mirror of
https://github.com/followmsi/android_kernel_google_msm.git
synced 2024-11-06 23:17:41 +00:00
Merge branch 'audit.b62' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current
* 'audit.b62' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/audit-current: Audit: remove spaces from audit_log_d_path audit: audit_set_auditable defined but not used audit: incorrect ref counting in audit tree tag_chunk audit: Fix possible return value truncation in audit_get_context() audit: ignore terminating NUL in AUDIT_USER_TTY messages Audit: fix handling of 'strings' with NULL characters make the e->rule.xxx shorter in kernel auditfilter.c auditsc: fix kernel-doc notation audit: EXECVE record - removed bogus newline
This commit is contained in:
commit
0221c81b1b
4 changed files with 32 additions and 28 deletions
|
@ -766,6 +766,9 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
|
||||||
|
|
||||||
audit_log_format(ab, " msg=");
|
audit_log_format(ab, " msg=");
|
||||||
size = nlmsg_len(nlh);
|
size = nlmsg_len(nlh);
|
||||||
|
if (size > 0 &&
|
||||||
|
((unsigned char *)data)[size - 1] == '\0')
|
||||||
|
size--;
|
||||||
audit_log_n_untrustedstring(ab, data, size);
|
audit_log_n_untrustedstring(ab, data, size);
|
||||||
}
|
}
|
||||||
audit_set_pid(ab, pid);
|
audit_set_pid(ab, pid);
|
||||||
|
@ -1382,7 +1385,7 @@ void audit_log_n_string(struct audit_buffer *ab, const char *string,
|
||||||
int audit_string_contains_control(const char *string, size_t len)
|
int audit_string_contains_control(const char *string, size_t len)
|
||||||
{
|
{
|
||||||
const unsigned char *p;
|
const unsigned char *p;
|
||||||
for (p = string; p < (const unsigned char *)string + len && *p; p++) {
|
for (p = string; p < (const unsigned char *)string + len; p++) {
|
||||||
if (*p == '"' || *p < 0x21 || *p > 0x7e)
|
if (*p == '"' || *p < 0x21 || *p > 0x7e)
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
@ -1437,13 +1440,13 @@ void audit_log_d_path(struct audit_buffer *ab, const char *prefix,
|
||||||
/* We will allow 11 spaces for ' (deleted)' to be appended */
|
/* We will allow 11 spaces for ' (deleted)' to be appended */
|
||||||
pathname = kmalloc(PATH_MAX+11, ab->gfp_mask);
|
pathname = kmalloc(PATH_MAX+11, ab->gfp_mask);
|
||||||
if (!pathname) {
|
if (!pathname) {
|
||||||
audit_log_format(ab, "<no memory>");
|
audit_log_string(ab, "<no_memory>");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
p = d_path(path, pathname, PATH_MAX+11);
|
p = d_path(path, pathname, PATH_MAX+11);
|
||||||
if (IS_ERR(p)) { /* Should never happen since we send PATH_MAX */
|
if (IS_ERR(p)) { /* Should never happen since we send PATH_MAX */
|
||||||
/* FIXME: can we save some information here? */
|
/* FIXME: can we save some information here? */
|
||||||
audit_log_format(ab, "<too long>");
|
audit_log_string(ab, "<too_long>");
|
||||||
} else
|
} else
|
||||||
audit_log_untrustedstring(ab, p);
|
audit_log_untrustedstring(ab, p);
|
||||||
kfree(pathname);
|
kfree(pathname);
|
||||||
|
|
|
@ -385,6 +385,7 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree)
|
||||||
mutex_lock(&inode->inotify_mutex);
|
mutex_lock(&inode->inotify_mutex);
|
||||||
if (inotify_clone_watch(&old->watch, &chunk->watch) < 0) {
|
if (inotify_clone_watch(&old->watch, &chunk->watch) < 0) {
|
||||||
mutex_unlock(&inode->inotify_mutex);
|
mutex_unlock(&inode->inotify_mutex);
|
||||||
|
put_inotify_watch(&old->watch);
|
||||||
free_chunk(chunk);
|
free_chunk(chunk);
|
||||||
return -ENOSPC;
|
return -ENOSPC;
|
||||||
}
|
}
|
||||||
|
@ -394,6 +395,7 @@ static int tag_chunk(struct inode *inode, struct audit_tree *tree)
|
||||||
chunk->dead = 1;
|
chunk->dead = 1;
|
||||||
inotify_evict_watch(&chunk->watch);
|
inotify_evict_watch(&chunk->watch);
|
||||||
mutex_unlock(&inode->inotify_mutex);
|
mutex_unlock(&inode->inotify_mutex);
|
||||||
|
put_inotify_watch(&old->watch);
|
||||||
put_inotify_watch(&chunk->watch);
|
put_inotify_watch(&chunk->watch);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -135,18 +135,18 @@ static void audit_remove_watch(struct audit_watch *watch)
|
||||||
static inline void audit_free_rule(struct audit_entry *e)
|
static inline void audit_free_rule(struct audit_entry *e)
|
||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
struct audit_krule *erule = &e->rule;
|
||||||
/* some rules don't have associated watches */
|
/* some rules don't have associated watches */
|
||||||
if (e->rule.watch)
|
if (erule->watch)
|
||||||
audit_put_watch(e->rule.watch);
|
audit_put_watch(erule->watch);
|
||||||
if (e->rule.fields)
|
if (erule->fields)
|
||||||
for (i = 0; i < e->rule.field_count; i++) {
|
for (i = 0; i < erule->field_count; i++) {
|
||||||
struct audit_field *f = &e->rule.fields[i];
|
struct audit_field *f = &erule->fields[i];
|
||||||
kfree(f->lsm_str);
|
kfree(f->lsm_str);
|
||||||
security_audit_rule_free(f->lsm_rule);
|
security_audit_rule_free(f->lsm_rule);
|
||||||
}
|
}
|
||||||
kfree(e->rule.fields);
|
kfree(erule->fields);
|
||||||
kfree(e->rule.filterkey);
|
kfree(erule->filterkey);
|
||||||
kfree(e);
|
kfree(e);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -329,6 +329,14 @@ static int audit_match_filetype(struct audit_context *ctx, int which)
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifdef CONFIG_AUDIT_TREE
|
#ifdef CONFIG_AUDIT_TREE
|
||||||
|
static void audit_set_auditable(struct audit_context *ctx)
|
||||||
|
{
|
||||||
|
if (!ctx->prio) {
|
||||||
|
ctx->prio = 1;
|
||||||
|
ctx->current_state = AUDIT_RECORD_CONTEXT;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
static int put_tree_ref(struct audit_context *ctx, struct audit_chunk *chunk)
|
static int put_tree_ref(struct audit_context *ctx, struct audit_chunk *chunk)
|
||||||
{
|
{
|
||||||
struct audit_tree_refs *p = ctx->trees;
|
struct audit_tree_refs *p = ctx->trees;
|
||||||
|
@ -742,17 +750,9 @@ void audit_filter_inodes(struct task_struct *tsk, struct audit_context *ctx)
|
||||||
rcu_read_unlock();
|
rcu_read_unlock();
|
||||||
}
|
}
|
||||||
|
|
||||||
static void audit_set_auditable(struct audit_context *ctx)
|
|
||||||
{
|
|
||||||
if (!ctx->prio) {
|
|
||||||
ctx->prio = 1;
|
|
||||||
ctx->current_state = AUDIT_RECORD_CONTEXT;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
static inline struct audit_context *audit_get_context(struct task_struct *tsk,
|
static inline struct audit_context *audit_get_context(struct task_struct *tsk,
|
||||||
int return_valid,
|
int return_valid,
|
||||||
int return_code)
|
long return_code)
|
||||||
{
|
{
|
||||||
struct audit_context *context = tsk->audit_context;
|
struct audit_context *context = tsk->audit_context;
|
||||||
|
|
||||||
|
@ -1024,7 +1024,7 @@ static int audit_log_single_execve_arg(struct audit_context *context,
|
||||||
{
|
{
|
||||||
char arg_num_len_buf[12];
|
char arg_num_len_buf[12];
|
||||||
const char __user *tmp_p = p;
|
const char __user *tmp_p = p;
|
||||||
/* how many digits are in arg_num? 3 is the length of a=\n */
|
/* how many digits are in arg_num? 3 is the length of " a=" */
|
||||||
size_t arg_num_len = snprintf(arg_num_len_buf, 12, "%d", arg_num) + 3;
|
size_t arg_num_len = snprintf(arg_num_len_buf, 12, "%d", arg_num) + 3;
|
||||||
size_t len, len_left, to_send;
|
size_t len, len_left, to_send;
|
||||||
size_t max_execve_audit_len = MAX_EXECVE_AUDIT_LEN;
|
size_t max_execve_audit_len = MAX_EXECVE_AUDIT_LEN;
|
||||||
|
@ -1110,7 +1110,7 @@ static int audit_log_single_execve_arg(struct audit_context *context,
|
||||||
* so we can be sure nothing was lost.
|
* so we can be sure nothing was lost.
|
||||||
*/
|
*/
|
||||||
if ((i == 0) && (too_long))
|
if ((i == 0) && (too_long))
|
||||||
audit_log_format(*ab, "a%d_len=%zu ", arg_num,
|
audit_log_format(*ab, " a%d_len=%zu", arg_num,
|
||||||
has_cntl ? 2*len : len);
|
has_cntl ? 2*len : len);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -1130,7 +1130,7 @@ static int audit_log_single_execve_arg(struct audit_context *context,
|
||||||
buf[to_send] = '\0';
|
buf[to_send] = '\0';
|
||||||
|
|
||||||
/* actually log it */
|
/* actually log it */
|
||||||
audit_log_format(*ab, "a%d", arg_num);
|
audit_log_format(*ab, " a%d", arg_num);
|
||||||
if (too_long)
|
if (too_long)
|
||||||
audit_log_format(*ab, "[%d]", i);
|
audit_log_format(*ab, "[%d]", i);
|
||||||
audit_log_format(*ab, "=");
|
audit_log_format(*ab, "=");
|
||||||
|
@ -1138,7 +1138,6 @@ static int audit_log_single_execve_arg(struct audit_context *context,
|
||||||
audit_log_n_hex(*ab, buf, to_send);
|
audit_log_n_hex(*ab, buf, to_send);
|
||||||
else
|
else
|
||||||
audit_log_format(*ab, "\"%s\"", buf);
|
audit_log_format(*ab, "\"%s\"", buf);
|
||||||
audit_log_format(*ab, "\n");
|
|
||||||
|
|
||||||
p += to_send;
|
p += to_send;
|
||||||
len_left -= to_send;
|
len_left -= to_send;
|
||||||
|
@ -1166,7 +1165,7 @@ static void audit_log_execve_info(struct audit_context *context,
|
||||||
|
|
||||||
p = (const char __user *)axi->mm->arg_start;
|
p = (const char __user *)axi->mm->arg_start;
|
||||||
|
|
||||||
audit_log_format(*ab, "argc=%d ", axi->argc);
|
audit_log_format(*ab, "argc=%d", axi->argc);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* we need some kernel buffer to hold the userspace args. Just
|
* we need some kernel buffer to hold the userspace args. Just
|
||||||
|
@ -1479,7 +1478,7 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
|
||||||
case 0:
|
case 0:
|
||||||
/* name was specified as a relative path and the
|
/* name was specified as a relative path and the
|
||||||
* directory component is the cwd */
|
* directory component is the cwd */
|
||||||
audit_log_d_path(ab, " name=", &context->pwd);
|
audit_log_d_path(ab, "name=", &context->pwd);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
/* log the name's directory component */
|
/* log the name's directory component */
|
||||||
|
@ -2150,7 +2149,7 @@ int audit_set_loginuid(struct task_struct *task, uid_t loginuid)
|
||||||
* __audit_mq_open - record audit data for a POSIX MQ open
|
* __audit_mq_open - record audit data for a POSIX MQ open
|
||||||
* @oflag: open flag
|
* @oflag: open flag
|
||||||
* @mode: mode bits
|
* @mode: mode bits
|
||||||
* @u_attr: queue attributes
|
* @attr: queue attributes
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
void __audit_mq_open(int oflag, mode_t mode, struct mq_attr *attr)
|
void __audit_mq_open(int oflag, mode_t mode, struct mq_attr *attr)
|
||||||
|
@ -2197,7 +2196,7 @@ void __audit_mq_sendrecv(mqd_t mqdes, size_t msg_len, unsigned int msg_prio,
|
||||||
/**
|
/**
|
||||||
* __audit_mq_notify - record audit data for a POSIX MQ notify
|
* __audit_mq_notify - record audit data for a POSIX MQ notify
|
||||||
* @mqdes: MQ descriptor
|
* @mqdes: MQ descriptor
|
||||||
* @u_notification: Notification event
|
* @notification: Notification event
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue