_U32S-1) - i]); 1454 + } 1455 + } 1456 + 1457 + void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) 1458 + { 1459 + kernel_cap_t *perm = &name->fcap.permitted; 1460 + kernel_cap_t *inh = &name->fcap.inheritable; 1461 + int log = 0; 1462 + 1463 + if (!cap_isclear(*perm)) { 1464 + audit_log_cap(ab, "cap_fp", perm); 1465 + log = 1; 1466 + } 1467 + if (!cap_isclear(*inh)) { 1468 + audit_log_cap(ab, "cap_fi", inh); 1469 + log = 1; 1470 + } 1471 + 1472 + if (log) 1473 + audit_log_format(ab, " cap_fe=%d cap_fver=%x", 1474 + name->fcap.fE, name->fcap_ver); 1475 + } 1476 + 1477 + static inline int audit_copy_fcaps(struct audit_names *name, 1478 + const struct dentry *dentry) 1479 + { 1480 + struct cpu_vfs_cap_data caps; 1481 + int rc; 1482 + 1483 + if (!dentry) 1484 + return 0; 1485 + 1486 + rc = get_vfs_caps_from_disk(dentry, &caps); 1487 + if (rc) 1488 + return rc; 1489 + 1490 + name->fcap.permitted = caps.permitted; 1491 + name->fcap.inheritable = caps.inheritable; 1492 + name->fcap.fE = !!(caps.magic_etc & VFS_CAP_FLAGS_EFFECTIVE); 1493 + name->fcap_ver = (caps.magic_etc & VFS_CAP_REVISION_MASK) >> 1494 + VFS_CAP_REVISION_SHIFT; 1495 + 1496 + return 0; 1497 + } 1498 + 1499 + /* Copy inode data into an audit_names. */ 1500 + void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, 1501 + const struct inode *inode) 1502 + { 1503 + name->ino = inode->i_ino; 1504 + name->dev = inode->i_sb->s_dev; 1505 + name->mode = inode->i_mode; 1506 + name->uid = inode->i_uid; 1507 + name->gid = inode->i_gid; 1508 + name->rdev = inode->i_rdev; 1509 + security_inode_getsecid(inode, &name->osid); 1510 + audit_copy_fcaps(name, dentry); 1511 + } 1512 + 1513 + /** 1514 + * audit_log_name - produce AUDIT_PATH record from struct audit_names 1515 + * @context: audit_context for the task 1516 + * @n: audit_names structure with reportable details 1517 + * @path: optional path to report instead of audit_names->name 1518 + * @record_num: record number to report when handling a list of names 1519 + * @call_panic: optional pointer to int that will be updated if secid fails 1520 + */ 1521 + void audit_log_name(struct audit_context *context, struct audit_names *n, 1522 + struct path *path, int record_num, int *call_panic) 1523 + { 1524 + struct audit_buffer *ab; 1525 + ab = audit_log_start(context, GFP_KERNEL, AUDIT_PATH); 1526 + if (!ab) 1527 + return; 1528 + 1529 + audit_log_format(ab, "item=%d", record_num); 1530 + 1531 + if (path) 1532 + audit_log_d_path(ab, " name=", path); 1533 + else if (n->name) { 1534 + switch (n->name_len) { 1535 + case AUDIT_NAME_FULL: 1536 + /* log the full path */ 1537 + audit_log_format(ab, " name="); 1538 + audit_log_untrustedstring(ab, n->name->name); 1539 + break; 1540 + case 0: 1541 + /* name was specified as a relative path and the 1542 + * directory component is the cwd */ 1543 + audit_log_d_path(ab, " name=", &context->pwd); 1544 + break; 1545 + default: 1546 + /* log the name's directory component */ 1547 + audit_log_format(ab, " name="); 1548 + audit_log_n_untrustedstring(ab, n->name->name, 1549 + n->name_len); 1550 + } 1551 + } else 1552 + audit_log_format(ab, " name=(null)"); 1553 + 1554 + if (n->ino != (unsigned long)-1) { 1555 + audit_log_format(ab, " inode=%lu" 1556 + " dev=%02x:%02x mode=%#ho" 1557 + " ouid=%u ogid=%u rdev=%02x:%02x", 1558 + n->ino, 1559 + MAJOR(n->dev), 1560 + MINOR(n->dev), 1561 + n->mode, 1562 + from_kuid(&init_user_ns, n->uid), 1563 + from_kgid(&init_user_ns, n->gid), 1564 + MAJOR(n->rdev), 1565 + MINOR(n->rdev)); 1566 + } 1567 + if (n->osid != 0) { 1568 + char *ctx = NULL; 1569 + u32 len; 1570 + if (security_secid_to_secctx( 1571 + n->osid, &ctx, &len)) { 1572 + audit_log_format(ab, " osid=%u", n->osid); 1573 + if (call_panic) 1574 + *call_panic = 2; 1575 + } else { 1576 + audit_log_format(ab, " obj=%s", ctx); 1577 + security_release_secctx(ctx, len); 1578 + } 1579 + } 1580 + 1581 + audit_log_fcaps(ab, n); 1582 + audit_log_end(ab); 1583 + } 1584 + 1585 + int audit_log_task_context(struct audit_buffer *ab) 1586 + { 1587 + char *ctx = NULL; 1588 + unsigned len; 1589 + int error; 1590 + u32 sid; 1591 + 1592 + security_task_getsecid(current, &sid); 1593 + if (!sid) 1594 + return 0; 1595 + 1596 + error = security_secid_to_secctx(sid, &ctx, &len); 1597 + if (error) { 1598 + if (error != -EINVAL) 1599 + goto error_path; 1600 + return 0; 1601 + } 1602 + 1603 + audit_log_format(ab, " subj=%s", ctx); 1604 + security_release_secctx(ctx, len); 1605 + return 0; 1606 + 1607 + error_path: 1608 + audit_panic("error in audit_log_task_context"); 1609 + return error; 1610 + } 1611 + EXPORT_SYMBOL(audit_log_task_context); 1612 + 1613 + void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) 1614 + { 1615 + const struct cred *cred; 1616 + char name[sizeof(tsk->comm)]; 1617 + struct mm_struct *mm = tsk->mm; 1618 + char *tty; 1619 + 1620 + if (!ab) 1621 + return; 1622 + 1623 + /* tsk == current */ 1624 + cred = current_cred(); 1625 + 1626 + spin_lock_irq(&tsk->sighand->siglock); 1627 + if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name) 1628 + tty = tsk->signal->tty->name; 1629 + else 1630 + tty = "(none)"; 1631 + spin_unlock_irq(&tsk->sighand->siglock); 1632 + 1633 + audit_log_format(ab, 1634 + " ppid=%ld pid=%d auid=%u uid=%u gid=%u" 1635 + " euid=%u suid=%u fsuid=%u" 1636 + " egid=%u sgid=%u fsgid=%u ses=%u tty=%s", 1637 + sys_getppid(), 1638 + tsk->pid, 1639 + from_kuid(&init_user_ns, audit_get_loginuid(tsk)), 1640 + from_kuid(&init_user_ns, cred->uid), 1641 + from_kgid(&init_user_ns, cred->gid), 1642 + from_kuid(&init_user_ns, cred->euid), 1643 + from_kuid(&init_user_ns, cred->suid), 1644 + from_kuid(&init_user_ns, cred->fsuid), 1645 + from_kgid(&init_user_ns, cred->egid), 1646 + from_kgid(&init_user_ns, cred->sgid), 1647 + from_kgid(&init_user_ns, cred->fsgid), 1648 + audit_get_sessionid(tsk), tty); 1649 + 1650 + get_task_comm(name, tsk); 1651 + audit_log_format(ab, " comm="); 1652 + audit_log_untrustedstring(ab, name); 1653 + 1654 + if (mm) { 1655 + down_read(&mm->mmap_sem); 1656 + if (mm->exe_file) 1657 + audit_log_d_path(ab, " exe=", &mm->exe_file->f_path); 1658 + up_read(&mm->mmap_sem); 1659 + } 1660 + audit_log_task_context(ab); 1661 + } 1662 + EXPORT_SYMBOL(audit_log_task_info); 1663 + 1403 1664 /** 1404 1665 * audit_log_link_denied - report a link restriction denial 1405 1666 * @operation: specific link opreation ··· 1626 1451 void audit_log_link_denied(const char *operation, struct path *link) 1627 1452 { 1628 1453 struct audit_buffer *ab; 1454 + struct audit_names *name; 1629 1455 1456 + name = kzalloc(sizeof(*name), GFP_NOFS); 1457 + if (!name) 1458 + return; 1459 + 1460 + /* Generate AUDIT_ANOM_LINK with subject, operation, outcome. */ 1630 1461 ab = audit_log_start(current->audit_context, GFP_KERNEL, 1631 1462 AUDIT_ANOM_LINK); 1632 1463 if (!ab) 1633 - return; 1634 - audit_log_format(ab, "op=%s action=denied", operation); 1635 - audit_log_format(ab, " pid=%d comm=", current->pid); 1636 - audit_log_untrustedstring(ab, current->comm); 1637 - audit_log_d_path(ab, " path=", link); 1638 - audit_log_format(ab, " dev="); 1639 - audit_log_untrustedstring(ab, link->dentry->d_inode->i_sb->s_id); 1640 - audit_log_format(ab, " ino=%lu", link->dentry->d_inode->i_ino); 1464 + goto out; 1465 + audit_log_format(ab, "op=%s", operation); 1466 + audit_log_task_info(ab, current); 1467 + audit_log_format(ab, " res=0"); 1641 1468 audit_log_end(ab); 1469 + 1470 + /* Generate AUDIT_PATH record with object. */ 1471 + name->type = AUDIT_TYPE_NORMAL; 1472 + audit_copy_inode(name, link->dentry, link->dentry->d_inode); 1473 + audit_log_name(current->audit_context, name, link, 0, NULL); 1474 + out: 1475 + kfree(name); 1642 1476 } 1643 1477 1644 1478 /**
+156
kernel/audit.h
··· 22 22 #include <linux/fs.h> 23 23 #include <linux/audit.h> 24 24 #include <linux/skbuff.h> 25 + #include <uapi/linux/mqueue.h> 25 26 26 27 /* 0 = no checking 27 28 1 = put_count checking 28 29 2 = verbose put_count checking 29 30 */ 30 31 #define AUDIT_DEBUG 0 32 + 33 + /* AUDIT_NAMES is the number of slots we reserve in the audit_context 34 + * for saving names from getname(). If we get more names we will allocate 35 + * a name dynamically and also add those to the list anchored by names_list. */ 36 + #define AUDIT_NAMES 5 31 37 32 38 /* At task start time, the audit_state is set in the audit_context using 33 39 a per-task filter. At syscall entry, the audit_state is augmented by ··· 65 59 struct audit_krule rule; 66 60 }; 67 61 62 + struct audit_cap_data { 63 + kernel_cap_t permitted; 64 + kernel_cap_t inheritable; 65 + union { 66 + unsigned int fE; /* effective bit of file cap */ 67 + kernel_cap_t effective; /* effective set of process */ 68 + }; 69 + }; 70 + 71 + /* When fs/namei.c:getname() is called, we store the pointer in name and 72 + * we don't let putname() free it (instead we free all of the saved 73 + * pointers at syscall exit time). 74 + * 75 + * Further, in fs/namei.c:path_lookup() we store the inode and device. 76 + */ 77 + struct audit_names { 78 + struct list_head list; /* audit_context->names_list */ 79 + 80 + struct filename *name; 81 + int name_len; /* number of chars to log */ 82 + bool name_put; /* call __putname()? */ 83 + 84 + unsigned long ino; 85 + dev_t dev; 86 + umode_t mode; 87 + kuid_t uid; 88 + kgid_t gid; 89 + dev_t rdev; 90 + u32 osid; 91 + struct audit_cap_data fcap; 92 + unsigned int fcap_ver; 93 + unsigned char type; /* record type */ 94 + /* 95 + * This was an allocated audit_names and not from the array of 96 + * names allocated in the task audit context. Thus this name 97 + * should be freed on syscall exit. 98 + */ 99 + bool should_free; 100 + }; 101 + 102 + /* The per-task audit context. */ 103 + struct audit_context { 104 + int dummy; /* must be the first element */ 105 + int in_syscall; /* 1 if task is in a syscall */ 106 + enum audit_state state, current_state; 107 + unsigned int serial; /* serial number for record */ 108 + int major; /* syscall number */ 109 + struct timespec ctime; /* time of syscall entry */ 110 + unsigned long argv[4]; /* syscall arguments */ 111 + long return_code;/* syscall return code */ 112 + u64 prio; 113 + int return_valid; /* return code is valid */ 114 + /* 115 + * The names_list is the list of all audit_names collected during this 116 + * syscall. The first AUDIT_NAMES entries in the names_list will 117 + * actually be from the preallocated_names array for performance 118 + * reasons. Except during allocation they should never be referenced 119 + * through the preallocated_names array and should only be found/used 120 + * by running the names_list. 121 + */ 122 + struct audit_names preallocated_names[AUDIT_NAMES]; 123 + int name_count; /* total records in names_list */ 124 + struct list_head names_list; /* struct audit_names->list anchor */ 125 + char *filterkey; /* key for rule that triggered record */ 126 + struct path pwd; 127 + struct audit_aux_data *aux; 128 + struct audit_aux_data *aux_pids; 129 + struct sockaddr_storage *sockaddr; 130 + size_t sockaddr_len; 131 + /* Save things to print about