From mboxrd@z Thu Jan 1 00:00:00 1970 From: Casey Schaufler Subject: Re: [PATCH 2/2] security/smack implement logging V3 Date: Fri, 10 Apr 2009 20:28:28 -0700 Message-ID: <49E00E5C.40000@schaufler-ca.com> References: <49DCEF86.4090909@numericable.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <49DCEF86.4090909@numericable.fr> Sender: linux-security-module-owner@vger.kernel.org To: Etienne Basset Cc: LSM , Eric Paris , Linux Audit , Casey Schaufler List-Id: linux-audit@redhat.com Etienne Basset wrote: > the following patch, add logging of Smack security decisions. > This is of course very useful to understand what your current smack policy does. > As suggested by Casey, it also now forbids labels with ', " or \ > > It introduces a '/smack/logging' switch : > 0: no logging > 1: log denied (default) > 2: log accepted > 3: log denied&accepted > > > Signed-off-by: Etienne Basset > Acked-by: Casey Schaufler My tests are passing. I am not explicitly testing audit. > --- > Documentation/Smack.txt | 20 ++- > security/Makefile | 3 + > security/smack/smack.h | 108 +++++++++++- > security/smack/smack_access.c | 141 +++++++++++++-- > security/smack/smack_lsm.c | 390 +++++++++++++++++++++++++++++++---------- > security/smack/smackfs.c | 66 +++++++ > 6 files changed, 617 insertions(+), 111 deletions(-) > > diff --git a/Documentation/Smack.txt b/Documentation/Smack.txt > index 629c92e..34614b4 100644 > --- a/Documentation/Smack.txt > +++ b/Documentation/Smack.txt > @@ -184,8 +184,9 @@ length. Single character labels using special characters, that being anything > other than a letter or digit, are reserved for use by the Smack development > team. Smack labels are unstructured, case sensitive, and the only operation > ever performed on them is comparison for equality. Smack labels cannot > -contain unprintable characters or the "/" (slash) character. Smack labels > -cannot begin with a '-', which is reserved for special options. > +contain unprintable characters, the "/" (slash), the "\" (backslash), the "'" > +(quote) and '"' (double-quote) characters. > +Smack labels cannot begin with a '-', which is reserved for special options. > > There are some predefined labels: > > @@ -523,3 +524,18 @@ Smack supports some mount options: > > These mount options apply to all file system types. > > +Smack auditing > + > +If you want Smack auditing of security events, you need to set CONFIG_AUDIT > +in your kernel configuration. > +By default, all denied events will be audited. You can change this behavior by > +writing a single character to the /smack/logging file : > +0 : no logging > +1 : log denied (default) > +2 : log accepted > +3 : log denied & accepted > + > +Events are logged as 'key=value' pairs, for each event you at least will get > +the subjet, the object, the rights requested, the action, the kernel function > +that triggered the event, plus other pairs depending on the type of event > +audited. > diff --git a/security/Makefile b/security/Makefile > index fa77021..c67557c 100644 > --- a/security/Makefile > +++ b/security/Makefile > @@ -16,6 +16,9 @@ obj-$(CONFIG_SECURITYFS) += inode.o > # Must precede capability.o in order to stack properly. > obj-$(CONFIG_SECURITY_SELINUX) += selinux/built-in.o > obj-$(CONFIG_SECURITY_SMACK) += smack/built-in.o > +ifeq ($(CONFIG_AUDIT),y) > +obj-$(CONFIG_SECURITY_SMACK) += lsm_audit.o > +endif > obj-$(CONFIG_SECURITY_TOMOYO) += tomoyo/built-in.o > obj-$(CONFIG_SECURITY_ROOTPLUG) += root_plug.o > obj-$(CONFIG_CGROUP_DEVICE) += device_cgroup.o > diff --git a/security/smack/smack.h b/security/smack/smack.h > index 42ef313..243bec1 100644 > --- a/security/smack/smack.h > +++ b/security/smack/smack.h > @@ -20,6 +20,7 @@ > #include > #include > #include > +#include > > /* > * Why 23? CIPSO is constrained to 30, so a 32 byte buffer is > @@ -179,6 +180,20 @@ struct smack_known { > #define MAY_NOT 0 > > /* > + * Number of access types used by Smack (rwxa) > + */ > +#define SMK_NUM_ACCESS_TYPE 4 > + > +/* > + * Smack audit data; is empty if CONFIG_AUDIT not set > + * to save some stack > + */ > +struct smk_audit_info { > +#ifdef CONFIG_AUDIT > + struct common_audit_data a; > +#endif > +}; > +/* > * These functions are in smack_lsm.c > */ > struct inode_smack *new_inode_smack(char *); > @@ -186,8 +201,8 @@ struct inode_smack *new_inode_smack(char *); > /* > * These functions are in smack_access.c > */ > -int smk_access(char *, char *, int); > -int smk_curacc(char *, u32); > +int smk_access(char *, char *, int, struct smk_audit_info *); > +int smk_curacc(char *, u32, struct smk_audit_info *); > int smack_to_cipso(const char *, struct smack_cipso *); > void smack_from_cipso(u32, char *, char *); > char *smack_from_secid(const u32); > @@ -237,4 +252,93 @@ static inline char *smk_of_inode(const struct inode *isp) > return sip->smk_inode; > } > > +/* > + * logging functions > + */ > +#define SMACK_AUDIT_DENIED 0x1 > +#define SMACK_AUDIT_ACCEPT 0x2 > +extern int log_policy; > + > +void smack_log(char *subject_label, char *object_label, > + int request, > + int result, struct smk_audit_info *auditdata); > + > +#ifdef CONFIG_AUDIT > + > +/* > + * some inline functions to set up audit data > + * they do nothing if CONFIG_AUDIT is not set > + * > + */ > +static inline void smk_ad_init(struct smk_audit_info *a, const char *func, > + char type) > +{ > + memset(a, 0, sizeof(*a)); > + a->a.type = type; > + a->a.function = func; > +} > + > +static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a, > + struct task_struct *t) > +{ > + a->a.u.tsk = t; > +} > +static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, > + struct dentry *d) > +{ > + a->a.u.fs.path.dentry = d; > +} > +static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a, > + struct