tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
Merge branch 'audit.b50' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b50' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current:
[PATCH] new predicate - AUDIT_FILETYPE
[patch 2/2] Use find_task_by_vpid in audit code
[patch 1/2] audit: let userspace fully control TTY input auditing
[PATCH 2/2] audit: fix sparse shadowed variable warnings
[PATCH 1/2] audit: move extern declarations to audit.h
Audit: MAINTAINERS update
Audit: increase the maximum length of the key field
Audit: standardize string audit interfaces
Audit: stop deadlock from signals under load
Audit: save audit_backlog_limit audit messages in case auditd comes back
Audit: collect sessionid in netlink messages
Audit: end printk with newline
+346
-233
+5
-3
MAINTAINERS
+5
-3
MAINTAINERS
···
752
752
S: Maintained
753
753
754
754
AUDIT SUBSYSTEM
755
-
P: David Woodhouse
756
-
M: dwmw2@infradead.org
755
+
P: Al Viro
756
+
M: viro@zeniv.linux.org.uk
757
+
P: Eric Paris
758
+
M: eparis@redhat.com
757
759
L: linux-audit@redhat.com (subscribers-only)
758
760
W: http://people.redhat.com/sgrubb/audit/
759
-
T: git kernel.org:/pub/scm/linux/kernel/git/dwmw2/audit-2.6.git
761
+
T: git git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current.git
760
762
S: Maintained
761
763
762
764
AUXILIARY DISPLAY DRIVERS
+6
-57
drivers/char/tty_audit.c
+6
-57
drivers/char/tty_audit.c
···
92
92
get_task_comm(name, tsk);
93
93
audit_log_untrustedstring(ab, name);
94
94
audit_log_format(ab, " data=");
95
-
audit_log_n_untrustedstring(ab, buf->valid, buf->data);
95
+
audit_log_n_untrustedstring(ab, buf->data, buf->valid);
96
96
audit_log_end(ab);
97
97
}
98
98
buf->valid = 0;
···
151
151
/**
152
152
* tty_audit_push_task - Flush task's pending audit data
153
153
*/
154
-
void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid)
154
+
void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)
155
155
{
156
156
struct tty_audit_buf *buf;
157
-
/* FIXME I think this is correct. Check against netlink once that is
158
-
* I really need to read this code more closely. But that's for
159
-
* another patch.
160
-
*/
161
-
unsigned int sessionid = audit_get_sessionid(tsk);
162
157
163
158
spin_lock_irq(&tsk->sighand->siglock);
164
159
buf = tsk->signal->tty_audit_buf;
···
233
238
if (unlikely(size == 0))
234
239
return;
235
240
241
+
if (tty->driver->type == TTY_DRIVER_TYPE_PTY
242
+
&& tty->driver->subtype == PTY_TYPE_MASTER)
243
+
return;
244
+
236
245
buf = tty_audit_buf_get(tty);
237
246
if (!buf)
238
247
return;
···
298
299
mutex_unlock(&buf->mutex);
299
300
tty_audit_buf_put(buf);
300
301
}
301
-
}
302
-
303
-
/**
304
-
* tty_audit_opening - A TTY is being opened.
305
-
*
306
-
* As a special hack, tasks that close all their TTYs and open new ones
307
-
* are assumed to be system daemons (e.g. getty) and auditing is
308
-
* automatically disabled for them.
309
-
*/
310
-
void tty_audit_opening(void)
311
-
{
312
-
int disable;
313
-
314
-
disable = 1;
315
-
spin_lock_irq(¤t->sighand->siglock);
316
-
if (current->signal->audit_tty == 0)
317
-
disable = 0;
318
-
spin_unlock_irq(¤t->sighand->siglock);
319
-
if (!disable)
320
-
return;
321
-
322
-
task_lock(current);
323
-
if (current->files) {
324
-
struct fdtable *fdt;
325
-
unsigned i;
326
-
327
-
/*
328
-
* We don't take a ref to the file, so we must hold ->file_lock
329
-
* instead.
330
-
*/
331
-
spin_lock(¤t->files->file_lock);
332
-
fdt = files_fdtable(current->files);
333
-
for (i = 0; i < fdt->max_fds; i++) {
334
-
struct file *filp;
335
-
336
-
filp = fcheck_files(current->files, i);
337
-
if (filp && is_tty(filp)) {
338
-
disable = 0;
339
-
break;
340
-
}
341
-
}
342
-
spin_unlock(¤t->files->file_lock);
343
-
}
344
-
task_unlock(current);
345
-
if (!disable)
346
-
return;
347
-
348
-
spin_lock_irq(¤t->sighand->siglock);
349
-
current->signal->audit_tty = 0;
350
-
spin_unlock_irq(¤t->sighand->siglock);
351
302
}
+1
-4
drivers/char/tty_io.c
+1
-4
drivers/char/tty_io.c
···
2755
2755
__proc_set_tty(current, tty);
2756
2756
spin_unlock_irq(¤t->sighand->siglock);
2757
2757
mutex_unlock(&tty_mutex);
2758
-
tty_audit_opening();
2759
2758
return 0;
2760
2759
}
2761
2760
···
2817
2818
2818
2819
check_tty_count(tty, "tty_open");
2819
2820
retval = ptm_driver->open(tty, filp);
2820
-
if (!retval) {
2821
-
tty_audit_opening();
2821
+
if (!retval)
2822
2822
return 0;
2823
-
}
2824
2823
out1:
2825
2824
release_dev(filp);
2826
2825
return retval;
+18
-10
include/linux/audit.h
+18
-10
include/linux/audit.h
···
146
146
/* Rule structure sizes -- if these change, different AUDIT_ADD and
147
147
* AUDIT_LIST commands must be implemented. */
148
148
#define AUDIT_MAX_FIELDS 64
149
-
#define AUDIT_MAX_KEY_LEN 32
149
+
#define AUDIT_MAX_KEY_LEN 256
150
150
#define AUDIT_BITMASK_SIZE 64
151
151
#define AUDIT_WORD(nr) ((__u32)((nr)/32))
152
152
#define AUDIT_BIT(nr) (1 << ((nr) - AUDIT_WORD(nr)*32))
···
209
209
#define AUDIT_WATCH 105
210
210
#define AUDIT_PERM 106
211
211
#define AUDIT_DIR 107
212
+
#define AUDIT_FILETYPE 108
212
213
213
214
#define AUDIT_ARG0 200
214
215
#define AUDIT_ARG1 (AUDIT_ARG0+1)
···
550
549
const char *fmt, ...)
551
550
__attribute__((format(printf,2,3)));
552
551
extern void audit_log_end(struct audit_buffer *ab);
553
-
extern void audit_log_hex(struct audit_buffer *ab,
554
-
const unsigned char *buf,
555
-
size_t len);
556
552
extern int audit_string_contains_control(const char *string,
557
553
size_t len);
554
+
extern void audit_log_n_hex(struct audit_buffer *ab,
555
+
const unsigned char *buf,
556
+
size_t len);
557
+
extern void audit_log_n_string(struct audit_buffer *ab,
558
+
const char *buf,
559
+
size_t n);
560
+
#define audit_log_string(a,b) audit_log_n_string(a, b, strlen(b));
561
+
extern void audit_log_n_untrustedstring(struct audit_buffer *ab,
562
+
const char *string,
563
+
size_t n);
558
564
extern void audit_log_untrustedstring(struct audit_buffer *ab,
559
565
const char *string);
560
-
extern void audit_log_n_untrustedstring(struct audit_buffer *ab,
561
-
size_t n,
562
-
const char *string);
563
566
extern void audit_log_d_path(struct audit_buffer *ab,
564
567
const char *prefix,
565
568
struct path *path);
···
574
569
extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
575
570
extern int audit_filter_type(int type);
576
571
extern int audit_receive_filter(int type, int pid, int uid, int seq,
577
-
void *data, size_t datasz, uid_t loginuid, u32 sid);
572
+
void *data, size_t datasz, uid_t loginuid,
573
+
u32 sessionid, u32 sid);
578
574
extern int audit_enabled;
579
575
#else
580
576
#define audit_log(c,g,t,f,...) do { ; } while (0)
···
583
577
#define audit_log_vformat(b,f,a) do { ; } while (0)
584
578
#define audit_log_format(b,f,...) do { ; } while (0)
585
579
#define audit_log_end(b) do { ; } while (0)
586
-
#define audit_log_hex(a,b,l) do { ; } while (0)
587
-
#define audit_log_untrustedstring(a,s) do { ; } while (0)
580
+
#define audit_log_n_hex(a,b,l) do { ; } while (0)
581
+
#define audit_log_n_string(a,c,l) do { ; } while (0)
582
+
#define audit_log_string(a,c) do { ; } while (0)
588
583
#define audit_log_n_untrustedstring(a,n,s) do { ; } while (0)
584
+
#define audit_log_untrustedstring(a,s) do { ; } while (0)
589
585
#define audit_log_d_path(b, p, d) do { ; } while (0)
590
586
#define audit_enabled 0
591
587
#endif
+1
include/linux/netlink.h
+1
include/linux/netlink.h
+2
-7
include/linux/tty.h
+2
-7
include/linux/tty.h
···
300
300
extern void tty_vhangup(struct tty_struct * tty);
301
301
extern void tty_unhangup(struct file *filp);
302
302
extern int tty_hung_up_p(struct file * filp);
303
-
extern int is_tty(struct file *filp);
304
303
extern void do_SAK(struct tty_struct *tty);
305
304
extern void __do_SAK(struct tty_struct *tty);
306
305
extern void disassociate_ctty(int priv);
···
350
351
extern void tty_audit_exit(void);
351
352
extern void tty_audit_fork(struct signal_struct *sig);
352
353
extern void tty_audit_push(struct tty_struct *tty);
353
-
extern void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid);
354
-
extern void tty_audit_opening(void);
354
+
extern void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid);
355
355
#else
356
356
static inline void tty_audit_add_data(struct tty_struct *tty,
357
357
unsigned char *data, size_t size)
···
365
367
static inline void tty_audit_push(struct tty_struct *tty)
366
368
{
367
369
}
368
-
static inline void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid)
369
-
{
370
-
}
371
-
static inline void tty_audit_opening(void)
370
+
static inline void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)
372
371
{
373
372
}
374
373
#endif
+1
include/net/netlabel.h
+1
include/net/netlabel.h
+12
-11
include/net/xfrm.h
+12
-11
include/net/xfrm.h
···
597
597
/* Audit Information */
598
598
struct xfrm_audit
599
599
{
600
-
u32 loginuid;
601
600
u32 secid;
601
+
uid_t loginuid;
602
+
u32 sessionid;
602
603
};
603
604
604
605
#ifdef CONFIG_AUDITSYSCALL
···
617
616
return audit_buf;
618
617
}
619
618
620
-
static inline void xfrm_audit_helper_usrinfo(u32 auid, u32 secid,
619
+
static inline void xfrm_audit_helper_usrinfo(uid_t auid, u32 ses, u32 secid,
621
620
struct audit_buffer *audit_buf)
622
621
{
623
622
char *secctx;
624
623
u32 secctx_len;
625
624
626
-
audit_log_format(audit_buf, " auid=%u", auid);
625
+
audit_log_format(audit_buf, " auid=%u ses=%u", auid, ses);
627
626
if (secid != 0 &&
628
627
security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) {
629
628
audit_log_format(audit_buf, " subj=%s", secctx);
···
633
632
}
634
633
635
634
extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
636
-
u32 auid, u32 secid);
635
+
u32 auid, u32 ses, u32 secid);
637
636
extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
638
-
u32 auid, u32 secid);
637
+
u32 auid, u32 ses, u32 secid);
639
638
extern void xfrm_audit_state_add(struct xfrm_state *x, int result,
640
-
u32 auid, u32 secid);
639
+
u32 auid, u32 ses, u32 secid);
641
640
extern void xfrm_audit_state_delete(struct xfrm_state *x, int result,
642
-
u32 auid, u32 secid);
641
+
u32 auid, u32 ses, u32 secid);
643
642
extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
644
643
struct sk_buff *skb);
645
644
extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family);
···
648
647
extern void xfrm_audit_state_icvfail(struct xfrm_state *x,
649
648
struct sk_buff *skb, u8 proto);
650
649
#else
651
-
#define xfrm_audit_policy_add(x, r, a, s) do { ; } while (0)
652
-
#define xfrm_audit_policy_delete(x, r, a, s) do { ; } while (0)
653
-
#define xfrm_audit_state_add(x, r, a, s) do { ; } while (0)
654
-
#define xfrm_audit_state_delete(x, r, a, s) do { ; } while (0)
650
+
#define xfrm_audit_policy_add(x, r, a, se, s) do { ; } while (0)
651
+
#define xfrm_audit_policy_delete(x, r, a, se, s) do { ; } while (0)
652
+
#define xfrm_audit_state_add(x, r, a, se, s) do { ; } while (0)
653
+
#define xfrm_audit_state_delete(x, r, a, se, s) do { ; } while (0)
655
654
#define xfrm_audit_state_replay_overflow(x, s) do { ; } while (0)
656
655
#define xfrm_audit_state_notfound_simple(s, f) do { ; } while (0)
657
656
#define xfrm_audit_state_notfound(s, f, sp, sq) do { ; } while (0)
+173
-76
kernel/audit.c
+173
-76
kernel/audit.c
···
126
126
static LIST_HEAD(audit_freelist);
127
127
128
128
static struct sk_buff_head audit_skb_queue;
129
+
/* queue of skbs to send to auditd when/if it comes back */
130
+
static struct sk_buff_head audit_skb_hold_queue;
129
131
static struct task_struct *kauditd_task;
130
132
static DECLARE_WAIT_QUEUE_HEAD(kauditd_wait);
131
133
static DECLARE_WAIT_QUEUE_HEAD(audit_backlog_wait);
···
154
152
struct sk_buff *skb; /* formatted skb ready to send */
155
153
struct audit_context *ctx; /* NULL or associated context */
156
154
gfp_t gfp_mask;
155
+
};
156
+
157
+
struct audit_reply {
158
+
int pid;
159
+
struct sk_buff *skb;
157
160
};
158
161
159
162
static void audit_set_pid(struct audit_buffer *ab, pid_t pid)
···
259
252
}
260
253
261
254
static int audit_log_config_change(char *function_name, int new, int old,
262
-
uid_t loginuid, u32 sid, int allow_changes)
255
+
uid_t loginuid, u32 sessionid, u32 sid,
256
+
int allow_changes)
263
257
{
264
258
struct audit_buffer *ab;
265
259
int rc = 0;
266
260
267
261
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
268
-
audit_log_format(ab, "%s=%d old=%d by auid=%u", function_name, new,
269
-
old, loginuid);
262
+
audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new,
263
+
old, loginuid, sessionid);
270
264
if (sid) {
271
265
char *ctx = NULL;
272
266
u32 len;
···
287
279
}
288
280
289
281
static int audit_do_config_change(char *function_name, int *to_change,
290
-
int new, uid_t loginuid, u32 sid)
282
+
int new, uid_t loginuid, u32 sessionid,
283
+
u32 sid)
291
284
{
292
285
int allow_changes, rc = 0, old = *to_change;
293
286
···
299
290
allow_changes = 1;
300
291
301
292
if (audit_enabled != AUDIT_OFF) {
302
-
rc = audit_log_config_change(function_name, new, old,
303
-
loginuid, sid, allow_changes);
293
+
rc = audit_log_config_change(function_name, new, old, loginuid,
294
+
sessionid, sid, allow_changes);
304
295
if (rc)
305
296
allow_changes = 0;
306
297
}
···
314
305
return rc;
315
306
}
316
307
317
-
static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sid)
308
+
static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sessionid,
309
+
u32 sid)
318
310
{
319
311
return audit_do_config_change("audit_rate_limit", &audit_rate_limit,
320
-
limit, loginuid, sid);
312
+
limit, loginuid, sessionid, sid);
321
313
}
322
314
323
-
static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid)
315
+
static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sessionid,
316
+
u32 sid)
324
317
{
325
318
return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit,
326
-
limit, loginuid, sid);
319
+
limit, loginuid, sessionid, sid);
327
320
}
328
321
329
-
static int audit_set_enabled(int state, uid_t loginuid, u32 sid)
322
+
static int audit_set_enabled(int state, uid_t loginuid, u32 sessionid, u32 sid)
330
323
{
331
324
int rc;
332
325
if (state < AUDIT_OFF || state > AUDIT_LOCKED)
333
326
return -EINVAL;
334
327
335
328
rc = audit_do_config_change("audit_enabled", &audit_enabled, state,
336
-
loginuid, sid);
329
+
loginuid, sessionid, sid);
337
330
338
331
if (!rc)
339
332
audit_ever_enabled |= !!state;
···
343
332
return rc;
344
333
}
345
334
346
-
static int audit_set_failure(int state, uid_t loginuid, u32 sid)
335
+
static int audit_set_failure(int state, uid_t loginuid, u32 sessionid, u32 sid)
347
336
{
348
337
if (state != AUDIT_FAIL_SILENT
349
338
&& state != AUDIT_FAIL_PRINTK
···
351
340
return -EINVAL;
352
341
353
342
return audit_do_config_change("audit_failure", &audit_failure, state,
354
-
loginuid, sid);
343
+
loginuid, sessionid, sid);
344
+
}
345
+
346
+
/*
347
+
* Queue skbs to be sent to auditd when/if it comes back. These skbs should
348
+
* already have been sent via prink/syslog and so if these messages are dropped
349
+
* it is not a huge concern since we already passed the audit_log_lost()
350
+
* notification and stuff. This is just nice to get audit messages during
351
+
* boot before auditd is running or messages generated while auditd is stopped.
