mirror of
https://github.com/torvalds/linux.git
synced 2025-11-04 02:30:34 +02:00
audit: export audit_log_task_info
At the suggestion of eparis@redhat.com, move this chunk of task logging from audit_log_exit to audit_log_task_info and export this function so it's usuable elsewhere in the kernel. This patch is against git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity#next-ima-appraisal Changelog v2: - add empty audit_log_task_info if CONFIG_AUDITSYSCALL isn't set. Changelog v1: - Initial post. Signed-off-by: Peter Moody <pmoody@google.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
Peter Moody
Mimi Zohar
parent
a40695edad
commit
e23eb920b0
2 changed files with 36 additions and 40 deletions
|
|
@ -529,6 +529,7 @@ extern int audit_set_loginuid(uid_t loginuid);
|
||||||
#define audit_get_loginuid(t) ((t)->loginuid)
|
#define audit_get_loginuid(t) ((t)->loginuid)
|
||||||
#define audit_get_sessionid(t) ((t)->sessionid)
|
#define audit_get_sessionid(t) ((t)->sessionid)
|
||||||
extern void audit_log_task_context(struct audit_buffer *ab);
|
extern void audit_log_task_context(struct audit_buffer *ab);
|
||||||
|
extern void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk);
|
||||||
extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
|
extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
|
||||||
extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
|
extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
|
||||||
extern int __audit_bprm(struct linux_binprm *bprm);
|
extern int __audit_bprm(struct linux_binprm *bprm);
|
||||||
|
|
@ -640,6 +641,7 @@ extern int audit_signals;
|
||||||
#define audit_get_loginuid(t) (-1)
|
#define audit_get_loginuid(t) (-1)
|
||||||
#define audit_get_sessionid(t) (-1)
|
#define audit_get_sessionid(t) (-1)
|
||||||
#define audit_log_task_context(b) do { ; } while (0)
|
#define audit_log_task_context(b) do { ; } while (0)
|
||||||
|
#define audit_log_task_info(b, t) do { ; } while (0)
|
||||||
#define audit_ipc_obj(i) ((void)0)
|
#define audit_ipc_obj(i) ((void)0)
|
||||||
#define audit_ipc_set_perm(q,u,g,m) ((void)0)
|
#define audit_ipc_set_perm(q,u,g,m) ((void)0)
|
||||||
#define audit_bprm(p) ({ 0; })
|
#define audit_bprm(p) ({ 0; })
|
||||||
|
|
|
||||||
|
|
@ -1154,13 +1154,38 @@ void audit_log_task_context(struct audit_buffer *ab)
|
||||||
|
|
||||||
EXPORT_SYMBOL(audit_log_task_context);
|
EXPORT_SYMBOL(audit_log_task_context);
|
||||||
|
|
||||||
static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
|
void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
|
||||||
{
|
{
|
||||||
|
const struct cred *cred;
|
||||||
char name[sizeof(tsk->comm)];
|
char name[sizeof(tsk->comm)];
|
||||||
struct mm_struct *mm = tsk->mm;
|
struct mm_struct *mm = tsk->mm;
|
||||||
struct vm_area_struct *vma;
|
struct vm_area_struct *vma;
|
||||||
|
char *tty;
|
||||||
|
|
||||||
|
if (!ab)
|
||||||
|
return;
|
||||||
|
|
||||||
/* tsk == current */
|
/* tsk == current */
|
||||||
|
cred = current_cred();
|
||||||
|
|
||||||
|
spin_lock_irq(&tsk->sighand->siglock);
|
||||||
|
if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
|
||||||
|
tty = tsk->signal->tty->name;
|
||||||
|
else
|
||||||
|
tty = "(none)";
|
||||||
|
spin_unlock_irq(&tsk->sighand->siglock);
|
||||||
|
|
||||||
|
|
||||||
|
audit_log_format(ab,
|
||||||
|
" ppid=%ld pid=%d auid=%u uid=%u gid=%u"
|
||||||
|
" euid=%u suid=%u fsuid=%u"
|
||||||
|
" egid=%u sgid=%u fsgid=%u ses=%u tty=%s",
|
||||||
|
sys_getppid(),
|
||||||
|
tsk->pid,
|
||||||
|
tsk->loginuid, cred->uid, cred->gid,
|
||||||
|
cred->euid, cred->suid, cred->fsuid,
|
||||||
|
cred->egid, cred->sgid, cred->fsgid,
|
||||||
|
