audit: fix event coverage of AUDIT_ANOM_LINK

	return tsk->sessionid;

	return tsk->sessionid;

}

}

extern int audit_log_task_context(struct audit_buffer *ab);

extern void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk);

extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);

extern void __audit_ipc_obj(struct kern_ipc_perm *ipcp);

extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);

extern void __audit_ipc_set_perm(unsigned long qbytes, uid_t uid, gid_t gid, umode_t mode);

extern int __audit_bprm(struct linux_binprm *bprm);

extern int __audit_bprm(struct linux_binprm *bprm);

{

{

	return -1;

	return -1;

}

}

static int void audit_log_task_context(struct audit_buffer *ab)

{

	return 0;

}

static inline void audit_log_task_info(struct audit_buffer *ab,

				       struct task_struct *tsk)

{ }

static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)

static inline void audit_ipc_obj(struct kern_ipc_perm *ipcp)

{ }

{ }

static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid,

static inline void audit_ipc_set_perm(unsigned long qbytes, uid_t uid,

{ }

{ }

#endif

#endif

extern int audit_log_task_context(struct audit_buffer *ab);

extern void audit_log_task_info(struct audit_buffer *ab,

				struct task_struct *tsk);

extern int		    audit_update_lsm_rules(void);

extern int		    audit_update_lsm_rules(void);

				/* Private API (for audit.c only) */

				/* Private API (for audit.c only) */

{ }

{ }

static inline void audit_log_secctx(struct audit_buffer *ab, u32 secid)

static inline void audit_log_secctx(struct audit_buffer *ab, u32 secid)

{ }

{ }

static inline int audit_log_task_context(struct audit_buffer *ab)

{

	return 0;

}

static inline void audit_log_task_info(struct audit_buffer *ab,

				       struct task_struct *tsk)

{ }

#define audit_enabled 0

#define audit_enabled 0

#endif /* CONFIG_AUDIT */

#endif /* CONFIG_AUDIT */

static inline void audit_log_string(struct audit_buffer *ab, const char *buf)

static inline void audit_log_string(struct audit_buffer *ab, const char *buf)

#include <linux/err.h>

#include <linux/err.h>

#include <linux/kthread.h>

#include <linux/kthread.h>

#include <linux/kernel.h>

#include <linux/kernel.h>

#include <linux/syscalls.h>

#include <linux/audit.h>

#include <linux/audit.h>

		audit_log_format(ab, "(null)");

		audit_log_format(ab, "(null)");

}

}

void audit_log_cap(struct audit_buffer *ab, char *prefix, kernel_cap_t *cap)

{

	int i;

	audit_log_format(ab, " %s=", prefix);

	CAP_FOR_EACH_U32(i) {

		audit_log_format(ab, "%08x",

				 cap->cap[(_KERNEL_CAPABILITY_U32S-1) - i]);

	}

}

void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)

{

	kernel_cap_t *perm = &name->fcap.permitted;

	kernel_cap_t *inh = &name->fcap.inheritable;

	int log = 0;

	if (!cap_isclear(*perm)) {

		audit_log_cap(ab, "cap_fp", perm);

		log = 1;

	}

	if (!cap_isclear(*inh)) {

		audit_log_cap(ab, "cap_fi", inh);

		log = 1;

	}

	if (log)

		audit_log_format(ab, " cap_fe=%d cap_fver=%x",

				 name->fcap.fE, name->fcap_ver);

}

static inline int audit_copy_fcaps(struct audit_names *name,

				   const struct dentry *dentry)

{

	struct cpu_vfs_cap_data caps;

	int rc;

	if (!dentry)

		return 0;

	rc = get_vfs_caps_from_disk(dentry, &caps);

	if (rc)

		return rc;

	name->fcap.permitted = caps.permitted;

	name->fcap.inheritable = caps.inheritable;

	name->fcap.fE = !!(caps.magic_etc & VFS_CAP_FLAGS_EFFECTIVE);

	name->fcap_ver = (caps.magic_etc & VFS_CAP_REVISION_MASK) >>

				VFS_CAP_REVISION_SHIFT;

	return 0;

}

/* Copy inode data into an audit_names. */

void audit_copy_inode(struct audit_names *name, const struct dentry *dentry,

		      const struct inode *inode)