352
+
* This only holds messages is audit_default is set, aka booting with audit=1
353
+
* or building your kernel that way.
354
+
*/
355
+
static void audit_hold_skb(struct sk_buff *skb)
356
+
{
357
+
if (audit_default &&
358
+
skb_queue_len(&audit_skb_hold_queue) < audit_backlog_limit)
359
+
skb_queue_tail(&audit_skb_hold_queue, skb);
360
+
else
361
+
kfree_skb(skb);
362
+
}
363
+
364
+
static void kauditd_send_skb(struct sk_buff *skb)
365
+
{
366
+
int err;
367
+
/* take a reference in case we can't send it and we want to hold it */
368
+
skb_get(skb);
369
+
err = netlink_unicast(audit_sock, skb, audit_nlk_pid, 0);
370
+
if (err < 0) {
371
+
BUG_ON(err != -ECONNREFUSED); /* Shoudn't happen */
372
+
printk(KERN_ERR "audit: *NO* daemon at audit_pid=%d\n", audit_pid);
373
+
audit_log_lost("auditd dissapeared\n");
374
+
audit_pid = 0;
375
+
/* we might get lucky and get this in the next auditd */
376
+
audit_hold_skb(skb);
377
+
} else
378
+
/* drop the extra reference if sent ok */
379
+
kfree_skb(skb);
355
380
}
356
381
357
382
static int kauditd_thread(void *dummy)
···
396
349
397
350
set_freezable();
398
351
while (!kthread_should_stop()) {
352
+
/*
353
+
* if auditd just started drain the queue of messages already
354
+
* sent to syslog/printk. remember loss here is ok. we already
355
+
* called audit_log_lost() if it didn't go out normally. so the
356
+
* race between the skb_dequeue and the next check for audit_pid
357
+
* doesn't matter.
358
+
*
359
+
* if you ever find kauditd to be too slow we can get a perf win
360
+
* by doing our own locking and keeping better track if there
361
+
* are messages in this queue. I don't see the need now, but
362
+
* in 5 years when I want to play with this again I'll see this
363
+
* note and still have no friggin idea what i'm thinking today.
364
+
*/
365
+
if (audit_default && audit_pid) {
366
+
skb = skb_dequeue(&audit_skb_hold_queue);
367
+
if (unlikely(skb)) {
368
+
while (skb && audit_pid) {
369
+
kauditd_send_skb(skb);
370
+
skb = skb_dequeue(&audit_skb_hold_queue);
371
+
}
372
+
}
373
+
}
374
+
399
375
skb = skb_dequeue(&audit_skb_queue);
400
376
wake_up(&audit_backlog_wait);
401
377
if (skb) {
402
-
if (audit_pid) {
403
-
int err = netlink_unicast(audit_sock, skb, audit_nlk_pid, 0);
404
-
if (err < 0) {
405
-
BUG_ON(err != -ECONNREFUSED); /* Shoudn't happen */
406
-
printk(KERN_ERR "audit: *NO* daemon at audit_pid=%d\n", audit_pid);
407
-
audit_log_lost("auditd dissapeared\n");
408
-
audit_pid = 0;
409
-
}
410
-
} else {
378
+
if (audit_pid)
379
+
kauditd_send_skb(skb);
380
+
else {
411
381
if (printk_ratelimit())
412
-
printk(KERN_NOTICE "%s\n", skb->data +
413
-
NLMSG_SPACE(0));
382
+
printk(KERN_NOTICE "%s\n", skb->data + NLMSG_SPACE(0));
414
383
else
415
384
audit_log_lost("printk limit exceeded\n");
416
-
kfree_skb(skb);
385
+
386
+
audit_hold_skb(skb);
417
387
}
418
388
} else {
419
389
DECLARE_WAITQUEUE(wait, current);
···
449
385
return 0;
450
386
}
451
387
452
-
static int audit_prepare_user_tty(pid_t pid, uid_t loginuid)
388
+
static int audit_prepare_user_tty(pid_t pid, uid_t loginuid, u32 sessionid)
453
389
{
454
390
struct task_struct *tsk;
455
391
int err;
456
392
457
393
read_lock(&tasklist_lock);
458
-
tsk = find_task_by_pid(pid);
394
+
tsk = find_task_by_vpid(pid);
459
395
err = -ESRCH;
460
396
if (!tsk)
461
397
goto out;
···
468
404
if (err)
469
405
goto out;
470
406
471
-
tty_audit_push_task(tsk, loginuid);
407
+
tty_audit_push_task(tsk, loginuid, sessionid);
472
408
out:
473
409
read_unlock(&tasklist_lock);
474
410
return err;
···
533
469
return NULL;
534
470
}
535
471
472
+
static int audit_send_reply_thread(void *arg)
473
+
{
474
+
struct audit_reply *reply = (struct audit_reply *)arg;
475
+
476
+
mutex_lock(&audit_cmd_mutex);
477
+
mutex_unlock(&audit_cmd_mutex);
478
+
479
+
/* Ignore failure. It'll only happen if the sender goes away,
480
+
because our timeout is set to infinite. */
481
+
netlink_unicast(audit_sock, reply->skb, reply->pid, 0);
482
+
kfree(reply);
483
+
return 0;
484
+
}
536
485
/**
537
486
* audit_send_reply - send an audit reply message via netlink
538
487
* @pid: process id to send reply to
···
562
485
void audit_send_reply(int pid, int seq, int type, int done, int multi,
563
486
void *payload, int size)
564
487
{
565
-
struct sk_buff *skb;
488
+
struct sk_buff *skb;
489
+
struct task_struct *tsk;
490
+
struct audit_reply *reply = kmalloc(sizeof(struct audit_reply),
491
+
GFP_KERNEL);
492
+
493
+
if (!reply)
494
+
return;
495
+
566
496
skb = audit_make_reply(pid, seq, type, done, multi, payload, size);
567
497
if (!skb)
568
498
return;
569
-
/* Ignore failure. It'll only happen if the sender goes away,
570
-
because our timeout is set to infinite. */
571
-
netlink_unicast(audit_sock, skb, pid, 0);
572
-
return;
499
+
500
+
reply->pid = pid;
501
+
reply->skb = skb;
502
+
503
+
tsk = kthread_run(audit_send_reply_thread, reply, "audit_send_reply");
504
+
if (IS_ERR(tsk)) {
505
+
kfree(reply);
506
+
kfree_skb(skb);
507
+
}
573
508
}
574
509
575
510
/*
···
623
534
}
624
535
625
536
static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
626
-
u32 pid, u32 uid, uid_t auid, u32 sid)
537
+
u32 pid, u32 uid, uid_t auid, u32 ses,
538
+
u32 sid)
627
539
{
628
540
int rc = 0;
629
541
char *ctx = NULL;
···
636
546
}
637
547
638
548
*ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
639
-
audit_log_format(*ab, "user pid=%d uid=%u auid=%u",
640
-
pid, uid, auid);
549
+
audit_log_format(*ab, "user pid=%d uid=%u auid=%u ses=%u",
550
+
pid, uid, auid, ses);
641
551
if (sid) {
642
552
rc = security_secid_to_secctx(sid, &ctx, &len);
643
553
if (rc)
···
660
570
struct audit_buffer *ab;
661
571
u16 msg_type = nlh->nlmsg_type;
662
