Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

audit: export audit_log_task_info

At the suggestion of eparis@redhat.com, move this chunk of task
logging from audit_log_exit to audit_log_task_info and export this
function so it's usuable elsewhere in the kernel.

This patch is against
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity#next-ima-appraisal

Changelog v2:
 - add empty audit_log_task_info if CONFIG_AUDITSYSCALL isn't set.

Changelog v1:
 - Initial post.

Signed-off-by: Peter Moody <pmoody@google.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Peter Moody 13 years ago
parent
a40695edad
commit
e23eb920b0
2 changed files with 36 additions and 40 deletions
Unified View Show Diff Stats
  1. 2 0
      include/linux/audit.h
  2. 34 40
      kernel/auditsc.c

+ 2 - 0
include/linux/audit.h
View File 

@@ -529,6 +529,7 @@ extern int  audit_set_loginuid(uid_t loginuid);
 
 #define audit_get_loginuid(t) ((t)->loginuid)
 
 #define audit_get_loginuid(t) ((t)->loginuid)
 
 #define audit_get_sessionid(t) ((t)->sessionid)
 
 #define audit_get_sessionid(t) ((t)->sessionid)
 
 extern void audit_log_task_context(struct audit_buffer *ab);
 
 extern void audit_log_task_context(struct audit_buffer *ab);
 
+extern void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk);
 
 extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
 
 extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
 
 extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
 
 extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
 
 extern int __audit_bprm(struct linux_binprm *bprm);
 
 extern int __audit_bprm(struct linux_binprm *bprm);
 
@@ -640,6 +641,7 @@ extern int audit_signals;
 
 #define audit_get_loginuid(t) (-1)
 
 #define audit_get_loginuid(t) (-1)
 
 #define audit_get_sessionid(t) (-1)
 
 #define audit_get_sessionid(t) (-1)
 
 #define audit_log_task_context(b) do { ; } while (0)
 
 #define audit_log_task_context(b) do { ; } while (0)
 
+#define audit_log_task_info(b, t) do { ; } while (0)
 
 #define audit_ipc_obj(i) ((void)0)
 
 #define audit_ipc_obj(i) ((void)0)
 
 #define audit_ipc_set_perm(q,u,g,m) ((void)0)
 
 #define audit_ipc_set_perm(q,u,g,m) ((void)0)
 
 #define audit_bprm(p) ({ 0; })
 
 #define audit_bprm(p) ({ 0; })

+ 34 - 40
kernel/auditsc.c
View File 

@@ -1154,13 +1154,38 @@ error_path:
 
 
 
 EXPORT_SYMBOL(audit_log_task_context);
 
 EXPORT_SYMBOL(audit_log_task_context);
 
 
 
-static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
 
+void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
 
 {
 
 {
 
+	const struct cred *cred;
 
 	char name[sizeof(tsk->comm)];
 
 	char name[sizeof(tsk->comm)];
 
 	struct mm_struct *mm = tsk->mm;
 
 	struct mm_struct *mm = tsk->mm;
 
 	struct vm_area_struct *vma;
 
 	struct vm_area_struct *vma;
 
+	char *tty;
 
+
 
+	if (!ab)
 
+		return;
 
 
 
 	/* tsk == current */
 
 	/* tsk == current */
 
+	cred = current_cred();
 
+
 
+	spin_lock_irq(&tsk->sighand->siglock);
 
+	if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
 
+		tty = tsk->signal->tty->name;
 
+	else
 
+		tty = "(none)";
 
+	spin_unlock_irq(&tsk->sighand->siglock);
 
+
 
+
 
+	audit_log_format(ab,
 
+			 " ppid=%ld pid=%d auid=%u uid=%u gid=%u"
 
+			 " euid=%u suid=%u fsuid=%u"
 
+			 " egid=%u sgid=%u fsgid=%u ses=%u tty=%s",
 
+			 sys_getppid(),
 
+			 tsk->pid,
 
+			 tsk->loginuid, cred->uid, cred->gid,
 
+			 cred->euid, cred->suid, cred->fsuid,
 
+			 cred->egid, cred->sgid, cred->fsgid,
 
+			 tsk->sessionid, tty);
 
