Audit: standardize string audit interfaces (b556f8ad) · Commits · 戴 / test

drivers/char/tty_audit.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -92,7 +92,7 @@ static void tty_audit_buf_push(struct task_struct *tsk, uid_t loginuid,
		get_task_comm(name, tsk);
		audit_log_untrustedstring(ab, name);
		audit_log_format(ab, " data=");
		audit_log_n_untrustedstring(ab, buf->valid, buf->data);
		audit_log_n_untrustedstring(ab, buf->data, buf->valid);
		audit_log_end(ab);
		}
		buf->valid = 0;

include/linux/audit.h

+14 −8

Original line number	Diff line number	Diff line
		@@ -549,15 +549,19 @@ extern void audit_log_format(struct audit_buffer *ab,
		const char *fmt, ...)
		__attribute__((format(printf,2,3)));
		extern void audit_log_end(struct audit_buffer *ab);
		extern void audit_log_hex(struct audit_buffer *ab,
		const unsigned char *buf,
		size_t len);
		extern int audit_string_contains_control(const char *string,
		size_t len);
		extern void audit_log_untrustedstring(struct audit_buffer *ab,
		const char *string);
		extern void audit_log_n_hex(struct audit_buffer *ab,
		const unsigned char *buf,
		size_t len);
		extern void audit_log_n_string(struct audit_buffer *ab,
		const char *buf,
		size_t n);
		#define audit_log_string(a,b) audit_log_n_string(a, b, strlen(b));
		extern void audit_log_n_untrustedstring(struct audit_buffer *ab,
		size_t n,
		const char *string,
		size_t n);
		extern void audit_log_untrustedstring(struct audit_buffer *ab,
		const char *string);
		extern void audit_log_d_path(struct audit_buffer *ab,
		const char *prefix,
		@@ -578,9 +582,11 @@ extern int audit_enabled;
		#define audit_log_vformat(b,f,a) do { ; } while (0)
		#define audit_log_format(b,f,...) do { ; } while (0)
		#define audit_log_end(b) do { ; } while (0)
		#define audit_log_hex(a,b,l) do { ; } while (0)
		#define audit_log_untrustedstring(a,s) do { ; } while (0)
		#define audit_log_n_hex(a,b,l) do { ; } while (0)
		#define audit_log_n_string(a,c,l) do { ; } while (0)
		#define audit_log_string(a,c) do { ; } while (0)
		#define audit_log_n_untrustedstring(a,n,s) do { ; } while (0)
		#define audit_log_untrustedstring(a,s) do { ; } while (0)
		#define audit_log_d_path(b, p, d) do { ; } while (0)
		#define audit_enabled 0
		#endif

kernel/audit.c

+9 −10

Original line number	Diff line number	Diff line
		@@ -757,8 +757,7 @@ static int audit_receive_msg(struct sk_buff skb, struct nlmsghdr nlh)

		audit_log_format(ab, " msg=");
		size = nlmsg_len(nlh);
		audit_log_n_untrustedstring(ab, size,
		data);
		audit_log_n_untrustedstring(ab, data, size);
		}
		audit_set_pid(ab, pid);
		audit_log_end(ab);
		@@ -1293,7 +1292,7 @@ void audit_log_format(struct audit_buffer ab, const char fmt, ...)
		* This function will take the passed buf and convert it into a string of
		* ascii hex digits. The new string is placed onto the skb.
		*/
		void audit_log_hex(struct audit_buffer ab, const unsigned char buf,
		void audit_log_n_hex(struct audit_buffer ab, const unsigned char buf,
		size_t len)
		{
		int i, avail, new_len;
		@@ -1329,8 +1328,8 @@ void audit_log_hex(struct audit_buffer ab, const unsigned char buf,
		* Format a string of no more than slen characters into the audit buffer,
		* enclosed in quote marks.
		*/
		static void audit_log_n_string(struct audit_buffer *ab, size_t slen,
		const char *string)
		void audit_log_n_string(struct audit_buffer ab, const char string,
		size_t slen)
		{
		int avail, new_len;
		unsigned char *ptr;
		@@ -1386,13 +1385,13 @@ int audit_string_contains_control(const char *string, size_t len)
		* The caller specifies the number of characters in the string to log, which may
		* or may not be the entire string.
		*/
		void audit_log_n_untrustedstring(struct audit_buffer *ab, size_t len,
		const char *string)
		void audit_log_n_untrustedstring(struct audit_buffer ab, const char string,
		size_t len)
		{
		if (audit_string_contains_control(string, len))
		audit_log_hex(ab, string, len);
		audit_log_n_hex(ab, string, len);
		else
		audit_log_n_string(ab, len, string);
		audit_log_n_string(ab, string, len);
		}

		/**
		@@ -1405,7 +1404,7 @@ void audit_log_n_untrustedstring(struct audit_buffer *ab, size_t len,
		*/
		void audit_log_untrustedstring(struct audit_buffer ab, const char string)
		{
		audit_log_n_untrustedstring(ab, strlen(string), string);
		audit_log_n_untrustedstring(ab, string, strlen(string));
		}

		/* This is a helper-function to print the escaped d_path */

kernel/auditsc.c

+4 −4

Original line number	Diff line number	Diff line
		@@ -1095,7 +1095,7 @@ static int audit_log_single_execve_arg(struct audit_context *context,
		audit_log_format(*ab, "[%d]", i);
		audit_log_format(*ab, "=");
		if (has_cntl)
		audit_log_hex(*ab, buf, to_send);
		audit_log_n_hex(*ab, buf, to_send);
		else
		audit_log_format(*ab, "\"%s\"", buf);
		audit_log_format(*ab, "\n");
		@@ -1307,7 +1307,7 @@ static void audit_log_exit(struct audit_context context, struct task_struct ts
		struct audit_aux_data_sockaddr axs = (void )aux;

		audit_log_format(ab, "saddr=");
		audit_log_hex(ab, axs->a, axs->len);
		audit_log_n_hex(ab, axs->a, axs->len);
		break; }

		case AUDIT_FD_PAIR: {
		@@ -1371,8 +1371,8 @@ static void audit_log_exit(struct audit_context context, struct task_struct ts
		default:
		/* log the name's directory component */
		audit_log_format(ab, " name=");
		audit_log_n_untrustedstring(ab, n->name_len,
		n->name);
		audit_log_n_untrustedstring(ab, n->name,
		n->name_len);
		}
		} else
		audit_log_format(ab, " name=(null)");

security/selinux/avc.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -646,7 +646,7 @@ void avc_audit(u32 ssid, u32 tsid,
		if (*p)
		audit_log_untrustedstring(ab, p);
		else
		audit_log_hex(ab, p, len);
		audit_log_n_hex(ab, p, len);
		break;
		}
		}

Admin message