572
uid_t loginuid; /* loginuid of sender */
573
+
u32 sessionid;
663
574
struct audit_sig_info *sig_data;
664
575
char *ctx = NULL;
665
576
u32 len;
···
682
591
pid = NETLINK_CREDS(skb)->pid;
683
592
uid = NETLINK_CREDS(skb)->uid;
684
593
loginuid = NETLINK_CB(skb).loginuid;
594
+
sessionid = NETLINK_CB(skb).sessionid;
685
595
sid = NETLINK_CB(skb).sid;
686
596
seq = nlh->nlmsg_seq;
687
597
data = NLMSG_DATA(nlh);
···
705
613
status_get = (struct audit_status *)data;
706
614
if (status_get->mask & AUDIT_STATUS_ENABLED) {
707
615
err = audit_set_enabled(status_get->enabled,
708
-
loginuid, sid);
616
+
loginuid, sessionid, sid);
709
617
if (err < 0) return err;
710
618
}
711
619
if (status_get->mask & AUDIT_STATUS_FAILURE) {
712
620
err = audit_set_failure(status_get->failure,
713
-
loginuid, sid);
621
+
loginuid, sessionid, sid);
714
622
if (err < 0) return err;
715
623
}
716
624
if (status_get->mask & AUDIT_STATUS_PID) {
···
719
627
if (audit_enabled != AUDIT_OFF)
720
628
audit_log_config_change("audit_pid", new_pid,
721
629
audit_pid, loginuid,
722
-
sid, 1);
630
+
sessionid, sid, 1);
723
631
724
632
audit_pid = new_pid;
725
633
audit_nlk_pid = NETLINK_CB(skb).pid;
726
634
}
727
635
if (status_get->mask & AUDIT_STATUS_RATE_LIMIT)
728
636
err = audit_set_rate_limit(status_get->rate_limit,
729
-
loginuid, sid);
637
+
loginuid, sessionid, sid);
730
638
if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT)
731
639
err = audit_set_backlog_limit(status_get->backlog_limit,
732
-
loginuid, sid);
640
+
loginuid, sessionid, sid);
733
641
break;
734
642
case AUDIT_USER:
735
643
case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG:
···
741
649
if (err == 1) {
742
650
err = 0;
743
651
if (msg_type == AUDIT_USER_TTY) {
744
-
err = audit_prepare_user_tty(pid, loginuid);
652
+
err = audit_prepare_user_tty(pid, loginuid,
653
+
sessionid);
745
654
if (err)
746
655
break;
747
656
}
748
657
audit_log_common_recv_msg(&ab, msg_type, pid, uid,
749
-
loginuid, sid);
658
+
loginuid, sessionid, sid);
750
659
751
660
if (msg_type != AUDIT_USER_TTY)
752
661
audit_log_format(ab, " msg='%.1024s'",
···
757
664
758
665
audit_log_format(ab, " msg=");
759
666
size = nlmsg_len(nlh);
760
-
audit_log_n_untrustedstring(ab, size,
761
-
data);
667
+
audit_log_n_untrustedstring(ab, data, size);
762
668
}
763
669
audit_set_pid(ab, pid);
764
670
audit_log_end(ab);
···
769
677
return -EINVAL;
770
678
if (audit_enabled == AUDIT_LOCKED) {
771
679
audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
772
-
uid, loginuid, sid);
680
+
uid, loginuid, sessionid, sid);
773
681
774
682
audit_log_format(ab, " audit_enabled=%d res=0",
775
683
audit_enabled);
···
780
688
case AUDIT_LIST:
781
689
err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
782
690
uid, seq, data, nlmsg_len(nlh),
783
-
loginuid, sid);
691
+
loginuid, sessionid, sid);
784
692
break;
785
693
case AUDIT_ADD_RULE:
786
694
case AUDIT_DEL_RULE:
···
788
696
return -EINVAL;
789
697
if (audit_enabled == AUDIT_LOCKED) {
790
698
audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
791
-
uid, loginuid, sid);
699
+
uid, loginuid, sessionid, sid);
792
700
793
701
audit_log_format(ab, " audit_enabled=%d res=0",
794
702
audit_enabled);
···
799
707
case AUDIT_LIST_RULES:
800
708
err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
801
709
uid, seq, data, nlmsg_len(nlh),
802
-
loginuid, sid);
710
+
loginuid, sessionid, sid);
803
711
break;
804
712
case AUDIT_TRIM:
805
713
audit_trim_trees();
806
714
807
715
audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
808
-
uid, loginuid, sid);
716
+
uid, loginuid, sessionid, sid);
809
717
810
718
audit_log_format(ab, " op=trim res=1");
811
719
audit_log_end(ab);
···
813
721
case AUDIT_MAKE_EQUIV: {
814
722
void *bufp = data;
815
723
u32 sizes[2];
816
-
size_t len = nlmsg_len(nlh);
724
+
size_t msglen = nlmsg_len(nlh);
817
725
char *old, *new;
818
726
819
727
err = -EINVAL;
820
-
if (len < 2 * sizeof(u32))
728
+
if (msglen < 2 * sizeof(u32))
821
729
break;
822
730
memcpy(sizes, bufp, 2 * sizeof(u32));
823
731
bufp += 2 * sizeof(u32);
824
-
len -= 2 * sizeof(u32);
825
-
old = audit_unpack_string(&bufp, &len, sizes[0]);
732
+
msglen -= 2 * sizeof(u32);
733
+
old = audit_unpack_string(&bufp, &msglen, sizes[0]);
826
734
if (IS_ERR(old)) {
827
735
err = PTR_ERR(old);
828
736
break;
829
737
}
830
-
new = audit_unpack_string(&bufp, &len, sizes[1]);
738
+
new = audit_unpack_string(&bufp, &msglen, sizes[1]);
831
739
if (IS_ERR(new)) {
832
740
err = PTR_ERR(new);
833
741
kfree(old);
···
837
745
err = audit_tag_tree(old, new);
838
746
839
747
audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
840
-
uid, loginuid, sid);
748
+
uid, loginuid, sessionid, sid);
841
749
842
750
audit_log_format(ab, " op=make_equiv old=");
843
751
audit_log_untrustedstring(ab, old);
···
871
779
struct task_struct *tsk;
872
780
873
781
read_lock(&tasklist_lock);
874
-
tsk = find_task_by_pid(pid);
782
+
tsk = find_task_by_vpid(pid);
875
783
if (!tsk)
876
784
err = -ESRCH;
877
785
else {
···
894
802
if (s->enabled != 0 && s->enabled != 1)
895
803
return -EINVAL;
896
804
read_lock(&tasklist_lock);
897
-
tsk = find_task_by_pid(pid);
805
+
tsk = find_task_by_vpid(pid);
898
806
if (!tsk)
899
807
err = -ESRCH;
900
808
else {
···
969
877
audit_sock->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
970
878
971
879
skb_queue_head_init(&audit_skb_queue);
880
+
skb_queue_head_init(&audit_skb_hold_queue);
972
881
audit_initialized = 1;
973
882
audit_enabled = audit_default;
974
883
audit_ever_enabled |= !!audit_default;
···
1292
1199
* This function will take the passed buf and convert it into a string of
1293
1200
* ascii hex digits. The new string is placed onto the skb.
