Commit dd5f5fed authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'audit.b46' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current

* 'audit.b46' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:
  [AUDIT] Add uid, gid fields to ANOM_PROMISCUOUS message
  [AUDIT] ratelimit printk messages audit
  [patch 2/2] audit: complement va_copy with va_end()
  [patch 1/2] kernel/audit.c: warning fix
  [AUDIT] create context if auditing was ever enabled
  [AUDIT] clean up audit_receive_msg()
  [AUDIT] make audit=0 really stop audit messages
  [AUDIT] break large execve argument logging into smaller messages
  [AUDIT] include audit type in audit message when using printk
  [AUDIT] do not panic on exclude messages in audit_log_pid_context()
  [AUDIT] Add End of Event record
  [AUDIT] add session id to audit messages
  [AUDIT] collect uid, loginuid, and comm in OBJ_PID records
  [AUDIT] return EINTR not ERESTART*
  [PATCH] get rid of loginuid races
  [PATCH] switch audit_get_loginuid() to task_struct *
parents 3e01dfce 7759db82
...@@ -1134,13 +1134,6 @@ check the amount of free space (value is in seconds). Default settings are: 4, ...@@ -1134,13 +1134,6 @@ check the amount of free space (value is in seconds). Default settings are: 4,
resume it if we have a value of 3 or more percent; consider information about resume it if we have a value of 3 or more percent; consider information about
the amount of free space valid for 30 seconds the amount of free space valid for 30 seconds
audit_argv_kb
-------------
The file contains a single value denoting the limit on the argv array size
for execve (in KiB). This limit is only applied when system call auditing for
execve is enabled, otherwise the value is ignored.
ctrl-alt-del ctrl-alt-del
------------ ------------
......
...@@ -73,6 +73,7 @@ static void tty_audit_buf_put(struct tty_audit_buf *buf) ...@@ -73,6 +73,7 @@ static void tty_audit_buf_put(struct tty_audit_buf *buf)
* @tsk with @loginuid. @buf->mutex must be locked. * @tsk with @loginuid. @buf->mutex must be locked.
*/ */
static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid, static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
unsigned int sessionid,
struct tty_audit_buf *buf) struct tty_audit_buf *buf)
{ {
struct audit_buffer *ab; struct audit_buffer *ab;
...@@ -85,9 +86,9 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid, ...@@ -85,9 +86,9 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
if (ab) { if (ab) {
char name[sizeof(tsk->comm)]; char name[sizeof(tsk->comm)];
audit_log_format(ab, "tty pid=%u uid=%u auid=%u major=%d " audit_log_format(ab, "tty pid=%u uid=%u auid=%u ses=%u "
"minor=%d comm=", tsk->pid, tsk->uid, "major=%d minor=%d comm=", tsk->pid, tsk->uid,
loginuid, buf->major, buf->minor); loginuid, sessionid, buf->major, buf->minor);
get_task_comm(name, tsk); get_task_comm(name, tsk);
audit_log_untrustedstring(ab, name); audit_log_untrustedstring(ab, name);
audit_log_format(ab, " data="); audit_log_format(ab, " data=");
...@@ -105,8 +106,9 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid, ...@@ -105,8 +106,9 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
*/ */
static void tty_audit_buf_push_current(struct tty_audit_buf *buf) static void tty_audit_buf_push_current(struct tty_audit_buf *buf)
{ {
tty_audit_buf_push(current, audit_get_loginuid(current->audit_context), uid_t auid = audit_get_loginuid(current);
buf); unsigned int sessionid = audit_get_sessionid(current);
tty_audit_buf_push(current, auid, sessionid, buf);
} }
/** /**
...@@ -152,6 +154,11 @@ void tty_audit_fork(struct signal_struct *sig) ...@@ -152,6 +154,11 @@ void tty_audit_fork(struct signal_struct *sig)
void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid) void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid)
{ {
struct tty_audit_buf *buf; struct tty_audit_buf *buf;
/* FIXME I think this is correct. Check against netlink once that is
* I really need to read this code more closely. But that's for
* another patch.
*/
unsigned int sessionid = audit_get_sessionid(tsk);
spin_lock_irq(&tsk->sighand->siglock); spin_lock_irq(&tsk->sighand->siglock);
buf = tsk->signal->tty_audit_buf; buf = tsk->signal->tty_audit_buf;
...@@ -162,7 +169,7 @@ void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid) ...@@ -162,7 +169,7 @@ void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid)
return; return;
mutex_lock(&buf->mutex); mutex_lock(&buf->mutex);
tty_audit_buf_push(tsk, loginuid, buf); tty_audit_buf_push(tsk, loginuid, sessionid, buf);
mutex_unlock(&buf->mutex); mutex_unlock(&buf->mutex);
tty_audit_buf_put(buf); tty_audit_buf_put(buf);
......
