Merge tag 'audit-pr-20190702' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit (61fc5771) · Commits · 戴 / test

include/linux/audit.h

+9 −0

Original line number	Diff line number	Diff line
		@@ -182,6 +182,9 @@ static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
		}

		extern u32 audit_enabled;

		extern int audit_signal_info(int sig, struct task_struct *t);

		#else /* CONFIG_AUDIT */
		static inline __printf(4, 5)
		void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
		@@ -235,6 +238,12 @@ static inline unsigned int audit_get_sessionid(struct task_struct *tsk)
		}

		#define audit_enabled AUDIT_OFF

		static inline int audit_signal_info(int sig, struct task_struct *t)
		{
		return 0;
		}

		#endif /* CONFIG_AUDIT */

		#ifdef CONFIG_AUDIT_COMPAT_GENERIC

include/uapi/linux/audit.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -281,6 +281,7 @@
		#define AUDIT_OBJ_GID 110
		#define AUDIT_FIELD_COMPARE 111
		#define AUDIT_EXE 112
		#define AUDIT_SADDR_FAM 113

		#define AUDIT_ARG0 200
		#define AUDIT_ARG1 (AUDIT_ARG0+1)

kernel/audit.c

+27 −0

Original line number	Diff line number	Diff line
		@@ -2260,6 +2260,33 @@ out:
		return rc;
		}

		/**
		* audit_signal_info - record signal info for shutting down audit subsystem
		* @sig: signal value
		* @t: task being signaled
		*
		* If the audit subsystem is being terminated, record the task (pid)
		* and uid that is doing that.
		*/
		int audit_signal_info(int sig, struct task_struct *t)
		{
		kuid_t uid = current_uid(), auid;

		if (auditd_test_task(t) &&
		(sig == SIGTERM \|\| sig == SIGHUP \|\|
		sig == SIGUSR1 \|\| sig == SIGUSR2)) {
		audit_sig_pid = task_tgid_nr(current);
		auid = audit_get_loginuid(current);
		if (uid_valid(auid))
		audit_sig_uid = auid;
		else
		audit_sig_uid = uid;
		security_task_getsecid(current, &audit_sig_sid);
		}

		return audit_signal_info_syscall(t);
		}

		/**
		* audit_log_end - end one audit record
		* @ab: the audit_buffer

kernel/audit.h

+6 −2

Original line number	Diff line number	Diff line
		@@ -286,7 +286,7 @@ extern const char audit_tree_path(struct audit_tree tree);
		extern void audit_put_tree(struct audit_tree *tree);
		extern void audit_kill_trees(struct audit_context *context);

		extern int audit_signal_info(int sig, struct task_struct *t);
		extern int audit_signal_info_syscall(struct task_struct *t);
		extern void audit_filter_inodes(struct task_struct *tsk,
		struct audit_context *ctx);
		extern struct list_head *audit_killed_trees(void);
		@@ -317,7 +317,11 @@ extern struct list_head *audit_killed_trees(void);
		#define audit_tree_path(rule) "" /* never called */
		#define audit_kill_trees(context) BUG()

		#define audit_signal_info(s, t) AUDIT_DISABLED
		static inline int audit_signal_info_syscall(struct task_struct *t)
		{
		return 0;
		}

		#define audit_filter_inodes(t, c) AUDIT_DISABLED
		#endif /* CONFIG_AUDITSYSCALL */

kernel/auditfilter.c

+38 −24

Original line number	Diff line number	Diff line
		@@ -345,9 +345,16 @@ static int audit_field_valid(struct audit_entry entry, struct audit_field f)
		}
		}

		/* Check for valid field type and op */
		switch (f->type) {
		default:
		return -EINVAL;
		case AUDIT_ARG0:
		case AUDIT_ARG1:
		case AUDIT_ARG2:
		case AUDIT_ARG3:
		case AUDIT_PERS: /* <uapi/linux/personality.h> */
		case AUDIT_DEVMINOR:
		/* all ops are valid */
		break;
		case AUDIT_UID:
		case AUDIT_EUID:
		case AUDIT_SUID:
		@@ -360,46 +367,53 @@ static int audit_field_valid(struct audit_entry entry, struct audit_field f)
		case AUDIT_FSGID:
		case AUDIT_OBJ_GID:
		case AUDIT_PID:
		case AUDIT_PERS:
		case AUDIT_MSGTYPE:
		case AUDIT_PPID:
		case AUDIT_DEVMAJOR:
		case AUDIT_DEVMINOR:
		case AUDIT_EXIT:
		case AUDIT_SUCCESS:
		case AUDIT_INODE:
		case AUDIT_SESSIONID:
		case AUDIT_SUBJ_SEN:
		case AUDIT_SUBJ_CLR:
		case AUDIT_OBJ_LEV_LOW:
		case AUDIT_OBJ_LEV_HIGH:
		case AUDIT_SADDR_FAM:
		/* bit ops are only useful on syscall args */
		if (f->op == Audit_bitmask \|\| f->op == Audit_bittest)
		return -EINVAL;
		break;
		case AUDIT_ARG0:
		case AUDIT_ARG1:
		case AUDIT_ARG2:
		case AUDIT_ARG3:
		case AUDIT_SUBJ_USER:
		case AUDIT_SUBJ_ROLE:
		case AUDIT_SUBJ_TYPE:
		case AUDIT_SUBJ_SEN:
		case AUDIT_SUBJ_CLR:
		case AUDIT_OBJ_USER:
		case AUDIT_OBJ_ROLE:
		case AUDIT_OBJ_TYPE:
		case AUDIT_OBJ_LEV_LOW:
		case AUDIT_OBJ_LEV_HIGH:
		case AUDIT_WATCH:
		case AUDIT_DIR:
		case AUDIT_FILTERKEY:
		break;
		case AUDIT_LOGINUID_SET:
		if ((f->val != 0) && (f->val != 1))
		return -EINVAL;
		/* FALL THROUGH */
		case AUDIT_ARCH:
		case AUDIT_FSTYPE:
		case AUDIT_PERM:
		case AUDIT_FILETYPE:
		case AUDIT_FIELD_COMPARE:
		case AUDIT_EXE:
		/* only equal and not equal valid ops */
		if (f->op != Audit_not_equal && f->op != Audit_equal)
		return -EINVAL;
		break;
		default:
		/* field not recognized */
		return -EINVAL;
		}

		/* Check for select valid field values */
		switch (f->type) {
		case AUDIT_LOGINUID_SET:
		if ((f->val != 0) && (f->val != 1))
		return -EINVAL;
		break;
		case AUDIT_PERM:
		if (f->val & ~15)
		return -EINVAL;
		@@ -412,11 +426,14 @@ static int audit_field_valid(struct audit_entry entry, struct audit_field f)
		if (f->val > AUDIT_MAX_FIELD_COMPARE)
		return -EINVAL;
		break;
		case AUDIT_EXE:
		if (f->op != Audit_not_equal && f->op != Audit_equal)
		case AUDIT_SADDR_FAM:
		if (f->val >= AF_MAX)
		return -EINVAL;
		break;
		default:
		break;
		}

		return 0;
		}

		@@ -1190,7 +1207,6 @@ int audit_comparator(u32 left, u32 op, u32 right)
		case Audit_bittest:
		return ((left & right) == right);
		default:
		BUG();
		return 0;
		}
		}
		@@ -1213,7 +1229,6 @@ int audit_uid_comparator(kuid_t left, u32 op, kuid_t right)
		case Audit_bitmask:
		case Audit_bittest:
		default:
		BUG();
		return 0;
		}
		}
		@@ -1236,7 +1251,6 @@ int audit_gid_comparator(kgid_t left, u32 op, kgid_t right)
		case Audit_bitmask:
		case Audit_bittest:
		default:
		BUG();
		return 0;
		}
		}

Admin message