]> pilppa.org Git - linux-2.6-omap-h63xx.git/blobdiff - kernel/auditsc.c
projects / linux-2.6-omap-h63xx.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[PATCH] alpha: generic hweight build fix
[linux-2.6-omap-h63xx.git] / kernel / auditsc.c
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 2e123a8a0d6030b14d43d60ed9ff658b2c00255a..1c03a4ed1b27fb8b6f4276b3305ed10907f8f4c3 100644 (file)
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -107,7 +107,7 @@ struct audit_aux_data_ipcctl {
        uid_t                   uid;
        gid_t                   gid;
        mode_t                  mode;
-       char                    *ctx;
+       u32                     osid;
 };
 
 struct audit_aux_data_socketcall {
@@ -168,11 +168,9 @@ static int audit_filter_rules(struct task_struct *tsk,
                              struct audit_context *ctx,
                              enum audit_state *state)
 {
-       int i, j;
+       int i, j, need_sid = 1;
        u32 sid;
 
-       selinux_task_ctxid(tsk, &sid);
-
        for (i = 0; i < rule->field_count; i++) {
                struct audit_field *f = &rule->fields[i];
                int result = 0;
@@ -271,11 +269,16 @@ static int audit_filter_rules(struct task_struct *tsk,
                           match for now to avoid losing information that
                           may be wanted.   An error message will also be
                           logged upon error */
-                       if (f->se_rule)
+                       if (f->se_rule) {
+                               if (need_sid) {
+                                       selinux_task_ctxid(tsk, &sid);
+                                       need_sid = 0;
+                               }
                                result = selinux_audit_rule_match(sid, f->type,
                                                                  f->op,
                                                                  f->se_rule,
                                                                  ctx);
+                       }
                        break;
                case AUDIT_ARG0:
                case AUDIT_ARG1:
@@ -432,11 +435,6 @@ static inline void audit_free_aux(struct audit_context *context)
                        dput(axi->dentry);
                        mntput(axi->mnt);
                }
-               if ( aux->type == AUDIT_IPC ) {
-                       struct audit_aux_data_ipcctl *axi = (void *)aux;
-                       if (axi->ctx)
-                               kfree(axi->ctx);
-               }
 
                context->aux = aux->next;
                kfree(aux);
@@ -584,7 +582,7 @@ static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk
 
 static void audit_log_exit(struct audit_context *context, struct task_struct *tsk)
 {
-       int i;
+       int i, call_panic = 0;
        struct audit_buffer *ab;
        struct audit_aux_data *aux;
        const char *tty;
@@ -635,8 +633,39 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
                case AUDIT_IPC: {
                        struct audit_aux_data_ipcctl *axi = (void *)aux;
                        audit_log_format(ab, 
-                                        " qbytes=%lx iuid=%u igid=%u mode=%x obj=%s",
-                                        axi->qbytes, axi->uid, axi->gid, axi->mode, axi->ctx);
+                                " qbytes=%lx iuid=%u igid=%u mode=%x",
+                                axi->qbytes, axi->uid, axi->gid, axi->mode);
+                       if (axi->osid != 0) {
+                               char *ctx = NULL;
+                               u32 len;
+                               if (selinux_ctxid_to_string(
+                                               axi->osid, &ctx, &len)) {
+                                       audit_log_format(ab, " osid=%u",
+                                                       axi->osid);
+                                       call_panic = 1;
+                               } else
+                                       audit_log_format(ab, " obj=%s", ctx);
+                               kfree(ctx);
+                       }
+                       break; }
+
+               case AUDIT_IPC_SET_PERM: {
+                       struct audit_aux_data_ipcctl *axi = (void *)aux;
+                       audit_log_format(ab,
+                               " new qbytes=%lx new iuid=%u new igid=%u new mode=%x",
+                               axi->qbytes, axi->uid, axi->gid, axi->mode);
+                       if (axi->osid != 0) {
+                               char *ctx = NULL;
+                               u32 len;
+                               if (selinux_ctxid_to_string(
+                                               axi->osid, &ctx, &len)) {
+                                       audit_log_format(ab, " osid=%u",
+                                                       axi->osid);
+                                       call_panic = 1;
+                               } else
+                                       audit_log_format(ab, " obj=%s", ctx);
+                               kfree(ctx);
+                       }
                        break; }
 
                case AUDIT_SOCKETCALL: {
@@ -671,7 +700,6 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
                }
        }
        for (i = 0; i < context->name_count; i++) {
-               int call_panic = 0;
                unsigned long ino  = context->names[i].ino;
                unsigned long pino = context->names[i].pino;
 