...@@ -984,7 +984,7 @@ static ssize_t proc_loginuid_read(struct file * file, char __user * buf, ...@@ -984,7 +984,7 @@ static ssize_t proc_loginuid_read(struct file * file, char __user * buf,
if (!task) if (!task)
return -ESRCH; return -ESRCH;
length = scnprintf(tmpbuf, TMPBUFLEN, "%u", length = scnprintf(tmpbuf, TMPBUFLEN, "%u",
audit_get_loginuid(task->audit_context)); audit_get_loginuid(task));
put_task_struct(task); put_task_struct(task);
return simple_read_from_buffer(buf, count, ppos, tmpbuf, length); return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
} }
......
...@@ -98,6 +98,7 @@ ...@@ -98,6 +98,7 @@
#define AUDIT_FD_PAIR 1317 /* audit record for pipe/socketpair */ #define AUDIT_FD_PAIR 1317 /* audit record for pipe/socketpair */
#define AUDIT_OBJ_PID 1318 /* ptrace target */ #define AUDIT_OBJ_PID 1318 /* ptrace target */
#define AUDIT_TTY 1319 /* Input on an administrative TTY */ #define AUDIT_TTY 1319 /* Input on an administrative TTY */
#define AUDIT_EOE 1320 /* End of multi-record event */
#define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */
#define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */
...@@ -409,7 +410,8 @@ extern unsigned int audit_serial(void); ...@@ -409,7 +410,8 @@ extern unsigned int audit_serial(void);
extern void auditsc_get_stamp(struct audit_context *ctx, extern void auditsc_get_stamp(struct audit_context *ctx,
struct timespec *t, unsigned int *serial); struct timespec *t, unsigned int *serial);
extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid); extern int audit_set_loginuid(struct task_struct *task, uid_t loginuid);
extern uid_t audit_get_loginuid(struct audit_context *ctx); #define audit_get_loginuid(t) ((t)->loginuid)
#define audit_get_sessionid(t) ((t)->sessionid)
extern void audit_log_task_context(struct audit_buffer *ab); extern void audit_log_task_context(struct audit_buffer *ab);
extern int __audit_ipc_obj(struct kern_ipc_perm *ipcp); extern int __audit_ipc_obj(struct kern_ipc_perm *ipcp);
extern int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode); extern int __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode);
...@@ -488,7 +490,8 @@ extern int audit_signals; ...@@ -488,7 +490,8 @@ extern int audit_signals;
#define audit_inode_child(d,i,p) do { ; } while (0) #define audit_inode_child(d,i,p) do { ; } while (0)
#define audit_core_dumps(i) do { ; } while (0) #define audit_core_dumps(i) do { ; } while (0)
#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0) #define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
#define audit_get_loginuid(c) ({ -1; }) #define audit_get_loginuid(t) (-1)
#define audit_get_sessionid(t) (-1)
#define audit_log_task_context(b) do { ; } while (0) #define audit_log_task_context(b) do { ; } while (0)
#define audit_ipc_obj(i) ({ 0; }) #define audit_ipc_obj(i) ({ 0; })
#define audit_ipc_set_perm(q,u,g,m) ({ 0; }) #define audit_ipc_set_perm(q,u,g,m) ({ 0; })
...@@ -522,9 +525,11 @@ extern void audit_log_end(struct audit_buffer *ab); ...@@ -522,9 +525,11 @@ extern void audit_log_end(struct audit_buffer *ab);
extern void audit_log_hex(struct audit_buffer *ab, extern void audit_log_hex(struct audit_buffer *ab,
const unsigned char *buf, const unsigned char *buf,
size_t len); size_t len);
extern const char * audit_log_untrustedstring(struct audit_buffer *ab, extern int audit_string_contains_control(const char *string,
size_t len);
extern void audit_log_untrustedstring(struct audit_buffer *ab,
const char *string); const char *string);
extern const char * audit_log_n_untrustedstring(struct audit_buffer *ab, extern void audit_log_n_untrustedstring(struct audit_buffer *ab,
size_t n, size_t n,
const char *string); const char *string);
extern void audit_log_d_path(struct audit_buffer *ab, extern void audit_log_d_path(struct audit_buffer *ab,
......
...@@ -114,6 +114,13 @@ extern struct group_info init_groups; ...@@ -114,6 +114,13 @@ extern struct group_info init_groups;
.pid = &init_struct_pid, \ .pid = &init_struct_pid, \
} }
#ifdef CONFIG_AUDITSYSCALL
#define INIT_IDS \
.loginuid = -1, \
.sessionid = -1,
#else
#define INIT_IDS
#endif
/* /*
* INIT_TASK is used to set up the first task table, touch at * INIT_TASK is used to set up the first task table, touch at
* your own risk!. Base=0, limit=0x1fffff (=2MB) * your own risk!. Base=0, limit=0x1fffff (=2MB)
...@@ -173,6 +180,7 @@ extern struct group_info init_groups; ...@@ -173,6 +180,7 @@ extern struct group_info init_groups;
[PIDTYPE_SID] = INIT_PID_LINK(PIDTYPE_SID), \ [PIDTYPE_SID] = INIT_PID_LINK(PIDTYPE_SID), \
}, \ }, \
.dirties = INIT_PROP_LOCAL_SINGLE(dirties), \ .dirties = INIT_PROP_LOCAL_SINGLE(dirties), \
INIT_IDS \
INIT_TRACE_IRQFLAGS \ INIT_TRACE_IRQFLAGS \
INIT_LOCKDEP \ INIT_LOCKDEP \
} }
......
...@@ -1139,6 +1139,10 @@ struct task_struct { ...@@ -1139,6 +1139,10 @@ struct task_struct {
void *security; void *security;
#endif #endif
struct audit_context *audit_context; struct audit_context *audit_context;
#ifdef CONFIG_AUDITSYSCALL
uid_t loginuid;
unsigned int sessionid;
#endif
seccomp_t seccomp; seccomp_t seccomp;
/* Thread group tracking */ /* Thread group tracking */
......
This diff is collapsed.
...@@ -95,6 +95,8 @@ extern struct inotify_handle *audit_ih; ...@@ -95,6 +95,8 @@ extern struct inotify_handle *audit_ih;
/* Inotify events we care about. */ /* Inotify events we care about. */
#define AUDIT_IN_WATCH IN_MOVE|IN_CREATE|IN_DELETE|IN_DELETE_SELF|IN_MOVE_SELF #define AUDIT_IN_WATCH IN_MOVE|IN_CREATE|IN_DELETE|IN_DELETE_SELF|IN_MOVE_SELF
extern int audit_enabled;
void audit_free_parent(struct inotify_watch *i_watch) void audit_free_parent(struct inotify_watch *i_watch)
{ {
struct audit_parent *parent; struct audit_parent *parent;
...@@ -974,7 +976,6 @@ static void audit_update_watch(struct audit_parent *parent, ...@@ -974,7 +976,6 @@ static void audit_update_watch(struct audit_parent *parent,
struct audit_watch *owatch, *nwatch, *nextw; struct audit_watch *owatch, *nwatch, *nextw;
struct audit_krule *r, *nextr; struct audit_krule *r, *nextr;
struct audit_entry *oentry, *nentry; struct audit_entry *oentry, *nentry;
struct audit_buffer *ab;
mutex_lock(&audit_filter_mutex); mutex_lock(&audit_filter_mutex);
list_for_each_entry_safe(owatch, nextw, &parent->watches, wlist) { list_for_each_entry_safe(owatch, nextw, &parent->watches, wlist) {
...@@ -1014,13 +1015,18 @@ static void audit_update_watch(struct audit_parent *parent, ...@@ -1014,13 +1015,18 @@ static void audit_update_watch(struct audit_parent *parent,
call_rcu(&oentry->rcu, audit_free_rule_rcu); call_rcu(&oentry->rcu, audit_free_rule_rcu);
} }
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); if (audit_enabled) {
audit_log_format(ab, "op=updated rules specifying path="); struct audit_buffer *ab;
audit_log_untrustedstring(ab, owatch->path); ab = audit_log_start(NULL, GFP_KERNEL,
audit_log_format(ab, " with dev=%u ino=%lu\n", dev, ino); AUDIT_CONFIG_CHANGE);
audit_log_format(ab, " list=%d res=1", r->listnr); audit_log_format(ab,
audit_log_end(ab); "op=updated rules specifying path=");
audit_log_untrustedstring(ab, owatch->path);
audit_log_format(ab, " with dev=%u ino=%lu\n",
dev, ino);
audit_log_format(ab, " list=%d res=1", r->listnr);
audit_log_end(ab);
}
