Commit a9302e8439445710552886e7b623dbcfa943a1f2
Committed by
Matt Turner
1 parent
e7651b819e
Exists in
master
and in
16 other branches
alpha: Enable system-call auditing support.
Signed-off-by: Zhenglong.cai <zhenglong.cai@cs2c.com.cn> Signed-off-by: Matt Turner <mattst88@gmail.com>
Showing 8 changed files with 81 additions and 2 deletions Side-by-side Diff
arch/alpha/Kconfig
... | ... | @@ -17,6 +17,7 @@ |
17 | 17 | select ARCH_WANT_IPC_PARSE_VERSION |
18 | 18 | select ARCH_HAVE_NMI_SAFE_CMPXCHG |
19 | 19 | select ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE |
20 | + select AUDIT_ARCH | |
20 | 21 | select GENERIC_CLOCKEVENTS |
21 | 22 | select GENERIC_SMP_IDLE_THREAD |
22 | 23 | select GENERIC_STRNCPY_FROM_USER |
... | ... | @@ -77,6 +78,8 @@ |
77 | 78 | source "init/Kconfig" |
78 | 79 | source "kernel/Kconfig.freezer" |
79 | 80 | |
81 | +config AUDIT_ARCH | |
82 | + bool | |
80 | 83 | |
81 | 84 | menu "System setup" |
82 | 85 |
arch/alpha/include/asm/ptrace.h
arch/alpha/include/asm/thread_info.h
... | ... | @@ -70,6 +70,7 @@ |
70 | 70 | #define TIF_NOTIFY_RESUME 1 /* callback before returning to user */ |
71 | 71 | #define TIF_SIGPENDING 2 /* signal pending */ |
72 | 72 | #define TIF_NEED_RESCHED 3 /* rescheduling necessary */ |
73 | +#define TIF_SYSCALL_AUDIT 4 /* syscall audit active */ | |
73 | 74 | #define TIF_DIE_IF_KERNEL 9 /* dik recursion lock */ |
74 | 75 | #define TIF_MEMDIE 13 /* is terminating due to OOM killer */ |
75 | 76 | |
... | ... | @@ -77,6 +78,7 @@ |
77 | 78 | #define _TIF_SIGPENDING (1<<TIF_SIGPENDING) |
78 | 79 | #define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED) |
79 | 80 | #define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME) |
81 | +#define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT) | |
80 | 82 | |
81 | 83 | /* Work to do on interrupt/exception return. */ |
82 | 84 | #define _TIF_WORK_MASK (_TIF_SIGPENDING | _TIF_NEED_RESCHED | \ |
arch/alpha/kernel/Makefile
arch/alpha/kernel/audit.c
1 | +#include <linux/init.h> | |
2 | +#include <linux/types.h> | |
3 | +#include <linux/audit.h> | |
4 | +#include <asm/unistd.h> | |
5 | + | |
6 | +static unsigned dir_class[] = { | |
7 | +#include <asm-generic/audit_dir_write.h> | |
8 | +~0U | |
9 | +}; | |
10 | + | |
11 | +static unsigned read_class[] = { | |
12 | +#include <asm-generic/audit_read.h> | |
13 | +~0U | |
14 | +}; | |
15 | + | |
16 | +static unsigned write_class[] = { | |
17 | +#include <asm-generic/audit_write.h> | |
18 | +~0U | |
19 | +}; | |
20 | + | |
21 | +static unsigned chattr_class[] = { | |
22 | +#include <asm-generic/audit_change_attr.h> | |
23 | +~0U | |
24 | +}; | |
25 | + | |
26 | +static unsigned signal_class[] = { | |
27 | +#include <asm-generic/audit_signal.h> | |
28 | +~0U | |
29 | +}; | |
30 | + | |
31 | +int audit_classify_arch(int arch) | |
32 | +{ | |
33 | + return 0; | |
34 | +} | |
35 | + | |
36 | +int audit_classify_syscall(int abi, unsigned syscall) | |
37 | +{ | |
38 | + switch(syscall) { | |
39 | + case __NR_open: | |
40 | + return 2; | |
41 | + case __NR_openat: | |
42 | + return 3; | |
43 | + case __NR_execve: | |
44 | + return 5; | |
45 | + default: | |
46 | + return 0; | |
47 | + } | |
48 | +} | |
49 | + | |
50 | +static int __init audit_classes_init(void) | |
51 | +{ | |
52 | + audit_register_class(AUDIT_CLASS_WRITE, write_class); | |
53 | + audit_register_class(AUDIT_CLASS_READ, read_class); | |
54 | + audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class); | |
55 | + audit_register_class(AUDIT_CLASS_CHATTR, chattr_class); | |
56 | + audit_register_class(AUDIT_CLASS_SIGNAL, signal_class); | |
57 | + return 0; | |
58 | +} | |
59 | + | |
60 | +__initcall(audit_classes_init); |
arch/alpha/kernel/entry.S
... | ... | @@ -465,7 +465,11 @@ |
465 | 465 | .cfi_rel_offset $16, SP_OFF+24 |
466 | 466 | .cfi_rel_offset $17, SP_OFF+32 |
467 | 467 | .cfi_rel_offset $18, SP_OFF+40 |
468 | - blbs $3, strace | |
468 | +#ifdef CONFIG_AUDITSYSCALL | |
469 | + lda $6, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | |
470 | + and $3, $6, $3 | |
471 | +#endif | |
472 | + bne $3, strace | |
469 | 473 | beq $4, 1f |
470 | 474 | ldq $27, 0($5) |
471 | 475 | 1: jsr $26, ($27), alpha_ni_syscall |
arch/alpha/kernel/ptrace.c
... | ... | @@ -14,6 +14,7 @@ |
14 | 14 | #include <linux/security.h> |
15 | 15 | #include <linux/signal.h> |
16 | 16 | #include <linux/tracehook.h> |
17 | +#include <linux/audit.h> | |
17 | 18 | |
18 | 19 | #include <asm/uaccess.h> |
19 | 20 | #include <asm/pgtable.h> |
20 | 21 | |
21 | 22 | |
... | ... | @@ -316,15 +317,18 @@ |
316 | 317 | asmlinkage unsigned long syscall_trace_enter(void) |
317 | 318 | { |
318 | 319 | unsigned long ret = 0; |
320 | + struct pt_regs *regs = current_pt_regs(); | |
319 | 321 | if (test_thread_flag(TIF_SYSCALL_TRACE) && |
320 | 322 | tracehook_report_syscall_entry(current_pt_regs())) |
321 | 323 | ret = -1UL; |
324 | + audit_syscall_entry(AUDIT_ARCH_ALPHA, regs->r0, regs->r16, regs->r17, regs->r18, regs->r19); | |
322 | 325 | return ret ?: current_pt_regs()->r0; |
323 | 326 | } |
324 | 327 | |
325 | 328 | asmlinkage void |
326 | 329 | syscall_trace_leave(void) |
327 | 330 | { |
331 | + audit_syscall_exit(current_pt_regs()); | |
328 | 332 | if (test_thread_flag(TIF_SYSCALL_TRACE)) |
329 | 333 | tracehook_report_syscall_exit(current_pt_regs(), 0); |
330 | 334 | } |
init/Kconfig
... | ... | @@ -284,7 +284,7 @@ |
284 | 284 | |
285 | 285 | config AUDITSYSCALL |
286 | 286 | bool "Enable system-call auditing support" |
287 | - depends on AUDIT && (X86 || PARISC || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT)) | |
287 | + depends on AUDIT && (X86 || PARISC || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT) || ALPHA) | |
288 | 288 | default y if SECURITY_SELINUX |
289 | 289 | help |
290 | 290 | Enable low-overhead system-call auditing infrastructure that |