Merge branch 'audit.b28' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b28' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: [PATCH] audit: AUDIT_PERM support [PATCH] audit: more syscall classes added [PATCH] syscall classes hookup for ppc and s390 [PATCH] update audit rule change messages [PATCH] sanity check audit_buffer [PATCH] fix ppid bug in 2.6.18 kernel
This commit is contained in:
commit
05ff0e291a
18 changed files with 483 additions and 6 deletions
|
@ -8,13 +8,41 @@ static unsigned dir_class[] = {
|
|||
~0U
|
||||
};
|
||||
|
||||
static unsigned read_class[] = {
|
||||
#include <asm-generic/audit_read.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
static unsigned write_class[] = {
|
||||
#include <asm-generic/audit_write.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
static unsigned chattr_class[] = {
|
||||
#include <asm-generic/audit_change_attr.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
int audit_classify_syscall(int abi, unsigned syscall)
|
||||
{
|
||||
switch(syscall) {
|
||||
case __NR_open:
|
||||
return 2;
|
||||
case __NR_openat:
|
||||
return 3;
|
||||
case __NR_socketcall:
|
||||
return 4;
|
||||
case __NR_execve:
|
||||
return 5;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
static int __init audit_classes_init(void)
|
||||
{
|
||||
audit_register_class(AUDIT_CLASS_WRITE, write_class);
|
||||
audit_register_class(AUDIT_CLASS_READ, read_class);
|
||||
audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class);
|
||||
audit_register_class(AUDIT_CLASS_CHATTR, chattr_class);
|
||||
return 0;
|
||||
|
|
|
@ -9,3 +9,29 @@ unsigned ia32_chattr_class[] = {
|
|||
#include <asm-generic/audit_change_attr.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
unsigned ia32_write_class[] = {
|
||||
#include <asm-generic/audit_write.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
unsigned ia32_read_class[] = {
|
||||
#include <asm-generic/audit_read.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
int ia32_classify_syscall(unsigned syscall)
|
||||
{
|
||||
switch(syscall) {
|
||||
case __NR_open:
|
||||
return 2;
|
||||
case __NR_openat:
|
||||
return 3;
|
||||
case __NR_socketcall:
|
||||
return 4;
|
||||
case __NR_execve:
|
||||
return 5;
|
||||
default:
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -8,19 +8,54 @@ static unsigned dir_class[] = {
|
|||
~0U
|
||||
};
|
||||
|
||||
static unsigned read_class[] = {
|
||||
#include <asm-generic/audit_read.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
static unsigned write_class[] = {
|
||||
#include <asm-generic/audit_write.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
static unsigned chattr_class[] = {
|
||||
#include <asm-generic/audit_change_attr.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
int audit_classify_syscall(int abi, unsigned syscall)
|
||||
{
|
||||
#ifdef CONFIG_IA32_SUPPORT
|
||||
extern int ia32_classify_syscall(unsigned);
|
||||
if (abi == AUDIT_ARCH_I386)
|
||||
return ia32_classify_syscall(syscall);
|
||||
#endif
|
||||
switch(syscall) {
|
||||
case __NR_open:
|
||||
return 2;
|
||||
case __NR_openat:
|
||||
return 3;
|
||||
case __NR_execve:
|
||||