audit_remove_watch(owatch); audit_remove_watch(owatch);
goto add_watch_to_parent; /* event applies to a single watch */ goto add_watch_to_parent; /* event applies to a single watch */
} }
...@@ -1039,25 +1045,28 @@ static void audit_remove_parent_watches(struct audit_parent *parent) ...@@ -1039,25 +1045,28 @@ static void audit_remove_parent_watches(struct audit_parent *parent)
struct audit_watch *w, *nextw; struct audit_watch *w, *nextw;
struct audit_krule *r, *nextr; struct audit_krule *r, *nextr;
struct audit_entry *e; struct audit_entry *e;
struct audit_buffer *ab;
mutex_lock(&audit_filter_mutex); mutex_lock(&audit_filter_mutex);
parent->flags |= AUDIT_PARENT_INVALID; parent->flags |= AUDIT_PARENT_INVALID;
list_for_each_entry_safe(w, nextw, &parent->watches, wlist) { list_for_each_entry_safe(w, nextw, &parent->watches, wlist) {
list_for_each_entry_safe(r, nextr, &w->rules, rlist) { list_for_each_entry_safe(r, nextr, &w->rules, rlist) {
e = container_of(r, struct audit_entry, rule); e = container_of(r, struct audit_entry, rule);
if (audit_enabled) {
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); struct audit_buffer *ab;
audit_log_format(ab, "op=remove rule path="); ab = audit_log_start(NULL, GFP_KERNEL,
audit_log_untrustedstring(ab, w->path); AUDIT_CONFIG_CHANGE);
if (r->filterkey) { audit_log_format(ab, "op=remove rule path=");
audit_log_format(ab, " key="); audit_log_untrustedstring(ab, w->path);
audit_log_untrustedstring(ab, r->filterkey); if (r->filterkey) {
} else audit_log_format(ab, " key=");
audit_log_format(ab, " key=(null)"); audit_log_untrustedstring(ab,
audit_log_format(ab, " list=%d res=1", r->listnr); r->filterkey);
audit_log_end(ab); } else
audit_log_format(ab, " key=(null)");
audit_log_format(ab, " list=%d res=1",
r->listnr);
audit_log_end(ab);
}
list_del(&r->rlist); list_del(&r->rlist);
list_del_rcu(&e->list); list_del_rcu(&e->list);
call_rcu(&e->rcu, audit_free_rule_rcu); call_rcu(&e->rcu, audit_free_rule_rcu);
...@@ -1495,6 +1504,9 @@ static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action, ...@@ -1495,6 +1504,9 @@ static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action,
{ {
struct audit_buffer *ab; struct audit_buffer *ab;
if (!audit_enabled)
return;
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE); ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
if (!ab) if (!ab)
return; return;
......
This diff is collapsed.
...@@ -81,7 +81,6 @@ extern int percpu_pagelist_fraction; ...@@ -81,7 +81,6 @@ extern int percpu_pagelist_fraction;
extern int compat_log; extern int compat_log;
extern int maps_protect; extern int maps_protect;
extern int sysctl_stat_interval; extern int sysctl_stat_interval;
extern int audit_argv_kb;
extern int latencytop_enabled; extern int latencytop_enabled;
/* Constants used for minimum and maximum */ /* Constants used for minimum and maximum */
...@@ -390,16 +389,6 @@ static struct ctl_table kern_table[] = { ...@@ -390,16 +389,6 @@ static struct ctl_table kern_table[] = {
.mode = 0644, .mode = 0644,
.proc_handler = &proc_dointvec, .proc_handler = &proc_dointvec,
}, },
#ifdef CONFIG_AUDITSYSCALL
{
.ctl_name = CTL_UNNUMBERED,
.procname = "audit_argv_kb",
.data = &audit_argv_kb,
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = &proc_dointvec,
},
#endif
{ {
.ctl_name = KERN_CORE_PATTERN, .ctl_name = KERN_CORE_PATTERN,
.procname = "core_pattern", .procname = "core_pattern",
......
