Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9c937dcc authored by Amy Griffis's avatar Amy Griffis Committed by Al Viro
Browse files

[PATCH] log more info for directory entry change events 



When an audit event involves changes to a directory entry, include
a PATH record for the directory itself.  A few other notable changes:

    - fixed audit_inode_child() hooks in fsnotify_move()
    - removed unused flags arg from audit_inode()
    - added audit log routines for logging a portion of a string

Here's some sample output.

before patch:
type=SYSCALL msg=audit(1149821605.320:26): arch=40000003 syscall=39 success=yes exit=0 a0=bf8d3c7c a1=1ff a2=804e1b8 a3=bf8d3c7c items=1 ppid=739 pid=800 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 comm="mkdir" exe="/bin/mkdir" subj=root:system_r:unconfined_t:s0-s0:c0.c255
type=CWD msg=audit(1149821605.320:26):  cwd="/root"
type=PATH msg=audit(1149821605.320:26): item=0 name="foo" parent=164068 inode=164010 dev=03:00 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=root:object_r:user_home_t:s0

after patch:
type=SYSCALL msg=audit(1149822032.332:24): arch=40000003 syscall=39 success=yes exit=0 a0=bfdd9c7c a1=1ff a2=804e1b8 a3=bfdd9c7c items=2 ppid=714 pid=777 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=ttyS0 comm="mkdir" exe="/bin/mkdir" subj=root:system_r:unconfined_t:s0-s0:c0.c255
type=CWD msg=audit(1149822032.332:24):  cwd="/root"
type=PATH msg=audit(1149822032.332:24): item=0 name="/root" inode=164068 dev=03:00 mode=040750 ouid=0 ogid=0 rdev=00:00 obj=root:object_r:user_home_dir_t:s0
type=PATH msg=audit(1149822032.332:24): item=1 name="foo" inode=164010 dev=03:00 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=root:object_r:user_home_t:s0

Signed-off-by: default avatarAmy Griffis <amy.griffis@hp.com>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 6a2bceec

fs/namei.c

+1 −1
Original line number Diff line number Diff line
@@ -1127,7 +1127,7 @@ out: 
	if (likely(retval == 0)) {

		if (unlikely(current->audit_context && nd && nd->dentry &&

				nd->dentry->d_inode))

		audit_inode(name, nd->dentry->d_inode, flags);

		audit_inode(name, nd->dentry->d_inode);

	}

out_fail:

	return retval;

fs/open.c

+2 −2
Original line number Diff line number Diff line
@@ -633,7 +633,7 @@ asmlinkage long sys_fchmod(unsigned int fd, mode_t mode) 
	dentry = file->f_dentry;

	inode = dentry->d_inode;



	audit_inode(NULL, inode, 0);

	audit_inode(NULL, inode);



	err = -EROFS;

	if (IS_RDONLY(inode))
@@ -786,7 +786,7 @@ asmlinkage long sys_fchown(unsigned int fd, uid_t user, gid_t group) 
	if (file) {

		struct dentry * dentry;

		dentry = file->f_dentry;

		audit_inode(NULL, dentry->d_inode, 0);

		audit_inode(NULL, dentry->d_inode);

		error = chown_common(dentry, user, group);

		fput(file);

	}

fs/xattr.c

+2 −2
Original line number Diff line number Diff line
@@ -242,7 +242,7 @@ sys_fsetxattr(int fd, char __user *name, void __user *value, 
	if (!f)

		return error;

	dentry = f->f_dentry;

	audit_inode(NULL, dentry->d_inode, 0);

	audit_inode(NULL, dentry->d_inode);

	error = setxattr(dentry, name, value, size, flags);

	fput(f);

	return error;
@@ -469,7 +469,7 @@ sys_fremovexattr(int fd, char __user *name) 
	if (!f)

		return error;

	dentry = f->f_dentry;

	audit_inode(NULL, dentry->d_inode, 0);

	audit_inode(NULL, dentry->d_inode);

	error = removexattr(dentry, name);

	fput(f);

	return error;

include/linux/audit.h

+9 −6
Original line number Diff line number Diff line
@@ -310,7 +310,7 @@ extern void audit_syscall_entry(int arch, 
extern void audit_syscall_exit(int failed, long return_code);

extern void __audit_getname(const char *name);

extern void audit_putname(const char *name);

extern void __audit_inode(const char *name, const struct inode *inode, unsigned flags);

extern void __audit_inode(const char *name, const struct inode *inode);

extern void __audit_inode_child(const char *dname, const struct inode *inode,

				unsigned long pino);

static inline void audit_getname(const char *name)
@@ -318,10 +318,9 @@ static inline void audit_getname(const char *name) 
	if (unlikely(current->audit_context))

		__audit_getname(name);

}

static inline void audit_inode(const char *name, const struct inode *inode,

			       unsigned flags) {

static inline void audit_inode(const char *name, const struct inode *inode) {

	if (unlikely(current->audit_context))

		__audit_inode(name, inode, flags);

		__audit_inode(name, inode);

}

static inline void audit_inode_child(const char *dname, 

				     const struct inode *inode,
@@ -398,9 +397,9 @@ static inline int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat) 
#define audit_syscall_exit(f,r) do { ; } while (0)

#define audit_getname(n) do { ; } while (0)

#define audit_putname(n) do { ; } while (0)

#define __audit_inode(n,i,f) do { ; } while (0)

#define __audit_inode(n,i) do { ; } while (0)

#define __audit_inode_child(d,i,p) do { ; } while (0)

#define audit_inode(n,i,f) do { ; } while (0)

#define audit_inode(n,i) do { ; } while (0)

#define audit_inode_child(d,i,p) do { ; } while (0)

#define auditsc_get_stamp(c,t,s) do { BUG(); } while (0)

#define audit_get_loginuid(c) ({ -1; })
@@ -435,6 +434,9 @@ extern void audit_log_hex(struct audit_buffer *ab, 
					  size_t len);

extern const char *	    audit_log_untrustedstring(struct audit_buffer *ab,

						      const char *string);

extern const char *	    audit_log_n_untrustedstring(struct audit_buffer *ab,

							size_t n,

							const char *string);

extern void		    audit_log_d_path(struct audit_buffer *ab,

					     const char *prefix,

					     struct dentry *dentry,
@@ -452,6 +454,7 @@ extern int audit_receive_filter(int type, int pid, int uid, int seq, 
#define audit_log_end(b) do { ; } while (0)

#define audit_log_hex(a,b,l) do { ; } while (0)

#define audit_log_untrustedstring(a,s) do { ; } while (0)

#define audit_log_n_untrustedstring(a,n,s) do { ; } while (0)

#define audit_log_d_path(b,p,d,v) do { ; } while (0)

#endif

#endif

include/linux/fsnotify.h

+1 −2
Original line number Diff line number Diff line
@@ -67,8 +67,7 @@ static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir, 
	if (source) {

		inotify_inode_queue_event(source, IN_MOVE_SELF, 0, NULL, NULL);

	}

	audit_inode_child(old_name, source, old_dir->i_ino);

	audit_inode_child(new_name, target, new_dir->i_ino);

	audit_inode_child(new_name, source, new_dir->i_ino);

}



/*