@@ -706,18 +734,18 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
                        u32 len;
                        if (selinux_ctxid_to_string(
                                context->names[i].osid, &ctx, &len)) {
-                               audit_log_format(ab, " obj=%u",
+                               audit_log_format(ab, " osid=%u",
                                                context->names[i].osid);
-                               call_panic = 1;
+                               call_panic = 2;
                        } else
                                audit_log_format(ab, " obj=%s", ctx);
                        kfree(ctx);
                }
 
                audit_log_end(ab);
-               if (call_panic)
-                       audit_panic("error converting sid to string");
        }
+       if (call_panic)
+               audit_panic("error converting sid to string");
 }
 
 /**
@@ -951,7 +979,7 @@ void audit_putname(const char *name)
 #endif
 }
 
-void audit_inode_context(int idx, const struct inode *inode)
+static void audit_inode_context(int idx, const struct inode *inode)
 {
        struct audit_context *context = current->audit_context;
 
@@ -1141,40 +1169,37 @@ uid_t audit_get_loginuid(struct audit_context *ctx)
        return ctx ? ctx->loginuid : -1;
 }
 
-static char *audit_ipc_context(struct kern_ipc_perm *ipcp)
+/**
+ * audit_ipc_obj - record audit data for ipc object
+ * @ipcp: ipc permissions
+ *
+ * Returns 0 for success or NULL context or < 0 on error.
+ */
+int audit_ipc_obj(struct kern_ipc_perm *ipcp)
 {
+       struct audit_aux_data_ipcctl *ax;
        struct audit_context *context = current->audit_context;
-       char *ctx = NULL;
-       int len = 0;
 
        if (likely(!context))
-               return NULL;
-
-       len = security_ipc_getsecurity(ipcp, NULL, 0);
-       if (len == -EOPNOTSUPP)
-               goto ret;
-       if (len < 0)
-               goto error_path;
-
-       ctx = kmalloc(len, GFP_ATOMIC);
-       if (!ctx)
-               goto error_path;
+               return 0;
 
-       len = security_ipc_getsecurity(ipcp, ctx, len);
-       if (len < 0)
-               goto error_path;
+       ax = kmalloc(sizeof(*ax), GFP_ATOMIC);
+       if (!ax)
+               return -ENOMEM;
 
-       return ctx;
+       ax->uid = ipcp->uid;
+       ax->gid = ipcp->gid;
+       ax->mode = ipcp->mode;
+       selinux_get_ipc_sid(ipcp, &ax->osid);
 
-error_path:
-       kfree(ctx);
-       audit_panic("error in audit_ipc_context");
-ret:
-       return NULL;
+       ax->d.type = AUDIT_IPC;
+       ax->d.next = context->aux;
+       context->aux = (void *)ax;
+       return 0;
 }
 
 /**
- * audit_ipc_perms - record audit data for ipc
+ * audit_ipc_set_perm - record audit data for new ipc permissions
  * @qbytes: msgq bytes
  * @uid: msgq user id
  * @gid: msgq group id
@@ -1182,7 +1207,7 @@ ret:
  *
  * Returns 0 for success or NULL context or < 0 on error.
  */
-int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode, struct kern_ipc_perm *ipcp)
+int audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode, struct kern_ipc_perm *ipcp)
 {
        struct audit_aux_data_ipcctl *ax;
        struct audit_context *context = current->audit_context;
@@ -1198,9 +1223,9 @@ int audit_ipc_perms(unsigned long qbytes, uid_t uid, gid_t gid, mode_t mode, str
        ax->uid = uid;
        ax->gid = gid;
        ax->mode = mode;
-       ax->ctx = audit_ipc_context(ipcp);
+       selinux_get_ipc_sid(ipcp, &ax->osid);
 
-       ax->d.type = AUDIT_IPC;
+       ax->d.type = AUDIT_IPC_SET_PERM;
        ax->d.next = context->aux;
        context->aux = (void *)ax;
        return 0;
Unnamed repository; edit this file 'description' to name the repository.