...@@ -2752,12 +2752,15 @@ static void __dev_set_promiscuity(struct net_device *dev, int inc) ...@@ -2752,12 +2752,15 @@ static void __dev_set_promiscuity(struct net_device *dev, int inc)
printk(KERN_INFO "device %s %s promiscuous mode\n", printk(KERN_INFO "device %s %s promiscuous mode\n",
dev->name, (dev->flags & IFF_PROMISC) ? "entered" : dev->name, (dev->flags & IFF_PROMISC) ? "entered" :
"left"); "left");
audit_log(current->audit_context, GFP_ATOMIC, if (audit_enabled)
AUDIT_ANOM_PROMISCUOUS, audit_log(current->audit_context, GFP_ATOMIC,
"dev=%s prom=%d old_prom=%d auid=%u", AUDIT_ANOM_PROMISCUOUS,
dev->name, (dev->flags & IFF_PROMISC), "dev=%s prom=%d old_prom=%d auid=%u uid=%u gid=%u ses=%u",
(old_flags & IFF_PROMISC), dev->name, (dev->flags & IFF_PROMISC),
audit_get_loginuid(current->audit_context)); (old_flags & IFF_PROMISC),
audit_get_loginuid(current),
current->uid, current->gid,
audit_get_sessionid(current));
if (dev->change_rx_flags) if (dev->change_rx_flags)
dev->change_rx_flags(dev, IFF_PROMISC); dev->change_rx_flags(dev, IFF_PROMISC);
......
...@@ -1466,7 +1466,7 @@ static int pfkey_add(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr, ...@@ -1466,7 +1466,7 @@ static int pfkey_add(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr,
err = xfrm_state_update(x); err = xfrm_state_update(x);
xfrm_audit_state_add(x, err ? 0 : 1, xfrm_audit_state_add(x, err ? 0 : 1,
audit_get_loginuid(current->audit_context), 0); audit_get_loginuid(current), 0);
if (err < 0) { if (err < 0) {
x->km.state = XFRM_STATE_DEAD; x->km.state = XFRM_STATE_DEAD;
...@@ -1520,7 +1520,7 @@ static int pfkey_delete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h ...@@ -1520,7 +1520,7 @@ static int pfkey_delete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
km_state_notify(x, &c); km_state_notify(x, &c);
out: out:
xfrm_audit_state_delete(x, err ? 0 : 1, xfrm_audit_state_delete(x, err ? 0 : 1,
audit_get_loginuid(current->audit_context), 0); audit_get_loginuid(current), 0);
xfrm_state_put(x); xfrm_state_put(x);
return err; return err;
...@@ -1695,7 +1695,7 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hd ...@@ -1695,7 +1695,7 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hd
if (proto == 0) if (proto == 0)
return -EINVAL; return -EINVAL;
audit_info.loginuid = audit_get_loginuid(current->audit_context); audit_info.loginuid = audit_get_loginuid(current);
audit_info.secid = 0; audit_info.secid = 0;
err = xfrm_state_flush(proto, &audit_info); err = xfrm_state_flush(proto, &audit_info);
if (err) if (err)
...@@ -2273,7 +2273,7 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h ...@@ -2273,7 +2273,7 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
hdr->sadb_msg_type != SADB_X_SPDUPDATE); hdr->sadb_msg_type != SADB_X_SPDUPDATE);
xfrm_audit_policy_add(xp, err ? 0 : 1, xfrm_audit_policy_add(xp, err ? 0 : 1,
audit_get_loginuid(current->audit_context), 0); audit_get_loginuid(current), 0);
if (err) if (err)
goto out; goto out;
...@@ -2356,7 +2356,7 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg ...@@ -2356,7 +2356,7 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
return -ENOENT; return -ENOENT;
xfrm_audit_policy_delete(xp, err ? 0 : 1, xfrm_audit_policy_delete(xp, err ? 0 : 1,
audit_get_loginuid(current->audit_context), 0); audit_get_loginuid(current), 0);
if (err) if (err)
goto out; goto out;
...@@ -2617,7 +2617,7 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h ...@@ -2617,7 +2617,7 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
if (delete) { if (delete) {
xfrm_audit_policy_delete(xp, err ? 0 : 1, xfrm_audit_policy_delete(xp, err ? 0 : 1,
audit_get_loginuid(current->audit_context), 0); audit_get_loginuid(current), 0);
if (err) if (err)
goto out; goto out;
...@@ -2694,7 +2694,7 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg ...@@ -2694,7 +2694,7 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg
struct xfrm_audit audit_info; struct xfrm_audit audit_info;
int err; int err;
audit_info.loginuid = audit_get_loginuid(current->audit_context); audit_info.loginuid = audit_get_loginuid(current);
audit_info.secid = 0; audit_info.secid = 0;
err = xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info); err = xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info);
if (err) if (err)
......
...@@ -1238,7 +1238,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock, ...@@ -1238,7 +1238,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
NETLINK_CB(skb).pid = nlk->pid; NETLINK_CB(skb).pid = nlk->pid;
NETLINK_CB(skb).dst_group = dst_group; NETLINK_CB(skb).dst_group = dst_group;
NETLINK_CB(skb).loginuid = audit_get_loginuid(current->audit_context); NETLINK_CB(skb).loginuid = audit_get_loginuid(current);
selinux_get_task_sid(current, &(NETLINK_CB(skb).sid)); selinux_get_task_sid(current, &(NETLINK_CB(skb).sid));
memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
......
...@@ -493,7 +493,7 @@ static void xfrm_timer_handler(unsigned long data) ...@@ -493,7 +493,7 @@ static void xfrm_timer_handler(unsigned long data)
km_state_expired(x, 1, 0); km_state_expired(x, 1, 0);
xfrm_audit_state_delete(x, err ? 0 : 1, xfrm_audit_state_delete(x, err ? 0 : 1,
audit_get_loginuid(current->audit_context), 0); audit_get_loginuid(current), 0);
out: out:
spin_unlock(&x->lock); spin_unlock(&x->lock);
......
...@@ -172,9 +172,10 @@ static ssize_t sel_write_enforce(struct file * file, const char __user * buf, ...@@ -172,9 +172,10 @@ static ssize_t sel_write_enforce(struct file * file, const char __user * buf,
if (length) if (length)
goto out; goto out;
audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
"enforcing=%d old_enforcing=%d auid=%u", new_value, "enforcing=%d old_enforcing=%d auid=%u ses=%u",
selinux_enforcing, new_value, selinux_enforcing,
audit_get_loginuid(current->audit_context)); audit_get_loginuid(current),
audit_get_sessionid(current));
selinux_enforcing = new_value; selinux_enforcing = new_value;
if (selinux_enforcing) if (selinux_enforcing)
avc_ss_reset(0); avc_ss_reset(0);
...@@ -243,8 +244,9 @@ static ssize_t sel_write_disable(struct file * file, const char __user * buf, ...@@ -243,8 +244,9 @@ static ssize_t sel_write_disable(struct file * file, const char __user * buf,
if (length < 0) if (length < 0)
goto out; goto out;
audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS, audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_STATUS,
"selinux=0 auid=%u", "selinux=0 auid=%u ses=%u",
audit_get_loginuid(current->audit_context)); audit_get_loginuid(current),
audit_get_sessionid(current));
} }
length = count; length = count;
...@@ -356,8 +358,9 @@ static ssize_t sel_write_load(struct file * file, const char __user * buf, ...@@ -356,8 +358,9 @@ static ssize_t sel_write_load(struct file * file, const char __user * buf,
(security_get_allow_unknown() ? "allow" : "deny"))); (security_get_allow_unknown() ? "allow" : "deny")));
audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD, audit_log(current->audit_context, GFP_KERNEL, AUDIT_MAC_POLICY_LOAD,
"policy loaded auid=%u", "policy loaded auid=%u ses=%u",
audit_get_loginuid(current->audit_context)); audit_get_loginuid(current),
audit_get_sessionid(current));
out: out:
mutex_unlock(&sel_mutex); mutex_unlock(&sel_mutex);
vfree(data); vfree(data);
......
...@@ -1905,11 +1905,12 @@ int security_set_bools(int len, int *values) ...@@ -1905,11 +1905,12 @@ int security_set_bools(int len, int *values)
if (!!values[i] != policydb.bool_val_to_struct[i]->state) { if (!!values[i] != policydb.bool_val_to_struct[i]->state) {
audit_log(current->audit_context, GFP_ATOMIC, audit_log(current->audit_context, GFP_ATOMIC,
AUDIT_MAC_CONFIG_CHANGE, AUDIT_MAC_CONFIG_CHANGE,
"bool=%s val=%d old_val=%d auid=%u", "bool=%s val=%d old_val=%d auid=%u ses=%u",
policydb.p_bool_val_to_name[i], policydb.p_bool_val_to_name[i],
!!values[i], !!values[i],
policydb.bool_val_to_struct[i]->state, policydb.bool_val_to_struct[i]->state,
audit_get_loginuid(current->audit_context)); audit_get_loginuid(current),
audit_get_sessionid(current));
} }
if (values[i]) { if (values[i]) {
policydb.bool_val_to_struct[i]->state = 1; policydb.bool_val_to_struct[i]->state = 1;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment