X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;ds=sidebyside;f=kernel%2Fauditsc.c;h=f6b1f5455fa7f5b07da7c5c4f938bafe5c2b9eaf;hb=97bf2856c6014879bd04983a3e9dfcdac1e7fe85;hp=8fab061dfc39a4f41c0825f52a73692b3c37629b;hpb=7172c64a7cee4dfa95864f49c914f7ea8cf497c8;p=linux-2.6.git diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 8fab061df..f6b1f5455 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -64,6 +64,7 @@ #include #include #include +#include #include #include "audit.h" @@ -278,8 +279,11 @@ static int audit_filter_rules(struct task_struct *tsk, result = audit_comparator(tsk->pid, f->op, f->val); break; case AUDIT_PPID: - if (ctx) + if (ctx) { + if (!ctx->ppid) + ctx->ppid = sys_getppid(); result = audit_comparator(ctx->ppid, f->op, f->val); + } break; case AUDIT_UID: result = audit_comparator(tsk->uid, f->op, f->val); @@ -385,7 +389,7 @@ static int audit_filter_rules(struct task_struct *tsk, logged upon error */ if (f->se_rule) { if (need_sid) { - selinux_task_ctxid(tsk, &sid); + selinux_get_task_sid(tsk, &sid); need_sid = 0; } result = selinux_audit_rule_match(sid, f->type, @@ -727,35 +731,35 @@ static inline void audit_free_context(struct audit_context *context) printk(KERN_ERR "audit: freed %d contexts\n", count); } -static void audit_log_task_context(struct audit_buffer *ab) +void audit_log_task_context(struct audit_buffer *ab) { char *ctx = NULL; - ssize_t len = 0; + unsigned len; + int error; + u32 sid; - len = security_getprocattr(current, "current", NULL, 0); - if (len < 0) { - if (len != -EINVAL) + selinux_get_task_sid(current, &sid); + if (!sid) + return; + + error = selinux_sid_to_string(sid, &ctx, &len); + if (error) { + if (error != -EINVAL) goto error_path; return; } - ctx = kmalloc(len, GFP_KERNEL); - if (!ctx) - goto error_path; - - len = security_getprocattr(current, "current", ctx, len); - if (len < 0 ) - goto error_path; - audit_log_format(ab, " subj=%s", ctx); + kfree(ctx); return; error_path: - kfree(ctx); audit_panic("error in audit_log_task_context"); return; } +EXPORT_SYMBOL(audit_log_task_context); + static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) { char name[sizeof(tsk->comm)]; @@ -775,8 +779,8 @@ static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) { audit_log_d_path(ab, "exe=", - vma->vm_file->f_dentry, - vma->vm_file->f_vfsmnt); + vma->vm_file->f_path.dentry, + vma->vm_file->f_path.mnt); break; } vma = vma->vm_next; @@ -795,7 +799,8 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts /* tsk == current */ context->pid = tsk->pid; - context->ppid = sys_getppid(); /* sic. tsk == current in all cases */ + if (!context->ppid) + context->ppid = sys_getppid(); context->uid = tsk->uid; context->gid = tsk->gid; context->euid = tsk->euid; @@ -905,7 +910,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts if (axi->osid != 0) { char *ctx = NULL; u32 len; - if (selinux_ctxid_to_string( + if (selinux_sid_to_string( axi->osid, &ctx, &len)) { audit_log_format(ab, " osid=%u", axi->osid); @@ -1012,7 +1017,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts if (n->osid != 0) { char *ctx = NULL; u32 len; - if (selinux_ctxid_to_string( + if (selinux_sid_to_string( n->osid, &ctx, &len)) { audit_log_format(ab, " osid=%u", n->osid); call_panic = 2; @@ -1139,6 +1144,7 @@ void audit_syscall_entry(int arch, int major, context->ctime = CURRENT_TIME; context->in_syscall = 1; context->auditable = !!(state == AUDIT_RECORD_CONTEXT); + context->ppid = 0; } /** @@ -1302,15 +1308,7 @@ void __audit_inode(const char *name, const struct inode *inode) * associated name? */ if (context->name_count >= AUDIT_NAMES - AUDIT_NAMES_RESERVED) return; - idx = context->name_count; - if (context->name_count == (AUDIT_NAMES - 1)) { - printk(KERN_DEBUG - "name_count maxed and losing entry [%d]=%s\n", - context->name_count, - context->names[context->name_count].name ?: - "(null)"); - } else - context->name_count++; + idx = context->name_count++; context->names[idx].name = NULL; #if AUDIT_DEBUG ++context->ino_count; @@ -1363,12 +1361,12 @@ void __audit_inode_child(const char *dname, const struct inode *inode, update_context: idx = context->name_count; - if (context->name_count == (AUDIT_NAMES - 1)) { - printk(KERN_DEBUG "name_count maxed and losing entry [%d]=%s\n", - context->name_count, - context->names[context->name_count].name ?: "(null)"); - } else - context->name_count++; + if (context->name_count == AUDIT_NAMES) { + printk(KERN_DEBUG "name_count maxed and losing %s\n", + found_name ?: "(null)"); + return; + } + context->name_count++; #if AUDIT_DEBUG context->ino_count++; #endif @@ -1387,14 +1385,15 @@ update_context: * provided parent. */ if (!found_name) { idx = context->name_count; - if (context->name_count == (AUDIT_NAMES - 1)) { - printk(KERN_DEBUG - "name_count maxed and losing entry [%d]=%s\n", - context->name_count, - context->names[context->name_count].name ?: - "(null)"); - } else - context->name_count++; + if (context->name_count == AUDIT_NAMES) { + printk(KERN_DEBUG + "name_count maxed and losing parent inode data: dev=%02x:%02x, inode=%lu", + MAJOR(parent->i_sb->s_dev), + MINOR(parent->i_sb->s_dev), + parent->i_ino); + return; + } + context->name_count++; #if AUDIT_DEBUG context->ino_count++; #endif @@ -1493,6 +1492,8 @@ uid_t audit_get_loginuid(struct audit_context *ctx) return ctx ? ctx->loginuid : -1; } +EXPORT_SYMBOL(audit_get_loginuid); + /** * __audit_mq_open - record audit data for a POSIX MQ open * @oflag: open flag