vfsmount *m) > +{ > + a->a.u.fs.path.mnt = m; > +} > +static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, > + struct inode *i) > +{ > + a->a.u.fs.inode = i; > +} > +static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, > + struct path p) > +{ > + a->a.u.fs.path = p; > +} > +static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, > + struct sock *sk) > +{ > + a->a.u.net.sk = sk; > +} > + > +#else /* no AUDIT */ > + > +static inline void smk_ad_init(struct smk_audit_info *a, const char *func, > + char type) > +{ > +} > +static inline void smk_ad_setfield_u_tsk(struct smk_audit_info *a, > + struct task_struct *t) > +{ > +} > +static inline void smk_ad_setfield_u_fs_path_dentry(struct smk_audit_info *a, > + struct dentry *d) > +{ > +} > +static inline void smk_ad_setfield_u_fs_path_mnt(struct smk_audit_info *a, > + struct vfsmount *m) > +{ > +} > +static inline void smk_ad_setfield_u_fs_inode(struct smk_audit_info *a, > + struct inode *i) > +{ > +} > +static inline void smk_ad_setfield_u_fs_path(struct smk_audit_info *a, > + struct path p) > +{ > +} > +static inline void smk_ad_setfield_u_net_sk(struct smk_audit_info *a, > + struct sock *sk) > +{ > +} > +#endif > + > #endif /* _SECURITY_SMACK_H */ > diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c > index ac0a270..513dc1a 100644 > --- a/security/smack/smack_access.c > +++ b/security/smack/smack_access.c > @@ -59,11 +59,18 @@ LIST_HEAD(smack_known_list); > */ > static u32 smack_next_secid = 10; > > +/* > + * what events do we log > + * can be overwritten at run-time by /smack/logging > + */ > +int log_policy = SMACK_AUDIT_DENIED; > + > /** > * smk_access - determine if a subject has a specific access to an object > * @subject_label: a pointer to the subject's Smack label > * @object_label: a pointer to the object's Smack label > * @request: the access requested, in "MAY" format > + * @a : a pointer to the audit data > * > * This function looks up the subject/object pair in the > * access rule list and returns 0 if the access is permitted, > @@ -78,10 +85,12 @@ static u32 smack_next_secid = 10; > * will be on the list, so checking the pointers may be a worthwhile > * optimization. > */ > -int smk_access(char *subject_label, char *object_label, int request) > +int smk_access(char *subject_label, char *object_label, int request, > + struct smk_audit_info *a) > { > u32 may = MAY_NOT; > struct smack_rule *srp; > + int rc = 0; > > /* > * Hardcoded comparisons. > @@ -89,8 +98,10 @@ int smk_access(char *subject_label, char *object_label, int request) > * A star subject can't access any object. > */ > if (subject_label == smack_known_star.smk_known || > - strcmp(subject_label, smack_known_star.smk_known) == 0) > - return -EACCES; > + strcmp(subject_label, smack_known_star.smk_known) == 0) { > + rc = -EACCES; > + goto out_audit; > + } > /* > * An internet object can be accessed by any subject. > * Tasks cannot be assigned the internet label. > @@ -100,20 +111,20 @@ int smk_access(char *subject_label, char *object_label, int request) > subject_label == smack_known_web.smk_known || > strcmp(object_label, smack_known_web.smk_known) == 0 || > strcmp(subject_label, smack_known_web.smk_known) == 0) > - return 0; > + goto out_audit; > /* > * A star object can be accessed by any subject. > */ > if (object_label == smack_known_star.smk_known || > strcmp(object_label, smack_known_star.smk_known) == 0) > - return 0; > + goto out_audit; > /* > * An object can be accessed in any way by a subject > * with the same label. > */ > if (subject_label == object_label || > strcmp(subject_label, object_label) == 0) > - return 0; > + goto out_audit; > /* > * A hat subject can read any object. > * A floor object can be read by any subject. > @@ -121,10 +132,10 @@ int smk_access(char *subject_label, char *object_label, int request) > if ((request & MAY_ANYREAD) == request) { > if (object_label == smack_known_floor.smk_known || > strcmp(object_label, smack_known_floor.smk_known) == 0) > - return 0; > + goto out_audit; > if (subject_label == smack_known_hat.smk_known || > strcmp(subject_label, smack_known_hat.smk_known) == 0) > - return 0; > + goto out_audit; > } > /* > * Beyond here an explicit relationship is required. > @@ -148,28 +159,36 @@ int smk_access(char *subject_label, char *object_label, int request) > * This is a bit map operation. > */ > if ((request & may) == request) > - return 0; > - > - return -EACCES; > + goto out_audit; > + > + rc = -EACCES; > +out_audit: > +#ifdef CONFIG_AUDIT > + if (a) > + smack_log(subject_label, object_label, request, rc, a); > +#endif > + return rc; > } > > /** > * smk_curacc - determine if current has a specific access to an object > * @obj_label: a pointer to the object's Smack label > * @mode: the access requested, in "MAY" format > + * @a : common audit data > * > * This function checks the current subject label/object label pair > * in the access rule list and returns 0 if the access is permitted, > * non zero otherwise. It allows that current may have the capability > * to override the rules. > */ > -int smk_curacc(char *obj_label, u32 mode) > +int smk_curacc(char *obj_label, u32 mode, struct smk_audit_info *a) > { > int rc; > + char *sp = current_security(); > > - rc = smk_access(current_security(), obj_label, mode); > + rc = smk_access(sp, obj_label, mode, NULL); > if (rc == 0) > - return 0; > + goto out_audit; > > /* > * Return if a specific label has been designated as the > @@ -177,14 +196,105 @@ int smk_curacc(char *obj_label, u32 mode) > * have that label. > */ > if (smack_onlycap != NULL && smack_onlycap != current->cred->security) > - return rc; > + goto out_audit; > > if (capable(CAP_MAC_OVERRIDE)) > return 0; > > +out_audit: > +#ifdef CONFIG_AUDIT > + if (a) > + smack_log(sp, obj_label, mode, rc, a); > +#endif > return rc; > } > > +#ifdef CONFIG_AUDIT > +/** > + * smack_str_from_perm : helper to transalate an int to a > + * readable string > + * @string : the string to fill > + * @access : the int > + * > + */ > +static inline void smack_str_from_perm(char *string, int access) > +{ > + int i = 0; > + if (access & MAY_READ) > + string[i++] = 'r'; > + if (access & MAY_WRITE) > + string[i++] = 'w'; > + if (access & MAY_EXEC) > + string[i++] = 'x'; > + if (access & MAY_APPEND) > + string[i++] = 'a'; > + string[i] = '\0'; > +} > +/** > + * smack_log_callback - SMACK specific information > + * will be called by generic audit code > + * @ab : the audit_buffer > + * @a : audit_data > + * > + */ > +static void smack_log_callback(struct audit_buffer *ab, void *a) > +{ > + struct common_audit_data *ad = a; > + struct smack_audit_data *sad = &ad->lsm_priv.smack_audit_data; > + audit_log_format(ab, "lsm=SMACK fn=%s action=%s", ad->function, > + sad->result ? "denied" : "granted"); > + audit_log_format(ab, " subject="); > + audit_log_untrustedstring(ab, sad->subject); > + audit_log_format(ab, " object="); > + audit_log_untrustedstring(ab, sad->object); > + audit_log_format(ab, " requested=%s", sad->request); > +} > + > +/** > + * smack_log - Audit the granting or denial of permissions. > + * @subject_label : smack label of the requester > + * @object_label : smack label of the object being accessed > + * @request: requested permissions > + * @result: result from smk_access > + * @a: auxiliary audit data > + * > + * Audit the granting or denial of permissions in accordance > + * with the policy. > + */ > +void smack_log(char *subject_label, char *object_label, int request, > + int result, struct smk_audit_info *ad) > +{ > + char request_buffer[SMK_NUM_ACCESS_TYPE + 1]; > + struct smack_audit_data *sad; > + struct common_audit_data *a = &ad->a; > + > + /* check if we have to log the current event */ > + if (result != 0 && (log_policy & SMACK_AUDIT_DENIED) == 0) > + return; > + if (result == 0 && (log_policy & SMACK_AUDIT_ACCEPT) == 0) > + return; > + > + if (a->function == NULL) > + a->function = "unknown"; > + > + /* end preparing the audit data */ > + sad = &a->lsm_priv.smack_audit_data; > + smack_str_from_perm(request_buffer, request); > + sad->subject = subject_label; > + sad->object = object_label; > + sad->request = request_buffer; > + sad->result = result; > + a->lsm_pre_audit = smack_log_callback; > + > + common_lsm_audit(a); > +} > +#else /* #ifdef CONFIG_AUDIT */ > +void smack_log(char *subject_label, char *object_label, int request, > + int result, struct smk_audit_info *ad) > +{ > +} > +#endif > + > static DEFINE_MUTEX(smack_known_lock); > > /** > @@ -209,7 +319,8 @@ struct smack_known *smk_import_entry(const char *string, int len) > if (found) > smack[i] = '\0'; > else if (i >= len || string[i] > '~' || string[i] <= ' ' || > - string[i] == '/') { > + string[i] == '/' || string[i] == '"' || > + string[i] == '\\' || string[i] == '\'') { > smack[i] = '\0'; > found = 1; > } else > diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c > index 9215149..f557767 100644 > --- a/security/smack/smack_lsm.c > +++ b/security/smack/smack_lsm.c > @@ -30,7 +30,6 @@ > #include > #include > #include > - > #include "smack.h" > > #define task_security(task) (task_cred_xxx((task), security)) > @@ -103,14 +102,24 @@ struct inode_smack *new_inode_smack(char *smack) > static int smack_ptrace_may_access(struct task_struct *ctp, unsigned int mode) > { > int rc; > + struct smk_audit_info ad; > + char *sp, *tsp; > > rc = cap_ptrace_may_access(ctp, mode); > if (rc != 0) > return rc; > > - rc = smk_access(current_security(), task_security(ctp), MAY_READWRITE); > + sp = current_security(); > + tsp = task_security(ctp); > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); > + smk_ad_setfield_u_tsk(&ad, ctp); > + > + /* we won't log here, because rc can be overriden */ > + rc = smk_access(sp, tsp, MAY_READWRITE, NULL); > if (rc != 0 && capable(CAP_MAC_OVERRIDE)) > - return 0; > + rc = 0; > + > + smack_log(sp, tsp, MAY_READWRITE, rc, &ad); > return rc; > } > > @@ -125,14 +134,24 @@ static int smack_ptrace_may_access(struct task_struct *ctp, unsigned int mode) > static int smack_ptrace_traceme(struct task_struct *ptp) > { > int rc; > + struct smk_audit_info ad; > + char *sp, *tsp; > > rc = cap_ptrace_traceme(ptp); > if (rc != 0) > return rc; > > - rc = smk_access(task_security(ptp), current_security(), MAY_READWRITE); > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); > + smk_ad_setfield_u_tsk(&ad, ptp); > + > + sp = current_security(); > + tsp = task_security(ptp); > + /* we won't log here, because rc can be overriden */ > + rc = smk_access(tsp, sp, MAY_READWRITE, NULL); > if (rc != 0 && has_capability(ptp, CAP_MAC_OVERRIDE)) > - return 0; > + rc = 0; > + > + smack_log(tsp, sp, MAY_READWRITE, rc, &ad); > return rc; > } > > @@ -327,8 +346,14 @@ static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data) > static int smack_sb_statfs(struct dentry *dentry) > { > struct superblock_smack *sbp = dentry->d_sb->s_security; > + int rc; > + struct smk_audit_info ad; > > - return smk_curacc(sbp->smk_floor, MAY_READ); > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); > + smk_ad_setfield_u_fs_path_dentry(&ad, dentry); > + > + rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad); > + return rc; > } > > /** > @@ -346,8 +371,12 @@ static int smack_sb_mount(char *dev_name, struct path *path, > char *type, unsigned long flags, void *data) > { > struct superblock_smack *sbp = path->mnt->mnt_sb->s_security; > + struct