tsk->sessionid, tty);
|
||||||
|
|
||||||
get_task_comm(name, tsk);
|
get_task_comm(name, tsk);
|
||||||
audit_log_format(ab, " comm=");
|
audit_log_format(ab, " comm=");
|
||||||
|
|
@ -1183,6 +1208,8 @@ static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk
|
||||||
audit_log_task_context(ab);
|
audit_log_task_context(ab);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
EXPORT_SYMBOL(audit_log_task_info);
|
||||||
|
|
||||||
static int audit_log_pid_context(struct audit_context *context, pid_t pid,
|
static int audit_log_pid_context(struct audit_context *context, pid_t pid,
|
||||||
uid_t auid, uid_t uid, unsigned int sessionid,
|
uid_t auid, uid_t uid, unsigned int sessionid,
|
||||||
u32 sid, char *comm)
|
u32 sid, char *comm)
|
||||||
|
|
@ -1585,26 +1612,12 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
|
||||||
|
|
||||||
static void audit_log_exit(struct audit_context *context, struct task_struct *tsk)
|
static void audit_log_exit(struct audit_context *context, struct task_struct *tsk)
|
||||||
{
|
{
|
||||||
const struct cred *cred;
|
|
||||||
int i, call_panic = 0;
|
int i, call_panic = 0;
|
||||||
struct audit_buffer *ab;
|
struct audit_buffer *ab;
|
||||||
struct audit_aux_data *aux;
|
struct audit_aux_data *aux;
|
||||||
const char *tty;
|
|
||||||
struct audit_names *n;
|
struct audit_names *n;
|
||||||
|
|
||||||
/* tsk == current */
|
/* tsk == current */
|
||||||
context->pid = tsk->pid;
|
|
||||||
if (!context->ppid)
|
|
||||||
context->ppid = sys_getppid();
|
|
||||||
cred = current_cred();
|
|
||||||
context->uid = cred->uid;
|
|
||||||
context->gid = cred->gid;
|
|
||||||
context->euid = cred->euid;
|
|
||||||
context->suid = cred->suid;
|
|
||||||
context->fsuid = cred->fsuid;
|
|
||||||
context->egid = cred->egid;
|
|
||||||
context->sgid = cred->sgid;
|
|
||||||
context->fsgid = cred->fsgid;
|
|
||||||
context->personality = tsk->personality;
|
context->personality = tsk->personality;
|
||||||
|
|
||||||
ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL);
|
ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL);
|
||||||
|
|
@ -1619,32 +1632,13 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
|
||||||
(context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
|
(context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
|
||||||
context->return_code);
|
context->return_code);
|
||||||
|
|
||||||
spin_lock_irq(&tsk->sighand->siglock);
|
|
||||||
if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
|
|
||||||
tty = tsk->signal->tty->name;
|
|
||||||
else
|
|
||||||
tty = "(none)";
|
|
||||||
spin_unlock_irq(&tsk->sighand->siglock);
|
|
||||||
|
|
||||||
audit_log_format(ab,
|
audit_log_format(ab,
|
||||||
" a0=%lx a1=%lx a2=%lx a3=%lx items=%d"
|
" a0=%lx a1=%lx a2=%lx a3=%lx items=%d",
|
||||||
" ppid=%d pid=%d auid=%u uid=%u gid=%u"
|
context->argv[0],
|
||||||
" euid=%u suid=%u fsuid=%u"
|
context->argv[1],
|
||||||
" egid=%u sgid=%u fsgid=%u tty=%s ses=%u",
|
context->argv[2],
|
||||||
context->argv[0],
|
context->argv[3],
|
||||||
context->argv[1],
|
context->name_count);
|
||||||
context->argv[2],
|
|
||||||
context->argv[3],
|
|
||||||
context->name_count,
|
|
||||||
context->ppid,
|
|
||||||
context->pid,
|
|
||||||
tsk->loginuid,
|
|
||||||
context->uid,
|
|
||||||
context->gid,
|
|
||||||
context->euid, context->suid, context->fsuid,
|
|
||||||
context->egid, context->sgid, context->fsgid, tty,
|
|
||||||
tsk->sessionid);
|
|
||||||
|
|
||||||
|
|
||||||
audit_log_task_info(ab, tsk);
|
audit_log_task_info(ab, tsk);
|
||||||
audit_log_key(ab, context->filterkey);
|
audit_log_key(ab, context->filterkey);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue