git://git.onelab.eu / linux-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fedora core 6 1.2949 + vserver 2.2.0
[linux-2.6.git] / kernel / auditsc.c
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 8fab061..f6b1f54 100644 (file)
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -64,6 +64,7 @@
 #include <linux/tty.h>
 #include <linux/selinux.h>
 #include <linux/binfmts.h>
+#include <linux/highmem.h>
 #include <linux/syscalls.h>
 
 #include "audit.h"
@@ -278,8 +279,11 @@ static int audit_filter_rules(struct task_struct *tsk,
                        result = audit_comparator(tsk->pid, f->op, f->val);
                        break;
                case AUDIT_PPID:
-                       if (ctx)
+                       if (ctx) {
+                               if (!ctx->ppid)
+                                       ctx->ppid = sys_getppid();
                                result = audit_comparator(ctx->ppid, f->op, f->val);
+                       }
                        break;
                case AUDIT_UID:
                        result = audit_comparator(tsk->uid, f->op, f->val);
@@ -385,7 +389,7 @@ static int audit_filter_rules(struct task_struct *tsk,
                           logged upon error */
                        if (f->se_rule) {
                                if (need_sid) {
-                                       selinux_task_ctxid(tsk, &sid);
+                                       selinux_get_task_sid(tsk, &sid);
                                        need_sid = 0;
                                }
                                result = selinux_audit_rule_match(sid, f->type,
@@ -727,35 +731,35 @@ static inline void audit_free_context(struct audit_context *context)
                printk(KERN_ERR "audit: freed %d contexts\n", count);
 }
 
-static void audit_log_task_context(struct audit_buffer *ab)
+void audit_log_task_context(struct audit_buffer *ab)
 {
        char *ctx = NULL;
-       ssize_t len = 0;
+       unsigned len;
+       int error;
+       u32 sid;
 
-       len = security_getprocattr(current, "current", NULL, 0);
-       if (len < 0) {
-               if (len != -EINVAL)
+       selinux_get_task_sid(current, &sid);
+       if (!sid)
+               return;
+
+       error = selinux_sid_to_string(sid, &ctx, &len);
+       if (error) {
+               if (error != -EINVAL)
                        goto error_path;
                return;
        }
 
-       ctx = kmalloc(len, GFP_KERNEL);
-       if (!ctx)
-               goto error_path;
-
-       len = security_getprocattr(current, "current", ctx, len);
-       if (len < 0 )
-               goto error_path;
-
        audit_log_format(ab, " subj=%s", ctx);
+       kfree(ctx);
        return;
 
 error_path:
-       kfree(ctx);
        audit_panic("error in audit_log_task_context");
        return;
 }
 
+EXPORT_SYMBOL(audit_log_task_context);
+
 static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
 {
        char name[sizeof(tsk->comm)];
@@ -775,8 +779,8 @@ static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk
                        if ((vma->vm_flags & VM_EXECUTABLE) &&
                            vma->vm_file) {
                                audit_log_d_path(ab, "exe=",
-                                                vma->vm_file->f_dentry,
-                                                vma->vm_file->f_vfsmnt);
+                                                vma->vm_file->f_path.dentry,
+                                                vma->vm_file->f_path.mnt);
                                break;
                        }
                        vma = vma->vm_next;
@@ -795,7 +799,8 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
 
        /* tsk == current */
        context->pid = tsk->pid;
-       context->ppid = sys_getppid();  /* sic.  tsk == current in all cases */
+       if (!context->ppid)
+               context->ppid = sys_getppid();
        context->uid = tsk->uid;
        context->gid = tsk->gid;
        context->euid = tsk->euid;
@@ -905,7 +910,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
                        if (axi->osid != 0) {
                                char *ctx = NULL;
                                u32 len;
-                               if (selinux_ctxid_to_string(
+                               if (selinux_sid_to_string(
                                                axi->osid, &ctx, &len)) {
                                        audit_log_format(ab, " osid=%u",
                                                        axi->osid);
@@ -1012,7 +1017,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
                if (n->osid != 0) {
                        char *ctx = NULL;
                        u32 len;
-                       if (selinux_ctxid_to_string(
+                       if (selinux_sid_to_string(
                                n->osid, &ctx, &len)) {
                                audit_log_format(ab, " osid=%u", n->osid);
                                call_panic = 2;
@@ -1139,6 +1144,7 @@ void audit_syscall_entry(int arch, int major,
        context->ctime      = CURRENT_TIME;
        context->in_syscall = 1;
        context->auditable  = !!(state == AUDIT_RECORD_CONTEXT);
+       context->ppid       = 0;
 }
 
 /**
@@ -1302,15 +1308,7 @@ void __audit_inode(const char *name, const struct inode *inode)
                 * associated name? */
                if (context->name_count >= AUDIT_NAMES - AUDIT_NAMES_RESERVED)
                        return;
-               idx = context->name_count;
-               if (context->name_count == (AUDIT_NAMES - 1)) {
-                       printk(KERN_DEBUG
-                               "name_count maxed and losing entry [%d]=%s\n",
-                               context->name_count, 
-                               context->names[context->name_count].name ?:
-                               "(null)");
-               } else
-                       context->name_count++;
+               idx = context->name_count++;
                context->names[idx].name = NULL;
 #if AUDIT_DEBUG
                ++context->ino_count;
@@ -1363,12 +1361,12 @@ void __audit_inode_child(const char *dname, const struct inode *inode,
 
 update_context:
        idx = context->name_count;
-       if (context->name_count == (AUDIT_NAMES - 1)) {
-               printk(KERN_DEBUG "name_count maxed and losing entry [%d]=%s\n",
-                       context->name_count, 
-                       context->names[context->name_count].name ?: "(null)");
-       } else
-               context->name_count++;
+       if (context->name_count == AUDIT_NAMES) {
+               printk(KERN_DEBUG "name_count maxed and losing %s\n",
+                       found_name ?: "(null)");
+               return;
+       }
+       context->name_count++;
 #if AUDIT_DEBUG
        context->ino_count++;
 #endif
@@ -1387,14 +1385,15 @@ update_context:
         * provided parent. */
        if (!found_name) {
                idx = context->name_count;
-               if (context->name_count == (AUDIT_NAMES - 1)) {
-                       printk(KERN_DEBUG 
-                               "name_count maxed and losing entry [%d]=%s\n",
-                               context->name_count, 
-                               context->names[context->name_count].name ?:
-                               "(null)");
-               } else
-                       context->name_count++;
+               if (context->name_count == AUDIT_NAMES) {
+                       printk(KERN_DEBUG
+                               "name_count maxed and losing parent inode data: dev=%02x:%02x, inode=%lu",
+                               MAJOR(parent->i_sb->s_dev),
+                               MINOR(parent->i_sb->s_dev),
+                               parent->i_ino);
+                       return;
+               }
+               context->name_count++;
 #if AUDIT_DEBUG
                context->ino_count++;
 #endif
@@ -1493,6 +1492,8 @@ uid_t audit_get_loginuid(struct audit_context *ctx)
        return ctx ? ctx->loginuid : -1;
 }
 
+EXPORT_SYMBOL(audit_get_loginuid);
+
 /**
  * __audit_mq_open - record audit data for a POSIX MQ open
  * @oflag: open flag
linux-2.6