rhashtable: fix for resize events during table walk
[linux/fpc-iii.git] / security / lsm_audit.c
blob1d34277dc402b5971122fdb35d0171eb33f612f5
1 /*
2 * common LSM auditing functions
4 * Based on code written for SELinux by :
5 * Stephen Smalley, <sds@epoch.ncsc.mil>
6 * James Morris <jmorris@redhat.com>
7 * Author : Etienne Basset, <etienne.basset@ensta.org>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2,
11 * as published by the Free Software Foundation.
14 #include <linux/types.h>
15 #include <linux/stddef.h>
16 #include <linux/kernel.h>
17 #include <linux/gfp.h>
18 #include <linux/fs.h>
19 #include <linux/init.h>
20 #include <net/sock.h>
21 #include <linux/un.h>
22 #include <net/af_unix.h>
23 #include <linux/audit.h>
24 #include <linux/ipv6.h>
25 #include <linux/ip.h>
26 #include <net/ip.h>
27 #include <net/ipv6.h>
28 #include <linux/tcp.h>
29 #include <linux/udp.h>
30 #include <linux/dccp.h>
31 #include <linux/sctp.h>
32 #include <linux/lsm_audit.h>
34 /**
35 * ipv4_skb_to_auditdata : fill auditdata from skb
36 * @skb : the skb
37 * @ad : the audit data to fill
38 * @proto : the layer 4 protocol
40 * return 0 on success
42 int ipv4_skb_to_auditdata(struct sk_buff *skb,
43 struct common_audit_data *ad, u8 *proto)
45 int ret = 0;
46 struct iphdr *ih;
48 ih = ip_hdr(skb);
49 if (ih == NULL)
50 return -EINVAL;
52 ad->u.net->v4info.saddr = ih->saddr;
53 ad->u.net->v4info.daddr = ih->daddr;
55 if (proto)
56 *proto = ih->protocol;
57 /* non initial fragment */
58 if (ntohs(ih->frag_off) & IP_OFFSET)
59 return 0;
61 switch (ih->protocol) {
62 case IPPROTO_TCP: {
63 struct tcphdr *th = tcp_hdr(skb);
64 if (th == NULL)
65 break;
67 ad->u.net->sport = th->source;
68 ad->u.net->dport = th->dest;
69 break;
71 case IPPROTO_UDP: {
72 struct udphdr *uh = udp_hdr(skb);
73 if (uh == NULL)
74 break;
76 ad->u.net->sport = uh->source;
77 ad->u.net->dport = uh->dest;
78 break;
80 case IPPROTO_DCCP: {
81 struct dccp_hdr *dh = dccp_hdr(skb);
82 if (dh == NULL)
83 break;
85 ad->u.net->sport = dh->dccph_sport;
86 ad->u.net->dport = dh->dccph_dport;
87 break;
89 case IPPROTO_SCTP: {
90 struct sctphdr *sh = sctp_hdr(skb);
91 if (sh == NULL)
92 break;
93 ad->u.net->sport = sh->source;
94 ad->u.net->dport = sh->dest;
95 break;
97 default:
98 ret = -EINVAL;
100 return ret;
102 #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
104 * ipv6_skb_to_auditdata : fill auditdata from skb
105 * @skb : the skb
106 * @ad : the audit data to fill
107 * @proto : the layer 4 protocol
109 * return 0 on success
111 int ipv6_skb_to_auditdata(struct sk_buff *skb,
112 struct common_audit_data *ad, u8 *proto)
114 int offset, ret = 0;
115 struct ipv6hdr *ip6;
116 u8 nexthdr;
117 __be16 frag_off;
119 ip6 = ipv6_hdr(skb);
120 if (ip6 == NULL)
121 return -EINVAL;
122 ad->u.net->v6info.saddr = ip6->saddr;
123 ad->u.net->v6info.daddr = ip6->daddr;
124 ret = 0;
125 /* IPv6 can have several extension header before the Transport header
126 * skip them */
127 offset = skb_network_offset(skb);
128 offset += sizeof(*ip6);
129 nexthdr = ip6->nexthdr;
130 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
131 if (offset < 0)
132 return 0;
133 if (proto)
134 *proto = nexthdr;
135 switch (nexthdr) {
136 case IPPROTO_TCP: {
137 struct tcphdr _tcph, *th;
139 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
140 if (th == NULL)
141 break;
143 ad->u.net->sport = th->source;
144 ad->u.net->dport = th->dest;
145 break;
147 case IPPROTO_UDP: {
148 struct udphdr _udph, *uh;
150 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
151 if (uh == NULL)
152 break;
154 ad->u.net->sport = uh->source;
155 ad->u.net->dport = uh->dest;
156 break;
158 case IPPROTO_DCCP: {
159 struct dccp_hdr _dccph, *dh;
161 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
162 if (dh == NULL)
163 break;
165 ad->u.net->sport = dh->dccph_sport;
166 ad->u.net->dport = dh->dccph_dport;
167 break;
169 case IPPROTO_SCTP: {
170 struct sctphdr _sctph, *sh;
172 sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
173 if (sh == NULL)
174 break;
175 ad->u.net->sport = sh->source;
176 ad->u.net->dport = sh->dest;
177 break;
179 default:
180 ret = -EINVAL;
182 return ret;
184 #endif
187 static inline void print_ipv6_addr(struct audit_buffer *ab,
188 struct in6_addr *addr, __be16 port,
189 char *name1, char *name2)
191 if (!ipv6_addr_any(addr))
192 audit_log_format(ab, " %s=%pI6c", name1, addr);
193 if (port)
194 audit_log_format(ab, " %s=%d", name2, ntohs(port));
197 static inline void print_ipv4_addr(struct audit_buffer *ab, __be32 addr,
198 __be16 port, char *name1, char *name2)
200 if (addr)
201 audit_log_format(ab, " %s=%pI4", name1, &addr);
202 if (port)
203 audit_log_format(ab, " %s=%d", name2, ntohs(port));
207 * dump_common_audit_data - helper to dump common audit data
208 * @a : common audit data
211 static void dump_common_audit_data(struct audit_buffer *ab,
212 struct common_audit_data *a)
214 char comm[sizeof(current->comm)];
217 * To keep stack sizes in check force programers to notice if they
218 * start making this union too large! See struct lsm_network_audit
219 * as an example of how to deal with large data.
221 BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2);
223 audit_log_format(ab, " pid=%d comm=", task_pid_nr(current));
224 audit_log_untrustedstring(ab, memcpy(comm, current->comm, sizeof(comm)));
226 switch (a->type) {
227 case LSM_AUDIT_DATA_NONE:
228 return;
229 case LSM_AUDIT_DATA_IPC:
230 audit_log_format(ab, " key=%d ", a->u.ipc_id);
231 break;
232 case LSM_AUDIT_DATA_CAP:
233 audit_log_format(ab, " capability=%d ", a->u.cap);
234 break;
235 case LSM_AUDIT_DATA_PATH: {
236 struct inode *inode;
238 audit_log_d_path(ab, " path=", &a->u.path);
240 inode = d_backing_inode(a->u.path.dentry);
241 if (inode) {
242 audit_log_format(ab, " dev=");
243 audit_log_untrustedstring(ab, inode->i_sb->s_id);
244 audit_log_format(ab, " ino=%lu", inode->i_ino);
246 break;
248 case LSM_AUDIT_DATA_DENTRY: {
249 struct inode *inode;
251 audit_log_format(ab, " name=");
252 audit_log_untrustedstring(ab, a->u.dentry->d_name.name);
254 inode = d_backing_inode(a->u.dentry);
255 if (inode) {
256 audit_log_format(ab, " dev=");
257 audit_log_untrustedstring(ab, inode->i_sb->s_id);
258 audit_log_format(ab, " ino=%lu", inode->i_ino);
260 break;
262 case LSM_AUDIT_DATA_INODE: {
263 struct dentry *dentry;
264 struct inode *inode;
266 inode = a->u.inode;
267 dentry = d_find_alias(inode);
268 if (dentry) {
269 audit_log_format(ab, " name=");
270 audit_log_untrustedstring(ab,
271 dentry->d_name.name);
272 dput(dentry);
274 audit_log_format(ab, " dev=");
275 audit_log_untrustedstring(ab, inode->i_sb->s_id);
276 audit_log_format(ab, " ino=%lu", inode->i_ino);
277 break;
279 case LSM_AUDIT_DATA_TASK: {
280 struct task_struct *tsk = a->u.tsk;
281 if (tsk) {
282 pid_t pid = task_pid_nr(tsk);
283 if (pid) {
284 char comm[sizeof(tsk->comm)];
285 audit_log_format(ab, " pid=%d comm=", pid);
286 audit_log_untrustedstring(ab,
287 memcpy(comm, tsk->comm, sizeof(comm)));
290 break;
292 case LSM_AUDIT_DATA_NET:
293 if (a->u.net->sk) {
294 struct sock *sk = a->u.net->sk;
295 struct unix_sock *u;
296 int len = 0;
297 char *p = NULL;
299 switch (sk->sk_family) {
300 case AF_INET: {
301 struct inet_sock *inet = inet_sk(sk);
303 print_ipv4_addr(ab, inet->inet_rcv_saddr,
304 inet->inet_sport,
305 "laddr", "lport");
306 print_ipv4_addr(ab, inet->inet_daddr,
307 inet->inet_dport,
308 "faddr", "fport");
309 break;
311 #if IS_ENABLED(CONFIG_IPV6)
312 case AF_INET6: {
313 struct inet_sock *inet = inet_sk(sk);
315 print_ipv6_addr(ab, &sk->sk_v6_rcv_saddr,
316 inet->inet_sport,
317 "laddr", "lport");
318 print_ipv6_addr(ab, &sk->sk_v6_daddr,
319 inet->inet_dport,
320 "faddr", "fport");
321 break;
323 #endif
324 case AF_UNIX:
325 u = unix_sk(sk);
326 if (u->path.dentry) {
327 audit_log_d_path(ab, " path=", &u->path);
328 break;
330 if (!u->addr)
331 break;
332 len = u->addr->len-sizeof(short);
333 p = &u->addr->name->sun_path[0];
334 audit_log_format(ab, " path=");
335 if (*p)
336 audit_log_untrustedstring(ab, p);
337 else
338 audit_log_n_hex(ab, p, len);
339 break;
343 switch (a->u.net->family) {
344 case AF_INET:
345 print_ipv4_addr(ab, a->u.net->v4info.saddr,
346 a->u.net->sport,
347 "saddr", "src");
348 print_ipv4_addr(ab, a->u.net->v4info.daddr,
349 a->u.net->dport,
350 "daddr", "dest");
351 break;
352 case AF_INET6:
353 print_ipv6_addr(ab, &a->u.net->v6info.saddr,
354 a->u.net->sport,
355 "saddr", "src");
356 print_ipv6_addr(ab, &a->u.net->v6info.daddr,
357 a->u.net->dport,
358 "daddr", "dest");
359 break;
361 if (a->u.net->netif > 0) {
362 struct net_device *dev;
364 /* NOTE: we always use init's namespace */
365 dev = dev_get_by_index(&init_net, a->u.net->netif);
366 if (dev) {
367 audit_log_format(ab, " netif=%s", dev->name);
368 dev_put(dev);
371 break;
372 #ifdef CONFIG_KEYS
373 case LSM_AUDIT_DATA_KEY:
374 audit_log_format(ab, " key_serial=%u", a->u.key_struct.key);
375 if (a->u.key_struct.key_desc) {
376 audit_log_format(ab, " key_desc=");
377 audit_log_untrustedstring(ab, a->u.key_struct.key_desc);
379 break;
380 #endif
381 case LSM_AUDIT_DATA_KMOD:
382 audit_log_format(ab, " kmod=");
383 audit_log_untrustedstring(ab, a->u.kmod_name);
384 break;
385 } /* switch (a->type) */
389 * common_lsm_audit - generic LSM auditing function
390 * @a: auxiliary audit data
391 * @pre_audit: lsm-specific pre-audit callback
392 * @post_audit: lsm-specific post-audit callback
394 * setup the audit buffer for common security information
395 * uses callback to print LSM specific information
397 void common_lsm_audit(struct common_audit_data *a,
398 void (*pre_audit)(struct audit_buffer *, void *),
399 void (*post_audit)(struct audit_buffer *, void *))
401 struct audit_buffer *ab;
403 if (a == NULL)
404 return;
405 /* we use GFP_ATOMIC so we won't sleep */
406 ab = audit_log_start(current->audit_context, GFP_ATOMIC | __GFP_NOWARN,
407 AUDIT_AVC);
409 if (ab == NULL)
410 return;
412 if (pre_audit)
413 pre_audit(ab, a);
415 dump_common_audit_data(ab, a);
417 if (post_audit)
418 post_audit(ab, a);
420 audit_log_end(ab);