sh: syscall audit support.
Support syscall auditing.. Signed-off-by: Yuichi Nakamura <ynakam@hitachisoft.jp> Signed-off-by: Paul Mundt <lethal@linux-sh.org>
This commit is contained in:
Yuichi Nakamura
committed by
Paul Mundt
Paul Mundt
parent
12760cb4df
commit
1322b9def9
@@ -224,7 +224,7 @@ work_resched:
|
||||
syscall_exit_work:
|
||||
! r0: current_thread_info->flags
|
||||
! r8: current_thread_info
|
||||
tst #_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP, r0
|
||||
tst #_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP | _TIF_SYSCALL_AUDIT, r0
|
||||
bt/s work_pending
|
||||
tst #_TIF_NEED_RESCHED, r0
|
||||
#ifdef CONFIG_TRACE_IRQFLAGS
|
||||
@@ -234,6 +234,8 @@ syscall_exit_work:
|
||||
#endif
|
||||
sti
|
||||
! XXX setup arguments...
|
||||
mov r15, r4
|
||||
mov #1, r5
|
||||
mov.l 4f, r0 ! do_syscall_trace
|
||||
jsr @r0
|
||||
nop
|
||||
@@ -244,6 +246,8 @@ syscall_exit_work:
|
||||
syscall_trace_entry:
|
||||
! Yes it is traced.
|
||||
! XXX setup arguments...
|
||||
mov r15, r4
|
||||
mov #0, r5
|
||||
mov.l 4f, r11 ! Call do_syscall_trace which notifies
|
||||
jsr @r11 ! superior (will chomp R[0-7])
|
||||
nop
|
||||
@@ -366,7 +370,7 @@ ENTRY(system_call)
|
||||
!
|
||||
get_current_thread_info r8, r10
|
||||
mov.l @(TI_FLAGS,r8), r8
|
||||
mov #_TIF_SYSCALL_TRACE, r10
|
||||
mov #(_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT), r10
|
||||
tst r10, r8
|
||||
bf syscall_trace_entry
|
||||
!
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
* edited by Linus Torvalds
|
||||
*
|
||||
* SuperH version: Copyright (C) 1999, 2000 Kaz Kojima & Niibe Yutaka
|
||||
*
|
||||
* Audit support: Yuichi Nakamura <ynakam@hitachisoft.jp>
|
||||
*/
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/sched.h>
|
||||
@@ -19,6 +19,7 @@
|
||||
#include <linux/security.h>
|
||||
#include <linux/signal.h>
|
||||
#include <linux/io.h>
|
||||
#include <linux/audit.h>
|
||||
#include <asm/uaccess.h>
|
||||
#include <asm/pgtable.h>
|
||||
#include <asm/system.h>
|
||||
@@ -248,15 +249,20 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data)
|
||||
return ret;
|
||||
}
|
||||
|
||||
asmlinkage void do_syscall_trace(void)
|
||||
asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit)
|
||||
{
|
||||
struct task_struct *tsk = current;
|
||||
|
||||
if (unlikely(current->audit_context) && entryexit)
|
||||
audit_syscall_exit(AUDITSC_RESULT(regs->regs[0]),
|
||||
regs->regs[0]);
|
||||
|
||||
if (!test_thread_flag(TIF_SYSCALL_TRACE) &&
|
||||
!test_thread_flag(TIF_SINGLESTEP))
|
||||
return;
|
||||
goto out;
|
||||
if (!(tsk->ptrace & PT_PTRACED))
|
||||
return;
|
||||
goto out;
|
||||
|
||||
/* the 0x80 provides a way for the tracing parent to distinguish
|
||||
between a syscall stop and SIGTRAP delivery */
|
||||
ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) &&
|
||||
@@ -271,4 +277,11 @@ asmlinkage void do_syscall_trace(void)
|
||||
send_sig(tsk->exit_code, tsk, 1);
|
||||
tsk->exit_code = 0;
|
||||
}
|
||||
|
||||
out:
|
||||
if (unlikely(current->audit_context) && !entryexit)
|
||||
audit_syscall_entry(AUDIT_ARCH_SH, regs->regs[3],
|
||||
regs->regs[4], regs->regs[5],
|
||||
regs->regs[6], regs->regs[7]);
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user