smk_audit_info ad; > + > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); > + smk_ad_setfield_u_fs_path(&ad, *path); > > - return smk_curacc(sbp->smk_floor, MAY_WRITE); > + return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad); > } > > /** > @@ -361,10 +390,14 @@ static int smack_sb_mount(char *dev_name, struct path *path, > static int smack_sb_umount(struct vfsmount *mnt, int flags) > { > struct superblock_smack *sbp; > + struct smk_audit_info ad; > > - sbp = mnt->mnt_sb->s_security; > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); > + smk_ad_setfield_u_fs_path_dentry(&ad, mnt->mnt_mountpoint); > + smk_ad_setfield_u_fs_path_mnt(&ad, mnt); > > - return smk_curacc(sbp->smk_floor, MAY_WRITE); > + sbp = mnt->mnt_sb->s_security; > + return smk_curacc(sbp->smk_floor, MAY_WRITE, &ad); > } > > /* > @@ -441,15 +474,20 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir, > static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, > struct dentry *new_dentry) > { > - int rc; > char *isp; > + struct smk_audit_info ad; > + int rc; > + > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); > + smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); > > isp = smk_of_inode(old_dentry->d_inode); > - rc = smk_curacc(isp, MAY_WRITE); > + rc = smk_curacc(isp, MAY_WRITE, &ad); > > if (rc == 0 && new_dentry->d_inode != NULL) { > isp = smk_of_inode(new_dentry->d_inode); > - rc = smk_curacc(isp, MAY_WRITE); > + smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); > + rc = smk_curacc(isp, MAY_WRITE, &ad); > } > > return rc; > @@ -466,18 +504,24 @@ static int smack_inode_link(struct dentry *old_dentry, struct inode *dir, > static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) > { > struct inode *ip = dentry->d_inode; > + struct smk_audit_info ad; > int rc; > > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); > + smk_ad_setfield_u_fs_path_dentry(&ad, dentry); > + > /* > * You need write access to the thing you're unlinking > */ > - rc = smk_curacc(smk_of_inode(ip), MAY_WRITE); > - if (rc == 0) > + rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad); > + if (rc == 0) { > /* > * You also need write access to the containing directory > */ > - rc = smk_curacc(smk_of_inode(dir), MAY_WRITE); > - > + smk_ad_setfield_u_fs_path_dentry(&ad, NULL); > + smk_ad_setfield_u_fs_inode(&ad, dir); > + rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); > + } > return rc; > } > > @@ -491,17 +535,24 @@ static int smack_inode_unlink(struct inode *dir, struct dentry *dentry) > */ > static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry) > { > + struct smk_audit_info ad; > int rc; > > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); > + smk_ad_setfield_u_fs_path_dentry(&ad, dentry); > + > /* > * You need write access to the thing you're removing > */ > - rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); > - if (rc == 0) > + rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); > + if (rc == 0) { > /* > * You also need write access to the containing directory > */ > - rc = smk_curacc(smk_of_inode(dir), MAY_WRITE); > + smk_ad_setfield_u_fs_path_dentry(&ad, NULL); > + smk_ad_setfield_u_fs_inode(&ad, dir); > + rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad); > + } > > return rc; > } > @@ -525,15 +576,19 @@ static int smack_inode_rename(struct inode *old_inode, > { > int rc; > char *isp; > + struct smk_audit_info ad; > + > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); > + smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry); > > isp = smk_of_inode(old_dentry->d_inode); > - rc = smk_curacc(isp, MAY_READWRITE); > + rc = smk_curacc(isp, MAY_READWRITE, &ad); > > if (rc == 0 && new_dentry->d_inode != NULL) { > isp = smk_of_inode(new_dentry->d_inode); > - rc = smk_curacc(isp, MAY_READWRITE); > + smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry); > + rc = smk_curacc(isp, MAY_READWRITE, &ad); > } > - > return rc; > } > > @@ -548,13 +603,15 @@ static int smack_inode_rename(struct inode *old_inode, > */ > static int smack_inode_permission(struct inode *inode, int mask) > { > + struct smk_audit_info ad; > /* > * No permission to check. Existence test. Yup, it's there. > */ > if (mask == 0) > return 0; > - > - return smk_curacc(smk_of_inode(inode), mask); > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); > + smk_ad_setfield_u_fs_inode(&ad, inode); > + return smk_curacc(smk_of_inode(inode), mask, &ad); > } > > /** > @@ -566,13 +623,16 @@ static int smack_inode_permission(struct inode *inode, int mask) > */ > static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) > { > + struct smk_audit_info ad; > /* > * Need to allow for clearing the setuid bit. > */ > if (iattr->ia_valid & ATTR_FORCE) > return 0; > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); > + smk_ad_setfield_u_fs_path_dentry(&ad, dentry); > > - return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); > + return smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); > } > > /** > @@ -584,7 +644,12 @@ static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr) > */ > static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) > { > - return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ); > + struct smk_audit_info ad; > + > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); > + smk_ad_setfield_u_fs_path_dentry(&ad, dentry); > + smk_ad_setfield_u_fs_path_mnt(&ad, mnt); > + return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); > } > > /** > @@ -602,6 +667,7 @@ static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) > static int smack_inode_setxattr(struct dentry *dentry, const char *name, > const void *value, size_t size, int flags) > { > + struct smk_audit_info ad; > int rc = 0; > > if (strcmp(name, XATTR_NAME_SMACK) == 0 || > @@ -615,8 +681,11 @@ static int smack_inode_setxattr(struct dentry *dentry, const char *name, > } else > rc = cap_inode_setxattr(dentry, name, value, size, flags); > > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); > + smk_ad_setfield_u_fs_path_dentry(&ad, dentry); > + > if (rc == 0) > - rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); > + rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); > > return rc; > } > @@ -671,7 +740,12 @@ static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, > */ > static int smack_inode_getxattr(struct dentry *dentry, const char *name) > { > - return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ); > + struct smk_audit_info ad; > + > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); > + smk_ad_setfield_u_fs_path_dentry(&ad, dentry); > + > + return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ, &ad); > } > > /* > @@ -685,6 +759,7 @@ static int smack_inode_getxattr(struct dentry *dentry, const char *name) > */ > static int smack_inode_removexattr(struct dentry *dentry, const char *name) > { > + struct smk_audit_info ad; > int rc = 0; > > if (strcmp(name, XATTR_NAME_SMACK) == 0 || > @@ -695,8 +770,10 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name) > } else > rc = cap_inode_removexattr(dentry, name); > > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); > + smk_ad_setfield_u_fs_path_dentry(&ad, dentry); > if (rc == 0) > - rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE); > + rc = smk_curacc(smk_of_inode(dentry->d_inode), MAY_WRITE, &ad); > > return rc; > } > @@ -855,12 +932,16 @@ static int smack_file_ioctl(struct file *file, unsigned int cmd, > unsigned long arg) > { > int rc = 0; > + struct smk_audit_info ad; > + > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); > + smk_ad_setfield_u_fs_path(&ad, file->f_path); > > if (_IOC_DIR(cmd) & _IOC_WRITE) > - rc = smk_curacc(file->f_security, MAY_WRITE); > + rc = smk_curacc(file->f_security, MAY_WRITE, &ad); > > if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) > - rc = smk_curacc(file->f_security, MAY_READ); > + rc = smk_curacc(file->f_security, MAY_READ, &ad); > > return rc; > } > @@ -874,7 +955,11 @@ static int smack_file_ioctl(struct file *file, unsigned int cmd, > */ > static int smack_file_lock(struct file *file, unsigned int cmd) > { > - return smk_curacc(file->f_security, MAY_WRITE); > + struct smk_audit_info ad; > + > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); > + smk_ad_setfield_u_fs_path_dentry(&ad, file->f_path.dentry); > + return smk_curacc(file->f_security, MAY_WRITE, &ad); > } > > /** > @@ -888,8 +973,12 @@ static int smack_file_lock(struct file *file, unsigned int cmd) > static int smack_file_fcntl(struct file *file, unsigned int cmd, > unsigned long arg) > { > + struct smk_audit_info ad; > int rc; > > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_FS); > + smk_ad_setfield_u_fs_path(&ad, file->f_path); > + > switch (cmd) { > case F_DUPFD: > case F_GETFD: > @@ -897,7 +986,7 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, > case F_GETLK: > case F_GETOWN: > case F_GETSIG: > - rc = smk_curacc(file->f_security, MAY_READ); > + rc = smk_curacc(file->f_security, MAY_READ, &ad); > break; > case F_SETFD: > case F_SETFL: > @@ -905,10 +994,10 @@ static int smack_file_fcntl(struct file *file, unsigned int cmd, > case F_SETLKW: > case F_SETOWN: > case F_SETSIG: > - rc = smk_curacc(file->f_security, MAY_WRITE); > + rc = smk_curacc(file->f_security, MAY_WRITE, &ad); > break; > default: > - rc = smk_curacc(file->f_security, MAY_READWRITE); > + rc = smk_curacc(file->f_security, MAY_READWRITE, &ad); > } > > return rc; > @@ -943,14 +1032,21 @@ static int smack_file_send_sigiotask(struct task_struct *tsk, > { > struct file *file; > int rc; > + char *tsp = tsk->cred->security; > + struct smk_audit_info ad; > > /* > * struct fown_struct is never outside the context of a struct file > */ > file = container_of(fown, struct file, f_owner); > - rc = smk_access(file->f_security, tsk->cred->security, MAY_WRITE); > + /* we don't log here as rc can be overriden */ > + rc = smk_access(file->f_security, tsp, MAY_WRITE, NULL); > if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE)) > - return 0; > + rc = 0; > + > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); > + smk_ad_setfield_u_tsk(&ad, tsk); > + smack_log(file->f_security, tsp, MAY_WRITE, rc, &ad); > return rc; > } > > @@ -963,7 +1059,10 @@ static int smack_file_send_sigiotask(struct task_struct *tsk, > static int smack_file_receive(struct file *file) > { > int may = 0; > + struct smk_audit_info ad; > > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); > + smk_ad_setfield_u_fs_path(&ad, file->f_path); > /* > * This code relies on bitmasks. > */ > @@ -972,7 +1071,7 @@ static int smack_file_receive(struct file *file) > if (file->f_mode & FMODE_WRITE) > may |= MAY_WRITE; > > - return smk_curacc(file->f_security, may); > + return smk_curacc(file->f_security, may, &ad); > } > > /* > @@ -1052,6 +1151,22 @@ static int smack_kernel_create_files_as(struct cred *new, > } > > /** > + * smk_curacc_on_task - helper to log task related access > + * @p: the task object > + * @access : the access requested > + * > + * Return 0 if access is permitted > + */ > +static int smk_curacc_on_task(struct task_struct *p, int access) > +{ > + struct smk_audit_info ad; > + > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); > + smk_ad_setfield_u_tsk(&ad, p); > + return smk_curacc(task_security(p), access, &ad); > +} > + > +/** > * smack_task_setpgid - Smack check on setting pgid > * @p: the task object > * @pgid: unused > @@ -1060,7 +1175,7 @@ static int smack_kernel_create_files_as(struct cred *new, > */ > static int smack_task_setpgid(struct task_struct *p, pid_t pgid) > { > - return smk_curacc(task_security(p), MAY_WRITE); > + return smk_curacc_on_task(p, MAY_WRITE); > } > > /** > @@ -1071,7 +1186,7 @@ static int smack_task_setpgid(struct task_struct *p, pid_t pgid) > */ > static int smack_task_getpgid(struct task_struct *p) > { > - return smk_curacc(task_security(p), MAY_READ); > + return smk_curacc_on_task(p, MAY_READ); > } > > /** > @@ -1082,7 +1197,7 @@ static int smack_task_getpgid(struct task_struct *p) > */ > static int smack_task_getsid(struct task_struct *p) > { > - return smk_curacc(task_security(p), MAY_READ); > + return smk_curacc_on_task(p, MAY_READ); > } > > /** > @@ -1110,7 +1225,7 @@ static int smack_task_setnice(struct task_struct *p, int nice) > > rc = cap_task_setnice(p, nice); > if (rc == 0) > - rc = smk_curacc(task_security(p), MAY_WRITE); > + rc = smk_curacc_on_task(p, MAY_WRITE); > return rc; > } > > @@ -1127,7 +1242,7 @@ static int smack_task_setioprio(struct task_struct *p, int ioprio) > > rc = cap_task_setioprio(p, ioprio); > if (rc == 0) > - rc = smk_curacc(task_security(p), MAY_WRITE); > + rc = smk_curacc_on_task(p, MAY_WRITE); > return rc; > } > > @@ -1139,7 +1254,7 @@ static int smack_task_setioprio(struct task_struct *p, int ioprio) > */ > static int smack_task_getioprio(struct task_struct *p) > { > - return smk_curacc(task_security(p), MAY_READ); > + return smk_curacc_on_task(p, MAY_READ); > } > > /** > @@ -1157,7 +1272,7 @@ static int smack_task_setscheduler(struct task_struct *p, int policy, > > rc = cap_task_setscheduler(p, policy, lp); > if (rc == 0) > - rc = smk_curacc(task_security(p), MAY_WRITE); > + rc = smk_curacc_on_task(p, MAY_WRITE); > return rc; > } > > @@ -1169,7 +1284,7 @@ static int smack_task_setscheduler(struct task_struct *p, int policy, > */ > static int smack_task_getscheduler(struct task_struct *p) > { > - return smk_curacc(task_security(p), MAY_READ); > + return smk_curacc_on_task(p, MAY_READ); > } > > /** > @@ -1180,7 +1295,7 @@ static int smack_task_getscheduler(struct task_struct *p) > */ > static int smack_task_movememory(struct task_struct *p) > { > - return smk_curacc(task_security(p), MAY_WRITE); > + return smk_curacc_on_task(p, MAY_WRITE); > } > > /** > @@ -1198,18 +1313,23 @@ static int smack_task_movememory(struct task_struct *p) > static int smack_task_kill(struct task_struct *p, struct siginfo *info, > int sig, u32 secid) > { > + struct smk_audit_info ad; > + > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); > + smk_ad_setfield_u_tsk(&ad, p); > /* > * Sending a signal requires that the sender > * can write the receiver. > */ > if (secid == 0) > - return smk_curacc(task_security(p), MAY_WRITE); > + return smk_curacc(task_security(p), MAY_WRITE, &ad); > /* > * If the secid isn't 0 we're dealing with some USB IO > * specific behavior. This is not clean. For one thing > * we can't take privilege into account. > */ > - return smk_access(smack_from_secid(secid), task_security(p), MAY_WRITE); > + return smk_access(smack_from_secid(secid), task_security(p), > + MAY_WRITE, &ad); > } > > /** > @@ -1220,11 +1340,15 @@ static int smack_task_kill(struct task_struct *p, struct siginfo *info, > */ > static int smack_task_wait(struct task_struct *p) > { > + struct smk_audit_info ad; > + char *sp = current_security(); > + char *tsp = task_security(p); > int rc; > > - rc = smk_access(current_security(), task_security(p), MAY_WRITE); > + /* we don't log here, we can be overriden */ > + rc = smk_access(sp, tsp, MAY_WRITE, NULL); > if (rc == 0) > - return 0; > + goto out_log; > > /* > * Allow the operation to succeed if either task > @@ -1238,8 +1362,12 @@ static int smack_task_wait(struct task_struct *p) > * the smack value. > */ > if (capable(CAP_MAC_OVERRIDE) || has_capability(p, CAP_MAC_OVERRIDE)) > - return 0; > - > + rc = 0; > + /* we log only if we didn't get overriden */ > + out_log: > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK); > + smk_ad_setfield_u_tsk(&ad, p); > + smack_log(sp, tsp, MAY_WRITE, rc, &ad); > return rc; > } > > @@ -1455,12 +1583,19 @@ static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap) > int sk_lbl; > char *hostsp; > struct socket_smack *ssp = sk->sk_security; > + struct smk_audit_info ad; > > rcu_read_lock(); > hostsp = smack_host_label(sap); > if (hostsp != NULL) { > sk_lbl = SMACK_UNLABELED_SOCKET; > - rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE); > +#ifdef CONFIG_AUDIT > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); > + ad.a.u.net.family = sap->sin_family; > + ad.a.u.net.dport = sap->sin_port; > + ad.a.u.net.v4info.daddr = sap->sin_addr.s_addr; > +#endif > + rc = smk_access(ssp->smk_out, hostsp, MAY_WRITE, &ad); > } else { > sk_lbl = SMACK_CIPSO_SOCKET; > rc = 0; > @@ -1656,6 +1791,25 @@ static void smack_shm_free_security(struct shmid_kernel *shp) > } > > /** > + * smk_curacc_shm : check if current has access on shm > + * @shp : the object > + * @access : access requested > + * > + * Returns 0 if current has the requested access, error code otherwise > + */ > +static int smk_curacc_shm(struct shmid_kernel *shp, int access) > +{ > + char *ssp = smack_of_shm(shp); > + struct smk_audit_info ad; > + > +#ifdef CONFIG_AUDIT > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); > + ad.a.u.ipc_id = shp->shm_perm.id; > +#endif > + return smk_curacc(ssp, access, &ad); > +} > + > +/** > * smack_shm_associate - Smack access check for shm > * @shp: the object > * @shmflg: access requested > @@ -1664,11 +1818,10 @@ static void smack_shm_free_security(struct shmid_kernel *shp) > */ > static int smack_shm_associate(struct shmid_kernel *shp, int shmflg) > { > - char *ssp = smack_of_shm(shp); > int may; > > may = smack_flags_to_may(shmflg); > - return smk_curacc(ssp, may); > + return smk_curacc_shm(shp, may); > } > > /** > @@ -1680,7 +1833,6 @@ static int smack_shm_associate(struct shmid_kernel *shp, int shmflg) > */ > static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) > { > - char *ssp; > int may; > > switch (cmd) { > @@ -1703,9 +1855,7 @@ static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) > default: > return -EINVAL; > } > - > - ssp = smack_of_shm(shp); > - return smk_curacc(ssp, may); > + return smk_curacc_shm(shp, may); > } > > /** > @@ -1719,11 +1869,10 @@ static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd) > static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr, > int shmflg) > { > - char *ssp = smack_of_shm(shp); > int may; > > may = smack_flags_to_may(shmflg); > - return smk_curacc(ssp, may); > + return smk_curacc_shm(shp, may); > } > > /** > @@ -1765,6 +1914,25 @@ static void smack_sem_free_security(struct sem_array *sma) > } > > /** > + * smk_curacc_sem : check if current has access on sem > + * @sma : the object > + * @access : access requested > + * > + * Returns 0 if current has the requested access, error code otherwise > + */ > +static int smk_curacc_sem(struct sem_array *sma, int access) > +{ > + char *ssp = smack_of_sem(sma); > + struct smk_audit_info ad; > + > +#ifdef CONFIG_AUDIT > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); > + ad.a.u.ipc_id = sma->sem_perm.id; > +#endif > + return smk_curacc(ssp, access, &ad); > +} > + > +/** > * smack_sem_associate - Smack access check for sem > * @sma: the object > * @semflg: access requested > @@ -1773,11 +1941,10 @@ static void smack_sem_free_security(struct sem_array *sma) > */ > static int smack_sem_associate(struct sem_array *sma, int semflg) > { > - char *ssp = smack_of_sem(sma); > int may; > > may = smack_flags_to_may(semflg); > - return smk_curacc(ssp, may); > + return smk_curacc_sem(sma, may); > } > > /** > @@ -1789,7 +1956,6 @@ static int smack_sem_associate(struct sem_array *sma, int semflg) > */ > static int smack_sem_semctl(struct sem_array *sma, int cmd) > { > - char *ssp; > int may; > > switch (cmd) { > @@ -1818,8 +1984,7 @@ static int smack_sem_semctl(struct sem_array *sma, int cmd) > return -EINVAL; > } > > - ssp = smack_of_sem(sma); > - return smk_curacc(ssp, may); > + return smk_curacc_sem(sma, may); > } > > /** > @@ -1836,9 +2001,7 @@ static int smack_sem_semctl(struct sem_array *sma, int cmd) > static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops, > unsigned nsops, int alter) > { > - char *ssp = smack_of_sem(sma); > - > - return smk_curacc(ssp, MAY_READWRITE); > + return smk_curacc_sem(sma, MAY_READWRITE); > } > > /** > @@ -1880,6 +2043,25 @@ static char *smack_of_msq(struct msg_queue *msq) > } > > /** > + * smk_curacc_msq : helper to check if current has access on msq > + * @msq : the msq > + * @access : access requested > + * > + * return 0 if current has access, error otherwise > + */ > +static int smk_curacc_msq(struct msg_queue *msq, int access) > +{ > + char *msp = smack_of_msq(msq); > + struct smk_audit_info ad; > + > +#ifdef CONFIG_AUDIT > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); > + ad.a.u.ipc_id = msq->q_perm.id; > +#endif > + return smk_curacc(msp, access, &ad); > +} > + > +/** > * smack_msg_queue_associate - Smack access check for msg_queue > * @msq: the object > * @msqflg: access requested > @@ -1888,11 +2070,10 @@ static char *smack_of_msq(struct msg_queue *msq) > */ > static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg) > { > - char *msp = smack_of_msq(msq); > int may; > > may = smack_flags_to_may(msqflg); > - return smk_curacc(msp, may); > + return smk_curacc_msq(msq, may); > } > > /** > @@ -1904,7 +2085,6 @@ static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg) > */ > static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) > { > - char *msp; > int may; > > switch (cmd) { > @@ -1926,8 +2106,7 @@ static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) > return -EINVAL; > } > > - msp = smack_of_msq(msq); > - return smk_curacc(msp, may); > + return smk_curacc_msq(msq, may); > } > > /** > @@ -1941,11 +2120,10 @@ static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd) > static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, > int msqflg) > { > - char *msp = smack_of_msq(msq); > - int rc; > + int may; > > - rc = smack_flags_to_may(msqflg); > - return smk_curacc(msp, rc); > + may = smack_flags_to_may(msqflg); > + return smk_curacc_msq(msq, may); > } > > /** > @@ -1961,9 +2139,7 @@ static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg, > static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, > struct task_struct *target, long type, int mode) > { > - char *msp = smack_of_msq(msq); > - > - return smk_curacc(msp, MAY_READWRITE); > + return smk_curacc_msq(msq, MAY_READWRITE); > } > > /** > @@ -1976,10 +2152,14 @@ static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg, > static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag) > { > char *isp = ipp->security; > - int may; > + int may = smack_flags_to_may(flag); > + struct smk_audit_info ad; > > - may = smack_flags_to_may(flag); > - return smk_curacc(isp, may); > +#ifdef CONFIG_AUDIT > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC); > + ad.a.u.ipc_id = ipp->id; > +#endif > + return smk_curacc(isp, may, &ad); > } > > /** > @@ -2238,8 +2418,12 @@ static int smack_unix_stream_connect(struct socket *sock, > { > struct inode *sp = SOCK_INODE(sock); > struct inode *op = SOCK_INODE(other); > + struct smk_audit_info