Loading fs/open.c +1 −1 Original line number Original line Diff line number Diff line Loading @@ -681,7 +681,7 @@ static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, f->f_op = fops_get(inode->i_fop); f->f_op = fops_get(inode->i_fop); error = security_dentry_open(f, cred); error = security_file_open(f, cred); if (error) if (error) goto cleanup_all; goto cleanup_all; Loading include/linux/lsm_audit.h +0 −6 Original line number Original line Diff line number Diff line Loading @@ -53,7 +53,6 @@ struct common_audit_data { #define LSM_AUDIT_DATA_KMOD 8 #define LSM_AUDIT_DATA_KMOD 8 #define LSM_AUDIT_DATA_INODE 9 #define LSM_AUDIT_DATA_INODE 9 #define LSM_AUDIT_DATA_DENTRY 10 #define LSM_AUDIT_DATA_DENTRY 10 struct task_struct *tsk; union { union { struct path path; struct path path; struct dentry *dentry; struct dentry *dentry; Loading Loading @@ -93,11 +92,6 @@ int ipv4_skb_to_auditdata(struct sk_buff *skb, int ipv6_skb_to_auditdata(struct sk_buff *skb, int ipv6_skb_to_auditdata(struct sk_buff *skb, struct common_audit_data *ad, u8 *proto); struct common_audit_data *ad, u8 *proto); /* Initialize an LSM audit data structure. */ #define COMMON_AUDIT_DATA_INIT(_d, _t) \ { memset((_d), 0, sizeof(struct common_audit_data)); \ (_d)->type = LSM_AUDIT_DATA_##_t; } void common_lsm_audit(struct common_audit_data *a, void common_lsm_audit(struct common_audit_data *a, void (*pre_audit)(struct audit_buffer *, void *), void (*pre_audit)(struct audit_buffer *, void *), void (*post_audit)(struct audit_buffer *, void *)); void (*post_audit)(struct audit_buffer *, void *)); Loading include/linux/security.h +5 −8 Original line number Original line Diff line number Diff line Loading @@ -640,10 +640,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * to receive an open file descriptor via socket IPC. * to receive an open file descriptor via socket IPC. * @file contains the file structure being received. * @file contains the file structure being received. * Return 0 if permission is granted. * Return 0 if permission is granted. * * @file_open * Security hook for dentry * * @dentry_open * Save open-time permission checking state for later use upon * Save open-time permission checking state for later use upon * file_permission, and recheck access if anything has changed * file_permission, and recheck access if anything has changed * since inode_permission. * since inode_permission. Loading Loading @@ -1498,7 +1495,7 @@ struct security_operations { int (*file_send_sigiotask) (struct task_struct *tsk, int (*file_send_sigiotask) (struct task_struct *tsk, struct fown_struct *fown, int sig); struct fown_struct *fown, int sig); int (*file_receive) (struct file *file); int (*file_receive) (struct file *file); int (*dentry_open) (struct file *file, const struct cred *cred); int (*file_open) (struct file *file, const struct cred *cred); int (*task_create) (unsigned long clone_flags); int (*task_create) (unsigned long clone_flags); void (*task_free) (struct task_struct *task); void (*task_free) (struct task_struct *task); Loading Loading @@ -1757,7 +1754,7 @@ int security_file_set_fowner(struct file *file); int security_file_send_sigiotask(struct task_struct *tsk, int security_file_send_sigiotask(struct task_struct *tsk, struct fown_struct *fown, int sig); struct fown_struct *fown, int sig); int security_file_receive(struct file *file); int security_file_receive(struct file *file); int security_dentry_open(struct file *file, const struct cred *cred); int security_file_open(struct file *file, const struct cred *cred); int security_task_create(unsigned long clone_flags); int security_task_create(unsigned long clone_flags); void security_task_free(struct task_struct *task); void security_task_free(struct task_struct *task); int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); Loading Loading @@ -2228,7 +2225,7 @@ static inline int security_file_receive(struct file *file) return 0; return 0; } } static inline int security_dentry_open(struct file *file, static inline int security_file_open(struct file *file, const struct cred *cred) const struct cred *cred) { { return 0; return 0; Loading net/xfrm/xfrm_policy.c +1 −0 Original line number Original line Diff line number Diff line Loading @@ -26,6 +26,7 @@ #include <linux/cache.h> #include <linux/cache.h> #include <linux/audit.h> #include <linux/audit.h> #include <net/dst.h> #include <net/dst.h> #include <net/flow.h> #include <net/xfrm.h> #include <net/xfrm.h> #include <net/ip.h> #include <net/ip.h> #ifdef CONFIG_XFRM_STATISTICS #ifdef CONFIG_XFRM_STATISTICS Loading security/apparmor/audit.c +9 −2 Original line number Original line Diff line number Diff line Loading @@ -111,7 +111,7 @@ static const char *const aa_audit_type[] = { static void audit_pre(struct audit_buffer *ab, void *ca) static void audit_pre(struct audit_buffer *ab, void *ca) { { struct common_audit_data *sa = ca; struct common_audit_data *sa = ca; struct task_struct *tsk = sa->tsk ? sa->tsk : current; struct task_struct *tsk = sa->aad->tsk ? sa->aad->tsk : current; if (aa_g_audit_header) { if (aa_g_audit_header) { audit_log_format(ab, "apparmor="); audit_log_format(ab, "apparmor="); Loading Loading @@ -149,6 +149,12 @@ static void audit_pre(struct audit_buffer *ab, void *ca) audit_log_format(ab, " name="); audit_log_format(ab, " name="); audit_log_untrustedstring(ab, sa->aad->name); audit_log_untrustedstring(ab, sa->aad->name); } } if (sa->aad->tsk) { audit_log_format(ab, " pid=%d comm=", tsk->pid); audit_log_untrustedstring(ab, tsk->comm); } } } /** /** Loading Loading @@ -205,7 +211,8 @@ int aa_audit(int type, struct aa_profile *profile, gfp_t gfp, aa_audit_msg(type, sa, cb); aa_audit_msg(type, sa, cb); if (sa->aad->type == AUDIT_APPARMOR_KILL) if (sa->aad->type == AUDIT_APPARMOR_KILL) (void)send_sig_info(SIGKILL, NULL, sa->tsk ? sa->tsk : current); (void)send_sig_info(SIGKILL, NULL, sa->aad->tsk ? sa->aad->tsk : current); if (sa->aad->type == AUDIT_APPARMOR_ALLOWED) if (sa->aad->type == AUDIT_APPARMOR_ALLOWED) return complain_error(sa->aad->error); return complain_error(sa->aad->error); Loading Loading
fs/open.c +1 −1 Original line number Original line Diff line number Diff line Loading @@ -681,7 +681,7 @@ static struct file *__dentry_open(struct dentry *dentry, struct vfsmount *mnt, f->f_op = fops_get(inode->i_fop); f->f_op = fops_get(inode->i_fop); error = security_dentry_open(f, cred); error = security_file_open(f, cred); if (error) if (error) goto cleanup_all; goto cleanup_all; Loading
include/linux/lsm_audit.h +0 −6 Original line number Original line Diff line number Diff line Loading @@ -53,7 +53,6 @@ struct common_audit_data { #define LSM_AUDIT_DATA_KMOD 8 #define LSM_AUDIT_DATA_KMOD 8 #define LSM_AUDIT_DATA_INODE 9 #define LSM_AUDIT_DATA_INODE 9 #define LSM_AUDIT_DATA_DENTRY 10 #define LSM_AUDIT_DATA_DENTRY 10 struct task_struct *tsk; union { union { struct path path; struct path path; struct dentry *dentry; struct dentry *dentry; Loading Loading @@ -93,11 +92,6 @@ int ipv4_skb_to_auditdata(struct sk_buff *skb, int ipv6_skb_to_auditdata(struct sk_buff *skb, int ipv6_skb_to_auditdata(struct sk_buff *skb, struct common_audit_data *ad, u8 *proto); struct common_audit_data *ad, u8 *proto); /* Initialize an LSM audit data structure. */ #define COMMON_AUDIT_DATA_INIT(_d, _t) \ { memset((_d), 0, sizeof(struct common_audit_data)); \ (_d)->type = LSM_AUDIT_DATA_##_t; } void common_lsm_audit(struct common_audit_data *a, void common_lsm_audit(struct common_audit_data *a, void (*pre_audit)(struct audit_buffer *, void *), void (*pre_audit)(struct audit_buffer *, void *), void (*post_audit)(struct audit_buffer *, void *)); void (*post_audit)(struct audit_buffer *, void *)); Loading
include/linux/security.h +5 −8 Original line number Original line Diff line number Diff line Loading @@ -640,10 +640,7 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * to receive an open file descriptor via socket IPC. * to receive an open file descriptor via socket IPC. * @file contains the file structure being received. * @file contains the file structure being received. * Return 0 if permission is granted. * Return 0 if permission is granted. * * @file_open * Security hook for dentry * * @dentry_open * Save open-time permission checking state for later use upon * Save open-time permission checking state for later use upon * file_permission, and recheck access if anything has changed * file_permission, and recheck access if anything has changed * since inode_permission. * since inode_permission. Loading Loading @@ -1498,7 +1495,7 @@ struct security_operations { int (*file_send_sigiotask) (struct task_struct *tsk, int (*file_send_sigiotask) (struct task_struct *tsk, struct fown_struct *fown, int sig); struct fown_struct *fown, int sig); int (*file_receive) (struct file *file); int (*file_receive) (struct file *file); int (*dentry_open) (struct file *file, const struct cred *cred); int (*file_open) (struct file *file, const struct cred *cred); int (*task_create) (unsigned long clone_flags); int (*task_create) (unsigned long clone_flags); void (*task_free) (struct task_struct *task); void (*task_free) (struct task_struct *task); Loading Loading @@ -1757,7 +1754,7 @@ int security_file_set_fowner(struct file *file); int security_file_send_sigiotask(struct task_struct *tsk, int security_file_send_sigiotask(struct task_struct *tsk, struct fown_struct *fown, int sig); struct fown_struct *fown, int sig); int security_file_receive(struct file *file); int security_file_receive(struct file *file); int security_dentry_open(struct file *file, const struct cred *cred); int security_file_open(struct file *file, const struct cred *cred); int security_task_create(unsigned long clone_flags); int security_task_create(unsigned long clone_flags); void security_task_free(struct task_struct *task); void security_task_free(struct task_struct *task); int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); Loading Loading @@ -2228,7 +2225,7 @@ static inline int security_file_receive(struct file *file) return 0; return 0; } } static inline int security_dentry_open(struct file *file, static inline int security_file_open(struct file *file, const struct cred *cred) const struct cred *cred) { { return 0; return 0; Loading
net/xfrm/xfrm_policy.c +1 −0 Original line number Original line Diff line number Diff line Loading @@ -26,6 +26,7 @@ #include <linux/cache.h> #include <linux/cache.h> #include <linux/audit.h> #include <linux/audit.h> #include <net/dst.h> #include <net/dst.h> #include <net/flow.h> #include <net/xfrm.h> #include <net/xfrm.h> #include <net/ip.h> #include <net/ip.h> #ifdef CONFIG_XFRM_STATISTICS #ifdef CONFIG_XFRM_STATISTICS Loading
security/apparmor/audit.c +9 −2 Original line number Original line Diff line number Diff line Loading @@ -111,7 +111,7 @@ static const char *const aa_audit_type[] = { static void audit_pre(struct audit_buffer *ab, void *ca) static void audit_pre(struct audit_buffer *ab, void *ca) { { struct common_audit_data *sa = ca; struct common_audit_data *sa = ca; struct task_struct *tsk = sa->tsk ? sa->tsk : current; struct task_struct *tsk = sa->aad->tsk ? sa->aad->tsk : current; if (aa_g_audit_header) { if (aa_g_audit_header) { audit_log_format(ab, "apparmor="); audit_log_format(ab, "apparmor="); Loading Loading @@ -149,6 +149,12 @@ static void audit_pre(struct audit_buffer *ab, void *ca) audit_log_format(ab, " name="); audit_log_format(ab, " name="); audit_log_untrustedstring(ab, sa->aad->name); audit_log_untrustedstring(ab, sa->aad->name); } } if (sa->aad->tsk) { audit_log_format(ab, " pid=%d comm=", tsk->pid); audit_log_untrustedstring(ab, tsk->comm); } } } /** /** Loading Loading @@ -205,7 +211,8 @@ int aa_audit(int type, struct aa_profile *profile, gfp_t gfp, aa_audit_msg(type, sa, cb); aa_audit_msg(type, sa, cb); if (sa->aad->type == AUDIT_APPARMOR_KILL) if (sa->aad->type == AUDIT_APPARMOR_KILL) (void)send_sig_info(SIGKILL, NULL, sa->tsk ? sa->tsk : current); (void)send_sig_info(SIGKILL, NULL, sa->aad->tsk ? sa->aad->tsk : current); if (sa->aad->type == AUDIT_APPARMOR_ALLOWED) if (sa->aad->type == AUDIT_APPARMOR_ALLOWED) return complain_error(sa->aad->error); return complain_error(sa->aad->error); Loading
