seccomp: audit abnormal end to a process due to seccomp (85e7bac3) · Commits · e / devices / android_kernel_xiaomi_sm6125

include/linux/audit.h

+8 −0

Original line number	Diff line number	Diff line
		@@ -430,6 +430,7 @@ extern void audit_putname(const char *name);
		extern void __audit_inode(const char name, const struct dentry dentry);
		extern void __audit_inode_child(const struct dentry *dentry,
		const struct inode *parent);
		extern void __audit_seccomp(unsigned long syscall);
		extern void __audit_ptrace(struct task_struct *t);

		static inline int audit_dummy_context(void)
		@@ -453,6 +454,12 @@ static inline void audit_inode_child(const struct dentry *dentry,
		}
		void audit_core_dumps(long signr);

		static inline void audit_seccomp(unsigned long syscall)
		{
		if (unlikely(!audit_dummy_context()))
		__audit_seccomp(syscall);
		}

		static inline void audit_ptrace(struct task_struct *t)
		{
		if (unlikely(!audit_dummy_context()))
		@@ -558,6 +565,7 @@ extern int audit_signals;
		#define audit_inode(n,d) do { (void)(d); } while (0)
		#define audit_inode_child(i,p) do { ; } while (0)
		#define audit_core_dumps(i) do { ; } while (0)
		#define audit_seccomp(i) do { ; } while (0)
		#define auditsc_get_stamp(c,t,s) (0)
		#define audit_get_loginuid(t) (-1)
		#define audit_get_sessionid(t) (-1)

kernel/auditsc.c

+29 −21

Original line number	Diff line number	Diff line
		@@ -2529,6 +2529,25 @@ void __audit_mmap_fd(int fd, int flags)
		context->type = AUDIT_MMAP;
		}

		static void audit_log_abend(struct audit_buffer ab, char reason, long signr)
		{
		uid_t auid, uid;
		gid_t gid;
		unsigned int sessionid;

		auid = audit_get_loginuid(current);
		sessionid = audit_get_sessionid(current);
		current_uid_gid(&uid, &gid);

		audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u",
		auid, uid, gid, sessionid);
		audit_log_task_context(ab);
		audit_log_format(ab, " pid=%d comm=", current->pid);
		audit_log_untrustedstring(ab, current->comm);
		audit_log_format(ab, " reason=");
		audit_log_string(ab, reason);
		audit_log_format(ab, " sig=%ld", signr);
		}
		/**
		* audit_core_dumps - record information about processes that end abnormally
		* @signr: signal value
		@@ -2539,10 +2558,6 @@ void __audit_mmap_fd(int fd, int flags)
		void audit_core_dumps(long signr)
		{
		struct audit_buffer *ab;
		u32 sid;
		uid_t auid = audit_get_loginuid(current), uid;
		gid_t gid;
		unsigned int sessionid = audit_get_sessionid(current);

		if (!audit_enabled)
		return;
		@@ -2551,24 +2566,17 @@ void audit_core_dumps(long signr)
		return;

		ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
		current_uid_gid(&uid, &gid);
		audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u",
		auid, uid, gid, sessionid);
		security_task_getsecid(current, &sid);
		if (sid) {
		char *ctx = NULL;
		u32 len;

		if (security_secid_to_secctx(sid, &ctx, &len))
		audit_log_format(ab, " ssid=%u", sid);
		else {
		audit_log_format(ab, " subj=%s", ctx);
		security_release_secctx(ctx, len);
		}
		audit_log_abend(ab, "memory violation", signr);
		audit_log_end(ab);
		}
		audit_log_format(ab, " pid=%d comm=", current->pid);
		audit_log_untrustedstring(ab, current->comm);
		audit_log_format(ab, " sig=%ld", signr);

		void __audit_seccomp(unsigned long syscall)
		{
		struct audit_buffer *ab;

		ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_ANOM_ABEND);
		audit_log_abend(ab, "seccomp", SIGKILL);
		audit_log_format(ab, " syscall=%ld", syscall);
		audit_log_end(ab);
		}

kernel/seccomp.c

+2 −0

Original line number	Diff line number	Diff line
		@@ -6,6 +6,7 @@
		* This defines a simple but solid secure-computing mode.
		*/

		#include <linux/audit.h>
		#include <linux/seccomp.h>
		#include <linux/sched.h>
		#include <linux/compat.h>
		@@ -54,6 +55,7 @@ void __secure_computing(int this_syscall)
		#ifdef SECCOMP_DEBUG
		dump_stack();
		#endif
		audit_seccomp(this_syscall);
		do_exit(SIGKILL);
		}