ad; > > - return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_READWRITE); > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); > + smk_ad_setfield_u_net_sk(&ad, other->sk); > + return smk_access(smk_of_inode(sp), smk_of_inode(op), > + MAY_READWRITE, &ad); > } > > /** > @@ -2254,8 +2438,11 @@ static int smack_unix_may_send(struct socket *sock, struct socket *other) > { > struct inode *sp = SOCK_INODE(sock); > struct inode *op = SOCK_INODE(other); > + struct smk_audit_info ad; > > - return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_WRITE); > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); > + smk_ad_setfield_u_net_sk(&ad, other->sk); > + return smk_access(smk_of_inode(sp), smk_of_inode(op), MAY_WRITE, &ad); > } > > /** > @@ -2370,7 +2557,7 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) > char smack[SMK_LABELLEN]; > char *csp; > int rc; > - > + struct smk_audit_info ad; > if (sk->sk_family != PF_INET && sk->sk_family != PF_INET6) > return 0; > > @@ -2388,13 +2575,19 @@ static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) > > netlbl_secattr_destroy(&secattr); > > +#ifdef CONFIG_AUDIT > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); > + ad.a.u.net.family = sk->sk_family; > + ad.a.u.net.netif = skb->iif; > + ipv4_skb_to_auditdata(skb, &ad.a, NULL); > +#endif > /* > * Receiving a packet requires that the other end > * be able to write here. Read access is not required. > * This is the simplist possible security model > * for networking. > */ > - rc = smk_access(csp, ssp->smk_in, MAY_WRITE); > + rc = smk_access(csp, ssp->smk_in, MAY_WRITE, &ad); > if (rc != 0) > netlbl_skbuff_err(skb, rc, 0); > return rc; > @@ -2523,6 +2716,7 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, > struct iphdr *hdr; > char smack[SMK_LABELLEN]; > int rc; > + struct smk_audit_info ad; > > /* handle mapped IPv4 packets arriving via IPv6 sockets */ > if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP)) > @@ -2536,11 +2730,17 @@ static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb, > strncpy(smack, smack_known_huh.smk_known, SMK_MAXLEN); > netlbl_secattr_destroy(&secattr); > > +#ifdef CONFIG_AUDIT > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NET); > + ad.a.u.net.family = family; > + ad.a.u.net.netif = skb->iif; > + ipv4_skb_to_auditdata(skb, &ad.a, NULL); > +#endif > /* > * Receiving a packet requires that the other end be able to write > * here. Read access is not required. > */ > - rc = smk_access(smack, ssp->smk_in, MAY_WRITE); > + rc = smk_access(smack, ssp->smk_in, MAY_WRITE, &ad); > if (rc != 0) > return rc; > > @@ -2642,6 +2842,7 @@ static int smack_key_permission(key_ref_t key_ref, > const struct cred *cred, key_perm_t perm) > { > struct key *keyp; > + struct smk_audit_info ad; > > keyp = key_ref_to_ptr(key_ref); > if (keyp == NULL) > @@ -2657,8 +2858,13 @@ static int smack_key_permission(key_ref_t key_ref, > */ > if (cred->security == NULL) > return -EACCES; > - > - return smk_access(cred->security, keyp->security, MAY_READWRITE); > +#ifdef CONFIG_AUDIT > + smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY); > + ad.a.u.key_struct.key = keyp->serial; > + ad.a.u.key_struct.key_desc = keyp->description; > +#endif > + return smk_access(cred->security, keyp->security, > + MAY_READWRITE, &ad); > } > #endif /* CONFIG_KEYS */ > > diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c > index e03a7e1..904af34 100644 > --- a/security/smack/smackfs.c > +++ b/security/smack/smackfs.c > @@ -41,6 +41,7 @@ enum smk_inos { > SMK_AMBIENT = 7, /* internet ambient label */ > SMK_NETLBLADDR = 8, /* single label hosts */ > SMK_ONLYCAP = 9, /* the only "capable" label */ > + SMK_LOGGING = 10, /* logging */ > }; > > /* > @@ -1192,6 +1193,69 @@ static const struct file_operations smk_onlycap_ops = { > }; > > /** > + * smk_read_logging - read() for /smack/logging > + * @filp: file pointer, not actually used > + * @buf: where to put the result > + * @cn: maximum to send along > + * @ppos: where to start > + * > + * Returns number of bytes read or error code, as appropriate > + */ > +static ssize_t smk_read_logging(struct file *filp, char __user *buf, > + size_t count, loff_t *ppos) > +{ > + char temp[32]; > + ssize_t rc; > + > + if (*ppos != 0) > + return 0; > + > + sprintf(temp, "%d\n", log_policy); > + rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp)); > + return rc; > +} > + > +/** > + * smk_write_logging - write() for /smack/logging > + * @file: file pointer, not actually used > + * @buf: where to get the data from > + * @count: bytes sent > + * @ppos: where to start > + * > + * Returns number of bytes written or error code, as appropriate > + */ > +static ssize_t smk_write_logging(struct file *file, const char __user *buf, > + size_t count, loff_t *ppos) > +{ > + char temp[32]; > + int i; > + > + if (!capable(CAP_MAC_ADMIN)) > + return -EPERM; > + > + if (count >= sizeof(temp) || count == 0) > + return -EINVAL; > + > + if (copy_from_user(temp, buf, count) != 0) > + return -EFAULT; > + > + temp[count] = '\0'; > + > + if (sscanf(temp, "%d", &i) != 1) > + return -EINVAL; > + if (i < 0 || i > 3) > + return -EINVAL; > + log_policy = i; > + return count; > +} > + > + > + > +static const struct file_operations smk_logging_ops = { > + .read = smk_read_logging, > + .write = smk_write_logging, > +}; > +/** > * smk_fill_super - fill the /smackfs superblock > * @sb: the empty superblock > * @data: unused > @@ -1221,6 +1285,8 @@ static int smk_fill_super(struct super_block *sb, void *data, int silent) > {"netlabel", &smk_netlbladdr_ops, S_IRUGO|S_IWUSR}, > [SMK_ONLYCAP] = > {"onlycap", &smk_onlycap_ops, S_IRUGO|S_IWUSR}, > + [SMK_LOGGING] = > + {"logging", &smk_logging_ops, S_IRUGO|S_IWUSR}, > /* last one */ {""} > }; > > > > >