task_struct */ 132 + pid_t pid, ppid; 133 + kuid_t uid, euid, suid, fsuid; 134 + kgid_t gid, egid, sgid, fsgid; 135 + unsigned long personality; 136 + int arch; 137 + 138 + pid_t target_pid; 139 + kuid_t target_auid; 140 + kuid_t target_uid; 141 + unsigned int target_sessionid; 142 + u32 target_sid; 143 + char target_comm[TASK_COMM_LEN]; 144 + 145 + struct audit_tree_refs *trees, *first_trees; 146 + struct list_head killed_trees; 147 + int tree_count; 148 + 149 + int type; 150 + union { 151 + struct { 152 + int nargs; 153 + long args[6]; 154 + } socketcall; 155 + struct { 156 + kuid_t uid; 157 + kgid_t gid; 158 + umode_t mode; 159 + u32 osid; 160 + int has_perm; 161 + uid_t perm_uid; 162 + gid_t perm_gid; 163 + umode_t perm_mode; 164 + unsigned long qbytes; 165 + } ipc; 166 + struct { 167 + mqd_t mqdes; 168 + struct mq_attr mqstat; 169 + } mq_getsetattr; 170 + struct { 171 + mqd_t mqdes; 172 + int sigev_signo; 173 + } mq_notify; 174 + struct { 175 + mqd_t mqdes; 176 + size_t msg_len; 177 + unsigned int msg_prio; 178 + struct timespec abs_timeout; 179 + } mq_sendrecv; 180 + struct { 181 + int oflag; 182 + umode_t mode; 183 + struct mq_attr attr; 184 + } mq_open; 185 + struct { 186 + pid_t pid; 187 + struct audit_cap_data cap; 188 + } capset; 189 + struct { 190 + int fd; 191 + int flags; 192 + } mmap; 193 + }; 194 + int fds[2]; 195 + 196 + #if AUDIT_DEBUG 197 + int put_count; 198 + int ino_count; 199 + #endif 200 + }; 201 + 68 202 extern int audit_ever_enabled; 203 + 204 + extern void audit_copy_inode(struct audit_names *name, 205 + const struct dentry *dentry, 206 + const struct inode *inode); 207 + extern void audit_log_cap(struct audit_buffer *ab, char *prefix, 208 + kernel_cap_t *cap); 209 + extern void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name); 210 + extern void audit_log_name(struct audit_context *context, 211 + struct audit_names *n, struct path *path, 212 + int record_num, int *call_panic); 69 213 70 214 extern int audit_pid; 71 215
+110 -250
kernel/auditfilter.c
··· 310 310 return n; 311 311 } 312 312 313 - 314 - /* Translate struct audit_rule to kernel's rule respresentation. 315 - * Exists for backward compatibility with userspace. */ 316 - static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule) 313 + /* check if an audit field is valid */ 314 + static int audit_field_valid(struct audit_entry *entry, struct audit_field *f) 317 315 { 318 - struct audit_entry *entry; 319 - int err = 0; 320 - int i; 316 + switch(f->type) { 317 + case AUDIT_MSGTYPE: 318 + if (entry->rule.listnr != AUDIT_FILTER_TYPE && 319 + entry->rule.listnr != AUDIT_FILTER_USER) 320 + return -EINVAL; 321 + break; 322 + }; 321 323 322 - entry = audit_to_entry_common(rule); 323 - if (IS_ERR(entry)) 324 - goto exit_nofree; 325 - 326 - for (i = 0; i < rule->field_count; i++) { 327 - struct audit_field *f = &entry->rule.fields[i]; 328 - u32 n; 329 - 330 - n = rule->fields[i] & (AUDIT_NEGATE|AUDIT_OPERATORS); 331 - 332 - /* Support for legacy operators where 333 - * AUDIT_NEGATE bit signifies != and otherwise assumes == */ 334 - if (n & AUDIT_NEGATE) 335 - f->op = Audit_not_equal; 336 - else if (!n) 337 - f->op = Audit_equal; 338 - else 339 - f->op = audit_to_op(n); 340 - 341 - entry->rule.vers_ops = (n & AUDIT_OPERATORS) ? 2 : 1; 342 - 343 - f->type = rule->fields[i] & ~(AUDIT_NEGATE|AUDIT_OPERATORS); 344 - f->val = rule->values[i]; 345 - f->uid = INVALID_UID; 346 - f->gid = INVALID_GID; 347 - 348 - err = -EINVAL; 349 - if (f->op == Audit_bad) 350 - goto exit_free; 351 - 352 - switch(f->type) { 353 - default: 354 - goto exit_free; 355 - case AUDIT_UID: 356 - case AUDIT_EUID: 357 - case AUDIT_SUID: 358 - case AUDIT_FSUID: 359 - case AUDIT_LOGINUID: 360 - /* bit ops not implemented for uid comparisons */ 361 - if (f->op == Audit_bitmask || f->op == Audit_bittest) 362 - goto exit_free; 363 - 364 - f->uid = make_kuid(current_user_ns(), f->val); 365 - if (!uid_valid(f->uid)) 366 - goto exit_free; 367 - break; 368 - case AUDIT_GID: 369 - case AUDIT_EGID: 370 - case AUDIT_SGID: 371 - case AUDIT_FSGID: 372 - /* bit ops not implemented for gid comparisons */ 373 - if (f->op == Audit_bitmask || f->op == Audit_bittest) 374 - goto exit_free; 375 - 376 - f->gid = make_kgid(current_user_ns(), f->val); 377 - if (!gid_valid(f->gid)) 378 - goto exit_free; 379 - break; 380 - case AUDIT_PID: 381 - case AUDIT_PERS: 382 - case AUDIT_MSGTYPE: 383 - case AUDIT_PPID: 384 - case AUDIT_DEVMAJOR: 385 - case AUDIT_DEVMINOR: 386 - case AUDIT_EXIT: 387 - case AUDIT_SUCCESS: 388 - /* bit ops are only useful on syscall args */ 389 - if (f->op == Audit_bitmask || f->op == Audit_bittest) 390 - goto exit_free; 391 - break; 392 - case AUDIT_ARG0: 393 - case AUDIT_ARG1: 394 - case AUDIT_ARG2: 395 - case AUDIT_ARG3: 396 - break; 397 - /* arch is only allowed to be = or != */ 398 - case AUDIT_ARCH: 399 - if (f->op != Audit_not_equal && f->op != Audit_equal) 400 - goto exit_free; 401 - entry->rule.arch_f = f; 402 - break; 403 - case AUDIT_PERM: 404 - if (f->val & ~15) 405 - goto exit_free; 406 - break; 407 - case AUDIT_FILETYPE: 408 - if (f->val & ~S_IFMT) 409 - goto exit_free; 410 - break; 411 - case AUDIT_INODE: 412 - err = audit_to_inode(&entry->rule, f); 413 - if (err) 414 - goto exit_free; 415 - break; 416 - } 417 - } 418 - 419 - if (entry->rule.inode_f && entry->rule.inode_f->op == Audit_not_equal) 420 - entry->rule.inode_f = NULL; 421 - 422 - exit_nofree: 423 - return entry; 424 - 425 - exit_free: 426 - audit_free_rule(entry); 427 - return ERR_PTR(err); 324 + switch(f->type) { 