xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

audit: hand taken context to audit_kill_trees for syscall logging

Browse Source 
Since the context is derived from the task parameter handed to
__audit_free(), hand the context to audit_kill_trees() so it can be used
to associate with a syscall record.  This requires adding the context
parameter to kill_rules() rather than using the current audit_context.

The callers of trim_marked() and evict_chunk() still have their context.

The EOE record was being issued prior to the pruning of the killed_tree
list.

Move the kill_trees call before the audit_log_exit call in
__audit_free() and __audit_syscall_exit() so that any pruned trees
CONFIG_CHANGE records are included with the associated syscall event by
the user library due to the EOE record flagging the end of the event.

See: https://github.com/linux-audit/audit-kernel/issues/50
See: https://github.com/linux-audit/audit-kernel/issues/59

Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
[PM: fixed merge fuzz in kernel/audit_tree.c]
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
Richard Guy Briggs
2018-12-10 17:17:50 -05:00
committed by Paul Moore
parent 53fc7a01df
commit 9e36a5d49c
3 changed files with 19 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
kernel/auditsc.c
View File

@@ -1444,6 +1444,9 @@ void __audit_free(struct task_struct *tsk)
if (!context)
return;
if (!list_empty(&context->killed_trees))
audit_kill_trees(context);
/* We are called either by do_exit() or the fork() error handling code;
* in the former case tsk == current and in the latter tsk is a
* random task_struct that doesn't doesn't have any meaningful data we
@@ -1460,9 +1463,6 @@ void __audit_free(struct task_struct *tsk)
audit_log_exit();
}
if (!list_empty(&context->killed_trees))
audit_kill_trees(&context->killed_trees);
audit_set_context(tsk, NULL);
audit_free_context(context);
}
@@ -1537,6 +1537,9 @@ void __audit_syscall_exit(int success, long return_code)
if (!context)
return;
if (!list_empty(&context->killed_trees))
audit_kill_trees(context);
if (!context->dummy && context->in_syscall) {
if (success)
context->return_valid = AUDITSC_SUCCESS;
@@ -1571,9 +1574,6 @@ void __audit_syscall_exit(int success, long return_code)
context->in_syscall = 0;
context->prio = context->state == AUDIT_RECORD_CONTEXT ? ~0ULL : 0;
if (!list_empty(&context->killed_trees))
audit_kill_trees(&context->killed_trees);
audit_free_names(context);
unroll_tree_refs(context, NULL, 0);
audit_free_aux(context);