audit: export audit_log_task_info
At the suggestion of eparis@redhat.com, move this chunk of task logging from audit_log_exit to audit_log_task_info and export this function so it's usuable elsewhere in the kernel. This patch is against git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity#next-ima-appraisal Changelog v2: - add empty audit_log_task_info if CONFIG_AUDITSYSCALL isn't set. Changelog v1: - Initial post. Signed-off-by: Peter Moody <pmoody@google.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
Peter Moody
Mimi Zohar
parent
a40695edad
commit
e23eb920b0
@ -529,6 +529,7 @@ extern int audit_set_loginuid(uid_t loginuid);
|
||||
#define audit_get_loginuid(t) ((t)->loginuid)
|
||||
#define audit_get_sessionid(t) ((t)->sessionid)
|
||||
extern void audit_log_task_context(struct audit_buffer *ab);
|
||||
extern void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk);
|
||||
extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
|
||||
extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
|
||||
extern int __audit_bprm(struct linux_binprm *bprm);
|
||||
@ -640,6 +641,7 @@ extern int audit_signals;
|
||||
#define audit_get_loginuid(t) (-1)
|
||||
#define audit_get_sessionid(t) (-1)
|
||||
#define audit_log_task_context(b) do { ; } while (0)
|
||||
#define audit_log_task_info(b, t) do { ; } while (0)
|
||||
#define audit_ipc_obj(i) ((void)0)
|
||||
#define audit_ipc_set_perm(q,u,g,m) ((void)0)
|
||||
#define audit_bprm(p) ({ 0; })
|
||||
|
||||
@ -1154,13 +1154,38 @@ error_path:
|
||||
|
||||
EXPORT_SYMBOL(audit_log_task_context);
|
||||
|
||||
static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
|
||||
void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
|
||||
{
|
||||
const struct cred *cred;
|
||||
char name[sizeof(tsk->comm)];
|
||||
struct mm_struct *mm = tsk->mm;
|
||||
struct vm_area_struct *vma;
|
||||
char *tty;
|
||||
|
||||
if (!ab)
|
||||
return;
|
||||
|
||||
/* tsk == current */
|
||||
cred = current_cred();
|
||||
|
||||
spin_lock_irq(&tsk->sighand->siglock);
|
||||
if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
|
||||
tty = tsk->signal->tty->name;
|
||||
else
|
||||
tty = "(none)";
|
||||
spin_unlock_irq(&tsk->sighand->siglock);
|
||||
|
||||
|
||||
audit_log_format(ab,
|
||||
" ppid=%ld pid=%d auid=%u uid=%u gid=%u"
|
||||
" euid=%u suid=%u fsuid=%u"
|
||||
" egid=%u sgid=%u fsgid=%u ses=%u tty=%s",
|
||||
sys_getppid(),
|
||||
tsk->pid,
|
||||
tsk->loginuid, cred->uid, cred->gid,
|
||||
cred->euid, cred->suid, cred->fsuid,
|
||||
cred->egid, cred->sgid, cred->fsgid,
|
||||
tsk->sessionid, tty);
|
||||
|
||||
get_task_comm(name, tsk);
|
||||
audit_log_format(ab, " comm=");
|
||||
@ -1183,6 +1208,8 @@ static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk
|
||||
audit_log_task_context(ab);
|
||||
}
|
||||
|
||||
EXPORT_SYMBOL(audit_log_task_info);
|
||||
|
||||
static int audit_log_pid_context(struct audit_context *context, pid_t pid,
|
||||
uid_t auid, uid_t uid, unsigned int sessionid,
|
||||
u32 sid, char *comm)
|
||||
@ -1585,26 +1612,12 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
|
||||
|
||||
static void audit_log_exit(struct audit_context *context, struct task_struct *tsk)
|
||||
{
|
||||
const struct cred *cred;
|
||||
int i, call_panic = 0;
|
||||
struct audit_buffer *ab;
|
||||
struct audit_aux_data *aux;
|
||||
const char *tty;
|
||||
struct audit_names *n;
|
||||
|
||||
/* tsk == current */
|
||||
context->pid = tsk->pid;
|
||||
if (!context->ppid)
|
||||
context->ppid = sys_getppid();
|
||||
cred = current_cred();
|
||||
context->uid = cred->uid;
|
||||
context->gid = cred->gid;
|
||||
context->euid = cred->euid;
|
||||
context->suid = cred->suid;
|
||||
context->fsuid = cred->fsuid;
|
||||
context->egid = cred->egid;
|
||||
context->sgid = cred->sgid;
|
||||
context->fsgid = cred->fsgid;
|
||||
context->personality = tsk->personality;
|
||||
|
||||
ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL);
|
||||
@ -1619,32 +1632,13 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
|
||||
(context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
|
||||
context->return_code);
|
||||
|
||||
spin_lock_irq(&tsk->sighand->siglock);
|
||||
if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
|
||||
tty = tsk->signal->tty->name;
|
||||
else
|
||||
tty = "(none)";
|
||||
spin_unlock_irq(&tsk->sighand->siglock);
|
||||
|
||||
audit_log_format(ab,
|
||||
" a0=%lx a1=%lx a2=%lx a3=%lx items=%d"
|
||||
" ppid=%d pid=%d auid=%u uid=%u gid=%u"
|
||||
" euid=%u suid=%u fsuid=%u"
|
||||
" egid=%u sgid=%u fsgid=%u tty=%s ses=%u",
|
||||
context->argv[0],
|
||||
context->argv[1],
|
||||
context->argv[2],
|
||||
context->argv[3],
|
||||
context->name_count,
|
||||
context->ppid,
|
||||
context->pid,
|
||||
tsk->loginuid,
|
||||
context->uid,
|
||||
context->gid,
|
||||
context->euid, context->suid, context->fsuid,
|
||||
context->egid, context->sgid, context->fsgid, tty,
|
||||
tsk->sessionid);
|
||||
|
||||
" a0=%lx a1=%lx a2=%lx a3=%lx items=%d",
|
||||
context->argv[0],
|
||||
context->argv[1],
|
||||
context->argv[2],
|
||||
context->argv[3],
|
||||
context->name_count);
|
||||
|
||||
audit_log_task_info(ab, tsk);
|
||||
audit_log_key(ab, context->filterkey);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user