1294
1201
*/
1295
-
void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf,
1202
+
void audit_log_n_hex(struct audit_buffer *ab, const unsigned char *buf,
1296
1203
size_t len)
1297
1204
{
1298
1205
int i, avail, new_len;
···
1328
1235
* Format a string of no more than slen characters into the audit buffer,
1329
1236
* enclosed in quote marks.
1330
1237
*/
1331
-
static void audit_log_n_string(struct audit_buffer *ab, size_t slen,
1332
-
const char *string)
1238
+
void audit_log_n_string(struct audit_buffer *ab, const char *string,
1239
+
size_t slen)
1333
1240
{
1334
1241
int avail, new_len;
1335
1242
unsigned char *ptr;
···
1385
1292
* The caller specifies the number of characters in the string to log, which may
1386
1293
* or may not be the entire string.
1387
1294
*/
1388
-
void audit_log_n_untrustedstring(struct audit_buffer *ab, size_t len,
1389
-
const char *string)
1295
+
void audit_log_n_untrustedstring(struct audit_buffer *ab, const char *string,
1296
+
size_t len)
1390
1297
{
1391
1298
if (audit_string_contains_control(string, len))
1392
-
audit_log_hex(ab, string, len);
1299
+
audit_log_n_hex(ab, string, len);
1393
1300
else
1394
-
audit_log_n_string(ab, len, string);
1301
+
audit_log_n_string(ab, string, len);
1395
1302
}
1396
1303
1397
1304
/**
···
1404
1311
*/
1405
1312
void audit_log_untrustedstring(struct audit_buffer *ab, const char *string)
1406
1313
{
1407
-
audit_log_n_untrustedstring(ab, strlen(string), string);
1314
+
audit_log_n_untrustedstring(ab, string, strlen(string));
1408
1315
}
1409
1316
1410
1317
/* This is a helper-function to print the escaped d_path */
···
1448
1355
audit_log_lost("rate limit exceeded");
1449
1356
} else {
1450
1357
struct nlmsghdr *nlh = nlmsg_hdr(ab->skb);
1358
+
nlh->nlmsg_len = ab->skb->len - NLMSG_SPACE(0);
1359
+
1451
1360
if (audit_pid) {
1452
-
nlh->nlmsg_len = ab->skb->len - NLMSG_SPACE(0);
1453
1361
skb_queue_tail(&audit_skb_queue, ab->skb);
1454
-
ab->skb = NULL;
1455
1362
wake_up_interruptible(&kauditd_wait);
1456
-
} else if (nlh->nlmsg_type != AUDIT_EOE) {
1457
-
if (printk_ratelimit()) {
1458
-
printk(KERN_NOTICE "type=%d %s\n",
1459
-
nlh->nlmsg_type,
1460
-
ab->skb->data + NLMSG_SPACE(0));
1461
-
} else
1462
-
audit_log_lost("printk limit exceeded\n");
1363
+
} else {
1364
+
if (nlh->nlmsg_type != AUDIT_EOE) {
1365
+
if (printk_ratelimit()) {
1366
+
printk(KERN_NOTICE "type=%d %s\n",
1367
+
nlh->nlmsg_type,
1368
+
ab->skb->data + NLMSG_SPACE(0));
1369
+
} else
1370
+
audit_log_lost("printk limit exceeded\n");
1371
+
}
1372
+
audit_hold_skb(ab->skb);
1463
1373
}
1374
+
ab->skb = NULL;
1464
1375
}
1465
1376
audit_buffer_free(ab);
1466
1377
}
+13
kernel/audit.h
+13
kernel/audit.h
···
74
74
struct audit_krule rule;
75
75
};
76
76
77
+
#ifdef CONFIG_AUDIT
78
+
extern int audit_enabled;
79
+
extern int audit_ever_enabled;
80
+
#endif
81
+
77
82
extern int audit_pid;
78
83
79
84
#define AUDIT_INODE_BUCKETS 32
···
109
104
int audit_send_list(void *);
110
105
111
106
struct inotify_watch;
107
+
/* Inotify handle */
108
+
extern struct inotify_handle *audit_ih;
109
+
112
110
extern void audit_free_parent(struct inotify_watch *);
113
111
extern void audit_handle_ievent(struct inotify_watch *, u32, u32, u32,
114
112
const char *, struct inode *);
···
119
111
120
112
extern struct mutex audit_filter_mutex;
121
113
extern void audit_free_rule_rcu(struct rcu_head *);
114
+
extern struct list_head audit_filter_list[];
122
115
123
116
#ifdef CONFIG_AUDIT_TREE
124
117
extern struct audit_chunk *audit_tree_lookup(const struct inode *);
···
145
136
#endif
146
137
147
138
extern char *audit_unpack_string(void **, size_t *, size_t);
139
+
140
+
extern pid_t audit_sig_pid;
141
+
extern uid_t audit_sig_uid;
142
+
extern u32 audit_sig_sid;
148
143
149
144
#ifdef CONFIG_AUDITSYSCALL
150
145
extern int __audit_signal_info(int sig, struct task_struct *t);
+25
-20
kernel/auditfilter.c
+25
-20
kernel/auditfilter.c
···
89
89
90
90
DEFINE_MUTEX(audit_filter_mutex);
91
91
92
-
/* Inotify handle */
93
-
extern struct inotify_handle *audit_ih;
94
-
95
92
/* Inotify events we care about. */
96
93
#define AUDIT_IN_WATCH IN_MOVE|IN_CREATE|IN_DELETE|IN_DELETE_SELF|IN_MOVE_SELF
97
-
98
-
extern int audit_enabled;
99
94
100
95
void audit_free_parent(struct inotify_watch *i_watch)
101
96
{
···
417
422
static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule)
418
423
{
419
424
struct audit_entry *entry;
420
-
struct audit_field *f;
425
+
struct audit_field *ino_f;
421
426
int err = 0;
422
427
int i;
423
428
···
478
483
if (f->val & ~15)
479
484
goto exit_free;
480
485
break;
486
+
case AUDIT_FILETYPE:
487
+
if ((f->val & ~S_IFMT) > S_IFMT)
488
+
goto exit_free;
489
+
break;
481
490
case AUDIT_INODE:
482
491
err = audit_to_inode(&entry->rule, f);
483
492
if (err)
···
503
504
}
504
505
}
505
506
506
-
f = entry->rule.inode_f;
507
-
if (f) {
508
-
switch(f->op) {
507
+
ino_f = entry->rule.inode_f;
508
+
if (ino_f) {
509
+
switch(ino_f->op) {
509
510
case AUDIT_NOT_EQUAL:
510
511
entry->rule.inode_f = NULL;
511
512
case AUDIT_EQUAL:
···
530
531
{
531
532
int err = 0;
532
533
struct audit_entry *entry;
533
-
struct audit_field *f;
534
+
struct audit_field *ino_f;
534
535
void *bufp;
535
536
size_t remain = datasz - sizeof(struct audit_rule_data);
536
537
int i;
···
653
654
if (f->val & ~15)
654
655
goto exit_free;
655
656
break;
657
+
case AUDIT_FILETYPE:
658
+
if ((f->val & ~S_IFMT) > S_IFMT)
659
+
goto exit_free;
660
+
break;
656
661
default:
657
662
goto exit_free;
658
663
}
659
664
}
660
665
661
-
f = entry->rule.inode_f;
662
-
if (f) {
663
-
switch(f->op) {
666
+
ino_f = entry->rule.inode_f;
667
+
if (ino_f) {
668
+
switch(ino_f->op) {
664
669
case AUDIT_NOT_EQUAL:
665
670
entry->rule.inode_f = NULL;
666
671
case AUDIT_EQUAL:
