BACKPORT: audit: consistently record PIDs with task_tgid_nr()
Unfortunately we record PIDs in audit records using a variety of methods despite the correct way being the use of task_tgid_nr(). This patch converts all of these callers, except for the case of AUDIT_SET in audit_receive_msg() (see the comment in the code). Reported-by: Jeff Vander Stoep <jeffv@google.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Bug: 28952093 (cherry picked from commit fa2bea2f5cca5b8d4a3e5520d2e8c0ede67ac108) Signed-off-by: Jeff Vander Stoep <jeffv@google.com> Change-Id: I36508a25c957f5108299e68a3b0f627c94eb27eb Git-commit: ba44f95ff22308cfe3227ba1804b5e476f60342d Git-repo: https://android.googlesource.com/kernel/common.git Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
This commit is contained in:
parent
85c311cf8d
commit
4f87245797
|
@ -714,6 +714,12 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
if (status_get->mask & AUDIT_STATUS_PID) {
|
if (status_get->mask & AUDIT_STATUS_PID) {
|
||||||
|
/* NOTE: we are using task_tgid_vnr() below because
|
||||||
|
* the s.pid value is relative to the namespace
|
||||||
|
* of the caller; at present this doesn't matter
|
||||||
|
* much since you can really only run auditd
|
||||||
|
* from the initial pid namespace, but something
|
||||||
|
* to keep in mind if this changes */
|
||||||
int new_pid = status_get->pid;
|
int new_pid = status_get->pid;
|
||||||
|
|
||||||
if (audit_enabled != AUDIT_OFF)
|
if (audit_enabled != AUDIT_OFF)
|
||||||
|
@ -1645,7 +1651,7 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
|
||||||
" euid=%u suid=%u fsuid=%u"
|
" euid=%u suid=%u fsuid=%u"
|
||||||
" egid=%u sgid=%u fsgid=%u ses=%u tty=%s",
|
" egid=%u sgid=%u fsgid=%u ses=%u tty=%s",
|
||||||
sys_getppid(),
|
sys_getppid(),
|
||||||
tsk->pid,
|
task_tgid_nr(tsk),
|
||||||
from_kuid(&init_user_ns, audit_get_loginuid(tsk)),
|
from_kuid(&init_user_ns, audit_get_loginuid(tsk)),
|
||||||
from_kuid(&init_user_ns, cred->uid),
|
from_kuid(&init_user_ns, cred->uid),
|
||||||
from_kgid(&init_user_ns, cred->gid),
|
from_kgid(&init_user_ns, cred->gid),
|
||||||
|
|
|
@ -474,7 +474,7 @@ static int audit_filter_rules(struct task_struct *tsk,
|
||||||
|
|
||||||
switch (f->type) {
|
switch (f->type) {
|
||||||
case AUDIT_PID:
|
case AUDIT_PID:
|
||||||
result = audit_comparator(tsk->pid, f->op, f->val);
|
result = audit_comparator(task_tgid_nr(tsk), f->op, f->val);
|
||||||
break;
|
break;
|
||||||
case AUDIT_PPID:
|
case AUDIT_PPID:
|
||||||
if (ctx) {
|
if (ctx) {
|
||||||
|
@ -2074,7 +2074,7 @@ int audit_set_loginuid(kuid_t loginuid)
|
||||||
audit_log_format(ab, "login pid=%d uid=%u "
|
audit_log_format(ab, "login pid=%d uid=%u "
|
||||||
"old auid=%u new auid=%u"
|
"old auid=%u new auid=%u"
|
||||||
" old ses=%u new ses=%u",
|
" old ses=%u new ses=%u",
|
||||||
task->pid,
|
task_tgid_nr(task),
|
||||||
from_kuid(&init_user_ns, task_uid(task)),
|
from_kuid(&init_user_ns, task_uid(task)),
|
||||||
from_kuid(&init_user_ns, task->loginuid),
|
from_kuid(&init_user_ns, task->loginuid),
|
||||||
from_kuid(&init_user_ns, loginuid),
|
from_kuid(&init_user_ns, loginuid),
|
||||||
|
@ -2282,7 +2282,7 @@ void __audit_ptrace(struct task_struct *t)
|
||||||
{
|
{
|
||||||
struct audit_context *context = current->audit_context;
|
struct audit_context *context = current->audit_context;
|
||||||
|
|
||||||
context->target_pid = t->pid;
|
context->target_pid = task_tgid_nr(t);
|
||||||
context->target_auid = audit_get_loginuid(t);
|
context->target_auid = audit_get_loginuid(t);
|
||||||
context->target_uid = task_uid(t);
|
context->target_uid = task_uid(t);
|
||||||
context->target_sessionid = audit_get_sessionid(t);
|
context->target_sessionid = audit_get_sessionid(t);
|
||||||
|
@ -2307,7 +2307,7 @@ int __audit_signal_info(int sig, struct task_struct *t)
|
||||||
|
|
||||||
if (audit_pid && t->tgid == audit_pid) {
|
if (audit_pid && t->tgid == audit_pid) {
|
||||||
if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) {
|
if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) {
|
||||||
audit_sig_pid = tsk->pid;
|
audit_sig_pid = task_tgid_nr(tsk);
|
||||||
if (uid_valid(tsk->loginuid))
|
if (uid_valid(tsk->loginuid))
|
||||||
audit_sig_uid = tsk->loginuid;
|
audit_sig_uid = tsk->loginuid;
|
||||||
else
|
else
|
||||||
|
@ -2412,7 +2412,7 @@ void __audit_log_capset(pid_t pid,
|
||||||
const struct cred *new, const struct cred *old)
|
const struct cred *new, const struct cred *old)
|
||||||
{
|
{
|
||||||
struct audit_context *context = current->audit_context;
|
struct audit_context *context = current->audit_context;
|
||||||
context->capset.pid = pid;
|
context->capset.pid = task_tgid_nr(current);
|
||||||
context->capset.cap.effective = new->cap_effective;
|
context->capset.cap.effective = new->cap_effective;
|
||||||
context->capset.cap.inheritable = new->cap_effective;
|
context->capset.cap.inheritable = new->cap_effective;
|
||||||
context->capset.cap.permitted = new->cap_permitted;
|
context->capset.cap.permitted = new->cap_permitted;
|
||||||
|
@ -2443,7 +2443,7 @@ static void audit_log_task(struct audit_buffer *ab)
|
||||||
from_kgid(&init_user_ns, gid),
|
from_kgid(&init_user_ns, gid),
|
||||||
sessionid);
|
sessionid);
|
||||||
audit_log_task_context(ab);
|
audit_log_task_context(ab);
|
||||||
audit_log_format(ab, " pid=%d comm=", current->pid);
|
audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current));
|
||||||
audit_log_untrustedstring(ab, current->comm);
|
audit_log_untrustedstring(ab, current->comm);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -220,7 +220,7 @@ static void dump_common_audit_data(struct audit_buffer *ab,
|
||||||
*/
|
*/
|
||||||
BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2);
|
BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2);
|
||||||
|
|
||||||
audit_log_format(ab, " pid=%d comm=", tsk->pid);
|
audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current));
|
||||||
audit_log_untrustedstring(ab, tsk->comm);
|
audit_log_untrustedstring(ab, tsk->comm);
|
||||||
|
|
||||||
switch (a->type) {
|
switch (a->type) {
|
||||||
|
@ -294,7 +294,7 @@ static void dump_common_audit_data(struct audit_buffer *ab,
|
||||||
case LSM_AUDIT_DATA_TASK:
|
case LSM_AUDIT_DATA_TASK:
|
||||||
tsk = a->u.tsk;
|
tsk = a->u.tsk;
|
||||||
if (tsk && tsk->pid) {
|
if (tsk && tsk->pid) {
|
||||||
audit_log_format(ab, " pid=%d comm=", tsk->pid);
|
audit_log_format(ab, " pid=%d comm=", task_tgid_nr(tsk));
|
||||||
audit_log_untrustedstring(ab, tsk->comm);
|
audit_log_untrustedstring(ab, tsk->comm);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
Loading…
Reference in New Issue