{

	name->ino   = inode->i_ino;

	name->dev   = inode->i_sb->s_dev;

	name->mode  = inode->i_mode;

	name->uid   = inode->i_uid;

	name->gid   = inode->i_gid;

	name->rdev  = inode->i_rdev;

	security_inode_getsecid(inode, &name->osid);

	audit_copy_fcaps(name, dentry);

}

/**

 * audit_log_name - produce AUDIT_PATH record from struct audit_names

 * @context: audit_context for the task

 * @n: audit_names structure with reportable details

 * @path: optional path to report instead of audit_names->name

 * @record_num: record number to report when handling a list of names

 * @call_panic: optional pointer to int that will be updated if secid fails

 */

void audit_log_name(struct audit_context *context, struct audit_names *n,

		    struct path *path, int record_num, int *call_panic)

{

	struct audit_buffer *ab;

	ab = audit_log_start(context, GFP_KERNEL, AUDIT_PATH);

	if (!ab)

		return;

	audit_log_format(ab, "item=%d", record_num);

	if (path)

		audit_log_d_path(ab, " name=", path);

	else if (n->name) {

		switch (n->name_len) {

		case AUDIT_NAME_FULL:

			/* log the full path */

			audit_log_format(ab, " name=");

			audit_log_untrustedstring(ab, n->name->name);

			break;

		case 0:

			/* name was specified as a relative path and the

			 * directory component is the cwd */

			audit_log_d_path(ab, " name=", &context->pwd);

			break;

		default:

			/* log the name's directory component */

			audit_log_format(ab, " name=");

			audit_log_n_untrustedstring(ab, n->name->name,

						    n->name_len);

		}

	} else

		audit_log_format(ab, " name=(null)");

	if (n->ino != (unsigned long)-1) {

		audit_log_format(ab, " inode=%lu"

				 " dev=%02x:%02x mode=%#ho"

				 " ouid=%u ogid=%u rdev=%02x:%02x",

				 n->ino,

				 MAJOR(n->dev),

				 MINOR(n->dev),

				 n->mode,

				 from_kuid(&init_user_ns, n->uid),

				 from_kgid(&init_user_ns, n->gid),

				 MAJOR(n->rdev),

				 MINOR(n->rdev));

	}

	if (n->osid != 0) {

		char *ctx = NULL;

		u32 len;

		if (security_secid_to_secctx(

			n->osid, &ctx, &len)) {

			audit_log_format(ab, " osid=%u", n->osid);

			if (call_panic)

				*call_panic = 2;

		} else {

			audit_log_format(ab, " obj=%s", ctx);

			security_release_secctx(ctx, len);

		}

	}

	audit_log_fcaps(ab, n);

	audit_log_end(ab);

}

int audit_log_task_context(struct audit_buffer *ab)

{

	char *ctx = NULL;

	unsigned len;

	int error;

	u32 sid;

	security_task_getsecid(current, &sid);

	if (!sid)

		return 0;

	error = security_secid_to_secctx(sid, &ctx, &len);

	if (error) {

		if (error != -EINVAL)

			goto error_path;

		return 0;

	}

	audit_log_format(ab, " subj=%s", ctx);

	security_release_secctx(ctx, len);

	return 0;

error_path:

	audit_panic("error in audit_log_task_context");

	return error;

}

EXPORT_SYMBOL(audit_log_task_context);

void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)

{

	const struct cred *cred;

	char name[sizeof(tsk->comm)];

	struct mm_struct *mm = tsk->mm;

	char *tty;

	if (!ab)

		return;

	/* tsk == current */

	cred = current_cred();

	spin_lock_irq(&tsk->sighand->siglock);

	if (tsk->signal && tsk->signal->tty && tsk->signal->tty->name)

		tty = tsk->signal->tty->name;

	else

		tty = "(none)";

	spin_unlock_irq(&tsk->sighand->siglock);

	audit_log_format(ab,

			 " ppid=%ld pid=%d auid=%u uid=%u gid=%u"

			 " euid=%u suid=%u fsuid=%u"

