Eric Lee / linux-smarc-t335x-v3.2

Download as
Browse Code ยป

Commit 2532386f480eefbdd67b48be55fb4fb3e5a6081c

Authored by Eric Paris
Committed by Al Viro
1 parent 436c405c7d
Exists in master and in 4 other branches v3.2_AM335xPSP_04.06.00.11, v3.2_NEWT335xPSP_04.06.00.11, v3.2_SBC_SMARTMEN, v3.2_SMARCT335xPSP_04.06.00.11

Audit: collect sessionid in netlink messages 

Previously I added sessionid output to all audit messages where it was
available but we still didn't know the sessionid of the sender of
netlink messages.  This patch adds that information to netlink messages
so we can audit who sent netlink messages.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Showing 17 changed files with 132 additions and 87 deletions Side-by-side Diff

drivers/char/tty_audit.c
Diff comments   View file @ 2532386
... ... @@ -151,14 +151,9 @@
151 151 /**
152 152 * tty_audit_push_task - Flush task's pending audit data
153 153 */
154   -void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid)
  154 +void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)
155 155 {
156 156 struct tty_audit_buf *buf;
157   - /* FIXME I think this is correct. Check against netlink once that is
158   - * I really need to read this code more closely. But that's for
159   - * another patch.
160   - */
161   - unsigned int sessionid = audit_get_sessionid(tsk);
162 157  
163 158 spin_lock_irq(&tsk->sighand->siglock);
164 159 buf = tsk->signal->tty_audit_buf;
include/linux/audit.h
Diff comments   View file @ 2532386
... ... @@ -569,7 +569,8 @@
569 569 extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
570 570 extern int audit_filter_type(int type);
571 571 extern int audit_receive_filter(int type, int pid, int uid, int seq,
572   - void *data, size_t datasz, uid_t loginuid, u32 sid);
  572 + void *data, size_t datasz, uid_t loginuid,
  573 + u32 sessionid, u32 sid);
573 574 extern int audit_enabled;
574 575 #else
575 576 #define audit_log(c,g,t,f,...) do { ; } while (0)
include/linux/netlink.h
Diff comments   View file @ 2532386
... ... @@ -166,6 +166,7 @@
166 166 __u32 dst_group;
167 167 kernel_cap_t eff_cap;
168 168 __u32 loginuid; /* Login (audit) uid */
  169 + __u32 sessionid; /* Session id (audit) */
169 170 __u32 sid; /* SELinux security id */
170 171 };
171 172  
... ... @@ -351,7 +351,7 @@
351 351 extern void tty_audit_exit(void);
352 352 extern void tty_audit_fork(struct signal_struct *sig);
353 353 extern void tty_audit_push(struct tty_struct *tty);
354   -extern void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid);
  354 +extern void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid);
355 355 extern void tty_audit_opening(void);
356 356 #else
357 357 static inline void tty_audit_add_data(struct tty_struct *tty,
... ... @@ -367,7 +367,7 @@
367 367 static inline void tty_audit_push(struct tty_struct *tty)
368 368 {
369 369 }
370   -static inline void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid)
  370 +static inline void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)
371 371 {
372 372 }
373 373 static inline void tty_audit_opening(void)
include/net/netlabel.h
Diff comments   View file @ 2532386
... ... @@ -103,6 +103,7 @@
103 103 struct netlbl_audit {
104 104 u32 secid;
105 105 uid_t loginuid;
  106 + u32 sessionid;
106 107 };
107 108  
108 109 /*
... ... @@ -597,8 +597,9 @@
597 597 /* Audit Information */
598 598 struct xfrm_audit
599 599 {
600   - u32 loginuid;
601 600 u32 secid;
  601 + uid_t loginuid;
  602 + u32 sessionid;
602 603 };
603 604  
604 605 #ifdef CONFIG_AUDITSYSCALL
605 606  
... ... @@ -616,13 +617,13 @@
616 617 return audit_buf;
617 618 }
618 619  
619   -static inline void xfrm_audit_helper_usrinfo(u32 auid, u32 secid,
  620 +static inline void xfrm_audit_helper_usrinfo(uid_t auid, u32 ses, u32 secid,
620 621 struct audit_buffer *audit_buf)
621 622 {
622 623 char *secctx;
623 624 u32 secctx_len;
624 625  
625   - audit_log_format(audit_buf, " auid=%u", auid);
  626 + audit_log_format(audit_buf, " auid=%u ses=%u", auid, ses);
626 627 if (secid != 0 &&
627 628 security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) {
628 629 audit_log_format(audit_buf, " subj=%s", secctx);
629 630  
630 631  
631 632  
... ... @@ -632,13 +633,13 @@
632 633 }
633 634  
634 635 extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
635   - u32 auid, u32 secid);
  636 + u32 auid, u32 ses, u32 secid);
636 637 extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
637   - u32 auid, u32 secid);
  638 + u32 auid, u32 ses, u32 secid);
638 639 extern void xfrm_audit_state_add(struct xfrm_state *x, int result,
639   - u32 auid, u32 secid);
  640 + u32 auid, u32 ses, u32 secid);
640 641 extern void xfrm_audit_state_delete(struct xfrm_state *x, int result,
641   - u32 auid, u32 secid);
  642 + u32 auid, u32 ses, u32 secid);
642 643 extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
643 644 struct sk_buff *skb);
644 645 extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family);
... ... @@ -647,10 +648,10 @@
647 648 extern void xfrm_audit_state_icvfail(struct xfrm_state *x,
648 649 struct sk_buff *skb, u8 proto);
649 650 #else
650   -#define xfrm_audit_policy_add(x, r, a, s) do { ; } while (0)
651   -#define xfrm_audit_policy_delete(x, r, a, s) do { ; } while (0)
652   -#define xfrm_audit_state_add(x, r, a, s) do { ; } while (0)
653   -#define xfrm_audit_state_delete(x, r, a, s) do { ; } while (0)
  651 +#define xfrm_audit_policy_add(x, r, a, se, s) do { ; } while (0)
  652 +#define xfrm_audit_policy_delete(x, r, a, se, s) do { ; } while (0)
  653 +#define xfrm_audit_state_add(x, r, a, se, s) do { ; } while (0)
  654 +#define xfrm_audit_state_delete(x, r, a, se, s) do { ; } while (0)
654 655 #define xfrm_audit_state_replay_overflow(x, s) do { ; } while (0)
655 656 #define xfrm_audit_state_notfound_simple(s, f) do { ; } while (0)
656 657 #define xfrm_audit_state_notfound(s, f, sp, sq) do { ; } while (0)
... ... @@ -252,14 +252,15 @@
252 252 }
253 253  
254 254 static int audit_log_config_change(char *function_name, int new, int old,
255   - uid_t loginuid, u32 sid, int allow_changes)
  255 + uid_t loginuid, u32 sessionid, u32 sid,
  256 + int allow_changes)
256 257 {
257 258 struct audit_buffer *ab;
258 259 int rc = 0;
259 260  
260 261 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
261   - audit_log_format(ab, "%s=%d old=%d by auid=%u", function_name, new,
262   - old, loginuid);
  262 + audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new,
  263 + old, loginuid, sessionid);
263 264 if (sid) {
264 265 char *ctx = NULL;
265 266 u32 len;
... ... @@ -279,7 +280,8 @@
279 280 }
280 281  
281 282 static int audit_do_config_change(char *function_name, int *to_change,
282   - int new, uid_t loginuid, u32 sid)
  283 + int new, uid_t loginuid, u32 sessionid,
  284 + u32 sid)
283 285 {
284 286 int allow_changes, rc = 0, old = *to_change;
285 287  
... ... @@ -290,8 +292,8 @@
290 292 allow_changes = 1;
291 293  
292 294 if (audit_enabled != AUDIT_OFF) {
293   - rc = audit_log_config_change(function_name, new, old,
294   - loginuid, sid, allow_changes);
  295 + rc = audit_log_config_change(function_name, new, old, loginuid,
  296 + sessionid, sid, allow_changes);
295 297 if (rc)
296 298 allow_changes = 0;
297 299 }
298 300  
299 301  
300 302  
301 303  
302 304  
... ... @@ -305,26 +307,28 @@
305 307 return rc;
306 308 }
307 309  
308   -static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sid)
  310 +static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sessionid,
  311 + u32 sid)
309 312 {
310 313 return audit_do_config_change("audit_rate_limit", &audit_rate_limit,
311   - limit, loginuid, sid);
  314 + limit, loginuid, sessionid, sid);
312 315 }
313 316  
314   -static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid)
  317 +static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sessionid,
  318 + u32 sid)
315 319 {
316 320 return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit,
317   - limit, loginuid, sid);
  321 + limit, loginuid, sessionid, sid);
318 322 }
319 323  
320   -static int audit_set_enabled(int state, uid_t loginuid, u32 sid)
  324 +static int audit_set_enabled(int state, uid_t loginuid, u32 sessionid, u32 sid)
321 325 {
322 326 int rc;
323 327 if (state < AUDIT_OFF || state > AUDIT_LOCKED)
324 328 return -EINVAL;
325 329  
326 330 rc = audit_do_config_change("audit_enabled", &audit_enabled, state,
327   - loginuid, sid);
  331 + loginuid, sessionid, sid);
328 332  
329 333 if (!rc)
330 334 audit_ever_enabled |= !!state;
... ... @@ -332,7 +336,7 @@
332 336 return rc;
333 337 }
334 338  
335   -static int audit_set_failure(int state, uid_t loginuid, u32 sid)
  339 +static int audit_set_failure(int state, uid_t loginuid, u32 sessionid, u32 sid)
336 340 {
337 341 if (state != AUDIT_FAIL_SILENT
338 342 && state != AUDIT_FAIL_PRINTK
... ... @@ -340,7 +344,7 @@
340 344 return -EINVAL;
341 345  
342 346 return audit_do_config_change("audit_failure", &audit_failure, state,
343   - loginuid, sid);
  347 + loginuid, sessionid, sid);
344 348 }
345 349  
346 350 static int kauditd_thread(void *dummy)
... ... @@ -385,7 +389,7 @@
385 389 return 0;
386 390 }
387 391  
388   -static int audit_prepare_user_tty(pid_t pid, uid_t loginuid)
  392 +static int audit_prepare_user_tty(pid_t pid, uid_t loginuid, u32 sessionid)
389 393 {
390 394 struct task_struct *tsk;
391 395 int err;
... ... @@ -404,7 +408,7 @@
404 408 if (err)
405 409 goto out;
406 410  
407   - tty_audit_push_task(tsk, loginuid);
  411 + tty_audit_push_task(tsk, loginuid, sessionid);
408 412 out:
409 413 read_unlock(&tasklist_lock);
410 414 return err;
... ... @@ -534,7 +538,8 @@
534 538 }
535 539  
536 540 static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
537   - u32 pid, u32 uid, uid_t auid, u32 sid)
  541 + u32 pid, u32 uid, uid_t auid, u32 ses,
  542 + u32 sid)
538 543 {
539 544 int rc = 0;
540 545 char *ctx = NULL;
... ... @@ -546,8 +551,8 @@
546 551 }
547 552  
548 553 *ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
549   - audit_log_format(*ab, "user pid=%d uid=%u auid=%u",
550   - pid, uid, auid);
  554 + audit_log_format(*ab, "user pid=%d uid=%u auid=%u ses=%u",
  555 + pid, uid, auid, ses);
551 556 if (sid) {
552 557 rc = security_secid_to_secctx(sid, &ctx, &len);
553 558 if (rc)
... ... @@ -570,6 +575,7 @@
570 575 struct audit_buffer *ab;
571 576 u16 msg_type = nlh->nlmsg_type;
572 577 uid_t loginuid; /* loginuid of sender */
  578 + u32 sessionid;
573 579 struct audit_sig_info *sig_data;
574 580 char *ctx = NULL;
575 581 u32 len;
... ... @@ -591,6 +597,7 @@
591 597 pid = NETLINK_CREDS(skb)->pid;
592 598 uid = NETLINK_CREDS(skb)->uid;
593 599 loginuid = NETLINK_CB(skb).loginuid;
  600 + sessionid = NETLINK_CB(skb).sessionid;
594 601 sid = NETLINK_CB(skb).sid;
595 602 seq = nlh->nlmsg_seq;
596 603 data = NLMSG_DATA(nlh);
597 604  
... ... @@ -613,12 +620,12 @@
613 620 status_get = (struct audit_status *)data;
614 621 if (status_get->mask & AUDIT_STATUS_ENABLED) {
615 622 err = audit_set_enabled(status_get->enabled,
616   - loginuid, sid);
  623 + loginuid, sessionid, sid);
617 624 if (err < 0) return err;
618 625 }
619 626 if (status_get->mask & AUDIT_STATUS_FAILURE) {
620 627 err = audit_set_failure(status_get->failure,
621   - loginuid, sid);
  628 + loginuid, sessionid, sid);
622 629 if (err < 0) return err;
623 630 }
624 631 if (status_get->mask & AUDIT_STATUS_PID) {
625 632  
626 633  
... ... @@ -627,17 +634,17 @@
627 634 if (audit_enabled != AUDIT_OFF)
628 635 audit_log_config_change("audit_pid", new_pid,
629 636 audit_pid, loginuid,
630   - sid, 1);
  637 + sessionid, sid, 1);
631 638  
632 639 audit_pid = new_pid;
633 640 audit_nlk_pid = NETLINK_CB(skb).pid;
634 641 }
635 642 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT)
636 643 err = audit_set_rate_limit(status_get->rate_limit,
637   - loginuid, sid);
  644 + loginuid, sessionid, sid);
638 645 if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT)
639 646 err = audit_set_backlog_limit(status_get->backlog_limit,
640   - loginuid, sid);
  647 + loginuid, sessionid, sid);
641 648 break;
642 649 case AUDIT_USER:
643 650 case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG:
644 651  
... ... @@ -649,12 +656,13 @@
649 656 if (err == 1) {
650 657 err = 0;
651 658 if (msg_type == AUDIT_USER_TTY) {
652   - err = audit_prepare_user_tty(pid, loginuid);
  659 + err = audit_prepare_user_tty(pid, loginuid,
  660 + sessionid);
653 661 if (err)
654 662 break;
655 663 }
656 664 audit_log_common_recv_msg(&ab, msg_type, pid, uid,
657   - loginuid, sid);
  665 + loginuid, sessionid, sid);
658 666  
659 667 if (msg_type != AUDIT_USER_TTY)
660 668 audit_log_format(ab, " msg='%.1024s'",
... ... @@ -677,7 +685,7 @@
677 685 return -EINVAL;
678 686 if (audit_enabled == AUDIT_LOCKED) {
679 687 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
680   - uid, loginuid, sid);
  688 + uid, loginuid, sessionid, sid);
681 689  
682 690 audit_log_format(ab, " audit_enabled=%d res=0",
683 691 audit_enabled);
... ... @@ -688,7 +696,7 @@
688 696 case AUDIT_LIST:
689 697 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
690 698 uid, seq, data, nlmsg_len(nlh),
691   - loginuid, sid);
  699 + loginuid, sessionid, sid);
692 700 break;
693 701 case AUDIT_ADD_RULE:
694 702 case AUDIT_DEL_RULE:
... ... @@ -696,7 +704,7 @@
696 704 return -EINVAL;
697 705 if (audit_enabled == AUDIT_LOCKED) {
698 706 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
699   - uid, loginuid, sid);
  707 + uid, loginuid, sessionid, sid);
700 708  
701 709 audit_log_format(ab, " audit_enabled=%d res=0",
702 710 audit_enabled);
703 711  
... ... @@ -707,13 +715,13 @@
707 715 case AUDIT_LIST_RULES:
708 716 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
709 717 uid, seq, data, nlmsg_len(nlh),
710   - loginuid, sid);
  718 + loginuid, sessionid, sid);
711 719 break;
712 720 case AUDIT_TRIM:
713 721 audit_trim_trees();
714 722  
715 723 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
716   - uid, loginuid, sid);
  724 + uid, loginuid, sessionid, sid);
717 725  
718 726 audit_log_format(ab, " op=trim res=1");
719 727 audit_log_end(ab);
... ... @@ -745,7 +753,7 @@
745 753 err = audit_tag_tree(old, new);
746 754  
747 755 audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
748   - uid, loginuid, sid);
  756 + uid, loginuid, sessionid, sid);
749 757  
750 758 audit_log_format(ab, " op=make_equiv old=");
751 759 audit_log_untrustedstring(ab, old);
kernel/auditfilter.c
Diff comments   View file @ 2532386
... ... @@ -1500,8 +1500,9 @@
1500 1500 }
1501 1501  
1502 1502 /* Log rule additions and removals */
1503   -static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action,
1504   - struct audit_krule *rule, int res)
  1503 +static void audit_log_rule_change(uid_t loginuid, u32 sessionid, u32 sid,
  1504 + char *action, struct audit_krule *rule,
  1505 + int res)
1505 1506 {
1506 1507 struct audit_buffer *ab;
1507 1508  
... ... @@ -1511,7 +1512,7 @@
1511 1512 ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
1512 1513 if (!ab)
1513 1514 return;
1514   - audit_log_format(ab, "auid=%u", loginuid);
  1515 + audit_log_format(ab, "auid=%u ses=%u", loginuid, sessionid);
1515 1516 if (sid) {
1516 1517 char *ctx = NULL;
1517 1518 u32 len;
... ... @@ -1543,7 +1544,7 @@
1543 1544 * @sid: SE Linux Security ID of sender
1544 1545 */
1545 1546 int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
1546   - size_t datasz, uid_t loginuid, u32 sid)
  1547 + size_t datasz, uid_t loginuid, u32 sessionid, u32 sid)
1547 1548 {
1548 1549 struct task_struct *tsk;
1549 1550 struct audit_netlink_list *dest;
... ... @@ -1590,7 +1591,8 @@
1590 1591  
1591 1592 err = audit_add_rule(entry,
1592 1593 &audit_filter_list[entry->rule.listnr]);
1593   - audit_log_rule_change(loginuid, sid, "add", &entry->rule, !err);
  1594 + audit_log_rule_change(loginuid, sessionid, sid, "add",
  1595 + &entry->rule, !err);
1594 1596  
1595 1597 if (err)
1596 1598 audit_free_rule(entry);
... ... @@ -1606,8 +1608,8 @@
1606 1608  
1607 1609 err = audit_del_rule(entry,
1608 1610 &audit_filter_list[entry->rule.listnr]);
1609   - audit_log_rule_change(loginuid, sid, "remove", &entry->rule,
1610   - !err);
  1611 + audit_log_rule_change(loginuid, sessionid, sid, "remove",
  1612 + &entry->rule, !err);
1611 1613  
1612 1614 audit_free_rule(entry);
1613 1615 break;
... ... @@ -1498,7 +1498,8 @@
1498 1498 err = xfrm_state_update(x);
1499 1499  
1500 1500 xfrm_audit_state_add(x, err ? 0 : 1,
1501   - audit_get_loginuid(current), 0);
  1501 + audit_get_loginuid(current),
  1502 + audit_get_sessionid(current), 0);
1502 1503  
1503 1504 if (err < 0) {
1504 1505 x->km.state = XFRM_STATE_DEAD;
... ... @@ -1552,7 +1553,8 @@
1552 1553 km_state_notify(x, &c);
1553 1554 out:
1554 1555 xfrm_audit_state_delete(x, err ? 0 : 1,
1555   - audit_get_loginuid(current), 0);
  1556 + audit_get_loginuid(current),
  1557 + audit_get_sessionid(current), 0);
1556 1558 xfrm_state_put(x);
1557 1559  
1558 1560 return err;
... ... @@ -1728,6 +1730,7 @@
1728 1730 return -EINVAL;
1729 1731  
1730 1732 audit_info.loginuid = audit_get_loginuid(current);
  1733 + audit_info.sessionid = audit_get_sessionid(current);
1731 1734 audit_info.secid = 0;
1732 1735 err = xfrm_state_flush(proto, &audit_info);
1733 1736 if (err)
... ... @@ -2324,7 +2327,8 @@
2324 2327 hdr->sadb_msg_type != SADB_X_SPDUPDATE);
2325 2328  
2326 2329 xfrm_audit_policy_add(xp, err ? 0 : 1,
2327   - audit_get_loginuid(current), 0);
  2330 + audit_get_loginuid(current),
  2331 + audit_get_sessionid(current), 0);
2328 2332  
2329 2333 if (err)
2330 2334 goto out;
... ... @@ -2406,7 +2410,8 @@
2406 2410 return -ENOENT;
2407 2411  
2408 2412 xfrm_audit_policy_delete(xp, err ? 0 : 1,
2409   - audit_get_loginuid(current), 0);
  2413 + audit_get_loginuid(current),
  2414 + audit_get_sessionid(current), 0);
2410 2415  
2411 2416 if (err)
2412 2417 goto out;
... ... @@ -2667,7 +2672,8 @@
2667 2672  
2668 2673 if (delete) {
2669 2674 xfrm_audit_policy_delete(xp, err ? 0 : 1,
2670   - audit_get_loginuid(current), 0);
  2675 + audit_get_loginuid(current),
  2676 + audit_get_sessionid(current), 0);
2671 2677  
2672 2678 if (err)
2673 2679 goto out;
... ... @@ -2767,6 +2773,7 @@
2767 2773 int err;
2768 2774  
2769 2775 audit_info.loginuid = audit_get_loginuid(current);
  2776 + audit_info.sessionid = audit_get_sessionid(current);
2770 2777 audit_info.secid = 0;
2771 2778 err = xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info);
2772 2779 if (err)
net/netlabel/netlabel_unlabeled.c
Diff comments   View file @ 2532386
... ... @@ -1780,6 +1780,7 @@
1780 1780 * messages so don't worry to much about these values. */
1781 1781 security_task_getsecid(current, &audit_info.secid);
1782 1782 audit_info.loginuid = 0;
  1783 + audit_info.sessionid = 0;
1783 1784  
1784 1785 entry = kzalloc(sizeof(*entry), GFP_KERNEL);
1785 1786 if (entry == NULL)
net/netlabel/netlabel_user.c
Diff comments   View file @ 2532386
... ... @@ -107,7 +107,9 @@
107 107 if (audit_buf == NULL)
108 108 return NULL;
109 109  
110   - audit_log_format(audit_buf, "netlabel: auid=%u", audit_info->loginuid);
  110 + audit_log_format(audit_buf, "netlabel: auid=%u ses=%u",
  111 + audit_info->loginuid,
  112 + audit_info->sessionid);
111 113  
112 114 if (audit_info->secid != 0 &&
113 115 security_secid_to_secctx(audit_info->secid,
net/netlabel/netlabel_user.h
Diff comments   View file @ 2532386
... ... @@ -51,6 +51,7 @@
51 51 {
52 52 audit_info->secid = NETLINK_CB(skb).sid;
53 53 audit_info->loginuid = NETLINK_CB(skb).loginuid;
  54 + audit_info->sessionid = NETLINK_CB(skb).sessionid;
54 55 }
55 56  
56 57 /* NetLabel NETLINK I/O functions */
net/netlink/af_netlink.c
Diff comments   View file @ 2532386
... ... @@ -1248,6 +1248,7 @@
1248 1248 NETLINK_CB(skb).pid = nlk->pid;
1249 1249 NETLINK_CB(skb).dst_group = dst_group;
1250 1250 NETLINK_CB(skb).loginuid = audit_get_loginuid(current);
  1251 + NETLINK_CB(skb).sessionid = audit_get_sessionid(current);
1251 1252 security_task_getsecid(current, &(NETLINK_CB(skb).sid));
1252 1253 memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
1253 1254  
net/xfrm/xfrm_policy.c
Diff comments   View file @ 2532386
... ... @@ -762,6 +762,7 @@
762 762 if (err) {
763 763 xfrm_audit_policy_delete(pol, 0,
764 764 audit_info->loginuid,
  765 + audit_info->sessionid,
765 766 audit_info->secid);
766 767 return err;
767 768 }
... ... @@ -777,6 +778,7 @@
777 778 if (err) {
778 779 xfrm_audit_policy_delete(pol, 0,
779 780 audit_info->loginuid,
  781 + audit_info->sessionid,
780 782 audit_info->secid);
781 783 return err;
782 784 }
... ... @@ -819,6 +821,7 @@
819 821 write_unlock_bh(&xfrm_policy_lock);
820 822  
821 823 xfrm_audit_policy_delete(pol, 1, audit_info->loginuid,
  824 + audit_info->sessionid,
822 825 audit_info->secid);
823 826  
824 827 xfrm_policy_kill(pol);
... ... @@ -841,6 +844,7 @@
841 844  
842 845 xfrm_audit_policy_delete(pol, 1,
843 846 audit_info->loginuid,
  847 + audit_info->sessionid,
844 848 audit_info->secid);
845 849 xfrm_policy_kill(pol);
846 850 killed++;
847 851  
... ... @@ -2472,14 +2476,14 @@
2472 2476 }
2473 2477  
2474 2478 void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
2475   - u32 auid, u32 secid)
  2479 + uid_t auid, u32 sessionid, u32 secid)
2476 2480 {
2477 2481 struct audit_buffer *audit_buf;
2478 2482  
2479 2483 audit_buf = xfrm_audit_start("SPD-add");
2480 2484 if (audit_buf == NULL)
2481 2485 return;
2482   - xfrm_audit_helper_usrinfo(auid, secid, audit_buf);
  2486 + xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2483 2487 audit_log_format(audit_buf, " res=%u", result);
2484 2488 xfrm_audit_common_policyinfo(xp, audit_buf);
2485 2489 audit_log_end(audit_buf);
2486 2490  
... ... @@ -2487,14 +2491,14 @@
2487 2491 EXPORT_SYMBOL_GPL(xfrm_audit_policy_add);
2488 2492  
2489 2493 void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
2490   - u32 auid, u32 secid)
  2494 + uid_t auid, u32 sessionid, u32 secid)
2491 2495 {
2492 2496 struct audit_buffer *audit_buf;
2493 2497  
2494 2498 audit_buf = xfrm_audit_start("SPD-delete");
2495 2499 if (audit_buf == NULL)
2496 2500 return;
2497   - xfrm_audit_helper_usrinfo(auid, secid, audit_buf);
  2501 + xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2498 2502 audit_log_format(audit_buf, " res=%u", result);
2499 2503 xfrm_audit_common_policyinfo(xp, audit_buf);
2500 2504 audit_log_end(audit_buf);
net/xfrm/xfrm_state.c
Diff comments   View file @ 2532386
... ... @@ -496,7 +496,8 @@
496 496 km_state_expired(x, 1, 0);
497 497  
498 498 xfrm_audit_state_delete(x, err ? 0 : 1,
499   - audit_get_loginuid(current), 0);
  499 + audit_get_loginuid(current),
  500 + audit_get_sessionid(current), 0);
500 501  
501 502 out:
502 503 spin_unlock(&x->lock);
... ... @@ -603,6 +604,7 @@
603 604 (err = security_xfrm_state_delete(x)) != 0) {
604 605 xfrm_audit_state_delete(x, 0,
605 606 audit_info->loginuid,
  607 + audit_info->sessionid,
606 608 audit_info->secid);
607 609 return err;
608 610 }
... ... @@ -641,6 +643,7 @@
641 643 err = xfrm_state_delete(x);
642 644 xfrm_audit_state_delete(x, err ? 0 : 1,
643 645 audit_info->loginuid,
  646 + audit_info->sessionid,
644 647 audit_info->secid);
645 648 xfrm_state_put(x);
646 649  
647 650  
... ... @@ -2123,14 +2126,14 @@
2123 2126 }
2124 2127  
2125 2128 void xfrm_audit_state_add(struct xfrm_state *x, int result,
2126   - u32 auid, u32 secid)
  2129 + uid_t auid, u32 sessionid, u32 secid)
2127 2130 {
2128 2131 struct audit_buffer *audit_buf;
2129 2132  
2130 2133 audit_buf = xfrm_audit_start("SAD-add");
2131 2134 if (audit_buf == NULL)
2132 2135 return;
2133   - xfrm_audit_helper_usrinfo(auid, secid, audit_buf);
  2136 + xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2134 2137 xfrm_audit_helper_sainfo(x, audit_buf);
2135 2138 audit_log_format(audit_buf, " res=%u", result);
2136 2139 audit_log_end(audit_buf);
2137 2140  
... ... @@ -2138,14 +2141,14 @@
2138 2141 EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
2139 2142  
2140 2143 void xfrm_audit_state_delete(struct xfrm_state *x, int result,
2141   - u32 auid, u32 secid)
  2144 + uid_t auid, u32 sessionid, u32 secid)
2142 2145 {
2143 2146 struct audit_buffer *audit_buf;
2144 2147  
2145 2148 audit_buf = xfrm_audit_start("SAD-delete");
2146 2149 if (audit_buf == NULL)
2147 2150 return;
2148   - xfrm_audit_helper_usrinfo(auid, secid, audit_buf);
  2151 + xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
2149 2152 xfrm_audit_helper_sainfo(x, audit_buf);
2150 2153 audit_log_format(audit_buf, " res=%u", result);
2151 2154 audit_log_end(audit_buf);
net/xfrm/xfrm_user.c
Diff comments   View file @ 2532386
... ... @@ -407,6 +407,9 @@
407 407 struct xfrm_state *x;
408 408 int err;
409 409 struct km_event c;
  410 + uid_t loginuid = NETLINK_CB(skb).loginuid;
  411 + u32 sessionid = NETLINK_CB(skb).sessionid;
  412 + u32 sid = NETLINK_CB(skb).sid;
410 413  
411 414 err = verify_newsa_info(p, attrs);
412 415 if (err)
... ... @@ -422,8 +425,7 @@
422 425 else
423 426 err = xfrm_state_update(x);
424 427  
425   - xfrm_audit_state_add(x, err ? 0 : 1, NETLINK_CB(skb).loginuid,
426   - NETLINK_CB(skb).sid);
  428 + xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid, sid);
427 429  
428 430 if (err < 0) {
429 431 x->km.state = XFRM_STATE_DEAD;
... ... @@ -478,6 +480,9 @@
478 480 int err = -ESRCH;
479 481 struct km_event c;
480 482 struct xfrm_usersa_id *p = nlmsg_data(nlh);
  483 + uid_t loginuid = NETLINK_CB(skb).loginuid;
  484 + u32 sessionid = NETLINK_CB(skb).sessionid;
  485 + u32 sid = NETLINK_CB(skb).sid;
481 486  
482 487 x = xfrm_user_state_lookup(p, attrs, &err);
483 488 if (x == NULL)
... ... @@ -502,8 +507,7 @@
502 507 km_state_notify(x, &c);
503 508  
504 509 out:
505   - xfrm_audit_state_delete(x, err ? 0 : 1, NETLINK_CB(skb).loginuid,
506   - NETLINK_CB(skb).sid);
  510 + xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid, sid);
507 511 xfrm_state_put(x);
508 512 return err;
509 513 }
... ... @@ -1123,6 +1127,9 @@
1123 1127 struct km_event c;
1124 1128 int err;
1125 1129 int excl;
  1130 + uid_t loginuid = NETLINK_CB(skb).loginuid;
  1131 + u32 sessionid = NETLINK_CB(skb).sessionid;
  1132 + u32 sid = NETLINK_CB(skb).sid;
1126 1133  
1127 1134 err = verify_newpolicy_info(p);
1128 1135 if (err)
... ... @@ -1141,8 +1148,7 @@
1141 1148 * a type XFRM_MSG_UPDPOLICY - JHS */
1142 1149 excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY;
1143 1150 err = xfrm_policy_insert(p->dir, xp, excl);
1144   - xfrm_audit_policy_add(xp, err ? 0 : 1, NETLINK_CB(skb).loginuid,
1145   - NETLINK_CB(skb).sid);
  1151 + xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid, sid);
1146 1152  
1147 1153 if (err) {
1148 1154 security_xfrm_policy_free(xp->security);
1149 1155  
... ... @@ -1371,10 +1377,13 @@
1371 1377 NETLINK_CB(skb).pid);
1372 1378 }
1373 1379 } else {
1374   - xfrm_audit_policy_delete(xp, err ? 0 : 1,
1375   - NETLINK_CB(skb).loginuid,
1376   - NETLINK_CB(skb).sid);
  1380 + uid_t loginuid = NETLINK_CB(skb).loginuid;
  1381 + u32 sessionid = NETLINK_CB(skb).sessionid;
  1382 + u32 sid = NETLINK_CB(skb).sid;
1377 1383  
  1384 + xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid,
  1385 + sid);
  1386 +
1378 1387 if (err != 0)
1379 1388 goto out;
1380 1389  
... ... @@ -1399,6 +1408,7 @@
1399 1408 int err;
1400 1409  
1401 1410 audit_info.loginuid = NETLINK_CB(skb).loginuid;
  1411 + audit_info.sessionid = NETLINK_CB(skb).sessionid;
1402 1412 audit_info.secid = NETLINK_CB(skb).sid;
1403 1413 err = xfrm_state_flush(p->proto, &audit_info);
1404 1414 if (err)
... ... @@ -1546,6 +1556,7 @@
1546 1556 return err;
1547 1557  
1548 1558 audit_info.loginuid = NETLINK_CB(skb).loginuid;
  1559 + audit_info.sessionid = NETLINK_CB(skb).sessionid;
1549 1560 audit_info.secid = NETLINK_CB(skb).sid;
1550 1561 err = xfrm_policy_flush(type, &audit_info);
1551 1562 if (err)
1552 1563  
... ... @@ -1604,9 +1615,11 @@
1604 1615 read_unlock(&xp->lock);
1605 1616 err = 0;
1606 1617 if (up->hard) {
  1618 + uid_t loginuid = NETLINK_CB(skb).loginuid;
  1619 + uid_t sessionid = NETLINK_CB(skb).sessionid;
  1620 + u32 sid = NETLINK_CB(skb).sid;
1607 1621 xfrm_policy_delete(xp, p->dir);
1608   - xfrm_audit_policy_delete(xp, 1, NETLINK_CB(skb).loginuid,
1609   - NETLINK_CB(skb).sid);
  1622 + xfrm_audit_policy_delete(xp, 1, loginuid, sessionid, sid);
1610 1623  
1611 1624 } else {
1612 1625 // reset the timers here?
1613 1626  
... ... @@ -1640,9 +1653,11 @@
1640 1653 km_state_expired(x, ue->hard, current->pid);
1641 1654  
1642 1655 if (ue->hard) {
  1656 + uid_t loginuid = NETLINK_CB(skb).loginuid;
  1657 + uid_t sessionid = NETLINK_CB(skb).sessionid;
  1658 + u32 sid = NETLINK_CB(skb).sid;
1643 1659 __xfrm_state_delete(x);
1644   - xfrm_audit_state_delete(x, 1, NETLINK_CB(skb).loginuid,
1645   - NETLINK_CB(skb).sid);
  1660 + xfrm_audit_state_delete(x, 1, loginuid, sessionid, sid);
1646 1661 }
1647 1662 err = 0;
1648 1663 out:
security/smack/smackfs.c
Diff comments   View file @ 2532386
... ... @@ -324,6 +324,7 @@
324 324 struct netlbl_audit audit_info;
325 325  
326 326 audit_info.loginuid = audit_get_loginuid(current);
  327 + audit_info.sessionid = audit_get_sessionid(current);
327 328 audit_info.secid = smack_to_secid(current->security);
328 329  
329 330 rc = netlbl_cfg_map_del(NULL, &audit_info);
... ... @@ -356,6 +357,7 @@
356 357 struct netlbl_audit audit_info;
357 358  
358 359 audit_info.loginuid = audit_get_loginuid(current);
  360 + audit_info.sessionid = audit_get_sessionid(current);
359 361 audit_info.secid = smack_to_secid(current->security);
360 362  
361 363 if (oldambient != NULL) {