Commit 8c326850 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'audit-pr-20180814' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit 

Pull audit patches from Paul Moore:
 "Twelve audit patches for v4.19 and they run the full gamut from fixes
  to features.

  Notable changes include the ability to use the "exe" audit filter
  field in a wider variety of filter types, a fix for our comparison of
  GID/EGID in audit filter rules, better association of related audit
  records (connecting related audit records together into one audit
  event), and a fix for a potential use-after-free in audit_add_watch().

  All the patches pass the audit-testsuite and merge cleanly on your
  current master branch"

* tag 'audit-pr-20180814' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
  audit: fix use-after-free in audit_add_watch
  audit: use ktime_get_coarse_real_ts64() for timestamps
  audit: use ktime_get_coarse_ts64() for time access
  audit: simplify audit_enabled check in audit_watch_log_rule_change()
  audit: check audit_enabled in audit_tree_log_remove_rule()
  cred: conditionally declare groups-related functions
  audit: eliminate audit_enabled magic number comparison
  audit: rename FILTER_TYPE to FILTER_EXCLUDE
  audit: Fix extended comparison of GID/EGID
  audit: tie ANOM_ABEND records to syscall
  audit: tie SECCOMP records to syscall
  audit: allow other filter list types for AUDIT_EXE
parents 6f7dac11 baa2a4fd

drivers/tty/tty_audit.c

+1 −1
Original line number Diff line number Diff line
@@ -92,7 +92,7 @@ static void tty_audit_buf_push(struct tty_audit_buf *buf) 
{

	if (buf->valid == 0)

		return;

	if (audit_enabled == 0) {

	if (audit_enabled == AUDIT_OFF) {

		buf->valid = 0;

		return;

	}

include/linux/audit.h

+4 −1
Original line number Diff line number Diff line
@@ -117,6 +117,9 @@ struct filename; 


extern void audit_log_session_info(struct audit_buffer *ab);



#define AUDIT_OFF	0

#define AUDIT_ON	1

#define AUDIT_LOCKED	2

#ifdef CONFIG_AUDIT

/* These are defined in audit.c */

				/* Public API */
@@ -202,7 +205,7 @@ static inline int audit_log_task_context(struct audit_buffer *ab) 
static inline void audit_log_task_info(struct audit_buffer *ab,

				       struct task_struct *tsk)

{ }

#define audit_enabled 0

#define audit_enabled AUDIT_OFF

#endif /* CONFIG_AUDIT */



#ifdef CONFIG_AUDIT_COMPAT_GENERIC

include/linux/cred.h

+10 −5
Original line number Diff line number Diff line
@@ -65,6 +65,12 @@ extern void groups_free(struct group_info *); 


extern int in_group_p(kgid_t);

extern int in_egroup_p(kgid_t);

extern int groups_search(const struct group_info *, kgid_t);



extern int set_current_groups(struct group_info *);

extern void set_groups(struct cred *, struct group_info *);

extern bool may_setgroups(void);

extern void groups_sort(struct group_info *);

#else

static inline void groups_free(struct group_info *group_info)

{
@@ -78,12 +84,11 @@ static inline int in_egroup_p(kgid_t grp) 
{

        return 1;

}

static inline int groups_search(const struct group_info *group_info, kgid_t grp)

{

	return 1;

}

#endif

extern int set_current_groups(struct group_info *);

extern void set_groups(struct cred *, struct group_info *);

extern int groups_search(const struct group_info *, kgid_t);

extern bool may_setgroups(void);

extern void groups_sort(struct group_info *);



/*

 * The security context of a task

include/net/xfrm.h

+1 −1
Original line number Diff line number Diff line
@@ -735,7 +735,7 @@ static inline struct audit_buffer *xfrm_audit_start(const char *op) 
{

	struct audit_buffer *audit_buf = NULL;



	if (audit_enabled == 0)

	if (audit_enabled == AUDIT_OFF)

		return NULL;

	audit_buf = audit_log_start(audit_context(), GFP_ATOMIC,

				    AUDIT_MAC_IPSEC_EVENT);

include/uapi/linux/audit.h

+2 −1
Original line number Diff line number Diff line
@@ -157,7 +157,8 @@ 
#define AUDIT_FILTER_ENTRY	0x02	/* Apply rule at syscall entry */

#define AUDIT_FILTER_WATCH	0x03	/* Apply rule to file system watches */

#define AUDIT_FILTER_EXIT	0x04	/* Apply rule at syscall exit */

#define AUDIT_FILTER_TYPE	0x05	/* Apply rule at audit_log_start */

#define AUDIT_FILTER_EXCLUDE	0x05	/* Apply rule before record creation */

#define AUDIT_FILTER_TYPE	AUDIT_FILTER_EXCLUDE /* obsolete misleading naming */

#define AUDIT_FILTER_FS		0x06	/* Apply rule at __audit_inode_child */



#define AUDIT_NR_FILTERS	7

CRA Git | Maintained and supported by SUSTech CRA and CCSE