 
 
 	get_task_comm(name, tsk);
 
 	get_task_comm(name, tsk);
 
 	audit_log_format(ab, " comm=");
 
 	audit_log_format(ab, " comm=");
 
@@ -1183,6 +1208,8 @@ static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk
 
 	audit_log_task_context(ab);
 
 	audit_log_task_context(ab);
 
 }
 
 }
 
 
 
+EXPORT_SYMBOL(audit_log_task_info);
 
+
 
 static int audit_log_pid_context(struct audit_context *context, pid_t pid,
 
 static int audit_log_pid_context(struct audit_context *context, pid_t pid,
 
 				 uid_t auid, uid_t uid, unsigned int sessionid,
 
 				 uid_t auid, uid_t uid, unsigned int sessionid,
 
 				 u32 sid, char *comm)
 
 				 u32 sid, char *comm)
 
@@ -1585,26 +1612,12 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
 
 
 
 static void audit_log_exit(struct audit_context *context, struct task_struct *tsk)
 
 static void audit_log_exit(struct audit_context *context, struct task_struct *tsk)
 
 {
 
 {
 
-	const struct cred *cred;
 
 	int i, call_panic = 0;
 
 	int i, call_panic = 0;
 
 	struct audit_buffer *ab;
 
 	struct audit_buffer *ab;
 
 	struct audit_aux_data *aux;
 
 	struct audit_aux_data *aux;
 
-	const char *tty;
 
 	struct audit_names *n;
 
 	struct audit_names *n;
 
 
 
 	/* tsk == current */
 
 	/* tsk == current */
 
-	context->pid = tsk->pid;
 
-	if (!context->ppid)
 
-		context->ppid = sys_getppid();
 
-	cred = current_cred();
 
-	context->uid   = cred->uid;
 
-	context->gid   = cred->gid;
 
-	context->euid  = cred->euid;
 
-	context->suid  = cred->suid;
 
-	context->fsuid = cred->fsuid;
 
-	context->egid  = cred->egid;
 
-	context->sgid  = cred->sgid;
 
-	context->fsgid = cred->fsgid;
 
 	context->personality = tsk->personality;
 
 	context->personality = tsk->personality;
 
 
 
 	ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL);
 
 	ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL);
 
@@ -1619,32 +1632,13 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
 
 				 (context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
 
 				 (context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
 
 				 context->return_code);
 
 				 context->return_code);
 
 
 
-	spin_lock_irq(&tsk->sighand->siglock);
 
-	if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
 
-		tty = tsk->signal->tty->name;
 
-	else
 
-		tty = "(none)";
 
-	spin_unlock_irq(&tsk->sighand->siglock);
 
-
 
 	audit_log_format(ab,
 
 	audit_log_format(ab,
 
-		  " a0=%lx a1=%lx a2=%lx a3=%lx items=%d"
 
-		  " ppid=%d pid=%d auid=%u uid=%u gid=%u"
 
-		  " euid=%u suid=%u fsuid=%u"
 
-		  " egid=%u sgid=%u fsgid=%u tty=%s ses=%u",
 
-		  context->argv[0],
 
-		  context->argv[1],
 
-		  context->argv[2],
 
-		  context->argv[3],
 
-		  context->name_count,
 
-		  context->ppid,
 
-		  context->pid,
 
-		  tsk->loginuid,
 
-		  context->uid,
 
-		  context->gid,
 
-		  context->euid, context->suid, context->fsuid,
 
-		  context->egid, context->sgid, context->fsgid, tty,
 
-		  tsk->sessionid);
 
-
 
+			 " a0=%lx a1=%lx a2=%lx a3=%lx items=%d",
 
+			 context->argv[0],
 
+			 context->argv[1],
 
+			 context->argv[2],
 
+			 context->argv[3],
 
+			 context->name_count);
 
 
 
 	audit_log_task_info(ab, tsk);
 
 	audit_log_task_info(ab, tsk);
 
 	audit_log_key(ab, context->filterkey);
 
 	audit_log_key(ab, context->filterkey);