Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/audit

extern void audit_log_session_info(struct audit_buffer *ab);

#ifdef CONFIG_AUDIT

/* These are defined in audit.c */

				/* Public API */

extern __printf(4, 5)

void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,

	       const char *fmt, ...);

extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);

extern __printf(2, 3)

void audit_log_format(struct audit_buffer *ab, const char *fmt, ...);

extern void		    audit_log_end(struct audit_buffer *ab);

extern bool		    audit_string_contains_control(const char *string,

							  size_t len);

extern void		    audit_log_n_hex(struct audit_buffer *ab,

					  const unsigned char *buf,

					  size_t len);

extern void		    audit_log_n_string(struct audit_buffer *ab,

					       const char *buf,

					       size_t n);

extern void		    audit_log_n_untrustedstring(struct audit_buffer *ab,

							const char *string,

							size_t n);

extern void		    audit_log_untrustedstring(struct audit_buffer *ab,

						      const char *string);

extern void		    audit_log_d_path(struct audit_buffer *ab,

					     const char *prefix,

					     const struct path *path);

extern void		    audit_log_key(struct audit_buffer *ab,

					  char *key);

extern void		    audit_log_link_denied(const char *operation,

						  struct path *link);

extern void		    audit_log_lost(const char *message);

#ifdef CONFIG_SECURITY

extern void 		    audit_log_secctx(struct audit_buffer *ab, u32 secid);

#else

static inline void	    audit_log_secctx(struct audit_buffer *ab, u32 secid)

{ }

#endif

extern int audit_log_task_context(struct audit_buffer *ab);

extern void audit_log_task_info(struct audit_buffer *ab,

				struct task_struct *tsk);

extern int		    audit_update_lsm_rules(void);

				/* Private API (for audit.c only) */

extern int audit_filter_user(int type);

extern int audit_filter_type(int type);

extern int audit_rule_change(int type, __u32 portid, int seq,

				void *data, size_t datasz);

extern int audit_list_rules_send(struct sk_buff *request_skb, int seq);

extern u32 audit_enabled;

#else /* CONFIG_AUDIT */

static inline __printf(4, 5)

void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,

	       const char *fmt, ...)

{ }

static inline struct audit_buffer *audit_log_start(struct audit_context *ctx,

						   gfp_t gfp_mask, int type)

{

	return NULL;

}

static inline __printf(2, 3)

void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)

{ }

static inline void audit_log_end(struct audit_buffer *ab)

{ }

static inline void audit_log_n_hex(struct audit_buffer *ab,

				   const unsigned char *buf, size_t len)

{ }

static inline void audit_log_n_string(struct audit_buffer *ab,

				      const char *buf, size_t n)

{ }

static inline void  audit_log_n_untrustedstring(struct audit_buffer *ab,

						const char *string, size_t n)

{ }

static inline void audit_log_untrustedstring(struct audit_buffer *ab,

					     const char *string)

{ }

static inline void audit_log_d_path(struct audit_buffer *ab,

				    const char *prefix,

				    const struct path *path)

{ }

static inline void audit_log_key(struct audit_buffer *ab, char *key)

{ }

static inline void audit_log_link_denied(const char *string,

					 const struct path *link)

{ }

static inline void audit_log_secctx(struct audit_buffer *ab, u32 secid)

{ }

static inline int audit_log_task_context(struct audit_buffer *ab)

{

	return 0;

}

static inline void audit_log_task_info(struct audit_buffer *ab,

				       struct task_struct *tsk)

{ }

#define audit_enabled 0

#endif /* CONFIG_AUDIT */

#ifdef CONFIG_AUDIT_COMPAT_GENERIC

#define audit_is_compat(arch)  (!((arch) & __AUDIT_ARCH_64BIT))

#else

static inline void audit_seccomp(unsigned long syscall, long signr, int code)

{

	if (!audit_enabled)

		return;

	/* Force a record to be reported if a signal was delivered. */

	if (signr || unlikely(!audit_dummy_context()))

		__audit_seccomp(syscall, signr, code);

	return uid_valid(audit_get_loginuid(tsk));

}

#ifdef CONFIG_AUDIT

/* These are defined in audit.c */

				/* Public API */

extern __printf(4, 5)

void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,

	       const char *fmt, ...);

extern struct audit_buffer *audit_log_start(struct audit_context *ctx, gfp_t gfp_mask, int type);

extern __printf(2, 3)

void audit_log_format(struct audit_buffer *ab, const char *fmt, ...);

extern void		    audit_log_end(struct audit_buffer *ab);

extern bool		    audit_string_contains_control(const char *string,

							  size_t len);

extern void		    audit_log_n_hex(struct audit_buffer *ab,

					  const unsigned char *buf,

					  size_t len);

extern void		    audit_log_n_string(struct audit_buffer *ab,

					       const char *buf,

					       size_t n);

extern void		    audit_log_n_untrustedstring(struct audit_buffer *ab,

							const char *string,

							size_t n);

extern void		    audit_log_untrustedstring(struct audit_buffer *ab,

						      const char *string);

extern void		    audit_log_d_path(struct audit_buffer *ab,

					     const char *prefix,

					     const struct path *path);

extern void		    audit_log_key(struct audit_buffer *ab,

					  char *key);

extern void		    audit_log_link_denied(const char *operation,

						  struct path *link);

extern void		    audit_log_lost(const char *message);

#ifdef CONFIG_SECURITY

extern void 		    audit_log_secctx(struct audit_buffer *ab, u32 secid);

#else

static inline void	    audit_log_secctx(struct audit_buffer *ab, u32 secid)

{ }

#endif

extern int audit_log_task_context(struct audit_buffer *ab);

extern void audit_log_task_info(struct audit_buffer *ab,

				struct task_struct *tsk);

extern int		    audit_update_lsm_rules(void);

				/* Private API (for audit.c only) */

extern int audit_filter_user(int type);

extern int audit_filter_type(int type);

extern int audit_rule_change(int type, __u32 portid, int seq,

				void *data, size_t datasz);

extern int audit_list_rules_send(struct sk_buff *request_skb, int seq);

extern u32 audit_enabled;

#else /* CONFIG_AUDIT */

static inline __printf(4, 5)

void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,

	       const char *fmt, ...)

{ }

static inline struct audit_buffer *audit_log_start(struct audit_context *ctx,

						   gfp_t gfp_mask, int type)

{

	return NULL;

}

static inline __printf(2, 3)

void audit_log_format(struct audit_buffer *ab, const char *fmt, ...)

{ }

static inline void audit_log_end(struct audit_buffer *ab)

{ }

static inline void audit_log_n_hex(struct audit_buffer *ab,

				   const unsigned char *buf, size_t len)

{ }

static inline void audit_log_n_string(struct audit_buffer *ab,

				      const char *buf, size_t n)

{ }

static inline void  audit_log_n_untrustedstring(struct audit_buffer *ab,

						const char *string, size_t n)

{ }

static inline void audit_log_untrustedstring(struct audit_buffer *ab,

					     const char *string)

{ }

static inline void audit_log_d_path(struct audit_buffer *ab,

				    const char *prefix,

				    const struct path *path)

{ }

static inline void audit_log_key(struct audit_buffer *ab, char *key)

{ }

static inline void audit_log_link_denied(const char *string,

					 const struct path *link)

{ }

static inline void audit_log_secctx(struct audit_buffer *ab, u32 secid)

{ }

static inline int audit_log_task_context(struct audit_buffer *ab)

{

	return 0;

}

static inline void audit_log_task_info(struct audit_buffer *ab,

				       struct task_struct *tsk)

{ }

#define audit_enabled 0

#endif /* CONFIG_AUDIT */

static inline void audit_log_string(struct audit_buffer *ab, const char *buf)

{

	audit_log_n_string(ab, buf, strlen(buf));

	help

	  Enable auditing infrastructure that can be used with another

	  kernel subsystem, such as SELinux (which requires this for

	  logging of avc messages output).  Does not do system-call

	  auditing without CONFIG_AUDITSYSCALL.

	  logging of avc messages output).  System call auditing is included

	  on architectures which support it.

config HAVE_ARCH_AUDITSYSCALL

	bool

config AUDITSYSCALL

	bool "Enable system-call auditing support"

	def_bool y

	depends on AUDIT && HAVE_ARCH_AUDITSYSCALL

	default y if SECURITY_SELINUX

	help

	  Enable low-overhead system-call auditing infrastructure that

	  can be used independently or with another kernel subsystem,

	  such as SELinux.

config AUDIT_WATCH

	def_bool y

#define AUDIT_BACKLOG_WAIT_TIME (60 * HZ)

static u32	audit_backlog_wait_time_master = AUDIT_BACKLOG_WAIT_TIME;

static u32	audit_backlog_wait_time = AUDIT_BACKLOG_WAIT_TIME;

static u32	audit_backlog_wait_overflow = 0;

/* The identity of the user shutting down the audit system. */

kuid_t		audit_sig_uid = INVALID_UID;

	 * if auditd just disappeared but we

	 * dequeued an skb we need to drop ref

	 */

	if (skb)

	consume_skb(skb);

}

		skb = skb_dequeue(&audit_skb_queue);

		if (skb) {

			if (skb_queue_len(&audit_skb_queue) <= audit_backlog_limit)

			if (!audit_backlog_limit ||

			    (skb_queue_len(&audit_skb_queue) <= audit_backlog_limit))

				wake_up(&audit_backlog_wait);

			if (audit_pid)

				kauditd_send_skb(skb);

	if (!ab)

		return;

	if (ab->skb)

	kfree_skb(ab->skb);

	spin_lock_irqsave(&audit_freelist_lock, flags);

	if (audit_freelist_count > AUDIT_MAXFREE)

		kfree(ab);

		return NULL;

	if (gfp_mask & __GFP_DIRECT_RECLAIM) {

		if (audit_pid && audit_pid == current->pid)

		if (audit_pid && audit_pid == current->tgid)

			gfp_mask &= ~__GFP_DIRECT_RECLAIM;

		else

			reserve = 0;

				skb_queue_len(&audit_skb_queue),

				audit_backlog_limit);

		audit_log_lost("backlog limit exceeded");

		audit_backlog_wait_time = audit_backlog_wait_overflow;

		audit_backlog_wait_time = 0;

		wake_up(&audit_backlog_wait);

		return NULL;

	}

	if (!reserve)

	if (!reserve && !audit_backlog_wait_time)

		audit_backlog_wait_time = audit_backlog_wait_time_master;

	ab = audit_buffer_alloc(ctx, gfp_mask, type);