summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChris Wright <chrisw@osdl.org>2005-05-11 10:55:10 +0100
committerDavid Woodhouse <dwmw2@shinybook.infradead.org>2005-05-11 10:55:10 +0100
commitc1b773d87eadc3972d697444127e89a7291769a2 (patch)
treeedfce2e842c3b6be70f3b90584507aab9fb3de8f
parent197c69c6afd2deb7eec44040ff533d90d26c6161 (diff)
downloadlwn-c1b773d87eadc3972d697444127e89a7291769a2.tar.gz
lwn-c1b773d87eadc3972d697444127e89a7291769a2.zip
Add audit_log_type
Add audit_log_type to allow callers to specify type and pid when logging. Convert audit_log to wrapper around audit_log_type. Could have converted all audit_log callers directly, but common case is default of type AUDIT_KERNEL and pid 0. Update audit_log_start to take type and pid values when creating a new audit_buffer. Move sequences that did audit_log_start, audit_log_format, audit_set_type, audit_log_end, to simply call audit_log_type directly. This obsoletes audit_set_type and audit_set_pid, so remove them. Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
-rw-r--r--include/linux/audit.h16
-rw-r--r--kernel/audit.c48
-rw-r--r--kernel/auditsc.c23
-rw-r--r--security/selinux/avc.c2
4 files changed, 33 insertions, 56 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 58c5589b531f..405332ebf3c6 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -216,11 +216,14 @@ extern void audit_signal_info(int sig, struct task_struct *t);
#ifdef CONFIG_AUDIT
/* These are defined in audit.c */
/* Public API */
-extern void audit_log(struct audit_context *ctx,
- const char *fmt, ...)
- __attribute__((format(printf,2,3)));
+#define audit_log(ctx, fmt, args...) \
+ audit_log_type(ctx, AUDIT_KERNEL, 0, fmt, ##args)
+extern void audit_log_type(struct audit_context *ctx, int type,
+ int pid, const char *fmt, ...)
+ __attribute__((format(printf,4,5)));
-extern struct audit_buffer *audit_log_start(struct audit_context *ctx);
+extern struct audit_buffer *audit_log_start(struct audit_context *ctx, int type,
+ int pid);
extern void audit_log_format(struct audit_buffer *ab,
const char *fmt, ...)
__attribute__((format(printf,2,3)));
@@ -240,8 +243,9 @@ extern void audit_send_reply(int pid, int seq, int type,
void *payload, int size);
extern void audit_log_lost(const char *message);
#else
-#define audit_log(t,f,...) do { ; } while (0)
-#define audit_log_start(t) ({ NULL; })
+#define audit_log(c,f,...) do { ; } while (0)
+#define audit_log_type(c,t,p,f,...) do { ; } while (0)
+#define audit_log_start(c,t,p) ({ NULL; })
#define audit_log_vformat(b,f,a) do { ; } while (0)
#define audit_log_format(b,f,...) do { ; } while (0)
#define audit_log_end(b) do { ; } while (0)
diff --git a/kernel/audit.c b/kernel/audit.c
index c18b769e23a2..060b554f481e 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -140,18 +140,6 @@ struct audit_buffer {
struct audit_context *ctx; /* NULL or associated context */
};
-void audit_set_type(struct audit_buffer *ab, int type)
-{
- struct nlmsghdr *nlh = (struct nlmsghdr *)ab->skb->data;
- nlh->nlmsg_type = type;
-}
-
-static void audit_set_pid(struct audit_buffer *ab, pid_t pid)
-{
- struct nlmsghdr *nlh = (struct nlmsghdr *)ab->skb->data;
- nlh->nlmsg_pid = pid;
-}
-
struct audit_entry {
struct list_head list;
struct audit_rule rule;
@@ -344,7 +332,6 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
void *data;
struct audit_status *status_get, status_set;
int err;
- struct audit_buffer *ab;
u16 msg_type = nlh->nlmsg_type;
uid_t loginuid; /* loginuid of sender */
struct audit_sig_info sig_data;
@@ -396,19 +383,13 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
loginuid);
break;
case AUDIT_USER:
- ab = audit_log_start(NULL);
- if (!ab)
- break; /* audit_panic has been called */
- audit_log_format(ab,
+ audit_log_type(NULL, AUDIT_USER, pid,
"user pid=%d uid=%d length=%d loginuid=%u"
" msg='%.1024s'",
pid, uid,
(int)(nlh->nlmsg_len
- ((char *)data - (char *)nlh)),
loginuid, (char *)data);
- audit_set_type(ab, AUDIT_USER);
- audit_set_pid(ab, pid);
- audit_log_end(ab);
break;
case AUDIT_ADD:
case AUDIT_DEL:
@@ -560,12 +541,10 @@ static void audit_buffer_free(struct audit_buffer *ab)
spin_unlock_irqrestore(&audit_freelist_lock, flags);
}
-static struct audit_buffer * audit_buffer_alloc(struct audit_context *ctx,
- int gfp_mask)
+static struct audit_buffer * audit_buffer_alloc(int gfp_mask)
{
unsigned long flags;
struct audit_buffer *ab = NULL;
- struct nlmsghdr *nlh;
spin_lock_irqsave(&audit_freelist_lock, flags);
if (!list_empty(&audit_freelist)) {
@@ -587,12 +566,6 @@ static struct audit_buffer * audit_buffer_alloc(struct audit_context *ctx,
if (!ab->skb)
goto err;
- ab->ctx = ctx;
- nlh = (struct nlmsghdr *)skb_put(ab->skb, NLMSG_SPACE(0));
- nlh->nlmsg_type = AUDIT_KERNEL;
- nlh->nlmsg_flags = 0;
- nlh->nlmsg_pid = 0;
- nlh->nlmsg_seq = 0;
return ab;
err:
audit_buffer_free(ab);
@@ -605,11 +578,12 @@ err:
* syscall, then the syscall is marked as auditable and an audit record
* will be written at syscall exit. If there is no associated task, tsk
* should be NULL. */
-struct audit_buffer *audit_log_start(struct audit_context *ctx)
+struct audit_buffer *audit_log_start(struct audit_context *ctx, int type, int pid)
{
struct audit_buffer *ab = NULL;
struct timespec t;
unsigned int serial;
+ struct nlmsghdr *nlh;
if (!audit_initialized)
return NULL;
@@ -626,12 +600,19 @@ struct audit_buffer *audit_log_start(struct audit_context *ctx)
return NULL;
}
- ab = audit_buffer_alloc(ctx, GFP_ATOMIC);
+ ab = audit_buffer_alloc(GFP_ATOMIC);
if (!ab) {
audit_log_lost("out of memory in audit_log_start");
return NULL;
}
+ ab->ctx = ctx;
+ nlh = (struct nlmsghdr *)skb_put(ab->skb, NLMSG_SPACE(0));
+ nlh->nlmsg_type = type;
+ nlh->nlmsg_flags = 0;
+ nlh->nlmsg_pid = pid;
+ nlh->nlmsg_seq = 0;
+
if (!audit_get_stamp(ab->ctx, &t, &serial)) {
t = CURRENT_TIME;
serial = 0;
@@ -828,12 +809,13 @@ void audit_log_end(struct audit_buffer *ab)
/* Log an audit record. This is a convenience function that calls
* audit_log_start, audit_log_vformat, and audit_log_end. It may be
* called in any context. */
-void audit_log(struct audit_context *ctx, const char *fmt, ...)
+void audit_log_type(struct audit_context *ctx, int type, int pid,
+ const char *fmt, ...)
{
struct audit_buffer *ab;
va_list args;
- ab = audit_log_start(ctx);
+ ab = audit_log_start(ctx, type, pid);
if (ab) {
va_start(args, fmt);
audit_log_vformat(ab, fmt, args);
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 94338abf76f5..d089263253a7 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -648,7 +648,7 @@ static void audit_log_exit(struct audit_context *context)
int i;
struct audit_buffer *ab;
- ab = audit_log_start(context);
+ ab = audit_log_start(context, AUDIT_KERNEL, 0);
if (!ab)
return; /* audit_panic has been called */
audit_log_format(ab, "syscall=%d", context->major);
@@ -680,7 +680,7 @@ static void audit_log_exit(struct audit_context *context)
while (context->aux) {
struct audit_aux_data *aux;
- ab = audit_log_start(context);
+ ab = audit_log_start(context, AUDIT_KERNEL, 0);
if (!ab)
continue; /* audit_panic has been called */
@@ -701,7 +701,7 @@ static void audit_log_exit(struct audit_context *context)
}
for (i = 0; i < context->name_count; i++) {
- ab = audit_log_start(context);
+ ab = audit_log_start(context, AUDIT_KERNEL, 0);
if (!ab)
continue; /* audit_panic has been called */
audit_log_format(ab, "item=%d", i);
@@ -1005,22 +1005,13 @@ int audit_get_stamp(struct audit_context *ctx,
return 0;
}
-extern int audit_set_type(struct audit_buffer *ab, int type);
-
int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
{
if (task->audit_context) {
- struct audit_buffer *ab;
-
- ab = audit_log_start(NULL);
- if (ab) {
- audit_log_format(ab, "login pid=%d uid=%u "
- "old loginuid=%u new loginuid=%u",
- task->pid, task->uid,
- task->audit_context->loginuid, loginuid);
- audit_set_type(ab, AUDIT_LOGIN);
- audit_log_end(ab);
- }
+ audit_log_type(NULL, AUDIT_LOGIN, 0,
+ "login pid=%d uid=%u old loginuid=%u new loginuid=%u",
+ task->pid, task->uid, task->audit_context->loginuid,
+ loginuid);
task->audit_context->loginuid = loginuid;
}
return 0;
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 85a6f66a873f..9e71a1bbe011 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -549,7 +549,7 @@ void avc_audit(u32 ssid, u32 tsid,
return;
}
- ab = audit_log_start(current->audit_context);
+ ab = audit_log_start(current->audit_context, AUDIT_KERNEL, 0);
if (!ab)
return; /* audit_panic has been called */
audit_log_format(ab, "avc: %s ", denied ? "denied" : "granted");