325 + default: 326 + return -EINVAL; 327 + case AUDIT_UID: 328 + case AUDIT_EUID: 329 + case AUDIT_SUID: 330 + case AUDIT_FSUID: 331 + case AUDIT_LOGINUID: 332 + case AUDIT_OBJ_UID: 333 + case AUDIT_GID: 334 + case AUDIT_EGID: 335 + case AUDIT_SGID: 336 + case AUDIT_FSGID: 337 + case AUDIT_OBJ_GID: 338 + case AUDIT_PID: 339 + case AUDIT_PERS: 340 + case AUDIT_MSGTYPE: 341 + case AUDIT_PPID: 342 + case AUDIT_DEVMAJOR: 343 + case AUDIT_DEVMINOR: 344 + case AUDIT_EXIT: 345 + case AUDIT_SUCCESS: 346 + /* bit ops are only useful on syscall args */ 347 + if (f->op == Audit_bitmask || f->op == Audit_bittest) 348 + return -EINVAL; 349 + break; 350 + case AUDIT_ARG0: 351 + case AUDIT_ARG1: 352 + case AUDIT_ARG2: 353 + case AUDIT_ARG3: 354 + case AUDIT_SUBJ_USER: 355 + case AUDIT_SUBJ_ROLE: 356 + case AUDIT_SUBJ_TYPE: 357 + case AUDIT_SUBJ_SEN: 358 + case AUDIT_SUBJ_CLR: 359 + case AUDIT_OBJ_USER: 360 + case AUDIT_OBJ_ROLE: 361 + case AUDIT_OBJ_TYPE: 362 + case AUDIT_OBJ_LEV_LOW: 363 + case AUDIT_OBJ_LEV_HIGH: 364 + case AUDIT_WATCH: 365 + case AUDIT_DIR: 366 + case AUDIT_FILTERKEY: 367 + break; 368 + case AUDIT_LOGINUID_SET: 369 + if ((f->val != 0) && (f->val != 1)) 370 + return -EINVAL; 371 + /* FALL THROUGH */ 372 + case AUDIT_ARCH: 373 + if (f->op != Audit_not_equal && f->op != Audit_equal) 374 + return -EINVAL; 375 + break; 376 + case AUDIT_PERM: 377 + if (f->val & ~15) 378 + return -EINVAL; 379 + break; 380 + case AUDIT_FILETYPE: 381 + if (f->val & ~S_IFMT) 382 + return -EINVAL; 383 + break; 384 + case AUDIT_FIELD_COMPARE: 385 + if (f->val > AUDIT_MAX_FIELD_COMPARE) 386 + return -EINVAL; 387 + break; 388 + }; 389 + return 0; 428 390 } 429 391 430 392 /* Translate struct audit_rule_data to kernel's rule respresentation. */ ··· 421 459 f->gid = INVALID_GID; 422 460 f->lsm_str = NULL; 423 461 f->lsm_rule = NULL; 424 - switch(f->type) { 462 + 463 + /* Support legacy tests for a valid loginuid */ 464 + if ((f->type == AUDIT_LOGINUID) && (f->val == 4294967295)) { 465 + f->type = AUDIT_LOGINUID_SET; 466 + f->val = 0; 467 + } 468 + 469 + err = audit_field_valid(entry, f); 470 + if (err) 471 + goto exit_free; 472 + 473 + err = -EINVAL; 474 + switch (f->type) { 475 + case AUDIT_LOGINUID: 425 476 case AUDIT_UID: 426 477 case AUDIT_EUID: 427 478 case AUDIT_SUID: 428 479 case AUDIT_FSUID: 429 - case AUDIT_LOGINUID: 430 480 case AUDIT_OBJ_UID: 431 - /* bit ops not implemented for uid comparisons */ 432 - if (f->op == Audit_bitmask || f->op == Audit_bittest) 433 - goto exit_free; 434 - 435 481 f->uid = make_kuid(current_user_ns(), f->val); 436 482 if (!uid_valid(f->uid)) 437 483 goto exit_free; ··· 449 479 case AUDIT_SGID: 450 480 case AUDIT_FSGID: 451 481 case AUDIT_OBJ_GID: 452 - /* bit ops not implemented for gid comparisons */ 453 - if (f->op == Audit_bitmask || f->op == Audit_bittest) 454 - goto exit_free; 455 - 456 482 f->gid = make_kgid(current_user_ns(), f->val); 457 483 if (!gid_valid(f->gid)) 458 484 goto exit_free; 459 - break; 460 - case AUDIT_PID: 461 - case AUDIT_PERS: 462 - case AUDIT_MSGTYPE: 463 - case AUDIT_PPID: 464 - case AUDIT_DEVMAJOR: 465 - case AUDIT_DEVMINOR: 466 - case AUDIT_EXIT: 467 - case AUDIT_SUCCESS: 468 - case AUDIT_ARG0: 469 - case AUDIT_ARG1: 470 - case AUDIT_ARG2: 471 - case AUDIT_ARG3: 472 485 break; 473 486 case AUDIT_ARCH: 474 487 entry->rule.arch_f = f; ··· 523 570 entry->rule.buflen += f->val; 524 571 entry->rule.filterkey = str; 525 572 break; 526 - case AUDIT_PERM: 527 - if (f->val & ~15) 528 - goto exit_free; 529 - break; 530 - case AUDIT_FILETYPE: 531 - if (f->val & ~S_IFMT) 532 - goto exit_free; 533 - break; 534 - case AUDIT_FIELD_COMPARE: 535 - if (f->val > AUDIT_MAX_FIELD_COMPARE) 536 - goto exit_free; 537 - break; 538 - default: 539 - goto exit_free; 540 573 } 541 574 } 542 575 ··· 550 611 *bufp += len; 551 612 552 613 return len; 553 - } 554 - 555 - /* Translate kernel rule respresentation to struct audit_rule. 556 - * Exists for backward compatibility with userspace. */ 557 - static struct audit_rule *audit_krule_to_rule(struct audit_krule *krule) 558 - { 559 - struct audit_rule *rule; 560 - int i; 561 - 562 - rule = kzalloc(sizeof(*rule), GFP_KERNEL); 563 - if (unlikely(!rule)) 564 - return NULL; 565 - 566 - rule->flags = krule->flags | krule->listnr; 567 - rule->action = krule->action; 568 - rule->field_count = krule->field_count; 569 - for (i = 0; i < rule->field_count; i++) { 570 - rule->values[i] = krule->fields[i].val; 571 - rule->fields[i] = krule->fields[i].type; 572 - 573 - if (krule->vers_ops == 1) { 574 - if (krule->fields[i].op == Audit_not_equal) 575 - rule->fields[i] |= AUDIT_NEGATE; 576 - } else { 577 - rule->fields[i] |= audit_ops[krule->fields[i].op]; 578 - } 579 - } 580 - for (i = 0; i < AUDIT_BITMASK_SIZE; i++) rule->mask[i] = krule->mask[i]; 581 - 582 - return rule; 583 614 } 584 615 585 616 /* Translate kernel rule respresentation to struct audit_rule_data. */ ··· 964 1055 return ret; 965 1056 } 966 1057 967 - /* List rules using struct audit_rule. Exists for backward 968 - * compatibility with userspace. */ 969 - static void audit_list(int pid, int seq, struct sk_buff_head *q) 970 - { 971 - struct sk_buff *skb; 972 - struct audit_krule *r; 973 - int i; 974 - 975 - /* This is a blocking read, so use audit_filter_mutex instead of rcu 976 - * iterator to sync with list writers. */ 977 - for (i=0; i<AUDIT_NR_FILTERS; i++) { 978 - list_for_each_entry(r, &audit_rules_list[i], list) { 979 - struct audit_rule *rule; 980 - 981 - rule = audit_krule_to_rule(r); 982 - if (unlikely(!rule)) 983 - break; 984 - skb = audit_make_reply(pid, seq, AUDIT_LIST, 0, 1, 985 - rule, sizeof(*rule)); 986 - if (skb) 987 - skb_queue_tail(q, skb); 988 - kfree(rule); 989 - } 990 - } 991 - skb = audit_make_reply(pid, seq, AUDIT_LIST, 1, 1, NULL, 0); 992 - if (skb) 993 - skb_queue_tail(q, skb); 994 - } 995 - 996 1058 /* List rules using struct audit_rule_data. */ 997 1059 static void audit_list_rules(int pid, int seq, struct sk_buff_head *q) 998 1060 { ··· 993 1113 } 994 1114 995 1115 /* Log rule additions and removals */ 996 - static void audit_log_rule_change(kuid_t loginuid, u32 sessionid, u32 sid, 997 - char *action, struct audit_krule *rule, 998 - int res) 1116 + static void audit_log_rule_change(char *action, struct audit_krule *rule, int res) 999 1117 { 1000 1118 struct audit_buffer *ab; 1119 + uid_t loginuid = from_kuid(&init_user_ns, audit_get_loginuid(current)); 1120 + u32 sessionid = audit_get_sessionid(current); 1001 1121 1002 1122 if (!audit_enabled) 1003 1123 return; ··· 1005 1125 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); 1006 1126 if (!ab) 1007 1127 return; 1008 - audit_log_format(ab, "auid=%u ses=%u", 1009 - from_kuid(&init_user_ns, loginuid), sessionid); 1010 - if (sid) { 1011 - char *ctx = NULL; 1012 - u32 len; 1013 - if (security_secid_to_secctx(sid, &ctx, &len)) 1014 - audit_log_format(ab, " ssid=%u", sid); 1015 - else { 1016 - audit_log_format(ab, " subj=%s", ctx); 1017 - security_release_secctx(ctx, len); 1018 - } 1019 - } 1128 + audit_log_format(ab, "auid=%u ses=%u" ,loginuid, sessionid); 1129 + audit_log_task_context(ab); 1020 1130 audit_log_format(ab, " op="); 1021 1131 audit_log_string(ab, action); 1022 1132 audit_log_key(ab, rule->filterkey); ··· 1025 1155 * @sessionid: sessionid for netlink audit message 1026 1156 * @sid: SE Linux Security ID of sender 1027 1157 */ 1028 - int audit_receive_filter(int type, int pid, int seq, void *data, 1029 - size_t datasz, kuid_t loginuid, u32 sessionid, u32 sid) 1158 + int audit_receive_filter(int type, int pid, int seq, void *data, size_t datasz) 1030 1159 { 1031 1160 struct task_struct *tsk; 1032 1161 struct audit_netlink_list *dest; ··· 1033 1164 struct audit_entry *entry; 1034 1165 1035 1166 switch (type) { 1036 - case AUDIT_LIST: 1037 1167 case AUDIT_LIST_RULES: 1038 1168 /* We can't just spew out the rules here because we might fill 1039 1169 * the available socket buffer space and deadlock waiting for ··· 1047 1179 skb_queue_head_init(&dest->q); 1048 1180 1049 1181 mutex_lock(&audit_filter_mutex); 1050 - if (type == AUDIT_LIST) 1051 - audit_list(pid, seq, &dest->q); 1052 - else 1053 - audit_list_rules(pid, seq, &dest->q); 1182 + audit_list_rules(pid, seq, &dest->q); 1054 1183 mutex_unlock(&audit_filter_mutex); 1055 1184 1056 1185 tsk = kthread_run(audit_send_list, dest, "audit_send_list"); ··· 1057 1192 err = PTR_ERR(tsk); 1058 1193 } 1059 1194 break; 1060 - case AUDIT_ADD: 1061 1195 case AUDIT_ADD_RULE: 1062 - if (type == AUDIT_ADD) 1063 - entry = audit_rule_to_entry(data); 1064 - else 1065 - entry = audit_data_to_entry(data, datasz); 1196 + entry = audit_data_to_entry(data, datasz); 1066 1197 if (IS_ERR(entry)) 1067 1198 return PTR_ERR(entry); 1068 1199 1069 1200 err = audit_add_rule(entry); 1070 - audit_log_rule_change(loginuid, sessionid, sid, "add rule", 1071 - &entry->rule, !err); 1072 - 1201 + audit_log_rule_change("add rule", &entry->rule, !err); 1073 1202 if (err) 1074 1203 audit_free_rule(entry); 1075 1204 break; 1076 - case AUDIT_DEL: 1077 1205 case AUDIT_DEL_RULE: 1078 - if (type == AUDIT_DEL) 1079 - entry = audit_rule_to_entry(data); 1080 - else 1081 - entry = audit_data_to_entry(data, datasz); 1206 + entry = audit_data_to_entry(data, datasz); 1082 1207 if (IS_ERR(entry)) 1083 1208 return PTR_ERR(entry); 1084 1209 1085 1210 err = audit_del_rule(entry); 1086 - audit_log_rule_change(loginuid, sessionid, sid, "remove rule", 1087 - &entry->rule, !err); 1088 - 1211 + audit_log_rule_change("remove rule", &entry->rule, !err); 1089 1212 audit_free_rule(entry); 1090 1213 break; 1091 1214 default: ··· 1211 1358 return strncmp(p, dname, dlen); 1212 1359 } 1213 1360 1214 - static int audit_filter_user_rules(struct audit_krule *rule, 1361 + static int audit_filter_user_rules(struct audit_krule *rule, int type, 1215 1362 enum audit_state *state) 1216 1363 { 1217 1364 int i; ··· 1234 1381 case AUDIT_LOGINUID: 1235 1382 result = audit_uid_comparator(audit_get_loginuid(current), 1236 1383 f->op, f->uid); 1384 + break; 1385 + case AUDIT_LOGINUID_SET: 1386 + result = audit_comparator(audit_loginuid_set(current), 1387 + f->op, f->val); 1388 + break; 1389 + case AUDIT_MSGTYPE: 1390 + result = audit_comparator(type, f->op, f->val); 1237 1391 break; 1238 1392 case AUDIT_SUBJ_USER: 1239 1393 case AUDIT_SUBJ_ROLE: ··· 1268 1408 return 1; 1269 1409 } 1270 1410 1271 - int audit_filter_user(void) 1411 + int audit_filter_user(int type) 1272 1412 { 1273 1413 enum audit_state state = AUDIT_DISABLED; 1274 1414 struct audit_entry *e; ··· 1276 1416 1277 1417 rcu_read_lock(); 1278 1418 list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) { 1279 - if (audit_filter_user_rules(&e->rule, &state)) { 1419 + if (audit_filter_user_rules(&e->rule, type, &state)) { 1280 1420 if (state == AUDIT_DISABLED) 1281 1421 ret = 0; 1282 1422 break;
+40 -367
kernel/auditsc.c
··· 76 76 #define AUDITSC_SUCCESS 1 77 77 #define AUDITSC_FAILURE 2 78 78 79 - /* AUDIT_NAMES is the number of slots we reserve in the audit_context 80 - * for saving names from getname(). If we get more names we will allocate 81 - * a name dynamically and also add those to the list anchored by names_list. */ 82 - #define AUDIT_NAMES 5 83 - 84 79 /* no execve audit message should be longer than this (userspace limits) */ 85 80 #define MAX_EXECVE_AUDIT_LEN 7500 86 81 ··· 84 89 85 90 /* determines whether we collect data for signals sent */ 86 91 int audit_signals; 87 - 88 - struct audit_cap_data { 89 - kernel_cap_t permitted; 90 - kernel_cap_t inheritable; 91 - union { 92 - unsigned int fE; /* effective bit of a file capability */ 93 - kernel_cap_t effective; /* effective set of a process */ 94 - }; 95 - }; 96 - 97 - /* When fs/namei.c:getname() is called, we store the pointer in name and 98 - * we don't let putname() free it (instead we free all of the saved 99 - * pointers at syscall exit time). 100 - * 101 - * Further, in fs/namei.c:path_lookup() we store the inode and device. 102 - */ 103 - struct audit_names { 104 - struct list_head list; /* audit_context->names_list */ 105 - struct filename *name; 106 - unsigned long ino; 107 - dev_t dev; 108 - umode_t mode; 109 - kuid_t uid; 110 - kgid_t gid; 111 - dev_t rdev; 112 - u32 osid; 113 - struct audit_cap_data fcap; 114 - unsigned int fcap_ver; 115 - int name_len; /* number of name's characters to log */ 116 - unsigned char type; /* record type */ 117 - bool name_put; /* call __putname() for this name */ 118 - /* 119 - * This was an allocated audit_names and not from the array of 120 - * names allocated in the task audit context. Thus this name 121 - * should be freed on syscall exit 122 - */ 123 - bool should_free; 124 - }; 125 92 126 93 struct audit_aux_data { 127 94 struct audit_aux_data *next; ··· 130 173 struct audit_tree_refs { 131 174 struct audit_tree_refs *next; 132 175 struct audit_chunk *c[31]; 133 - }; 134 - 135 - /* The per-task audit context. */ 136 - struct audit_context { 137 - int dummy; /* must be the first element */ 138 - int in_syscall; /* 1 if task is in a syscall */ 139 - enum audit_state state, current_state; 140 - unsigned int serial; /* serial number for record */ 141 - int major; /* syscall number */ 142 - struct timespec ctime; /* time of syscall entry */ 143 - unsigned long argv[4]; /* syscall arguments */ 144 - long return_code;/* syscall return code */ 145 - u64 prio; 146 - int return_valid; /* return code is valid */ 147 - /* 148 - * The names_list is the list of all audit_names collected during this 149 - * syscall. The first AUDIT_NAMES entries in the names_list will 150 - * actually be from the preallocated_names array for performance 151 - * reasons. Except during allocation they should never be referenced 152 - * through the preallocated_names array and should only be found/used 153 - * by running the names_list. 154 - */ 155 - struct audit_names preallocated_names[AUDIT_NAMES]; 156 - int name_count; /* total records in names_list */ 157 - struct list_head names_list; /* anchor for struct audit_names->list */ 158 - char * filterkey; /* key for rule that triggered record */ 159 - struct path pwd; 160 - struct audit_aux_data *aux; 161 - struct audit_aux_data *aux_pids; 162 - struct sockaddr_storage *sockaddr; 163 - size_t sockaddr_len; 164 - /* Save things to print about task_struct */ 165 - pid_t pid, ppid; 166 - kuid_t uid, euid, suid, fsuid; 167 - kgid_t gid, egid, sgid, fsgid; 168 - unsigned long personality; 169 - int arch; 170 - 171 - pid_t target_pid; 172 - kuid_t target_auid; 173 - kuid_t target_uid; 174 - unsigned int target_sessionid; 175 - u32 target_sid; 176 - char target_comm[TASK_COMM_LEN]; 177 - 178 - struct audit_tree_refs *trees, *first_trees; 179 - struct list_head killed_trees; 180 - int tree_count; 181 - 182 - int type; 183 - union { 184 - struct { 185 - int nargs; 186 - long args[6]; 187 - } socketcall; 188 - struct { 189 - kuid_t uid; 190 - kgid_t gid; 191 - umode_t mode; 192 - u32 osid; 193 - int has_perm; 194 - uid_t perm_uid; 195 - gid_t perm_gid; 196 - umode_t perm_mode; 197 - unsigned long qbytes; 198 - } ipc; 199 - struct { 200 - mqd_t mqdes; 201 - struct mq_attr mqstat; 202 - } mq_getsetattr; 203 - struct { 204 - mqd_t mqdes; 205 - int sigev_signo; 206 - } mq_notify; 207 - struct { 208 - mqd_t mqdes; 209 - size_t msg_len; 210 - unsigned int msg_prio; 211 - struct timespec abs_timeout; 212 - } mq_sendrecv; 213 - struct { 214 - int oflag; 215 - umode_t mode; 216 - struct mq_attr attr; 217 - } mq_open; 218 - struct { 219 - pid_t pid; 220 - struct audit_cap_data cap; 221 - } capset; 222 - struct { 223 - int fd; 224 - int flags; 225 - } mmap; 226 - }; 227 - int fds[2]; 228 - 229 - #if AUDIT_DEBUG 230 - int put_count; 231 - int ino_count; 232 - #endif 233 176 }; 234 177 235 178 static inline int open_arg(int flags, int mask) ··· 490 633 break; 491 634 case AUDIT_GID: 492 635 result = audit_gid_comparator(cred->gid, f->op, f->gid); 636 + if (f->op == Audit_equal) { 637 + if (!result) 638 + result = in_group_p(f->gid); 639 + } else if (f->op == Audit_not_equal) { 640 + if (result) 641 + result = !in_group_p(f->gid); 642 + } 493 643 break; 494 644 case AUDIT_EGID: 495 645 result = audit_gid_comparator(cred->egid, f->op, f->gid); 646 + if (f->op == Audit_equal) { 647 + if (!result) 648 + result = in_egroup_p(f->gid); 649 + } else if (f->op == Audit_not_equal) { 650 + if (result) 651 + result = !in_egroup_p(f->gid); 652 + } 496 653 break; 497 654 case AUDIT_SGID: 498 655 result = audit_gid_comparator(cred->sgid, f->op, f->gid); ··· 612 741 result = 0; 613 742 if (ctx) 614 743 result = audit_uid_comparator(tsk->loginuid, f->op, f->uid); 744 + break; 