apparmor: audit unknown signal numbers (3acfd5f5) · Commits · e / devices / android_kernel_fairphone_FP4

security/apparmor/include/audit.h

+4 −1

Original line number	Original line	Diff line number	Diff line
	@@ -130,7 +130,10 @@ struct apparmor_audit_data {
	int rlim;		int rlim;
	unsigned long max;		unsigned long max;
	} rlim;		} rlim;
			struct {
	int signal;		int signal;
			int unmappedsig;
			};
	};		};
	};		};
	struct {		struct {

security/apparmor/include/sig_names.h

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -3,6 +3,7 @@
	#define SIGUNKNOWN 0		#define SIGUNKNOWN 0
	#define MAXMAPPED_SIG 35		#define MAXMAPPED_SIG 35
	#define MAXMAPPED_SIGNAME (MAXMAPPED_SIG + 1)		#define MAXMAPPED_SIGNAME (MAXMAPPED_SIG + 1)
			#define SIGRT_BASE 128

	/* provide a mapping of arch signal to internal signal # for mediation		/* provide a mapping of arch signal to internal signal # for mediation
	* those that are always an alias SIGCLD for SIGCLHD and SIGPOLL for SIGIO		* those that are always an alias SIGCLD for SIGCLHD and SIGPOLL for SIGIO

security/apparmor/ipc.c

+7 −3

Original line number	Original line	Diff line number	Diff line
	@@ -138,7 +138,7 @@ static inline int map_signal_num(int sig)
	if (sig > SIGRTMAX)		if (sig > SIGRTMAX)
	return SIGUNKNOWN;		return SIGUNKNOWN;
	else if (sig >= SIGRTMIN)		else if (sig >= SIGRTMIN)
	return sig - SIGRTMIN + 128; /* rt sigs mapped to 128 */		return sig - SIGRTMIN + SIGRT_BASE;
	else if (sig < MAXMAPPED_SIG)		else if (sig < MAXMAPPED_SIG)
	return sig_map[sig];		return sig_map[sig];
	return SIGUNKNOWN;		return SIGUNKNOWN;
	@@ -174,11 +174,14 @@ static void audit_signal_cb(struct audit_buffer ab, void va)
	audit_signal_mask(ab, aad(sa)->denied);		audit_signal_mask(ab, aad(sa)->denied);
	}		}
	}		}
	if (aad(sa)->signal < MAXMAPPED_SIGNAME)		if (aad(sa)->signal == SIGUNKNOWN)
			audit_log_format(ab, "signal=unknown(%d)",
			aad(sa)->unmappedsig);
			else if (aad(sa)->signal < MAXMAPPED_SIGNAME)
	audit_log_format(ab, " signal=%s", sig_names[aad(sa)->signal]);		audit_log_format(ab, " signal=%s", sig_names[aad(sa)->signal]);
	else		else
	audit_log_format(ab, " signal=rtmin+%d",		audit_log_format(ab, " signal=rtmin+%d",
	aad(sa)->signal - 128);		aad(sa)->signal - SIGRT_BASE);
	audit_log_format(ab, " peer=");		audit_log_format(ab, " peer=");
	aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer,		aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer,
	FLAGS_NONE, GFP_ATOMIC);		FLAGS_NONE, GFP_ATOMIC);
	@@ -211,6 +214,7 @@ int aa_may_signal(struct aa_label sender, struct aa_label target, int sig)
	DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, OP_SIGNAL);		DEFINE_AUDIT_DATA(sa, LSM_AUDIT_DATA_NONE, OP_SIGNAL);

	aad(&sa)->signal = map_signal_num(sig);		aad(&sa)->signal = map_signal_num(sig);
			aad(&sa)->unmappedsig = sig;
	return xcheck_labels(sender, target, profile,		return xcheck_labels(sender, target, profile,
	profile_signal_perm(profile, target, MAY_WRITE, &sa),		profile_signal_perm(profile, target, MAY_WRITE, &sa),
	profile_signal_perm(profile, sender, MAY_READ, &sa));		profile_signal_perm(profile, sender, MAY_READ, &sa));