Commit 4b58841149dcaa500ceba1d5378ae70622fe4899
Committed by
Eric Paris
Eric Paris
1 parent
7a01772128
Exists in
master
and in
13 other branches
audit: Add generic compat syscall support
lib/audit.c provides a generic function for auditing system calls. This patch extends it for compat syscall support on bi-architectures (32/64-bit) by adding lib/compat_audit.c. What is required to support this feature are: * add asm/unistd32.h for compat system call names * select CONFIG_AUDIT_ARCH_COMPAT_GENERIC Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Acked-by: Richard Guy Briggs <rgb@redhat.com> Signed-off-by: Eric Paris <eparis@redhat.com>
Showing 6 changed files with 88 additions and 1 deletions Side-by-side Diff
include/linux/audit.h
| ... | ... | @@ -79,6 +79,14 @@ |
| 79 | 79 | extern int __init audit_register_class(int class, unsigned *list); |
| 80 | 80 | extern int audit_classify_syscall(int abi, unsigned syscall); |
| 81 | 81 | extern int audit_classify_arch(int arch); |
| 82 | +/* only for compat system calls */ | |
| 83 | +extern unsigned compat_write_class[]; | |
| 84 | +extern unsigned compat_read_class[]; | |
| 85 | +extern unsigned compat_dir_class[]; | |
| 86 | +extern unsigned compat_chattr_class[]; | |
| 87 | +extern unsigned compat_signal_class[]; | |
| 88 | + | |
| 89 | +extern int __weak audit_classify_compat_syscall(int abi, unsigned syscall); | |
| 82 | 90 | |
| 83 | 91 | /* audit_names->type values */ |
| 84 | 92 | #define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */ |
include/uapi/linux/audit.h
| ... | ... | @@ -362,6 +362,12 @@ |
| 362 | 362 | #define AUDIT_ARCH_SPARC64 (EM_SPARCV9|__AUDIT_ARCH_64BIT) |
| 363 | 363 | #define AUDIT_ARCH_X86_64 (EM_X86_64|__AUDIT_ARCH_64BIT|__AUDIT_ARCH_LE) |
| 364 | 364 | |
| 365 | +#ifdef CONFIG_COMPAT | |
| 366 | +#define audit_is_compat(arch) (!((arch) & __AUDIT_ARCH_64BIT)) | |
| 367 | +#else | |
| 368 | +#define audit_is_compat(arch) false | |
| 369 | +#endif | |
| 370 | + | |
| 365 | 371 | #define AUDIT_PERM_EXEC 1 |
| 366 | 372 | #define AUDIT_PERM_WRITE 2 |
| 367 | 373 | #define AUDIT_PERM_READ 4 |
lib/Kconfig
| ... | ... | @@ -182,6 +182,15 @@ |
| 182 | 182 | depends on AUDIT && !AUDIT_ARCH |
| 183 | 183 | default y |
| 184 | 184 | |
| 185 | +config AUDIT_ARCH_COMPAT_GENERIC | |
| 186 | + bool | |
| 187 | + default n | |
| 188 | + | |
| 189 | +config AUDIT_COMPAT_GENERIC | |
| 190 | + bool | |
| 191 | + depends on AUDIT_GENERIC && AUDIT_ARCH_COMPAT_GENERIC && COMPAT | |
| 192 | + default y | |
| 193 | + | |
| 185 | 194 | config RANDOM32_SELFTEST |
| 186 | 195 | bool "PRNG perform self test on init" |
| 187 | 196 | default n |
lib/Makefile
| ... | ... | @@ -93,6 +93,7 @@ |
| 93 | 93 | obj-$(CONFIG_TEXTSEARCH_FSM) += ts_fsm.o |
| 94 | 94 | obj-$(CONFIG_SMP) += percpu_counter.o |
| 95 | 95 | obj-$(CONFIG_AUDIT_GENERIC) += audit.o |
| 96 | +obj-$(CONFIG_AUDIT_COMPAT_GENERIC) += compat_audit.o | |
| 96 | 97 | |
| 97 | 98 | obj-$(CONFIG_SWIOTLB) += swiotlb.o |
| 98 | 99 | obj-$(CONFIG_IOMMU_HELPER) += iommu-helper.o |
lib/audit.c
| ... | ... | @@ -30,11 +30,17 @@ |
| 30 | 30 | |
| 31 | 31 | int audit_classify_arch(int arch) |
| 32 | 32 | { |
| 33 | - return 0; | |
| 33 | + if (audit_is_compat(arch)) | |
| 34 | + return 1; | |
| 35 | + else | |
| 36 | + return 0; | |
| 34 | 37 | } |
| 35 | 38 | |
| 36 | 39 | int audit_classify_syscall(int abi, unsigned syscall) |
| 37 | 40 | { |
| 41 | + if (audit_is_compat(abi)) | |
| 42 | + return audit_classify_compat_syscall(abi, syscall); | |
| 43 | + | |
| 38 | 44 | switch(syscall) { |
| 39 | 45 | #ifdef __NR_open |
| 40 | 46 | case __NR_open: |
| ... | ... | @@ -57,6 +63,13 @@ |
| 57 | 63 | |
| 58 | 64 | static int __init audit_classes_init(void) |
| 59 | 65 | { |
| 66 | +#ifdef CONFIG_AUDIT_COMPAT_GENERIC | |
| 67 | + audit_register_class(AUDIT_CLASS_WRITE_32, compat_write_class); | |
| 68 | + audit_register_class(AUDIT_CLASS_READ_32, compat_read_class); | |
| 69 | + audit_register_class(AUDIT_CLASS_DIR_WRITE_32, compat_dir_class); | |
| 70 | + audit_register_class(AUDIT_CLASS_CHATTR_32, compat_chattr_class); | |
| 71 | + audit_register_class(AUDIT_CLASS_SIGNAL_32, compat_signal_class); | |
| 72 | +#endif | |
| 60 | 73 | audit_register_class(AUDIT_CLASS_WRITE, write_class); |
| 61 | 74 | audit_register_class(AUDIT_CLASS_READ, read_class); |
| 62 | 75 | audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); |
lib/compat_audit.c
| 1 | +#include <linux/init.h> | |
| 2 | +#include <linux/types.h> | |
| 3 | +#include <asm/unistd32.h> | |
| 4 | + | |
| 5 | +unsigned compat_dir_class[] = { | |
| 6 | +#include <asm-generic/audit_dir_write.h> | |
| 7 | +~0U | |
| 8 | +}; | |
| 9 | + | |
| 10 | +unsigned compat_read_class[] = { | |
| 11 | +#include <asm-generic/audit_read.h> | |
| 12 | +~0U | |
| 13 | +}; | |
| 14 | + | |
| 15 | +unsigned compat_write_class[] = { | |
| 16 | +#include <asm-generic/audit_write.h> | |
| 17 | +~0U | |
| 18 | +}; | |
| 19 | + | |
| 20 | +unsigned compat_chattr_class[] = { | |
| 21 | +#include <asm-generic/audit_change_attr.h> | |
| 22 | +~0U | |
| 23 | +}; | |
| 24 | + | |
| 25 | +unsigned compat_signal_class[] = { | |
| 26 | +#include <asm-generic/audit_signal.h> | |
| 27 | +~0U | |
| 28 | +}; | |
| 29 | + | |
| 30 | +int audit_classify_compat_syscall(int abi, unsigned syscall) | |
| 31 | +{ | |
| 32 | + switch (syscall) { | |
| 33 | +#ifdef __NR_open | |
| 34 | + case __NR_open: | |
| 35 | + return 2; | |
| 36 | +#endif | |
| 37 | +#ifdef __NR_openat | |
| 38 | + case __NR_openat: | |
| 39 | + return 3; | |
| 40 | +#endif | |
| 41 | +#ifdef __NR_socketcall | |
| 42 | + case __NR_socketcall: | |
| 43 | + return 4; | |
| 44 | +#endif | |
| 45 | + case __NR_execve: | |
| 46 | + return 5; | |
| 47 | + default: | |
| 48 | + return 1; | |
| 49 | + } | |
| 50 | +} |