···
1503
1500
}
1504
1501
1505
1502
/* Log rule additions and removals */
1506
-
static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action,
1507
-
struct audit_krule *rule, int res)
1503
+
static void audit_log_rule_change(uid_t loginuid, u32 sessionid, u32 sid,
1504
+
char *action, struct audit_krule *rule,
1505
+
int res)
1508
1506
{
1509
1507
struct audit_buffer *ab;
1510
1508
···
1515
1511
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
1516
1512
if (!ab)
1517
1513
return;
1518
-
audit_log_format(ab, "auid=%u", loginuid);
1514
+
audit_log_format(ab, "auid=%u ses=%u", loginuid, sessionid);
1519
1515
if (sid) {
1520
1516
char *ctx = NULL;
1521
1517
u32 len;
···
1547
1543
* @sid: SE Linux Security ID of sender
1548
1544
*/
1549
1545
int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
1550
-
size_t datasz, uid_t loginuid, u32 sid)
1546
+
size_t datasz, uid_t loginuid, u32 sessionid, u32 sid)
1551
1547
{
1552
1548
struct task_struct *tsk;
1553
1549
struct audit_netlink_list *dest;
···
1594
1590
1595
1591
err = audit_add_rule(entry,
1596
1592
&audit_filter_list[entry->rule.listnr]);
1597
-
audit_log_rule_change(loginuid, sid, "add", &entry->rule, !err);
1593
+
audit_log_rule_change(loginuid, sessionid, sid, "add",
1594
+
&entry->rule, !err);
1598
1595
1599
1596
if (err)
1600
1597
audit_free_rule(entry);
···
1611
1606
1612
1607
err = audit_del_rule(entry,
1613
1608
&audit_filter_list[entry->rule.listnr]);
1614
-
audit_log_rule_change(loginuid, sid, "remove", &entry->rule,
1615
-
!err);
1609
+
audit_log_rule_change(loginuid, sessionid, sid, "remove",
1610
+
&entry->rule, !err);
1616
1611
1617
1612
audit_free_rule(entry);
1618
1613
break;
+24
-16
kernel/auditsc.c
+24
-16
kernel/auditsc.c
···
68
68
69
69
#include "audit.h"
70
70
71
-
extern struct list_head audit_filter_list[];
72
-
extern int audit_ever_enabled;
73
-
74
71
/* AUDIT_NAMES is the number of slots we reserve in the audit_context
75
72
* for saving names from getname(). */
76
73
#define AUDIT_NAMES 20
···
278
281
default:
279
282
return 0;
280
283
}
284
+
}
285
+
286
+
static int audit_match_filetype(struct audit_context *ctx, int which)
287
+
{
288
+
unsigned index = which & ~S_IFMT;
289
+
mode_t mode = which & S_IFMT;
290
+
if (index >= ctx->name_count)
291
+
return 0;
292
+
if (ctx->names[index].ino == -1)
293
+
return 0;
294
+
if ((ctx->names[index].mode ^ mode) & S_IFMT)
295
+
return 0;
296
+
return 1;
281
297
}
282
298
283
299
/*
···
601
591
break;
602
592
case AUDIT_PERM:
603
593
result = audit_match_perm(ctx, f->val);
594
+
break;
595
+
case AUDIT_FILETYPE:
596
+
result = audit_match_filetype(ctx, f->val);
604
597
break;
605
598
}
606
599
···
1108
1095
audit_log_format(*ab, "[%d]", i);
1109
1096
audit_log_format(*ab, "=");
1110
1097
if (has_cntl)
1111
-
audit_log_hex(*ab, buf, to_send);
1098
+
audit_log_n_hex(*ab, buf, to_send);
1112
1099
else
1113
1100
audit_log_format(*ab, "\"%s\"", buf);
1114
1101
audit_log_format(*ab, "\n");
···
1309
1296
break; }
1310
1297
1311
1298
case AUDIT_SOCKETCALL: {
1312
-
int i;
1313
1299
struct audit_aux_data_socketcall *axs = (void *)aux;
1314
1300
audit_log_format(ab, "nargs=%d", axs->nargs);
1315
1301
for (i=0; i<axs->nargs; i++)
···
1319
1307
struct audit_aux_data_sockaddr *axs = (void *)aux;
1320
1308
1321
1309
audit_log_format(ab, "saddr=");
1322
-
audit_log_hex(ab, axs->a, axs->len);
1310
+
audit_log_n_hex(ab, axs->a, axs->len);
1323
1311
break; }
1324
1312
1325
1313
case AUDIT_FD_PAIR: {
···
1333
1321
1334
1322
for (aux = context->aux_pids; aux; aux = aux->next) {
1335
1323
struct audit_aux_data_pids *axs = (void *)aux;
1336
-
int i;
1337
1324
1338
1325
for (i = 0; i < axs->pid_count; i++)
1339
1326
if (audit_log_pid_context(context, axs->target_pid[i],
···
1382
1371
default:
1383
1372
/* log the name's directory component */
1384
1373
audit_log_format(ab, " name=");
1385
-
audit_log_n_untrustedstring(ab, n->name_len,
1386
-
n->name);
1374
+
audit_log_n_untrustedstring(ab, n->name,
1375
+
n->name_len);
1387
1376
}
1388
1377
} else
1389
1378
audit_log_format(ab, " name=(null)");
···
1607
1596
if (likely(put_tree_ref(context, chunk)))
1608
1597
return;
1609
1598
if (unlikely(!grow_tree_refs(context))) {
1610
-
printk(KERN_WARNING "out of memory, audit has lost a tree reference");
1599
+
printk(KERN_WARNING "out of memory, audit has lost a tree reference\n");
1611
1600
audit_set_auditable(context);
1612
1601
audit_put_chunk(chunk);
1613
1602
unroll_tree_refs(context, p, count);
···
1667
1656
}
1668
1657
/* too bad */
1669
1658
printk(KERN_WARNING
1670
-
"out of memory, audit has lost a tree reference");
1659
+
"out of memory, audit has lost a tree reference\n");
1671
1660
unroll_tree_refs(context, p, count);
1672
1661
audit_set_auditable(context);
1673
1662
return;
···
1763
1752
if (context->name_count >= AUDIT_NAMES) {
1764
1753
if (inode)
1765
1754
printk(KERN_DEBUG "name_count maxed, losing inode data: "
1766
-
"dev=%02x:%02x, inode=%lu",
1755
+
"dev=%02x:%02x, inode=%lu\n",
1767
1756
MAJOR(inode->i_sb->s_dev),
1768
1757
MINOR(inode->i_sb->s_dev),
1769
1758
inode->i_ino);
1770
1759
1771
1760
else
1772
-
printk(KERN_DEBUG "name_count maxed, losing inode data");
1761
+
printk(KERN_DEBUG "name_count maxed, losing inode data\n");
1773
1762
return 1;
1774
1763
}
1775
1764
context->name_count++;
···
2372
2361
struct audit_aux_data_pids *axp;
2373
2362
struct task_struct *tsk = current;
2374
2363
struct audit_context *ctx = tsk->audit_context;
2375
-
extern pid_t audit_sig_pid;
2376
-
extern uid_t audit_sig_uid;
2377
-
extern u32 audit_sig_sid;
2378
2364
2379
2365
if (audit_pid && t->tgid == audit_pid) {
2380
2366
if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1) {
+12
-5
net/key/af_key.c
+12
-5
net/key/af_key.c
···
1498
1498
err = xfrm_state_update(x);
1499
1499
1500
1500
xfrm_audit_state_add(x, err ? 0 : 1,
1501
-
audit_get_loginuid(current), 0);
1501
+
audit_get_loginuid(current),
1502
+
audit_get_sessionid(current), 0);
1502
1503
1503
1504
if (err < 0) {
1504
1505
x->km.state = XFRM_STATE_DEAD;
···
1553
1552
km_state_notify(x, &c);
1554
1553
out:
1555
1554
xfrm_audit_state_delete(x, err ? 0 : 1,
1556
-
audit_get_loginuid(current), 0);
1555
+
audit_get_loginuid(current),
1556
+
audit_get_sessionid(current), 0);
1557
1557
xfrm_state_put(x);
1558
1558
1559
1559
return err;
···
1730
1728
return -EINVAL;
1731
1729
1732
1730
audit_info.loginuid = audit_get_loginuid(current);
1731
+
audit_info.sessionid = audit_get_sessionid(current);
1733
1732
audit_info.secid = 0;
1734
1733
err = xfrm_state_flush(proto, &audit_info);
1735
1734
if (err)
···
2327
2324
hdr->sadb_msg_type != SADB_X_SPDUPDATE);
2328
2325
2329
2326
xfrm_audit_policy_add(xp, err ? 0 : 1,
2330
-
audit_get_loginuid(current), 0);
2327
+
audit_get_loginuid(current),
2328
+
audit_get_sessionid(current), 0);
2331
2329
2332
2330
if (err)
2333
2331
goto out;
···
2410
2406
return -ENOENT;
2411
2407
2412
2408
xfrm_audit_policy_delete(xp, err ? 0 : 1,
2413
-
audit_get_loginuid(current), 0);
2409
+
audit_get_loginuid(current),
2410
+
audit_get_sessionid(current), 0);
2414
2411
2415
2412
if (err)
2416
2413
goto out;
···
2672
2667
2673
2668
if (delete) {
2674
2669
xfrm_audit_policy_delete(xp, err ? 0 : 1,
2675
-
audit_get_loginuid(current), 0);
2670
+
audit_get_loginuid(current),
2671
+
audit_get_sessionid(current), 0);
2676
2672
2677
2673
if (err)
2678
2674
goto out;
···
2773
2767
int err;
2774
2768
2775
2769
audit_info.loginuid = audit_get_loginuid(current);
2770
+
audit_info.sessionid = audit_get_sessionid(current);
2776
2771
audit_info.secid = 0;
2777
2772
err = xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info);
2778
2773
if (err)
+1
net/netlabel/netlabel_unlabeled.c
+1
net/netlabel/netlabel_unlabeled.c
+3
-1
net/netlabel/netlabel_user.c
+3
-1
net/netlabel/netlabel_user.c
···
107
107
if (audit_buf == NULL)
108
108
return NULL;
109
109
110
-
audit_log_format(audit_buf, "netlabel: auid=%u", audit_info->loginuid);
110
+
audit_log_format(audit_buf, "netlabel: auid=%u ses=%u",
111
+
audit_info->loginuid,
112
+
audit_info->sessionid);
111
113
112
114
if (audit_info->secid != 0 &&
113
115
security_secid_to_secctx(audit_info->secid,
+1
net/netlabel/netlabel_user.h
+1
net/netlabel/netlabel_user.h
+1
net/netlink/af_netlink.c
+1
net/netlink/af_netlink.c
···
1248
1248
NETLINK_CB(skb).pid = nlk->pid;
1249
1249
NETLINK_CB(skb).dst_group = dst_group;
1250
1250
NETLINK_CB(skb).loginuid = audit_get_loginuid(current);
1251
+
NETLINK_CB(skb).sessionid = audit_get_sessionid(current);
1251
1252
security_task_getsecid(current, &(NETLINK_CB(skb).sid));
1252
1253
memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
1253
1254
+8
-4
net/xfrm/xfrm_policy.c
+8
-4
net/xfrm/xfrm_policy.c
···
762
762
if (err) {
763
763
xfrm_audit_policy_delete(pol, 0,
764
764
audit_info->loginuid,
765
+
audit_info->sessionid,
765
766
audit_info->secid);
766
767
return err;
767
768
}
···
778
777
if (err) {
779
778
xfrm_audit_policy_delete(pol, 0,
780
779
audit_info->loginuid,
780
+
audit_info->sessionid,
781
781
audit_info->secid);
782
782
return err;
783
783
}
···
821
819
write_unlock_bh(&xfrm_policy_lock);
822
820
823
821
xfrm_audit_policy_delete(pol, 1, audit_info->loginuid,
822
+
audit_info->sessionid,
824
823
audit_info->secid);
825
824
826
825
xfrm_policy_kill(pol);
···
844
841
845
842
xfrm_audit_policy_delete(pol, 1,
846
843
audit_info->loginuid,
844
+
audit_info->sessionid,
847
845
audit_info->secid);
848
846
xfrm_policy_kill(pol);
849
847
killed++;
···
2476
2472
}
2477
2473
2478
2474
void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
2479
-
u32 auid, u32 secid)
2475
+
uid_t auid, u32 sessionid, u32 secid)
2480
2476
{
2481
2477
struct audit_buffer *audit_buf;
2482
2478
2483
2479
audit_buf = xfrm_audit_start("SPD-add");
2484
2480
if (audit_buf == NULL)
2485
2481
return;
2486
-
xfrm_audit_helper_usrinfo(auid, secid, audit_buf);
2482
+
xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2487
2483
audit_log_format(audit_buf, " res=%u", result);
2488
2484
xfrm_audit_common_policyinfo(xp, audit_buf);
2489
2485
audit_log_end(audit_buf);
···
2491
2487
EXPORT_SYMBOL_GPL(xfrm_audit_policy_add);
2492
2488
2493
2489
void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
2494
-
u32 auid, u32 secid)
2490
+
uid_t auid, u32 sessionid, u32 secid)
2495
2491
{
2496
2492
struct audit_buffer *audit_buf;
2497
2493
2498
2494
audit_buf = xfrm_audit_start("SPD-delete");
2499
2495
if (audit_buf == NULL)
2500
2496
return;
2501
-
xfrm_audit_helper_usrinfo(auid, secid, audit_buf);
2497
+
xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2502
2498
audit_log_format(audit_buf, " res=%u", result);
2503
2499
xfrm_audit_common_policyinfo(xp, audit_buf);
2504
2500
audit_log_end(audit_buf);
+8
-5
net/xfrm/xfrm_state.c
+8
-5
net/xfrm/xfrm_state.c
···
496
496
km_state_expired(x, 1, 0);
497
497
498
498
xfrm_audit_state_delete(x, err ? 0 : 1,
499
-
audit_get_loginuid(current), 0);
499
+
audit_get_loginuid(current),
500
+
audit_get_sessionid(current), 0);
500
501
501
502
out:
502
503
spin_unlock(&x->lock);
···
604
603
(err = security_xfrm_state_delete(x)) != 0) {
605
604
xfrm_audit_state_delete(x, 0,
606
605
audit_info->loginuid,
606
+
audit_info->sessionid,
607
607
audit_info->secid);
608
608
return err;
609
609
}
···
643
641
err = xfrm_state_delete(x);
644
642
xfrm_audit_state_delete(x, err ? 0 : 1,
645
643
audit_info->loginuid,
644
+
audit_info->sessionid,
646
645
audit_info->secid);
647
646
xfrm_state_put(x);
648
647
···
2126
2123
}
2127
2124
2128
2125
void xfrm_audit_state_add(struct xfrm_state *x, int result,
2129
-
u32 auid, u32 secid)
2126
+
uid_t auid, u32 sessionid, u32 secid)
2130
2127
{
2131
2128
struct audit_buffer *audit_buf;
2132
2129
2133
2130
audit_buf = xfrm_audit_start("SAD-add");
2134
2131
if (audit_buf == NULL)
2135
2132
return;
2136
-
xfrm_audit_helper_usrinfo(auid, secid, audit_buf);
2133
+
xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2137
2134
xfrm_audit_helper_sainfo(x, audit_buf);
2138
2135
audit_log_format(audit_buf, " res=%u", result);
2139
2136
audit_log_end(audit_buf);
···
2141
2138
EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2142
2139
2143
2140
void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2144
-
u32 auid, u32 secid)
2141
+
uid_t auid, u32 sessionid, u32 secid)
2145
2142
{
2146
2143
struct audit_buffer *audit_buf;
2147
2144
2148
2145
audit_buf = xfrm_audit_start("SAD-delete");
2149
2146
if (audit_buf == NULL)
2150
2147
return;
2151
-
xfrm_audit_helper_usrinfo(auid, secid, audit_buf);
2148
+
xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2152
2149
xfrm_audit_helper_sainfo(x, audit_buf);
2153
2150
audit_log_format(audit_buf, " res=%u", result);
2154
2151
audit_log_end(audit_buf);
+28
-13
net/xfrm/xfrm_user.c
+28
-13
net/xfrm/xfrm_user.c
···
407
407
struct xfrm_state *x;
408
408
int err;
409
409
struct km_event c;
410
+
uid_t loginuid = NETLINK_CB(skb).loginuid;
411
+
u32 sessionid = NETLINK_CB(skb).sessionid;
412
+
u32 sid = NETLINK_CB(skb).sid;
410
413
411
414
err = verify_newsa_info(p, attrs);
412
415
if (err)
···
425
422
else
426
423
err = xfrm_state_update(x);
427
424
428
-
xfrm_audit_state_add(x, err ? 0 : 1, NETLINK_CB(skb).loginuid,
429
-
NETLINK_CB(skb).sid);
425
+
xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid, sid);
430
426
431
427
if (err < 0) {
432
428
x->km.state = XFRM_STATE_DEAD;
···
480
478
int err = -ESRCH;
481
479
struct km_event c;
482
480
struct xfrm_usersa_id *p = nlmsg_data(nlh);
481
+
uid_t loginuid = NETLINK_CB(skb).loginuid;
482
+
u32 sessionid = NETLINK_CB(skb).sessionid;
483
+
u32 sid = NETLINK_CB(skb).sid;
483
484
484
485
x = xfrm_user_state_lookup(p, attrs, &err);
485
486
if (x == NULL)
···
507
502
km_state_notify(x, &c);
508
503
509
504
out:
510
-
xfrm_audit_state_delete(x, err ? 0 : 1, NETLINK_CB(skb).loginuid,
511
-
NETLINK_CB(skb).sid);
505
+
xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid, sid);
512
506
xfrm_state_put(x);
513
507
return err;
514
508
}
···
1127
1123
struct km_event c;
1128
1124
int err;
1129
1125
int excl;
1126
+
uid_t loginuid = NETLINK_CB(skb).loginuid;
1127
+
u32 sessionid = NETLINK_CB(skb).sessionid;
1128
+
u32 sid = NETLINK_CB(skb).sid;
1130
1129
1131
1130
err = verify_newpolicy_info(p);
1132
1131
if (err)
···
1148
1141
* a type XFRM_MSG_UPDPOLICY - JHS */
1149
1142
excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY;
1150
1143
err = xfrm_policy_insert(p->dir, xp, excl);
1151
-
xfrm_audit_policy_add(xp, err ? 0 : 1, NETLINK_CB(skb).loginuid,
1152
-
NETLINK_CB(skb).sid);
1144
+
xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid, sid);
1153
1145
1154
1146
if (err) {
1155
1147
security_xfrm_policy_free(xp->security);
···
1377
1371
NETLINK_CB(skb).pid);
1378
1372
}
1379
1373
} else {
1380
-
xfrm_audit_policy_delete(xp, err ? 0 : 1,
1381
-
NETLINK_CB(skb).loginuid,
1382
-
NETLINK_CB(skb).sid);
1374
+
uid_t loginuid = NETLINK_CB(skb).loginuid;
1375
+
u32 sessionid = NETLINK_CB(skb).sessionid;
1376
+
u32 sid = NETLINK_CB(skb).sid;
1377
+
1378
+
xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid,
1379
+
sid);
1383
1380
1384
1381
if (err != 0)
1385
1382
goto out;
···
1408
1399
int err;
1409
1400
1410
1401
audit_info.loginuid = NETLINK_CB(skb).loginuid;
1402
+
audit_info.sessionid = NETLINK_CB(skb).sessionid;
1411
1403
audit_info.secid = NETLINK_CB(skb).sid;
1412
1404
err = xfrm_state_flush(p->proto, &audit_info);
1413
1405
if (err)
···
1556
1546
return err;
1557
1547
1558
1548
audit_info.loginuid = NETLINK_CB(skb).loginuid;
1549
+
audit_info.sessionid = NETLINK_CB(skb).sessionid;
1559
1550
audit_info.secid = NETLINK_CB(skb).sid;
1560
1551
err = xfrm_policy_flush(type, &audit_info);
1561
1552
if (err)
···
1615
1604
read_unlock(&xp->lock);
1616
1605
err = 0;
1617
1606
if (up->hard) {
1607
+
uid_t loginuid = NETLINK_CB(skb).loginuid;
1608
+
uid_t sessionid = NETLINK_CB(skb).sessionid;
1609
+
u32 sid = NETLINK_CB(skb).sid;
1618
1610
xfrm_policy_delete(xp, p->dir);
1619
-
xfrm_audit_policy_delete(xp, 1, NETLINK_CB(skb).loginuid,
1620
-
NETLINK_CB(skb).sid);
1611
+
xfrm_audit_policy_delete(xp, 1, loginuid, sessionid, sid);
1621
1612
1622
1613
} else {
1623
1614
// reset the timers here?
···
1653
1640
km_state_expired(x, ue->hard, current->pid);
1654
1641
1655
1642
if (ue->hard) {
1643
+
uid_t loginuid = NETLINK_CB(skb).loginuid;
1644
+
uid_t sessionid = NETLINK_CB(skb).sessionid;
1645
+
u32 sid = NETLINK_CB(skb).sid;
1656
1646
__xfrm_state_delete(x);
1657
-
xfrm_audit_state_delete(x, 1, NETLINK_CB(skb).loginuid,
1658
-
NETLINK_CB(skb).sid);
1647
+
xfrm_audit_state_delete(x, 1, loginuid, sessionid, sid);
1659
1648
}
1660
1649
err = 0;
1661
1650
out:
+1
-1
security/selinux/avc.c
+1
-1
security/selinux/avc.c
+2
security/smack/smackfs.c
+2
security/smack/smackfs.c
···
324
324
struct netlbl_audit audit_info;
325
325
326
326
audit_info.loginuid = audit_get_loginuid(current);
327
+
audit_info.sessionid = audit_get_sessionid(current);
327
328
audit_info.secid = smack_to_secid(current->security);
328
329
329
330
rc = netlbl_cfg_map_del(NULL, &audit_info);
···
357
356
struct netlbl_audit audit_info;
358
357
359
358
audit_info.loginuid = audit_get_loginuid(current);
359
+
audit_info.sessionid = audit_get_sessionid(current);
360
360
audit_info.secid = smack_to_secid(current->security);
361
361
362
362
if (oldambient != NULL) {