Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
linux
Commits
5d54e69c
Commit
5d54e69c
authored
Sep 13, 2005
by
Linus Torvalds
Browse files
Options
Browse Files
Download
Plain Diff
Merge master.kernel.org:/pub/scm/linux/kernel/git/dwmw2/audit-2.6
parents
63f3d1df
b6ddc518
Changes
10
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
356 additions
and
171 deletions
+356
-171
MAINTAINERS
MAINTAINERS
+4
-1
arch/ppc64/kernel/asm-offsets.c
arch/ppc64/kernel/asm-offsets.c
+1
-0
arch/ppc64/kernel/entry.S
arch/ppc64/kernel/entry.S
+14
-4
fs/namei.c
fs/namei.c
+1
-1
include/linux/audit.h
include/linux/audit.h
+23
-13
kernel/audit.c
kernel/audit.c
+79
-49
kernel/auditsc.c
kernel/auditsc.c
+229
-98
security/selinux/avc.c
security/selinux/avc.c
+2
-2
security/selinux/hooks.c
security/selinux/hooks.c
+1
-1
security/selinux/ss/services.c
security/selinux/ss/services.c
+2
-2
No files found.
MAINTAINERS
View file @
5d54e69c
...
@@ -370,7 +370,10 @@ W: http://atmelwlandriver.sourceforge.net/
...
@@ -370,7 +370,10 @@ W: http://atmelwlandriver.sourceforge.net/
S: Maintained
S: Maintained
AUDIT SUBSYSTEM
AUDIT SUBSYSTEM
L: linux-audit@redhat.com (subscribers-only)
P: David Woodhouse
M: dwmw2@infradead.org
L: linux-audit@redhat.com
W: http://people.redhat.com/sgrubb/audit/
S: Maintained
S: Maintained
AX.25 NETWORK LAYER
AX.25 NETWORK LAYER
...
...
arch/ppc64/kernel/asm-offsets.c
View file @
5d54e69c
...
@@ -68,6 +68,7 @@ int main(void)
...
@@ -68,6 +68,7 @@ int main(void)
DEFINE
(
THREAD_USED_VR
,
offsetof
(
struct
thread_struct
,
used_vr
));
DEFINE
(
THREAD_USED_VR
,
offsetof
(
struct
thread_struct
,
used_vr
));
#endif
/* CONFIG_ALTIVEC */
#endif
/* CONFIG_ALTIVEC */
DEFINE
(
MM
,
offsetof
(
struct
task_struct
,
mm
));
DEFINE
(
MM
,
offsetof
(
struct
task_struct
,
mm
));
DEFINE
(
AUDITCONTEXT
,
offsetof
(
struct
task_struct
,
audit_context
));
DEFINE
(
DCACHEL1LINESIZE
,
offsetof
(
struct
ppc64_caches
,
dline_size
));
DEFINE
(
DCACHEL1LINESIZE
,
offsetof
(
struct
ppc64_caches
,
dline_size
));
DEFINE
(
DCACHEL1LOGLINESIZE
,
offsetof
(
struct
ppc64_caches
,
log_dline_size
));
DEFINE
(
DCACHEL1LOGLINESIZE
,
offsetof
(
struct
ppc64_caches
,
log_dline_size
));
...
...
arch/ppc64/kernel/entry.S
View file @
5d54e69c
...
@@ -276,12 +276,22 @@ _GLOBAL(ppc64_rt_sigsuspend)
...
@@ -276,12 +276,22 @@ _GLOBAL(ppc64_rt_sigsuspend)
_GLOBAL
(
ppc32_rt_sigsuspend
)
_GLOBAL
(
ppc32_rt_sigsuspend
)
bl
.
save_nvgprs
bl
.
save_nvgprs
bl
.
sys32_rt_sigsuspend
bl
.
sys32_rt_sigsuspend
/
*
If
sigsuspend
()
returns
zero
,
we
are
going
into
a
signal
handler
*/
70
:
cmpdi
0
,
r3
,
0
70
:
cmpdi
0
,
r3
,
0
beq
.
ret_from_except
/
*
If
it
returned
an
error
,
we
need
to
return
via
syscall_exit
to
set
/
*
If
it
returned
-
EINTR
,
we
need
to
return
via
syscall_exit
to
set
the
SO
bit
in
cr0
and
potentially
stop
for
ptrace
.
*/
the
SO
bit
in
cr0
and
potentially
stop
for
ptrace
.
*/
b
syscall_exit
bne
syscall_exit
/
*
If
sigsuspend
()
returns
zero
,
we
are
going
into
a
signal
handler
.
We
may
need
to
call
audit_syscall_exit
()
to
mark
the
exit
from
sigsuspend
()
*/
#ifdef CONFIG_AUDIT
ld
r3
,
PACACURRENT
(
r13
)
ld
r4
,
AUDITCONTEXT
(
r3
)
cmpdi
0
,
r4
,
0
beq
.
ret_from_except
/*
No
audit_context
:
Leave
immediately
.
*/
li
r4
,
2
/*
AUDITSC_FAILURE
*/
li
r5
,-
4
/*
It
's always -EINTR */
bl
.
audit_syscall_exit
#endif
b
.
ret_from_except
_GLOBAL
(
ppc_fork
)
_GLOBAL
(
ppc_fork
)
bl
.
save_nvgprs
bl
.
save_nvgprs
...
...
fs/namei.c
View file @
5d54e69c
...
@@ -1048,7 +1048,7 @@ int fastcall path_lookup(const char *name, unsigned int flags, struct nameidata
...
@@ -1048,7 +1048,7 @@ int fastcall path_lookup(const char *name, unsigned int flags, struct nameidata
out:
out:
if
(
unlikely
(
current
->
audit_context
if
(
unlikely
(
current
->
audit_context
&&
nd
&&
nd
->
dentry
&&
nd
->
dentry
->
d_inode
))
&&
nd
&&
nd
->
dentry
&&
nd
->
dentry
->
d_inode
))
audit_inode
(
name
,
nd
->
dentry
->
d_inode
);
audit_inode
(
name
,
nd
->
dentry
->
d_inode
,
flags
);
return
retval
;
return
retval
;
}
}
...
...
include/linux/audit.h
View file @
5d54e69c
...
@@ -51,7 +51,8 @@
...
@@ -51,7 +51,8 @@
#define AUDIT_WATCH_LIST 1009
/* List all file/dir watches */
#define AUDIT_WATCH_LIST 1009
/* List all file/dir watches */
#define AUDIT_SIGNAL_INFO 1010
/* Get info about sender of signal to auditd */
#define AUDIT_SIGNAL_INFO 1010
/* Get info about sender of signal to auditd */
#define AUDIT_FIRST_USER_MSG 1100
/* Userspace messages uninteresting to kernel */
#define AUDIT_FIRST_USER_MSG 1100
/* Userspace messages mostly uninteresting to kernel */
#define AUDIT_USER_AVC 1107
/* We filter this differently */
#define AUDIT_LAST_USER_MSG 1199
#define AUDIT_LAST_USER_MSG 1199
#define AUDIT_DAEMON_START 1200
/* Daemon startup record */
#define AUDIT_DAEMON_START 1200
/* Daemon startup record */
...
@@ -75,10 +76,15 @@
...
@@ -75,10 +76,15 @@
#define AUDIT_KERNEL 2000
/* Asynchronous audit record. NOT A REQUEST. */
#define AUDIT_KERNEL 2000
/* Asynchronous audit record. NOT A REQUEST. */
/* Rule flags */
/* Rule flags */
#define AUDIT_PER_TASK 0x01
/* Apply rule at task creation (not syscall) */
#define AUDIT_FILTER_USER 0x00
/* Apply rule to user-generated messages */
#define AUDIT_AT_ENTRY 0x02
/* Apply rule at syscall entry */
#define AUDIT_FILTER_TASK 0x01
/* Apply rule at task creation (not syscall) */
#define AUDIT_AT_EXIT 0x04
/* Apply rule at syscall exit */
#define AUDIT_FILTER_ENTRY 0x02
/* Apply rule at syscall entry */
#define AUDIT_PREPEND 0x10
/* Prepend to front of list */
#define AUDIT_FILTER_WATCH 0x03
/* Apply rule to file system watches */
#define AUDIT_FILTER_EXIT 0x04
/* Apply rule at syscall exit */
#define AUDIT_NR_FILTERS 5
#define AUDIT_FILTER_PREPEND 0x10
/* Prepend to front of list */
/* Rule actions */
/* Rule actions */
#define AUDIT_NEVER 0
/* Do not build context if rule matches */
#define AUDIT_NEVER 0
/* Do not build context if rule matches */
...
@@ -199,6 +205,7 @@ struct audit_sig_info {
...
@@ -199,6 +205,7 @@ struct audit_sig_info {
struct
audit_buffer
;
struct
audit_buffer
;
struct
audit_context
;
struct
audit_context
;
struct
inode
;
struct
inode
;
struct
netlink_skb_parms
;
#define AUDITSC_INVALID 0
#define AUDITSC_INVALID 0
#define AUDITSC_SUCCESS 1
#define AUDITSC_SUCCESS 1
...
@@ -215,7 +222,7 @@ extern void audit_syscall_entry(struct task_struct *task, int arch,
...
@@ -215,7 +222,7 @@ extern void audit_syscall_entry(struct task_struct *task, int arch,
extern
void
audit_syscall_exit
(
struct
task_struct
*
task
,
int
failed
,
long
return_code
);
extern
void
audit_syscall_exit
(
struct
task_struct
*
task
,
int
failed
,
long
return_code
);
extern
void
audit_getname
(
const
char
*
name
);
extern
void
audit_getname
(
const
char
*
name
);
extern
void
audit_putname
(
const
char
*
name
);
extern
void
audit_putname
(
const
char
*
name
);
extern
void
audit_inode
(
const
char
*
name
,
const
struct
inode
*
inode
);
extern
void
audit_inode
(
const
char
*
name
,
const
struct
inode
*
inode
,
unsigned
flags
);
/* Private API (for audit.c only) */
/* Private API (for audit.c only) */
extern
int
audit_receive_filter
(
int
type
,
int
pid
,
int
uid
,
int
seq
,
extern
int
audit_receive_filter
(
int
type
,
int
pid
,
int
uid
,
int
seq
,
...
@@ -230,6 +237,7 @@ extern int audit_socketcall(int nargs, unsigned long *args);
...
@@ -230,6 +237,7 @@ extern int audit_socketcall(int nargs, unsigned long *args);
extern
int
audit_sockaddr
(
int
len
,
void
*
addr
);
extern
int
audit_sockaddr
(
int
len
,
void
*
addr
);
extern
int
audit_avc_path
(
struct
dentry
*
dentry
,
struct
vfsmount
*
mnt
);
extern
int
audit_avc_path
(
struct
dentry
*
dentry
,
struct
vfsmount
*
mnt
);
extern
void
audit_signal_info
(
int
sig
,
struct
task_struct
*
t
);
extern
void
audit_signal_info
(
int
sig
,
struct
task_struct
*
t
);
extern
int
audit_filter_user
(
struct
netlink_skb_parms
*
cb
,
int
type
);
#else
#else
#define audit_alloc(t) ({ 0; })
#define audit_alloc(t) ({ 0; })
#define audit_free(t) do { ; } while (0)
#define audit_free(t) do { ; } while (0)
...
@@ -237,7 +245,7 @@ extern void audit_signal_info(int sig, struct task_struct *t);
...
@@ -237,7 +245,7 @@ extern void audit_signal_info(int sig, struct task_struct *t);
#define audit_syscall_exit(t,f,r) do { ; } while (0)
#define audit_syscall_exit(t,f,r) do { ; } while (0)
#define audit_getname(n) do { ; } while (0)
#define audit_getname(n) do { ; } while (0)
#define audit_putname(n) do { ; } while (0)
#define audit_putname(n) do { ; } while (0)
#define audit_inode(n,i) do { ; } while (0)
#define audit_inode(n,i
,f
) do { ; } while (0)
#define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; })
#define audit_receive_filter(t,p,u,s,d,l) ({ -EOPNOTSUPP; })
#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)
#define audit_get_loginuid(c) ({ -1; })
#define audit_get_loginuid(c) ({ -1; })
...
@@ -246,16 +254,17 @@ extern void audit_signal_info(int sig, struct task_struct *t);
...
@@ -246,16 +254,17 @@ extern void audit_signal_info(int sig, struct task_struct *t);
#define audit_sockaddr(len, addr) ({ 0; })
#define audit_sockaddr(len, addr) ({ 0; })
#define audit_avc_path(dentry, mnt) ({ 0; })
#define audit_avc_path(dentry, mnt) ({ 0; })
#define audit_signal_info(s,t) do { ; } while (0)
#define audit_signal_info(s,t) do { ; } while (0)
#define audit_filter_user(cb,t) ({ 1; })
#endif
#endif
#ifdef CONFIG_AUDIT
#ifdef CONFIG_AUDIT
/* These are defined in audit.c */
/* These are defined in audit.c */
/* Public API */
/* Public API */
extern
void
audit_log
(
struct
audit_context
*
ctx
,
int
type
,
extern
void
audit_log
(
struct
audit_context
*
ctx
,
int
gfp_mask
,
const
char
*
fmt
,
...)
int
type
,
const
char
*
fmt
,
...)
__attribute__
((
format
(
printf
,
3
,
4
)));
__attribute__
((
format
(
printf
,
4
,
5
)));
extern
struct
audit_buffer
*
audit_log_start
(
struct
audit_context
*
ctx
,
int
type
);
extern
struct
audit_buffer
*
audit_log_start
(
struct
audit_context
*
ctx
,
int
gfp_mask
,
int
type
);
extern
void
audit_log_format
(
struct
audit_buffer
*
ab
,
extern
void
audit_log_format
(
struct
audit_buffer
*
ab
,
const
char
*
fmt
,
...)
const
char
*
fmt
,
...)
__attribute__
((
format
(
printf
,
2
,
3
)));
__attribute__
((
format
(
printf
,
2
,
3
)));
...
@@ -274,9 +283,10 @@ extern void audit_send_reply(int pid, int seq, int type,
...
@@ -274,9 +283,10 @@ extern void audit_send_reply(int pid, int seq, int type,
int
done
,
int
multi
,
int
done
,
int
multi
,
void
*
payload
,
int
size
);
void
*
payload
,
int
size
);
extern
void
audit_log_lost
(
const
char
*
message
);
extern
void
audit_log_lost
(
const
char
*
message
);
extern
struct
semaphore
audit_netlink_sem
;
#else
#else
#define audit_log(c,t,f,...) do { ; } while (0)
#define audit_log(c,
g,
t,f,...) do { ; } while (0)
#define audit_log_start(c,t) ({ NULL; })
#define audit_log_start(c,
g,
t) ({ NULL; })
#define audit_log_vformat(b,f,a) do { ; } while (0)
#define audit_log_vformat(b,f,a) do { ; } while (0)
#define audit_log_format(b,f,...) do { ; } while (0)
#define audit_log_format(b,f,...) do { ; } while (0)
#define audit_log_end(b) do { ; } while (0)
#define audit_log_end(b) do { ; } while (0)
...
...
kernel/audit.c
View file @
5d54e69c
This diff is collapsed.
Click to expand it.
kernel/auditsc.c
View file @
5d54e69c
This diff is collapsed.
Click to expand it.
security/selinux/avc.c
View file @
5d54e69c
...
@@ -242,7 +242,7 @@ void __init avc_init(void)
...
@@ -242,7 +242,7 @@ void __init avc_init(void)
avc_node_cachep
=
kmem_cache_create
(
"avc_node"
,
sizeof
(
struct
avc_node
),
avc_node_cachep
=
kmem_cache_create
(
"avc_node"
,
sizeof
(
struct
avc_node
),
0
,
SLAB_PANIC
,
NULL
,
NULL
);
0
,
SLAB_PANIC
,
NULL
,
NULL
);
audit_log
(
current
->
audit_context
,
AUDIT_KERNEL
,
"AVC INITIALIZED
\n
"
);
audit_log
(
current
->
audit_context
,
GFP_KERNEL
,
AUDIT_KERNEL
,
"AVC INITIALIZED
\n
"
);
}
}
int
avc_get_hash_stats
(
char
*
page
)
int
avc_get_hash_stats
(
char
*
page
)
...
@@ -550,7 +550,7 @@ void avc_audit(u32 ssid, u32 tsid,
...
@@ -550,7 +550,7 @@ void avc_audit(u32 ssid, u32 tsid,
return
;
return
;
}
}
ab
=
audit_log_start
(
current
->
audit_context
,
AUDIT_AVC
);
ab
=
audit_log_start
(
current
->
audit_context
,
GFP_ATOMIC
,
AUDIT_AVC
);
if
(
!
ab
)
if
(
!
ab
)
return
;
/* audit_panic has been called */
return
;
/* audit_panic has been called */
audit_log_format
(
ab
,
"avc: %s "
,
denied
?
"denied"
:
"granted"
);
audit_log_format
(
ab
,
"avc: %s "
,
denied
?
"denied"
:
"granted"
);
...
...
security/selinux/hooks.c
View file @
5d54e69c
...
@@ -3389,7 +3389,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
...
@@ -3389,7 +3389,7 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
err
=
selinux_nlmsg_lookup
(
isec
->
sclass
,
nlh
->
nlmsg_type
,
&
perm
);
err
=
selinux_nlmsg_lookup
(
isec
->
sclass
,
nlh
->
nlmsg_type
,
&
perm
);
if
(
err
)
{
if
(
err
)
{
if
(
err
==
-
EINVAL
)
{
if
(
err
==
-
EINVAL
)
{
audit_log
(
current
->
audit_context
,
AUDIT_SELINUX_ERR
,
audit_log
(
current
->
audit_context
,
GFP_KERNEL
,
AUDIT_SELINUX_ERR
,
"SELinux: unrecognized netlink message"
"SELinux: unrecognized netlink message"
" type=%hu for sclass=%hu
\n
"
,
" type=%hu for sclass=%hu
\n
"
,
nlh
->
nlmsg_type
,
isec
->
sclass
);
nlh
->
nlmsg_type
,
isec
->
sclass
);
...
...
security/selinux/ss/services.c
View file @
5d54e69c
...
@@ -381,7 +381,7 @@ static int security_validtrans_handle_fail(struct context *ocontext,
...
@@ -381,7 +381,7 @@ static int security_validtrans_handle_fail(struct context *ocontext,
goto
out
;
goto
out
;
if
(
context_struct_to_string
(
tcontext
,
&
t
,
&
tlen
)
<
0
)
if
(
context_struct_to_string
(
tcontext
,
&
t
,
&
tlen
)
<
0
)
goto
out
;
goto
out
;
audit_log
(
current
->
audit_context
,
AUDIT_SELINUX_ERR
,
audit_log
(
current
->
audit_context
,
GFP_ATOMIC
,
AUDIT_SELINUX_ERR
,
"security_validate_transition: denied for"
"security_validate_transition: denied for"
" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s"
,
" oldcontext=%s newcontext=%s taskcontext=%s tclass=%s"
,
o
,
n
,
t
,
policydb
.
p_class_val_to_name
[
tclass
-
1
]);
o
,
n
,
t
,
policydb
.
p_class_val_to_name
[
tclass
-
1
]);
...
@@ -787,7 +787,7 @@ static int compute_sid_handle_invalid_context(
...
@@ -787,7 +787,7 @@ static int compute_sid_handle_invalid_context(
goto
out
;
goto
out
;
if
(
context_struct_to_string
(
newcontext
,
&
n
,
&
nlen
)
<
0
)
if
(
context_struct_to_string
(
newcontext
,
&
n
,
&
nlen
)
<
0
)
goto
out
;
goto
out
;
audit_log
(
current
->
audit_context
,
AUDIT_SELINUX_ERR
,
audit_log
(
current
->
audit_context
,
GFP_ATOMIC
,
AUDIT_SELINUX_ERR
,
"security_compute_sid: invalid context %s"
"security_compute_sid: invalid context %s"
" for scontext=%s"
" for scontext=%s"
" tcontext=%s"
" tcontext=%s"
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment