Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9d960985 authored by Eric Paris's avatar Eric Paris Committed by Al Viro
Browse files

Audit: clean up all op= output to include string quoting 



A number of places in the audit system we send an op= followed by a string
that includes spaces.  Somehow this works but it's just wrong.  This patch
moves all of those that I could find to be quoted.

Example:

Change From: type=CONFIG_CHANGE msg=audit(1244666690.117:31): auid=0 ses=1
subj=unconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op=remove rule
key="number2" list=4 res=0

Change To: type=CONFIG_CHANGE msg=audit(1244666690.117:31): auid=0 ses=1
subj=unconfined_u:unconfined_r:auditctl_t:s0-s0:c0.c1023 op="remove rule"
key="number2" list=4 res=0

Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent 35fe4d0b

include/linux/audit.h

+3 −0
Original line number Original line Diff line number Diff line
@@ -599,6 +599,8 @@ extern void audit_log_untrustedstring(struct audit_buffer *ab, 
extern void		    audit_log_d_path(struct audit_buffer *ab,

extern void		    audit_log_d_path(struct audit_buffer *ab,

					     const char *prefix,

					     const char *prefix,

					     struct path *path);

					     struct path *path);

extern void		    audit_log_key(struct audit_buffer *ab,

					  char *key);

extern void		    audit_log_lost(const char *message);

extern void		    audit_log_lost(const char *message);

extern int		    audit_update_lsm_rules(void);

extern int		    audit_update_lsm_rules(void);
@@ -621,6 +623,7 @@ extern int audit_enabled; 
#define audit_log_n_untrustedstring(a,n,s) do { ; } while (0)

#define audit_log_n_untrustedstring(a,n,s) do { ; } while (0)

#define audit_log_untrustedstring(a,s) do { ; } while (0)

#define audit_log_untrustedstring(a,s) do { ; } while (0)

#define audit_log_d_path(b, p, d) do { ; } while (0)

#define audit_log_d_path(b, p, d) do { ; } while (0)

#define audit_log_key(b, k) do { ; } while (0)

#define audit_enabled 0

#define audit_enabled 0

#endif

#endif

#endif

#endif

kernel/audit.c

+9 −0
Original line number Original line Diff line number Diff line
@@ -1450,6 +1450,15 @@ void audit_log_d_path(struct audit_buffer *ab, const char *prefix, 
	kfree(pathname);

	kfree(pathname);

}

}





void audit_log_key(struct audit_buffer *ab, char *key)

{

	audit_log_format(ab, " key=");

	if (key)

		audit_log_untrustedstring(ab, key);

	else

		audit_log_format(ab, "(null)");

}



/**

/**

 * audit_log_end - end one audit record

 * audit_log_end - end one audit record

 * @ab: the audit_buffer

 * @ab: the audit_buffer

kernel/audit_tree.c

+4 −6
Original line number Original line Diff line number Diff line
@@ -441,13 +441,11 @@ static void kill_rules(struct audit_tree *tree) 
		if (rule->tree) {

		if (rule->tree) {

			/* not a half-baked one */

			/* not a half-baked one */

			ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);

			ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);

			audit_log_format(ab, "op=remove rule dir=");

			audit_log_format(ab, "op=");

			audit_log_string(ab, "remove rule");

			audit_log_format(ab, " dir=");

			audit_log_untrustedstring(ab, rule->tree->pathname);

			audit_log_untrustedstring(ab, rule->tree->pathname);

			if (rule->filterkey) {

			audit_log_key(ab, rule->filterkey);

				audit_log_format(ab, " key=");

				audit_log_untrustedstring(ab, rule->filterkey);

			} else

				audit_log_format(ab, " key=(null)");

			audit_log_format(ab, " list=%d res=1", rule->listnr);

			audit_log_format(ab, " list=%d res=1", rule->listnr);

			audit_log_end(ab);

			audit_log_end(ab);

			rule->tree = NULL;

			rule->tree = NULL;

kernel/audit_watch.c

+1 −5
Original line number Original line Diff line number Diff line
@@ -234,11 +234,7 @@ static void audit_watch_log_rule_change(struct audit_krule *r, struct audit_watc 
		audit_log_string(ab, op);

		audit_log_string(ab, op);

		audit_log_format(ab, " path=");

		audit_log_format(ab, " path=");

		audit_log_untrustedstring(ab, w->path);

		audit_log_untrustedstring(ab, w->path);

		if (r->filterkey) {

		audit_log_key(ab, r->filterkey);

			audit_log_format(ab, " key=");

			audit_log_untrustedstring(ab, r->filterkey);

		} else

			audit_log_format(ab, " key=(null)");

		audit_log_format(ab, " list=%d res=1", r->listnr);

		audit_log_format(ab, " list=%d res=1", r->listnr);

		audit_log_end(ab);

		audit_log_end(ab);

	}

	}

kernel/auditfilter.c

+5 −7
Original line number Original line Diff line number Diff line
@@ -1079,11 +1079,9 @@ static void audit_log_rule_change(uid_t loginuid, u32 sessionid, u32 sid, 
			security_release_secctx(ctx, len);

			security_release_secctx(ctx, len);

		}

		}

	}

	}

	audit_log_format(ab, " op=%s rule key=", action);

	audit_log_format(ab, " op=");

	if (rule->filterkey)

	audit_log_string(ab, action);

		audit_log_untrustedstring(ab, rule->filterkey);

	audit_log_key(ab, rule->filterkey);

	else

		audit_log_format(ab, "(null)");

	audit_log_format(ab, " list=%d res=%d", rule->listnr, res);

	audit_log_format(ab, " list=%d res=%d", rule->listnr, res);

	audit_log_end(ab);

	audit_log_end(ab);

}

}
@@ -1147,7 +1145,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data, 
			return PTR_ERR(entry);

			return PTR_ERR(entry);





		err = audit_add_rule(entry);

		err = audit_add_rule(entry);

		audit_log_rule_change(loginuid, sessionid, sid, "add",

		audit_log_rule_change(loginuid, sessionid, sid, "add rule",

				      &entry->rule, !err);

				      &entry->rule, !err);





		if (err)

		if (err)
@@ -1163,7 +1161,7 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data, 
			return PTR_ERR(entry);

			return PTR_ERR(entry);





		err = audit_del_rule(entry);

		err = audit_del_rule(entry);

		audit_log_rule_change(loginuid, sessionid, sid, "remove",

		audit_log_rule_change(loginuid, sessionid, sid, "remove rule",

				      &entry->rule, !err);

				      &entry->rule, !err);





		audit_free_rule(entry);

		audit_free_rule(entry);