return 5;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
static int __init audit_classes_init(void)
|
||||
{
|
||||
#ifdef CONFIG_IA32_SUPPORT
|
||||
extern __u32 ia32_dir_class[];
|
||||
extern __u32 ia32_write_class[];
|
||||
extern __u32 ia32_read_class[];
|
||||
extern __u32 ia32_chattr_class[];
|
||||
audit_register_class(AUDIT_CLASS_WRITE_32, ia32_write_class);
|
||||
audit_register_class(AUDIT_CLASS_READ_32, ia32_read_class);
|
||||
audit_register_class(AUDIT_CLASS_DIR_WRITE_32, ia32_dir_class);
|
||||
audit_register_class(AUDIT_CLASS_CHATTR_32, ia32_chattr_class);
|
||||
#endif
|
||||
audit_register_class(AUDIT_CLASS_WRITE, write_class);
|
||||
audit_register_class(AUDIT_CLASS_READ, read_class);
|
||||
audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class);
|
||||
audit_register_class(AUDIT_CLASS_CHATTR, chattr_class);
|
||||
return 0;
|
||||
|
|
|
@ -70,6 +70,8 @@ obj-$(CONFIG_PCI) += $(pci64-y) $(pci32-y)
|
|||
kexec-$(CONFIG_PPC64) := machine_kexec_64.o
|
||||
kexec-$(CONFIG_PPC32) := machine_kexec_32.o
|
||||
obj-$(CONFIG_KEXEC) += machine_kexec.o crash.o $(kexec-y)
|
||||
obj-$(CONFIG_AUDIT) += audit.o
|
||||
obj64-$(CONFIG_AUDIT) += compat_audit.o
|
||||
|
||||
ifeq ($(CONFIG_PPC_ISERIES),y)
|
||||
$(obj)/head_64.o: $(obj)/lparmap.s
|
||||
|
|
66
arch/powerpc/kernel/audit.c
Normal file
66
arch/powerpc/kernel/audit.c
Normal file
|
@ -0,0 +1,66 @@
|
|||
#include <linux/init.h>
|
||||
#include <linux/types.h>
|
||||
#include <linux/audit.h>
|
||||
#include <asm/unistd.h>
|
||||
|
||||
static unsigned dir_class[] = {
|
||||
#include <asm-generic/audit_dir_write.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
static unsigned read_class[] = {
|
||||
#include <asm-generic/audit_read.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
static unsigned write_class[] = {
|
||||
#include <asm-generic/audit_write.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
static unsigned chattr_class[] = {
|
||||
#include <asm-generic/audit_change_attr.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
int audit_classify_syscall(int abi, unsigned syscall)
|
||||
{
|
||||
#ifdef CONFIG_PPC64
|
||||
extern int ppc32_classify_syscall(unsigned);
|
||||
if (abi == AUDIT_ARCH_PPC)
|
||||
return ppc32_classify_syscall(syscall);
|
||||
#endif
|
||||
switch(syscall) {
|
||||
case __NR_open:
|
||||
return 2;
|
||||
case __NR_openat:
|
||||
return 3;
|
||||
case __NR_socketcall:
|
||||
return 4;
|
||||
case __NR_execve:
|
||||
return 5;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
static int __init audit_classes_init(void)
|
||||
{
|
||||
#ifdef CONFIG_PPC64
|
||||
extern __u32 ppc32_dir_class[];
|
||||
extern __u32 ppc32_write_class[];
|
||||
extern __u32 ppc32_read_class[];
|
||||
extern __u32 ppc32_chattr_class[];
|
||||
audit_register_class(AUDIT_CLASS_WRITE_32, ppc32_write_class);
|
||||
audit_register_class(AUDIT_CLASS_READ_32, ppc32_read_class);
|
||||
audit_register_class(AUDIT_CLASS_DIR_WRITE_32, ppc32_dir_class);
|
||||
audit_register_class(AUDIT_CLASS_CHATTR_32, ppc32_chattr_class);
|
||||
#endif
|
||||
audit_register_class(AUDIT_CLASS_WRITE, write_class);
|
||||
audit_register_class(AUDIT_CLASS_READ, read_class);
|
||||
audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class);
|
||||
audit_register_class(AUDIT_CLASS_CHATTR, chattr_class);
|
||||
return 0;
|
||||
}
|
||||
|
||||
__initcall(audit_classes_init);
|
38
arch/powerpc/kernel/compat_audit.c
Normal file
38
arch/powerpc/kernel/compat_audit.c
Normal file
|
@ -0,0 +1,38 @@
|
|||
#undef __powerpc64__
|
||||
#include <asm/unistd.h>
|
||||
|
||||
unsigned ppc32_dir_class[] = {
|
||||
#include <asm-generic/audit_dir_write.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
unsigned ppc32_chattr_class[] = {
|
||||
#include <asm-generic/audit_change_attr.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
unsigned ppc32_write_class[] = {
|
||||
#include <asm-generic/audit_write.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
unsigned ppc32_read_class[] = {
|
||||
#include <asm-generic/audit_read.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
int ppc32_classify_syscall(unsigned syscall)
|
||||
{
|
||||
switch(syscall) {
|
||||
case __NR_open:
|
||||
return 2;
|
||||
case __NR_openat:
|
||||
return 3;
|
||||
case __NR_socketcall:
|
||||
return 4;
|
||||
case __NR_execve:
|
||||
return 5;
|
||||
default:
|
||||
return 1;
|
||||
}
|
||||
}
|
|
@ -16,9 +16,11 @@ extra-y += head.o init_task.o vmlinux.lds
|
|||
obj-$(CONFIG_MODULES) += s390_ksyms.o module.o
|
||||
obj-$(CONFIG_SMP) += smp.o
|
||||
|
||||
obj-$(CONFIG_AUDIT) += audit.o
|
||||
compat-obj-$(CONFIG_AUDIT) += compat_audit.o
|
||||
obj-$(CONFIG_COMPAT) += compat_linux.o compat_signal.o \
|
||||
compat_wrapper.o compat_exec_domain.o \
|
||||
binfmt_elf32.o
|
||||
binfmt_elf32.o $(compat-obj-y)
|
||||
|
||||
obj-$(CONFIG_VIRT_TIMER) += vtime.o
|
||||
obj-$(CONFIG_STACKTRACE) += stacktrace.o
|
||||
|
|
66
arch/s390/kernel/audit.c
Normal file
66
arch/s390/kernel/audit.c
Normal file
|
@ -0,0 +1,66 @@
|
|||
#include <linux/init.h>
|
||||
#include <linux/types.h>
|
||||
#include <linux/audit.h>
|
||||
#include <asm/unistd.h>
|
||||
|
||||
static unsigned dir_class[] = {
|
||||
#include <asm-generic/audit_dir_write.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
static unsigned read_class[] = {
|
||||
#include <asm-generic/audit_read.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
static unsigned write_class[] = {
|
||||
#include <asm-generic/audit_write.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
static unsigned chattr_class[] = {
|
||||
#include <asm-generic/audit_change_attr.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
int audit_classify_syscall(int abi, unsigned syscall)
|
||||
{
|
||||
#ifdef CONFIG_COMPAT
|
||||
extern int s390_classify_syscall(unsigned);
|
||||
if (abi == AUDIT_ARCH_S390)
|
||||
return s390_classify_syscall(syscall);
|
||||
#endif
|
||||
switch(syscall) {
|
||||
case __NR_open:
|
||||
return 2;
|
||||
case __NR_openat:
|
||||
return 3;
|
||||
case __NR_socketcall:
|
||||
return 4;
|
||||
case __NR_execve:
|
||||
return 5;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
static int __init audit_classes_init(void)
|
||||
{
|
||||
#ifdef CONFIG_COMPAT
|
||||
extern __u32 s390_dir_class[];
|
||||
extern __u32 s390_write_class[];
|
||||
extern __u32 s390_read_class[];
|
||||
extern __u32 s390_chattr_class[];
|
||||
audit_register_class(AUDIT_CLASS_WRITE_32, s390_write_class);
|
||||
audit_register_class(AUDIT_CLASS_READ_32, s390_read_class);
|
||||
audit_register_class(AUDIT_CLASS_DIR_WRITE_32, s390_dir_class);
|
||||
audit_register_class(AUDIT_CLASS_CHATTR_32, s390_chattr_class);
|
||||
#endif
|
||||
audit_register_class(AUDIT_CLASS_WRITE, write_class);
|
||||
audit_register_class(AUDIT_CLASS_READ, read_class);
|
||||
audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class);
|
||||
audit_register_class(AUDIT_CLASS_CHATTR, chattr_class);
|
||||
return 0;
|
||||
}
|
||||
|
||||
__initcall(audit_classes_init);
|
38
arch/s390/kernel/compat_audit.c
Normal file
38
arch/s390/kernel/compat_audit.c
Normal file
|
@ -0,0 +1,38 @@
|
|||
#undef __s390x__
|
||||
#include <asm/unistd.h>
|
||||
|
||||
unsigned s390_dir_class[] = {
|
||||
#include <asm-generic/audit_dir_write.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
unsigned s390_chattr_class[] = {
|
||||
#include <asm-generic/audit_change_attr.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
unsigned s390_write_class[] = {
|
||||
#include <asm-generic/audit_write.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
unsigned s390_read_class[] = {
|
||||
#include <asm-generic/audit_read.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
int s390_classify_syscall(unsigned syscall)
|
||||
{
|
||||
switch(syscall) {
|
||||
case __NR_open:
|
||||
return 2;
|
||||
case __NR_openat:
|
||||
return 3;
|
||||
case __NR_socketcall:
|
||||
return 4;
|
||||
case __NR_execve:
|
||||
return 5;
|
||||
default:
|
||||
return 1;
|
||||
}
|
||||
}
|
|
@ -9,3 +9,29 @@ unsigned ia32_chattr_class[] = {
|
|||
#include <asm-generic/audit_change_attr.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
unsigned ia32_write_class[] = {
|
||||
#include <asm-generic/audit_write.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
unsigned ia32_read_class[] = {
|
||||
#include <asm-generic/audit_read.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
int ia32_classify_syscall(unsigned syscall)
|
||||
{
|
||||
switch(syscall) {
|
||||
case __NR_open:
|
||||
return 2;
|
||||
case __NR_openat:
|
||||
return 3;
|
||||
case __NR_socketcall:
|
||||
return 4;
|
||||
case __NR_execve:
|
||||
return 5;
|
||||
default:
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -8,19 +8,54 @@ static unsigned dir_class[] = {
|
|||
~0U
|
||||
};
|
||||
|
||||
static unsigned read_class[] = {
|
||||
#include <asm-generic/audit_read.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
static unsigned write_class[] = {
|
||||
#include <asm-generic/audit_write.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
static unsigned chattr_class[] = {
|
||||
#include <asm-generic/audit_change_attr.h>
|
||||
~0U
|
||||
};
|
||||
|
||||
int audit_classify_syscall(int abi, unsigned syscall)
|
||||
{
|
||||
#ifdef CONFIG_IA32_EMULATION
|
||||
extern int ia32_classify_syscall(unsigned);
|
||||
if (abi == AUDIT_ARCH_I386)
|
||||
return ia32_classify_syscall(syscall);
|
||||
#endif
|
||||
switch(syscall) {
|
||||
case __NR_open:
|
||||
return 2;
|
||||
case __NR_openat:
|
||||
return 3;
|
||||
case __NR_execve:
|
||||
return 5;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
static int __init audit_classes_init(void)
|
||||
{
|
||||
#ifdef CONFIG_IA32_EMULATION
|
||||
extern __u32 ia32_dir_class[];
|
||||
extern __u32 ia32_write_class[];
|
||||
extern __u32 ia32_read_class[];
|
||||
extern __u32 ia32_chattr_class[];
|
||||
audit_register_class(AUDIT_CLASS_WRITE_32, ia32_write_class);
|
||||
audit_register_class(AUDIT_CLASS_READ_32, ia32_read_class);
|
||||
audit_register_class(AUDIT_CLASS_DIR_WRITE_32, ia32_dir_class);
|
||||
audit_register_class(AUDIT_CLASS_CHATTR_32, ia32_chattr_class);
|
||||
#endif
|
||||
audit_register_class(AUDIT_CLASS_WRITE, write_class);
|
||||
audit_register_class(AUDIT_CLASS_READ, read_class);
|
||||
audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class);
|
||||
audit_register_class(AUDIT_CLASS_CHATTR, chattr_class);
|
||||
return 0;
|
||||
|
|
8
include/asm-generic/audit_read.h
Normal file
8
include/asm-generic/audit_read.h
Normal file
|
@ -0,0 +1,8 @@
|
|||
__NR_readlink,
|
||||
__NR_quotactl,
|
||||
__NR_listxattr,
|
||||
__NR_llistxattr,
|
||||
__NR_flistxattr,
|
||||
__NR_getxattr,
|
||||
__NR_lgetxattr,
|
||||
__NR_fgetxattr,
|
11
include/asm-generic/audit_write.h
Normal file
11
include/asm-generic/audit_write.h
Normal file
|
@ -0,0 +1,11 @@
|
|||
#include <asm-generic/audit_dir_write.h>
|
||||
__NR_acct,
|
||||
__NR_swapon,
|
||||
__NR_quotactl,
|
||||
__NR_truncate,
|
||||
#ifdef __NR_truncate64
|
||||
__NR_truncate64,
|
||||
#endif
|
||||
#ifdef __NR_bind
|
||||
__NR_bind, /* bind can affect fs object only in one way... */
|
||||
#endif
|
|
@ -132,6 +132,10 @@
|
|||
#define AUDIT_CLASS_DIR_WRITE_32 1
|
||||
#define AUDIT_CLASS_CHATTR 2
|
||||
#define AUDIT_CLASS_CHATTR_32 3
|
||||
#define AUDIT_CLASS_READ 4
|
||||
#define AUDIT_CLASS_READ_32 5
|
||||
#define AUDIT_CLASS_WRITE 6
|
||||
#define AUDIT_CLASS_WRITE_32 7
|
||||
|
||||
/* This bitmask is used to validate user input. It represents all bits that
|
||||
* are currently used in an audit field constant understood by the kernel.
|
||||
|
@ -177,6 +181,7 @@
|
|||
#define AUDIT_EXIT 103
|
||||
#define AUDIT_SUCCESS 104 /* exit >= 0; value ignored */
|
||||
#define AUDIT_WATCH 105
|
||||
#define AUDIT_PERM 106
|
||||
|
||||
#define AUDIT_ARG0 200
|
||||
#define AUDIT_ARG1 (AUDIT_ARG0+1)
|
||||
|
@ -252,6 +257,11 @@
|
|||
#define AUDIT_ARCH_V850 (EM_V850|__AUDIT_ARCH_LE)
|
||||
#define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE)
|
||||
|
||||
#define AUDIT_PERM_EXEC 1
|
||||
#define AUDIT_PERM_WRITE 2
|
||||
#define AUDIT_PERM_READ 4
|
||||
#define AUDIT_PERM_ATTR 8
|
||||
|
||||
struct audit_status {
|
||||
__u32 mask; /* Bit mask for valid entries */
|
||||
__u32 enabled; /* 1 = enabled, 0 = disabled */
|
||||
|
@ -314,6 +324,7 @@ struct mqstat;
|
|||
#define AUDITSC_FAILURE 2
|
||||
#define AUDITSC_RESULT(x) ( ((long)(x))<0?AUDITSC_FAILURE:AUDITSC_SUCCESS )
|
||||
extern int __init audit_register_class(int class, unsigned *list);
|
||||
extern int audit_classify_syscall(int abi, unsigned syscall);
|
||||
#ifdef CONFIG_AUDITSYSCALL
|
||||
/* These are defined in auditsc.c */
|
||||
/* Public API */
|
||||
|
|
|
@ -1028,6 +1028,9 @@ void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf,
|
|||
struct sk_buff *skb;
|
||||
static const unsigned char *hex = "0123456789ABCDEF";
|
||||
|
||||
if (!ab)
|
||||
return;
|
||||
|
||||
BUG_ON(!ab->skb);
|
||||
skb = ab->skb;
|
||||
avail = skb_tailroom(skb);
|
||||
|
@ -1060,6 +1063,9 @@ static void audit_log_n_string(struct audit_buffer *ab, size_t slen,
|
|||
unsigned char *ptr;
|
||||
struct sk_buff *skb;
|
||||
|
||||
if (!ab)
|
||||
return;
|
||||
|
||||
BUG_ON(!ab->skb);
|
||||
skb = ab->skb;
|
||||
avail = skb_tailroom(skb);
|
||||
|
|
|
@ -104,6 +104,7 @@ static inline int audit_hash_ino(u32 ino)
|
|||
return (ino & (AUDIT_INODE_BUCKETS-1));
|
||||
}
|
||||
|
||||
extern int audit_match_class(int class, unsigned syscall);
|
||||
extern int audit_comparator(const u32 left, const u32 op, const u32 right);
|
||||
extern int audit_compare_dname_path(const char *dname, const char *path,
|
||||
int *dirlen);
|
||||
|
|
|
@ -302,6 +302,15 @@ int __init audit_register_class(int class, unsigned *list)
|
|||
return 0;
|
||||
}
|
||||
|
||||
int audit_match_class(int class, unsigned syscall)
|
||||
{
|
||||
if (unlikely(syscall >= AUDIT_BITMASK_SIZE * sizeof(__u32)))
|
||||
return 0;
|
||||
if (unlikely(class >= AUDIT_SYSCALL_CLASSES || !classes[class]))
|
||||
return 0;
|
||||
return classes[class][AUDIT_WORD(syscall)] & AUDIT_BIT(syscall);
|
||||
}
|
||||
|
||||
/* Common user-space to kernel rule translation. */
|
||||
static inline struct audit_entry *audit_to_entry_common(struct audit_rule *rule)
|
||||
{
|
||||
|
@ -404,6 +413,7 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule)
|
|||
case AUDIT_PERS:
|
||||
case AUDIT_ARCH:
|
||||
case AUDIT_MSGTYPE:
|
||||
case AUDIT_PPID:
|
||||
case AUDIT_DEVMAJOR:
|
||||
case AUDIT_DEVMINOR:
|
||||
case AUDIT_EXIT:
|
||||
|
@ -413,6 +423,10 @@ static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule)
|
|||
case AUDIT_ARG2:
|
||||
case AUDIT_ARG3:
|
||||
break;
|
||||
case AUDIT_PERM:
|
||||
if (f->val & ~15)
|
||||
goto exit_free;
|
||||
break;
|
||||
case AUDIT_INODE:
|
||||
err = audit_to_inode(&entry->rule, f);
|
||||
if (err)
|
||||
|
@ -567,6 +581,10 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
|
|||
entry->rule.buflen += f->val;
|
||||
entry->rule.filterkey = str;
|
||||
break;
|
||||
case AUDIT_PERM:
|
||||
if (f->val & ~15)
|
||||
goto exit_free;
|
||||
break;
|
||||
default:
|
||||
goto exit_free;
|
||||
}
|
||||
|
@ -913,7 +931,7 @@ static void audit_update_watch(struct audit_parent *parent,
|
|||
}
|
||||
|
||||
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
|
||||
audit_log_format(ab, "audit updated rules specifying watch=");
|
||||
audit_log_format(ab, "audit updated rules specifying path=");
|
||||
audit_log_untrustedstring(ab, owatch->path);
|
||||
audit_log_format(ab, " with dev=%u ino=%lu\n", dev, ino);
|
||||
audit_log_end(ab);
|
||||
|
@ -936,19 +954,28 @@ static void audit_remove_parent_watches(struct audit_parent *parent)
|
|||
struct audit_watch *w, *nextw;
|
||||
struct audit_krule *r, *nextr;
|
||||
struct audit_entry *e;
|
||||
struct audit_buffer *ab;
|
||||
|
||||
mutex_lock(&audit_filter_mutex);
|
||||
parent->flags |= AUDIT_PARENT_INVALID;
|
||||
list_for_each_entry_safe(w, nextw, &parent->watches, wlist) {
|
||||
list_for_each_entry_safe(r, nextr, &w->rules, rlist) {
|
||||
e = container_of(r, struct audit_entry, rule);
|
||||
|
||||
ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
|
||||
audit_log_format(ab, "audit implicitly removed rule path=");
|
||||
audit_log_untrustedstring(ab, w->path);
|
||||
if (r->filterkey) {
|
||||
audit_log_format(ab, " key=");
|
||||
audit_log_untrustedstring(ab, r->filterkey);
|
||||
} else
|
||||
audit_log_format(ab, " key=(null)");
|
||||
audit_log_format(ab, " list=%d", r->listnr);
|
||||
audit_log_end(ab);
|
||||
|
||||
list_del(&r->rlist);
|
||||
list_del_rcu(&e->list);
|
||||
call_rcu(&e->rcu, audit_free_rule_rcu);
|
||||
|
||||
audit_log(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE,
|
||||
"audit implicitly removed rule from list=%d\n",
|
||||
AUDIT_FILTER_EXIT);
|
||||
}
|
||||
audit_remove_watch(w);
|
||||
}
|
||||
|
|
|
@ -209,6 +209,54 @@ struct audit_context {
|
|||
#endif
|
||||
};
|
||||
|
||||
#define ACC_MODE(x) ("\004\002\006\006"[(x)&O_ACCMODE])
|
||||
static inline int open_arg(int flags, int mask)
|
||||
{
|
||||
int n = ACC_MODE(flags);
|
||||
if (flags & (O_TRUNC | O_CREAT))
|
||||
n |= AUDIT_PERM_WRITE;
|
||||
return n & mask;
|
||||
}
|
||||
|
||||
static int audit_match_perm(struct audit_context *ctx, int mask)
|
||||
{
|
||||
unsigned n = ctx->major;
|
||||
switch (audit_classify_syscall(ctx->arch, n)) {
|
||||
case 0: /* native */
|
||||
if ((mask & AUDIT_PERM_WRITE) &&
|
||||
audit_match_class(AUDIT_CLASS_WRITE, n))
|
||||
return 1;
|
||||
if ((mask & AUDIT_PERM_READ) &&
|
||||
audit_match_class(AUDIT_CLASS_READ, n))
|
||||
return 1;
|
||||
if ((mask & AUDIT_PERM_ATTR) &&
|
||||
audit_match_class(AUDIT_CLASS_CHATTR, n))
|
||||
return 1;
|
||||
return 0;
|
||||
case 1: /* 32bit on biarch */
|
||||
if ((mask & AUDIT_PERM_WRITE) &&
|
||||
audit_match_class(AUDIT_CLASS_WRITE_32, n))
|
||||
return 1;
|
||||
if ((mask & AUDIT_PERM_READ) &&
|
||||
audit_match_class(AUDIT_CLASS_READ_32, n))
|
||||
return 1;
|
||||
if ((mask & AUDIT_PERM_ATTR) &&
|
||||
audit_match_class(AUDIT_CLASS_CHATTR_32, n))
|
||||
return 1;
|
||||
return 0;
|
||||
case 2: /* open */
|
||||
return mask & ACC_MODE(ctx->argv[1]);
|
||||
case 3: /* openat */
|
||||
return mask & ACC_MODE(ctx->argv[2]);
|
||||
case 4: /* socketcall */
|
||||
return ((mask & AUDIT_PERM_WRITE) && ctx->argv[0] == SYS_BIND);
|
||||
case 5: /* execve */
|
||||
return mask & AUDIT_PERM_EXEC;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
/* Determine if any context name data matches a rule's watch data */
|
||||
/* Compare a task_struct with an audit_rule. Return 1 on match, 0
|
||||
* otherwise. */
|
||||
|
@ -397,6 +445,9 @@ static int audit_filter_rules(struct task_struct *tsk,
|
|||
/* ignore this field for filtering */
|
||||
result = 1;
|
||||
break;
|
||||
case AUDIT_PERM:
|
||||
result = audit_match_perm(ctx, f->val);
|
||||
break;
|
||||
}
|
||||
|
||||
if (!result)
|
||||
|
|
Loading…
Reference in a new issue