arm64: audit: Add audit hook in syscall_trace_enter/exit()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This patch adds auditing functions on entry to or exit from
every system call invocation.

Acked-by: Richard Guy Briggs <rgb@redhat.com>
Acked-by Will Deacon <will.deacon@arm.com>
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>

authored by

AKASHI Takahiro and committed by

Catalin Marinas 11 years ago 5701ede8 f3e5c847

1 changed file

expand all

arch

arm64

kernel

ptrace.c

arch/arm64/kernel/ptrace.c

··· 19 19 * along with this program. If not, see <http://www.gnu.org/licenses/>. 20 20 */ 21 21 22 + #include <linux/audit.h> 22 23 #include <linux/compat.h> 23 24 #include <linux/kernel.h> 24 25 #include <linux/sched.h> ··· 40 39 #include <asm/compat.h> 41 40 #include <asm/debug-monitors.h> 42 41 #include <asm/pgtable.h> 42 + #include <asm/syscall.h> 43 43 #include <asm/traps.h> 44 44 #include <asm/system_misc.h> 45 45 ··· 1115 1113 if (test_thread_flag(TIF_SYSCALL_TRACEPOINT)) 1116 1114 trace_sys_enter(regs, regs->syscallno); 1117 1115 1116 + audit_syscall_entry(syscall_get_arch(), regs->syscallno, 1117 + regs->orig_x0, regs->regs[1], regs->regs[2], regs->regs[3]); 1118 + 1118 1119 return regs->syscallno; 1119 1120 } 1120 1121 1121 1122 asmlinkage void syscall_trace_exit(struct pt_regs *regs) 1122 1123 { 1124 + audit_syscall_exit(regs); 1125 + 1123 1126 if (test_thread_flag(TIF_SYSCALL_TRACEPOINT)) 1124 1127 trace_sys_exit(regs, regs_return_value(regs)); 1125 1128