Commit b122c376 authored by Eric Paris's avatar Eric Paris
Browse files

audit: use a consistent audit helper to log lsm information 



We have a number of places we were reimplementing the same code to write
out lsm labels.  Just do it one darn place.

Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent 152f497b

include/linux/audit.h

+5 −3
Original line number Diff line number Diff line
@@ -188,7 +188,7 @@ static inline int audit_get_sessionid(struct task_struct *tsk) 
	return tsk->sessionid;

}



extern void audit_log_task_context(struct audit_buffer *ab);

extern int audit_log_task_context(struct audit_buffer *ab);

extern void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk);

extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);

extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
@@ -344,8 +344,10 @@ static inline int audit_get_sessionid(struct task_struct *tsk) 
{

	return -1;

}

static inline void audit_log_task_context(struct audit_buffer *ab)

{ }

static int void audit_log_task_context(struct audit_buffer *ab)

{

	return 0;

}

static inline void audit_log_task_info(struct audit_buffer *ab,

				       struct task_struct *tsk)

{ }

kernel/audit.c

+4 −30
Original line number Diff line number Diff line
@@ -271,29 +271,15 @@ static int audit_log_config_change(char *function_name, int new, int old, 
	int rc = 0;

	u32 sessionid = audit_get_sessionid(current);

	uid_t auid = from_kuid(&init_user_ns, audit_get_loginuid(current));

	u32 sid;





	ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);

	if (unlikely(!ab))

		return rc;

	audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new,

			 old, auid, sessionid);



	security_task_getsecid(current, &sid);

	if (sid) {

		char *ctx = NULL;

		u32 len;



		rc = security_secid_to_secctx(sid, &ctx, &len);

		if (rc) {

			audit_log_format(ab, " sid=%u", sid);

	rc = audit_log_task_context(ab);

	if (rc)

		allow_changes = 0; /* Something weird, deny request */

		} else {

			audit_log_format(ab, " subj=%s", ctx);

			security_release_secctx(ctx, len);

		}

	}

	audit_log_format(ab, " res=%d", allow_changes);

	audit_log_end(ab);

	return rc;
@@ -625,12 +611,9 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type) 
static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type)

{

	int rc = 0;

	char *ctx = NULL;

	u32 len;

	u32 sessionid = audit_get_sessionid(current);

	uid_t uid = from_kuid(&init_user_ns, current_uid());

	uid_t auid = from_kuid(&init_user_ns, audit_get_loginuid(current));

	u32 sid;



	if (!audit_enabled) {

		*ab = NULL;
@@ -642,16 +625,7 @@ static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type) 
		return rc;

	audit_log_format(*ab, "pid=%d uid=%u auid=%u ses=%u",

			 task_tgid_vnr(current), uid, auid, sessionid);

	security_task_getsecid(current, &sid);

	if (sid) {

		rc = security_secid_to_secctx(sid, &ctx, &len);

		if (rc)

			audit_log_format(*ab, " ssid=%u", sid);

		else {

			audit_log_format(*ab, " subj=%s", ctx);

			security_release_secctx(ctx, len);

		}

	}

	audit_log_task_context(*ab);



	return rc;

}

kernel/auditfilter.c

+1 −12
Original line number Diff line number Diff line
@@ -985,7 +985,6 @@ static void audit_log_rule_change(char *action, struct audit_krule *rule, int re 
	struct audit_buffer *ab;

	uid_t loginuid = from_kuid(&init_user_ns, audit_get_loginuid(current));

	u32 sessionid = audit_get_sessionid(current);

	u32 sid;



	if (!audit_enabled)

		return;
@@ -994,17 +993,7 @@ static void audit_log_rule_change(char *action, struct audit_krule *rule, int re 
	if (!ab)

		return;

	audit_log_format(ab, "auid=%u ses=%u" ,loginuid, sessionid);

	security_task_getsecid(current, &sid);

	if (sid) {

		char *ctx = NULL;

		u32 len;

		if (security_secid_to_secctx(sid, &ctx, &len))

			audit_log_format(ab, " ssid=%u", sid);

		else {

			audit_log_format(ab, " subj=%s", ctx);

			security_release_secctx(ctx, len);

		}

	}

	audit_log_task_context(ab);

	audit_log_format(ab, " op=");

	audit_log_string(ab, action);

	audit_log_key(ab, rule->filterkey);

kernel/auditsc.c

+5 −5
Original line number Diff line number Diff line
@@ -1109,7 +1109,7 @@ static inline void audit_free_context(struct audit_context *context) 
	kfree(context);

}



void audit_log_task_context(struct audit_buffer *ab)

int audit_log_task_context(struct audit_buffer *ab)

{

	char *ctx = NULL;

	unsigned len;
@@ -1118,22 +1118,22 @@ void audit_log_task_context(struct audit_buffer *ab) 


	security_task_getsecid(current, &sid);

	if (!sid)

		return;

		return 0;



	error = security_secid_to_secctx(sid, &ctx, &len);

	if (error) {

		if (error != -EINVAL)

			goto error_path;

		return;

		return 0;

	}



	audit_log_format(ab, " subj=%s", ctx);

	security_release_secctx(ctx, len);

	return;

	return 0;



error_path:

	audit_panic("error in audit_log_task_context");

	return;

	return error;

}



EXPORT_SYMBOL(audit_log_task_context);