			 " egid=%u sgid=%u fsgid=%u ses=%u tty=%s",

			 sys_getppid(),

			 tsk->pid,

			 from_kuid(&init_user_ns, audit_get_loginuid(tsk)),

			 from_kuid(&init_user_ns, cred->uid),

			 from_kgid(&init_user_ns, cred->gid),

			 from_kuid(&init_user_ns, cred->euid),

			 from_kuid(&init_user_ns, cred->suid),

			 from_kuid(&init_user_ns, cred->fsuid),

			 from_kgid(&init_user_ns, cred->egid),

			 from_kgid(&init_user_ns, cred->sgid),

			 from_kgid(&init_user_ns, cred->fsgid),

			 audit_get_sessionid(tsk), tty);

	get_task_comm(name, tsk);

	audit_log_format(ab, " comm=");

	audit_log_untrustedstring(ab, name);

	if (mm) {

		down_read(&mm->mmap_sem);

		if (mm->exe_file)

			audit_log_d_path(ab, " exe=", &mm->exe_file->f_path);

		up_read(&mm->mmap_sem);

	}

	audit_log_task_context(ab);

}

EXPORT_SYMBOL(audit_log_task_info);

/**

/**

 * audit_log_link_denied - report a link restriction denial

 * audit_log_link_denied - report a link restriction denial

 * @operation: specific link opreation

 * @operation: specific link opreation

void audit_log_link_denied(const char *operation, struct path *link)

void audit_log_link_denied(const char *operation, struct path *link)

{

{

	struct audit_buffer *ab;

	struct audit_buffer *ab;

	struct audit_names *name;

	name = kzalloc(sizeof(*name), GFP_NOFS);

	if (!name)

		return;

	/* Generate AUDIT_ANOM_LINK with subject, operation, outcome. */

	ab = audit_log_start(current->audit_context, GFP_KERNEL,

	ab = audit_log_start(current->audit_context, GFP_KERNEL,

			     AUDIT_ANOM_LINK);

			     AUDIT_ANOM_LINK);

	if (!ab)

	if (!ab)

		return;

		goto out;

	audit_log_format(ab, "op=%s action=denied", operation);

	audit_log_format(ab, "op=%s", operation);

	audit_log_format(ab, " pid=%d comm=", current->pid);

	audit_log_task_info(ab, current);

	audit_log_untrustedstring(ab, current->comm);

	audit_log_format(ab, " res=0");

	audit_log_d_path(ab, " path=", link);

	audit_log_format(ab, " dev=");

	audit_log_untrustedstring(ab, link->dentry->d_inode->i_sb->s_id);

	audit_log_format(ab, " ino=%lu", link->dentry->d_inode->i_ino);

	audit_log_end(ab);

	audit_log_end(ab);

	/* Generate AUDIT_PATH record with object. */

	name->type = AUDIT_TYPE_NORMAL;

	audit_copy_inode(name, link->dentry, link->dentry->d_inode);

	audit_log_name(current->audit_context, name, link, 0, NULL);

out:

	kfree(name);

}

}

/**

/**

#include <linux/fs.h>

#include <linux/fs.h>

#include <linux/audit.h>

#include <linux/audit.h>

#include <linux/skbuff.h>

#include <linux/skbuff.h>

#include <uapi/linux/mqueue.h>

/* 0 = no checking

/* 0 = no checking

   1 = put_count checking

   1 = put_count checking

*/

*/

#define AUDIT_DEBUG 0

#define AUDIT_DEBUG 0

/* AUDIT_NAMES is the number of slots we reserve in the audit_context

 * for saving names from getname().  If we get more names we will allocate

 * a name dynamically and also add those to the list anchored by names_list. */

#define AUDIT_NAMES	5

/* At task start time, the audit_state is set in the audit_context using

/* At task start time, the audit_state is set in the audit_context using

   a per-task filter.  At syscall entry, the audit_state is augmented by

   a per-task filter.  At syscall entry, the audit_state is augmented by

   the syscall filter. */

   the syscall filter. */

	struct audit_krule	rule;

	struct audit_krule	rule;

};

};

struct audit_cap_data {

	kernel_cap_t		permitted;

	kernel_cap_t		inheritable;

	union {

		unsigned int	fE;		/* effective bit of file cap */

		kernel_cap_t	effective;	/* effective set of process */

	};

};

/* When fs/namei.c:getname() is called, we store the pointer in name and

 * we don't let putname() free it (instead we free all of the saved

 * pointers at syscall exit time).

 *

 * Further, in fs/namei.c:path_lookup() we store the inode and device.

 */

struct audit_names {

	struct list_head	list;		/* audit_context->names_list */

	struct filename		*name;

	int			name_len;	/* number of chars to log */

	bool			name_put;	/* call __putname()? */

	unsigned long		ino;

	dev_t			dev;

	umode_t			mode;

	kuid_t			uid;

	kgid_t			gid;

	dev_t			rdev;

	u32			osid;

	struct audit_cap_data	fcap;

	unsigned int		fcap_ver;

	unsigned char		type;		/* record type */

	/*

	 * This was an allocated audit_names and not from the array of

	 * names allocated in the task audit context.  Thus this name

	 * should be freed on syscall exit.

	 */

	bool			should_free;

};

/* The per-task audit context. */

struct audit_context {

	int		    dummy;	/* must be the first element */

	int		    in_syscall;	/* 1 if task is in a syscall */

	enum audit_state    state, current_state;

	unsigned int	    serial;     /* serial number for record */

	int		    major;      /* syscall number */

	struct timespec	    ctime;      /* time of syscall entry */

	unsigned long	    argv[4];    /* syscall arguments */

	long		    return_code;/* syscall return code */

	u64		    prio;

	int		    return_valid; /* return code is valid */

	/*

	 * The names_list is the list of all audit_names collected during this

	 * syscall.  The first AUDIT_NAMES entries in the names_list will

	 * actually be from the preallocated_names array for performance

	 * reasons.  Except during allocation they should never be referenced

	 * through the preallocated_names array and should only be found/used

	 * by running the names_list.

	 */

	struct audit_names  preallocated_names[AUDIT_NAMES];

	int		    name_count; /* total records in names_list */

	struct list_head    names_list;	/* struct audit_names->list anchor */

	char		    *filterkey;	/* key for rule that triggered record */

	struct path	    pwd;

	struct audit_aux_data *aux;

	struct audit_aux_data *aux_pids;

	struct sockaddr_storage *sockaddr;

	size_t sockaddr_len;

				/* Save things to print about task_struct */

	pid_t		    pid, ppid;

	kuid_t		    uid, euid, suid, fsuid;

	kgid_t		    gid, egid, sgid, fsgid;

	unsigned long	    personality;

	int		    arch;

	pid_t		    target_pid;

	kuid_t		    target_auid;

	kuid_t		    target_uid;

	unsigned int	    target_sessionid;

	u32		    target_sid;

	char		    target_comm[TASK_COMM_LEN];

	struct audit_tree_refs *trees, *first_trees;

	struct list_head killed_trees;

	int tree_count;

	int type;

	union {

		struct {

			int nargs;

			long args[6];

		} socketcall;

		struct {

			kuid_t			uid;

			kgid_t			gid;

			umode_t			mode;

			u32			osid;

			int			has_perm;

			uid_t			perm_uid;

			gid_t			perm_gid;

			umode_t			perm_mode;

			unsigned long		qbytes;

		} ipc;

		struct {

			mqd_t			mqdes;

			struct mq_attr		mqstat;

		} mq_getsetattr;

		struct {

			mqd_t			mqdes;

			int			sigev_signo;

		} mq_notify;

		struct {

			mqd_t			mqdes;

			size_t			msg_len;

			unsigned int		msg_prio;

			struct timespec		abs_timeout;

		} mq_sendrecv;

		struct {

			int			oflag;

			umode_t			mode;

			struct mq_attr		attr;

		} mq_open;

		struct {

			pid_t			pid;

			struct audit_cap_data	cap;

		} capset;

		struct {

			int			fd;

			int			flags;

		} mmap;

	};

	int fds[2];

#if AUDIT_DEBUG

	int		    put_count;

	int		    ino_count;

#endif

};

#ifdef CONFIG_AUDIT

#ifdef CONFIG_AUDIT

extern int audit_enabled;

extern int audit_ever_enabled;

extern int audit_ever_enabled;

extern void audit_copy_inode(struct audit_names *name,

			     const struct dentry *dentry,

			     const struct inode *inode);

extern void audit_log_cap(struct audit_buffer *ab, char *prefix,

			  kernel_cap_t *cap);

extern void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name);

extern void audit_log_name(struct audit_context *context,

			   struct audit_names *n, struct path *path,

			   int record_num, int *call_panic);

#endif

#endif

extern int audit_pid;

extern int audit_pid;

#define AUDITSC_SUCCESS 1

#define AUDITSC_SUCCESS 1

#define AUDITSC_FAILURE 2

#define AUDITSC_FAILURE 2

/* AUDIT_NAMES is the number of slots we reserve in the audit_context

 * for saving names from getname().  If we get more names we will allocate

 * a name dynamically and also add those to the list anchored by names_list. */

#define AUDIT_NAMES	5

/* no execve audit message should be longer than this (userspace limits) */

/* no execve audit message should be longer than this (userspace limits) */

#define MAX_EXECVE_AUDIT_LEN 7500

#define MAX_EXECVE_AUDIT_LEN 7500

/* determines whether we collect data for signals sent */

/* determines whether we collect data for signals sent */

int audit_signals;

int audit_signals;

struct audit_cap_data {

	kernel_cap_t		permitted;

	kernel_cap_t		inheritable;

	union {

		unsigned int	fE;		/* effective bit of a file capability */

		kernel_cap_t	effective;	/* effective set of a process */

	};

};

/* When fs/namei.c:getname() is called, we store the pointer in name and

 * we don't let putname() free it (instead we free all of the saved

 * pointers at syscall exit time).

 *

 * Further, in fs/namei.c:path_lookup() we store the inode and device.

 */

struct audit_names {

	struct list_head	list;		/* audit_context->names_list */

	struct filename	*name;

	unsigned long		ino;

	dev_t			dev;

	umode_t			mode;

	kuid_t			uid;

	kgid_t			gid;

	dev_t			rdev;

	u32			osid;

	struct audit_cap_data	 fcap;

	unsigned int		fcap_ver;

	int			name_len;	/* number of name's characters to log */

	unsigned char		type;		/* record type */

	bool			name_put;	/* call __putname() for this name */

	/*

	 * This was an allocated audit_names and not from the array of

	 * names allocated in the task audit context.  Thus this name

	 * should be freed on syscall exit

	 */

	bool			should_free;

};

struct audit_aux_data {

struct audit_aux_data {

	struct audit_aux_data	*next;

	struct audit_aux_data	*next;

	int			type;

	int			type;

	struct audit_chunk *c[31];

	struct audit_chunk *c[31];

};

};

/* The per-task audit context. */

struct audit_context {

	int		    dummy;	/* must be the first element */

	int		    in_syscall;	/* 1 if task is in a syscall */

	enum audit_state    state, current_state;

	unsigned int	    serial;     /* serial number for record */

	int		    major;      /* syscall number */

	struct timespec	    ctime;      /* time of syscall entry */

	unsigned long	    argv[4];    /* syscall arguments */

	long		    return_code;/* syscall return code */

	u64		    prio;

	int		    return_valid; /* return code is valid */

	/*

	 * The names_list is the list of all audit_names collected during this

	 * syscall.  The first AUDIT_NAMES entries in the names_list will

	 * actually be from the preallocated_names array for performance

	 * reasons.  Except during allocation they should never be referenced

	 * through the preallocated_names array and should only be found/used

	 * by running the names_list.

	 */

	struct audit_names  preallocated_names[AUDIT_NAMES];

	int		    name_count; /* total records in names_list */

	struct list_head    names_list;	/* anchor for struct audit_names->list */

	char *		    filterkey;	/* key for rule that triggered record */

	struct path	    pwd;

	struct audit_aux_data *aux;

	struct audit_aux_data *aux_pids;

	struct sockaddr_storage *sockaddr;

	size_t sockaddr_len;

				/* Save things to print about task_struct */

	pid_t		    pid, ppid;

	kuid_t		    uid, euid, suid, fsuid;

	kgid_t		    gid, egid, sgid, fsgid;

	unsigned long	    personality;

	int		    arch;

	pid_t		    target_pid;

	kuid_t		    target_auid;

	kuid_t		    target_uid;

	unsigned int	    target_sessionid;

	u32		    target_sid;

	char		    target_comm[TASK_COMM_LEN];

	struct audit_tree_refs *trees, *first_trees;

	struct list_head killed_trees;

	int tree_count;

	int type;

	union {

		struct {