745 + case AUDIT_LOGINUID_SET: 746 + result = audit_comparator(audit_loginuid_set(tsk), f->op, f->val); 615 747 break; 616 748 case AUDIT_SUBJ_USER: 617 749 case AUDIT_SUBJ_ROLE: ··· 861 987 862 988 #if AUDIT_DEBUG == 2 863 989 if (context->put_count + context->ino_count != context->name_count) { 990 + int i = 0; 991 + 864 992 printk(KERN_ERR "%s:%d(:%d): major=%d in_syscall=%d" 865 993 " name_count=%d put_count=%d" 866 994 " ino_count=%d [NOT freeing]\n", ··· 871 995 context->name_count, context->put_count, 872 996 context->ino_count); 873 997 list_for_each_entry(n, &context->names_list, list) { 874 - printk(KERN_ERR "names[%d] = %p = %s\n", i, 998 + printk(KERN_ERR "names[%d] = %p = %s\n", i++, 875 999 n->name, n->name->name ?: "(null)"); 876 1000 } 877 1001 dump_stack(); ··· 886 1010 list_for_each_entry_safe(n, next, &context->names_list, list) { 887 1011 list_del(&n->list); 888 1012 if (n->name && n->name_put) 889 - __putname(n->name); 1013 + final_putname(n->name); 890 1014 if (n->should_free) 891 1015 kfree(n); 892 1016 } ··· 969 1093 kfree(context); 970 1094 } 971 1095 972 - void audit_log_task_context(struct audit_buffer *ab) 973 - { 974 - char *ctx = NULL; 975 - unsigned len; 976 - int error; 977 - u32 sid; 978 - 979 - security_task_getsecid(current, &sid); 980 - if (!sid) 981 - return; 982 - 983 - error = security_secid_to_secctx(sid, &ctx, &len); 984 - if (error) { 985 - if (error != -EINVAL) 986 - goto error_path; 987 - return; 988 - } 989 - 990 - audit_log_format(ab, " subj=%s", ctx); 991 - security_release_secctx(ctx, len); 992 - return; 993 - 994 - error_path: 995 - audit_panic("error in audit_log_task_context"); 996 - return; 997 - } 998 - 999 - EXPORT_SYMBOL(audit_log_task_context); 1000 - 1001 - void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) 1002 - { 1003 - const struct cred *cred; 1004 - char name[sizeof(tsk->comm)]; 1005 - struct mm_struct *mm = tsk->mm; 1006 - char *tty; 1007 - 1008 - if (!ab) 1009 - return; 1010 - 1011 - /* tsk == current */ 1012 - cred = current_cred(); 1013 - 1014 - spin_lock_irq(&tsk->sighand->siglock); 1015 - if (tsk->signal && tsk->signal->tty) 1016 - tty = tsk->signal->tty->name; 1017 - else 1018 - tty = "(none)"; 1019 - spin_unlock_irq(&tsk->sighand->siglock); 1020 - 1021 - 1022 - audit_log_format(ab, 1023 - " ppid=%ld pid=%d auid=%u uid=%u gid=%u" 1024 - " euid=%u suid=%u fsuid=%u" 1025 - " egid=%u sgid=%u fsgid=%u ses=%u tty=%s", 1026 - sys_getppid(), 1027 - tsk->pid, 1028 - from_kuid(&init_user_ns, tsk->loginuid), 1029 - from_kuid(&init_user_ns, cred->uid), 1030 - from_kgid(&init_user_ns, cred->gid), 1031 - from_kuid(&init_user_ns, cred->euid), 1032 - from_kuid(&init_user_ns, cred->suid), 1033 - from_kuid(&init_user_ns, cred->fsuid), 1034 - from_kgid(&init_user_ns, cred->egid), 1035 - from_kgid(&init_user_ns, cred->sgid), 1036 - from_kgid(&init_user_ns, cred->fsgid), 1037 - tsk->sessionid, tty); 1038 - 1039 - get_task_comm(name, tsk); 1040 - audit_log_format(ab, " comm="); 1041 - audit_log_untrustedstring(ab, name); 1042 - 1043 - if (mm) { 1044 - down_read(&mm->mmap_sem); 1045 - if (mm->exe_file) 1046 - audit_log_d_path(ab, " exe=", &mm->exe_file->f_path); 1047 - up_read(&mm->mmap_sem); 1048 - } 1049 - audit_log_task_context(ab); 1050 - } 1051 - 1052 - EXPORT_SYMBOL(audit_log_task_info); 1053 - 1054 1096 static int audit_log_pid_context(struct audit_context *context, pid_t pid, 1055 1097 kuid_t auid, kuid_t uid, unsigned int sessionid, 1056 1098 u32 sid, char *comm) ··· 985 1191 audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid, 986 1192 from_kuid(&init_user_ns, auid), 987 1193 from_kuid(&init_user_ns, uid), sessionid); 988 - if (security_secid_to_secctx(sid, &ctx, &len)) { 989 - audit_log_format(ab, " obj=(none)"); 990 - rc = 1; 991 - } else { 992 - audit_log_format(ab, " obj=%s", ctx); 993 - security_release_secctx(ctx, len); 1194 + if (sid) { 1195 + if (security_secid_to_secctx(sid, &ctx, &len)) { 1196 + audit_log_format(ab, " obj=(none)"); 1197 + rc = 1; 1198 + } else { 1199 + audit_log_format(ab, " obj=%s", ctx); 1200 + security_release_secctx(ctx, len); 1201 + } 994 1202 } 995 1203 audit_log_format(ab, " ocomm="); 996 1204 audit_log_untrustedstring(ab, comm); ··· 1186 1390 kfree(buf); 1187 1391 } 1188 1392 1189 - static void audit_log_cap(struct audit_buffer *ab, char *prefix, kernel_cap_t *cap) 1190 - { 1191 - int i; 1192 - 1193 - audit_log_format(ab, " %s=", prefix); 1194 - CAP_FOR_EACH_U32(i) { 1195 - audit_log_format(ab, "%08x", cap->cap[(_KERNEL_CAPABILITY_U32S-1) - i]); 1196 - } 1197 - } 1198 - 1199 - static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name) 1200 - { 1201 - kernel_cap_t *perm = &name->fcap.permitted; 1202 - kernel_cap_t *inh = &name->fcap.inheritable; 1203 - int log = 0; 1204 - 1205 - if (!cap_isclear(*perm)) { 1206 - audit_log_cap(ab, "cap_fp", perm); 1207 - log = 1; 1208 - } 1209 - if (!cap_isclear(*inh)) { 1210 - audit_log_cap(ab, "cap_fi", inh); 1211 - log = 1; 1212 - } 1213 - 1214 - if (log) 1215 - audit_log_format(ab, " cap_fe=%d cap_fver=%x", name->fcap.fE, name->fcap_ver); 1216 - } 1217 - 1218 1393 static void show_special(struct audit_context *context, int *call_panic) 1219 1394 { 1220 1395 struct audit_buffer *ab; ··· 1280 1513 context->mmap.flags); 1281 1514 break; } 1282 1515 } 1283 - audit_log_end(ab); 1284 - } 1285 - 1286 - static void audit_log_name(struct audit_context *context, struct audit_names *n, 1287 - int record_num, int *call_panic) 1288 - { 1289 - struct audit_buffer *ab; 1290 - ab = audit_log_start(context, GFP_KERNEL, AUDIT_PATH); 1291 - if (!ab) 1292 - return; /* audit_panic has been called */ 1293 - 1294 - audit_log_format(ab, "item=%d", record_num); 1295 - 1296 - if (n->name) { 1297 - switch (n->name_len) { 1298 - case AUDIT_NAME_FULL: 1299 - /* log the full path */ 1300 - audit_log_format(ab, " name="); 1301 - audit_log_untrustedstring(ab, n->name->name); 1302 - break; 1303 - case 0: 1304 - /* name was specified as a relative path and the 1305 - * directory component is the cwd */ 1306 - audit_log_d_path(ab, " name=", &context->pwd); 1307 - break; 1308 - default: 1309 - /* log the name's directory component */ 1310 - audit_log_format(ab, " name="); 1311 - audit_log_n_untrustedstring(ab, n->name->name, 1312 - n->name_len); 1313 - } 1314 - } else 1315 - audit_log_format(ab, " name=(null)"); 1316 - 1317 - if (n->ino != (unsigned long)-1) { 1318 - audit_log_format(ab, " inode=%lu" 1319 - " dev=%02x:%02x mode=%#ho" 1320 - " ouid=%u ogid=%u rdev=%02x:%02x", 1321 - n->ino, 1322 - MAJOR(n->dev), 1323 - MINOR(n->dev), 1324 - n->mode, 1325 - from_kuid(&init_user_ns, n->uid), 1326 - from_kgid(&init_user_ns, n->gid), 1327 - MAJOR(n->rdev), 1328 - MINOR(n->rdev)); 1329 - } 1330 - if (n->osid != 0) { 1331 - char *ctx = NULL; 1332 - u32 len; 1333 - if (security_secid_to_secctx( 1334 - n->osid, &ctx, &len)) { 1335 - audit_log_format(ab, " osid=%u", n->osid); 1336 - *call_panic = 2; 1337 - } else { 1338 - audit_log_format(ab, " obj=%s", ctx); 1339 - security_release_secctx(ctx, len); 1340 - } 1341 - } 1342 - 1343 - audit_log_fcaps(ab, n); 1344 - 1345 1516 audit_log_end(ab); 1346 1517 } 1347 1518 ··· 1400 1695 1401 1696 i = 0; 1402 1697 list_for_each_entry(n, &context->names_list, list) 1403 - audit_log_name(context, n, i++, &call_panic); 1698 + audit_log_name(context, n, NULL, i++, &call_panic); 1404 1699 1405 1700 /* Send end of event record to help user space know we are finished */ 1406 1701 ab = audit_log_start(context, GFP_KERNEL, AUDIT_EOE); ··· 1735 2030 BUG_ON(!context); 1736 2031 if (!context->in_syscall) { 1737 2032 #if AUDIT_DEBUG == 2 1738 - printk(KERN_ERR "%s:%d(:%d): __putname(%p)\n", 2033 + printk(KERN_ERR "%s:%d(:%d): final_putname(%p)\n", 1739 2034 __FILE__, __LINE__, context->serial, name); 1740 2035 if (context->name_count) { 1741 2036 struct audit_names *n; 1742 - int i; 2037 + int i = 0; 1743 2038 1744 2039 list_for_each_entry(n, &context->names_list, list) 1745 - printk(KERN_ERR "name[%d] = %p = %s\n", i, 2040 + printk(KERN_ERR "name[%d] = %p = %s\n", i++, 1746 2041 n->name, n->name->name ?: "(null)"); 1747 2042 } 1748 2043 #endif 1749 - __putname(name); 2044 + final_putname(name); 1750 2045 } 1751 2046 #if AUDIT_DEBUG 1752 2047 else { ··· 1763 2058 } 1764 2059 } 1765 2060 #endif 1766 - } 1767 - 1768 - static inline int audit_copy_fcaps(struct audit_names *name, const struct dentry *dentry) 1769 - { 1770 - struct cpu_vfs_cap_data caps; 1771 - int rc; 1772 - 1773 - if (!dentry) 1774 - return 0; 1775 - 1776 - rc = get_vfs_caps_from_disk(dentry, &caps); 1777 - if (rc) 1778 - return rc; 1779 - 1780 - name->fcap.permitted = caps.permitted; 1781 - name->fcap.inheritable = caps.inheritable; 1782 - name->fcap.fE = !!(caps.magic_etc & VFS_CAP_FLAGS_EFFECTIVE); 1783 - name->fcap_ver = (caps.magic_etc & VFS_CAP_REVISION_MASK) >> VFS_CAP_REVISION_SHIFT; 1784 - 1785 - return 0; 1786 - } 1787 - 1788 - 1789 - /* Copy inode data into an audit_names. */ 1790 - static void audit_copy_inode(struct audit_names *name, const struct dentry *dentry, 1791 - const struct inode *inode) 1792 - { 1793 - name->ino = inode->i_ino; 1794 - name->dev = inode->i_sb->s_dev; 1795 - name->mode = inode->i_mode; 1796 - name->uid = inode->i_uid; 1797 - name->gid = inode->i_gid; 1798 - name->rdev = inode->i_rdev; 1799 - security_inode_getsecid(inode, &name->osid); 1800 - audit_copy_fcaps(name, dentry); 1801 2061 } 1802 2062 1803 2063 /** ··· 1973 2303 unsigned int sessionid; 1974 2304 1975 2305 #ifdef CONFIG_AUDIT_LOGINUID_IMMUTABLE 1976 - if (uid_valid(task->loginuid)) 2306 + if (audit_loginuid_set(task)) 1977 2307 return -EPERM; 1978 2308 #else /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */ 1979 2309 if (!capable(CAP_AUDIT_CONTROL)) ··· 2141 2471 2142 2472 /** 2143 2473 * audit_socketcall - record audit data for sys_socketcall 2144 - * @nargs: number of args 2474 + * @nargs: number of args, which should not be more than AUDITSC_ARGS. 2145 2475 * @args: args array 2146 2476 * 2147 2477 */ 2148 - void __audit_socketcall(int nargs, unsigned long *args) 2478 + int __audit_socketcall(int nargs, unsigned long *args) 2149 2479 { 2150 2480 struct audit_context *context = current->audit_context; 2151 2481 2482 + if (nargs <= 0 || nargs > AUDITSC_ARGS || !args) 2483 + return -EINVAL; 2152 2484 context->type = AUDIT_SOCKETCALL; 2153 2485 context->socketcall.nargs = nargs; 2154 2486 memcpy(context->socketcall.args, args, nargs * sizeof(unsigned long)); 2487 + return 0; 2155 2488 } 2156 2489 2157 2490 /**
+4 -2
net/socket.c
··· 2412 2412 2413 2413 SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args) 2414 2414 { 2415 - unsigned long a[6]; 2415 + unsigned long a[AUDITSC_ARGS]; 2416 2416 unsigned long a0, a1; 2417 2417 int err; 2418 2418 unsigned int len; ··· 2428 2428 if (copy_from_user(a, args, len)) 2429 2429 return -EFAULT; 2430 2430 2431 - audit_socketcall(nargs[call] / sizeof(unsigned long), a); 2431 + err = audit_socketcall(nargs[call] / sizeof(unsigned long), a); 2432 + if (err) 2433 + return err; 2432 2434 2433 2435 a0 = a[0]; 2434 2436 a1 = a[1];