audit: export audit_log_task_info
authorPeter Moody <pmoody@google.com>
Thu, 14 Jun 2012 17:04:35 +0000 (10:04 -0700)
committerMimi Zohar <zohar@linux.vnet.ibm.com>
Wed, 12 Sep 2012 11:28:05 +0000 (07:28 -0400)
At the suggestion of eparis@redhat.com, move this chunk of task
logging from audit_log_exit to audit_log_task_info and export this
function so it's usuable elsewhere in the kernel.

This patch is against
git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity#next-ima-appraisal

Changelog v2:
 - add empty audit_log_task_info if CONFIG_AUDITSYSCALL isn't set.

Changelog v1:
 - Initial post.

Signed-off-by: Peter Moody <pmoody@google.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
include/linux/audit.h
kernel/auditsc.c

index 36abf2aa7e680e24afe8c52b87ccf8f88707ee17..2a5073cf548a0d848f99c7810a124bded3313eb9 100644 (file)
@@ -529,6 +529,7 @@ extern int  audit_set_loginuid(uid_t loginuid);
 #define audit_get_loginuid(t) ((t)->loginuid)
 #define audit_get_sessionid(t) ((t)->sessionid)
 extern void audit_log_task_context(struct audit_buffer *ab);
+extern void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk);
 extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);
 extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);
 extern int __audit_bprm(struct linux_binprm *bprm);
@@ -640,6 +641,7 @@ extern int audit_signals;
 #define audit_get_loginuid(t) (-1)
 #define audit_get_sessionid(t) (-1)
 #define audit_log_task_context(b) do { ; } while (0)
+#define audit_log_task_info(b, t) do { ; } while (0)
 #define audit_ipc_obj(i) ((void)0)
 #define audit_ipc_set_perm(q,u,g,m) ((void)0)
 #define audit_bprm(p) ({ 0; })
index 4b96415527b8664753e18cb169f0de9f391f9314..37f52f27828df4890a4dce17c2a8402f013b74f8 100644 (file)
@@ -1154,13 +1154,38 @@ error_path:
 
 EXPORT_SYMBOL(audit_log_task_context);
 
-static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
+void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
 {
+       const struct cred *cred;
        char name[sizeof(tsk->comm)];
        struct mm_struct *mm = tsk->mm;
        struct vm_area_struct *vma;
+       char *tty;
+
+       if (!ab)
+               return;
 
        /* tsk == current */
+       cred = current_cred();
+
+       spin_lock_irq(&tsk->sighand->siglock);
+       if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
+               tty = tsk->signal->tty->name;
+       else
+               tty = "(none)";
+       spin_unlock_irq(&tsk->sighand->siglock);
+
+
+       audit_log_format(ab,
+                        " ppid=%ld pid=%d auid=%u uid=%u gid=%u"
+                        " euid=%u suid=%u fsuid=%u"
+                        " egid=%u sgid=%u fsgid=%u ses=%u tty=%s",
+                        sys_getppid(),
+                        tsk->pid,
+                        tsk->loginuid, cred->uid, cred->gid,
+                        cred->euid, cred->suid, cred->fsuid,
+                        cred->egid, cred->sgid, cred->fsgid,
+                        tsk->sessionid, tty);
 
        get_task_comm(name, tsk);
        audit_log_format(ab, " comm=");
@@ -1183,6 +1208,8 @@ static void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk
        audit_log_task_context(ab);
 }
 
+EXPORT_SYMBOL(audit_log_task_info);
+
 static int audit_log_pid_context(struct audit_context *context, pid_t pid,
                                 uid_t auid, uid_t uid, unsigned int sessionid,
                                 u32 sid, char *comm)
@@ -1585,26 +1612,12 @@ static void audit_log_name(struct audit_context *context, struct audit_names *n,
 
 static void audit_log_exit(struct audit_context *context, struct task_struct *tsk)
 {
-       const struct cred *cred;
        int i, call_panic = 0;
        struct audit_buffer *ab;
        struct audit_aux_data *aux;
-       const char *tty;
        struct audit_names *n;
 
        /* tsk == current */
-       context->pid = tsk->pid;
-       if (!context->ppid)
-               context->ppid = sys_getppid();
-       cred = current_cred();
-       context->uid   = cred->uid;
-       context->gid   = cred->gid;
-       context->euid  = cred->euid;
-       context->suid  = cred->suid;
-       context->fsuid = cred->fsuid;
-       context->egid  = cred->egid;
-       context->sgid  = cred->sgid;
-       context->fsgid = cred->fsgid;
        context->personality = tsk->personality;
 
        ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL);
@@ -1619,32 +1632,13 @@ static void audit_log_exit(struct audit_context *context, struct task_struct *ts
                                 (context->return_valid==AUDITSC_SUCCESS)?"yes":"no",
                                 context->return_code);
 
-       spin_lock_irq(&tsk->sighand->siglock);
-       if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)
-               tty = tsk->signal->tty->name;
-       else
-               tty = "(none)";
-       spin_unlock_irq(&tsk->sighand->siglock);
-
        audit_log_format(ab,
-                 " a0=%lx a1=%lx a2=%lx a3=%lx items=%d"
-                 " ppid=%d pid=%d auid=%u uid=%u gid=%u"
-                 " euid=%u suid=%u fsuid=%u"
-                 " egid=%u sgid=%u fsgid=%u tty=%s ses=%u",
-                 context->argv[0],
-                 context->argv[1],
-                 context->argv[2],
-                 context->argv[3],
-                 context->name_count,
-                 context->ppid,
-                 context->pid,
-                 tsk->loginuid,
-                 context->uid,
-                 context->gid,
-                 context->euid, context->suid, context->fsuid,
-                 context->egid, context->sgid, context->fsgid, tty,
-                 tsk->sessionid);
-
+                        " a0=%lx a1=%lx a2=%lx a3=%lx items=%d",
+                        context->argv[0],
+                        context->argv[1],
+                        context->argv[2],
+                        context->argv[3],
+                        context->name_count);
 
        audit_log_task_info(ab, tsk);
        audit_log_key(ab, context->filterkey);