|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
Aside from whitespace/linewrap issues..
Acked-by: Eric Paris <eparis@xxxxxxxxxx>
I'm fine with this patch going through the security tree rather than
through my usual audit trees
-Eric
On Thu, Jun 7, 2012 at 3:03 PM, Peter Moody <pmoody@xxxxxxxxxx> wrote:
> At the suggestion of eparis@xxxxxxxxxx, move this chunk of task
> logging from audit_log_exit to audit_log_task_info and export this
> function so it's usuable elsewhere in the kernel.
>
> This patch is against
> git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity#next-ima-appraisal
>
> Signed-off-by: Peter Moody <pmoody@xxxxxxxxxx>
> ---
> include/linux/audit.h | 1 +
> kernel/auditsc.c | 74 ++++++++++++++++++++++--------------------------
> 2 files changed, 35 insertions(+), 40 deletions(-)
>
> diff --git a/include/linux/audit.h b/include/linux/audit.h
> index 22f292a..55a0e1d 100644
> --- a/include/linux/audit.h
> +++ b/include/linux/audit.h
> @@ -528,6 +528,7 @@ extern int audit_set_loginuid(uid_t loginuid);
> #define audit_get_loginuid(t) ((t)->loginuid)
> #define audit_get_sessionid(t) ((t)->sessionid)
> extern void audit_log_task_context(struct audit_buffer *ab);
> +extern void audit_log_task_info(struct audit_buffer *ab, struct
> task_struct *tsk);
> extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
> extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid,
> gid_t gid, umode_t mode);
> extern int __audit_bprm(struct linux_binprm *bprm);
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 4b96415..37f52f2 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -1154,13 +1154,38 @@ error_path:
>
> EXPORT_SYMBOL(audit_log_task_context);
>
> -static void audit_log_task_info(struct audit_buffer *ab, struct
> task_struct *tsk)
> +void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
> {
> + const struct cred *cred;
> char name[sizeof(tsk->comm)];
> struct mm_struct *mm = tsk->mm;
> struct vm_area_struct *vma;
> + char *tty;
> +
> + if (!ab)
> + return;
>
> /* tsk == current */
> + cred = current_cred();
> +
> + spin_lock_irq(&tsk->sighand->siglock);
> + if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
> + tty = tsk->signal->tty->name;
> + else
> + tty = "(none)";
> + spin_unlock_irq(&tsk->sighand->siglock);
> +
> +
> + audit_log_format(ab,
> + " ppid=%ld pid=%d auid=%u uid=%u gid=%u"
> + " euid=%u suid=%u fsuid=%u"
> + " egid=%u sgid=%u fsgid=%u ses=%u tty=%s",
> + sys_getppid(),
> + tsk->pid,
> + tsk->loginuid, cred->uid, cred->gid,
> + cred->euid, cred->suid, cred->fsuid,
> + cred->egid, cred->sgid, cred->fsgid,
> + tsk->sessionid, tty);
>
> get_task_comm(name, tsk);
> audit_log_format(ab, " comm=");
> @@ -1183,6 +1208,8 @@ static void audit_log_task_info(struct
> audit_buffer *ab, struct task_struct *tsk
> audit_log_task_context(ab);
> }
>
> +EXPORT_SYMBOL(audit_log_task_info);
> +
> static int audit_log_pid_context(struct audit_context *context, pid_t pid,
> uid_t auid, uid_t uid, unsigned int sessionid,
> u32 sid, char *comm)
> @@ -1585,26 +1612,12 @@ static void audit_log_name(struct
> audit_context *context, struct audit_names *n,
>
> static void audit_log_exit(struct audit_context *context, struct
> task_struct *tsk)
> {
> - const struct cred *cred;
> int i, call_panic = 0;
> struct audit_buffer *ab;
> struct audit_aux_data *aux;
> - const char *tty;
> struct audit_names *n;
>
> /* tsk == current */
> - context->pid = tsk->pid;
> - if (!context->ppid)
> - context->ppid = sys_getppid();
> - cred = current_cred();
> - context->uid = cred->uid;
> - context->gid = cred->gid;
> - context->euid = cred->euid;
> - context->suid = cred->suid;
> - context->fsuid = cred->fsuid;
> - context->egid = cred->egid;
> - context->sgid = cred->sgid;
> - context->fsgid = cred->fsgid;
> context->personality = tsk->personality;
>
> ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL);
> @@ -1619,32 +1632,13 @@ static void audit_log_exit(struct
> audit_context *context, struct task_struct *ts
> (context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
> context->return_code);
>
> - spin_lock_irq(&tsk->sighand->siglock);
> - if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
> - tty = tsk->signal->tty->name;
> - else
> - tty = "(none)";
> - spin_unlock_irq(&tsk->sighand->siglock);
> -
> audit_log_format(ab,
> - " a0=%lx a1=%lx a2=%lx a3=%lx items=%d"
> - " ppid=%d pid=%d auid=%u uid=%u gid=%u"
> - " euid=%u suid=%u fsuid=%u"
> - " egid=%u sgid=%u fsgid=%u tty=%s ses=%u",
> - context->argv[0],
> - context->argv[1],
> - context->argv[2],
> - context->argv[3],
> - context->name_count,
> - context->ppid,
> - context->pid,
> - tsk->loginuid,
> - context->uid,
> - context->gid,
> - context->euid, context->suid, context->fsuid,
> - context->egid, context->sgid, context->fsgid, tty,
> - tsk->sessionid);
> -
> + " a0=%lx a1=%lx a2=%lx a3=%lx items=%d",
> + context->argv[0],
> + context->argv[1],
> + context->argv[2],
> + context->argv[3],
> + context->name_count);
>
> audit_log_task_info(ab, tsk);
> audit_log_key(ab, context->filterkey);
> --
> 1.7.7.3
>
> --
> Peter Moody Google 1.650.253.7306
> Security Engineer pgp:0xC3410038
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Fedora Maintainers] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools]
