[mirror_ubuntu-zesty-kernel.git] / security / apparmor / audit.c

/*
 * AppArmor security module
 *
 * This file contains AppArmor auditing functions
 *
 * Copyright (C) 1998-2008 Novell/SUSE
 * Copyright 2009-2010 Canonical Ltd.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation, version 2 of the
 * License.
 */

#include <linux/audit.h>
#include <linux/socket.h>

#include "include/apparmor.h"
#include "include/audit.h"
#include "include/policy.h"
#include "include/policy_ns.h"


const char *const audit_mode_names[] = {
	"normal",
	"quiet_denied",
	"quiet",
	"noquiet",
	"all"
};

static const char *const aa_audit_type[] = {
	"AUDIT",
	"ALLOWED",
	"DENIED",
	"HINT",
	"STATUS",
	"ERROR",
	"KILLED",
	"AUTO"
};

/*
 * Currently AppArmor auditing is fed straight into the audit framework.
 *
 * TODO:
 * netlink interface for complain mode
 * user auditing, - send user auditing to netlink interface
 * system control of whether user audit messages go to system log
 */

/**
 * audit_base - core AppArmor function.
 * @ab: audit buffer to fill (NOT NULL)
 * @ca: audit structure containing data to audit (NOT NULL)
 *
 * Record common AppArmor audit data from @sa
 */
static void audit_pre(struct audit_buffer *ab, void *ca)
{
	struct common_audit_data *sa = ca;

	if (aa_g_audit_header) {
		audit_log_format(ab, "apparmor=");
		audit_log_string(ab, aa_audit_type[aad(sa)->type]);
	}

	if (aad(sa)->op) {
		audit_log_format(ab, " operation=");
		audit_log_string(ab, aad(sa)->op);
	}

	if (aad(sa)->info) {
		audit_log_format(ab, " info=");
		audit_log_string(ab, aad(sa)->info);
		if (aad(sa)->error)
			audit_log_format(ab, " error=%d", aad(sa)->error);
	}

	if (aad(sa)->label) {
		struct aa_label *label = aad(sa)->label;
		if (label_isprofile(label)) {
			struct aa_profile *profile = labels_profile(label);
			if (profile->ns != root_ns) {
				audit_log_format(ab, " namespace=");
				audit_log_untrustedstring(ab,
						       profile->ns->base.hname);
			}
			audit_log_format(ab, " profile=");
			audit_log_untrustedstring(ab, profile->base.hname);
		} else {
			audit_log_format(ab, " label=");
			aa_label_xaudit(ab, root_ns, label, FLAG_VIEW_SUBNS,
					GFP_ATOMIC);
		}
	}

	if (aad(sa)->name) {
		audit_log_format(ab, " name=");
		audit_log_untrustedstring(ab, aad(sa)->name);
	}
}

/**
 * aa_audit_msg - Log a message to the audit subsystem
 * @sa: audit event structure (NOT NULL)
 * @cb: optional callback fn for type specific fields (MAYBE NULL)
 */
void aa_audit_msg(int type, struct common_audit_data *sa,
		  void (*cb) (struct audit_buffer *, void *))
{
	/* TODO: redirect messages for profile to the correct ns
	 *       rejects from subns should goto the audit associated
	 *       with it, and audits from parent ns should got ns
	 *       associated with it
	 */
	aad(sa)->type = type;
	common_lsm_audit(sa, audit_pre, cb);
}

/**
 * aa_audit - Log a profile based audit event to the audit subsystem
 * @type: audit type for the message
 * @profile: profile to check against (NOT NULL)
 * @sa: audit event (NOT NULL)
 * @cb: optional callback fn for type specific fields (MAYBE NULL)
 *
 * Handle default message switching based off of audit mode flags
 *
 * Returns: error on failure
 */
int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa,
	     void (*cb) (struct audit_buffer *, void *))
{
	BUG_ON(!profile);

	if (type == AUDIT_APPARMOR_AUTO) {
		if (likely(!aad(sa)->error)) {
			if (AUDIT_MODE(profile) != AUDIT_ALL)
				return 0;
			type = AUDIT_APPARMOR_AUDIT;
		} else if (COMPLAIN_MODE(profile))
			type = AUDIT_APPARMOR_ALLOWED;
		else
			type = AUDIT_APPARMOR_DENIED;
	}
	if (AUDIT_MODE(profile) == AUDIT_QUIET ||
	    (type == AUDIT_APPARMOR_DENIED &&
	     AUDIT_MODE(profile) == AUDIT_QUIET))
	  return aad(sa)->error;

	if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
		type = AUDIT_APPARMOR_KILL;

	aad(sa)->label = &profile->label;

	aa_audit_msg(type, sa, cb);

	if (aad(sa)->type == AUDIT_APPARMOR_KILL)
		(void)send_sig_info(SIGKILL, NULL,
			sa->type == LSM_AUDIT_DATA_TASK && sa->u.tsk ?
				    sa->u.tsk : current);

	if (aad(sa)->type == AUDIT_APPARMOR_ALLOWED)
	  return complain_error(aad(sa)->error);

	return aad(sa)->error;
}
Commit	Line	Data
67012e82 JJ	1	/*
	2	* AppArmor security module
	3	*
	4	* This file contains AppArmor auditing functions
	5	*
	6	* Copyright (C) 1998-2008 Novell/SUSE
	7	* Copyright 2009-2010 Canonical Ltd.
	8	*
	9	* This program is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU General Public License as
	11	* published by the Free Software Foundation, version 2 of the
	12	* License.
	13	*/
	14
	15	#include <linux/audit.h>
	16	#include <linux/socket.h>
	17
	18	#include "include/apparmor.h"
	19	#include "include/audit.h"
	20	#include "include/policy.h"
80594fc2	21	#include "include/policy_ns.h"
67012e82	22
67012e82	23
2d4cee7e	24	const char *const audit_mode_names[] = {
67012e82 JJ	25	"normal",
	26	"quiet_denied",
	27	"quiet",
	28	"noquiet",
	29	"all"
	30	};
	31
2d4cee7e	32	static const char *const aa_audit_type[] = {
67012e82 JJ	33	"AUDIT",
	34	"ALLOWED",
	35	"DENIED",
	36	"HINT",
	37	"STATUS",
	38	"ERROR",
b492d50b	39	"KILLED",
ade3ddc0	40	"AUTO"
67012e82 JJ	41	};
	42
	43	/*
	44	* Currently AppArmor auditing is fed straight into the audit framework.
	45	*
	46	* TODO:
	47	* netlink interface for complain mode
	48	* user auditing, - send user auditing to netlink interface
	49	* system control of whether user audit messages go to system log
	50	*/
	51
	52	/**
	53	* audit_base - core AppArmor function.
	54	* @ab: audit buffer to fill (NOT NULL)
	55	* @ca: audit structure containing data to audit (NOT NULL)
	56	*
	57	* Record common AppArmor audit data from @sa
	58	*/
	59	static void audit_pre(struct audit_buffer ab, void ca)
	60	{
	61	struct common_audit_data *sa = ca;
67012e82 JJ	62
	63	if (aa_g_audit_header) {
	64	audit_log_format(ab, "apparmor=");
80594fc2	65	audit_log_string(ab, aa_audit_type[aad(sa)->type]);
67012e82 JJ	66	}
67012e82 JJ	67
80594fc2	68	if (aad(sa)->op) {
67012e82	69	audit_log_format(ab, " operation=");
80594fc2	70	audit_log_string(ab, aad(sa)->op);
67012e82 JJ	71	}
67012e82 JJ	72
80594fc2	73	if (aad(sa)->info) {
67012e82	74	audit_log_format(ab, " info=");
80594fc2 JJ	75	audit_log_string(ab, aad(sa)->info);
	76	if (aad(sa)->error)
	77	audit_log_format(ab, " error=%d", aad(sa)->error);
67012e82 JJ	78	}
67012e82 JJ	79
80594fc2 JJ	80	if (aad(sa)->label) {
	81	struct aa_label *label = aad(sa)->label;
	82	if (label_isprofile(label)) {
	83	struct aa_profile *profile = labels_profile(label);
	84	if (profile->ns != root_ns) {
	85	audit_log_format(ab, " namespace=");
	86	audit_log_untrustedstring(ab,
	87	profile->ns->base.hname);
	88	}
	89	audit_log_format(ab, " profile=");
	90	audit_log_untrustedstring(ab, profile->base.hname);
	91	} else {
	92	audit_log_format(ab, " label=");
	93	aa_label_xaudit(ab, root_ns, label, FLAG_VIEW_SUBNS,
	94	GFP_ATOMIC);
67012e82	95	}
67012e82 JJ	96	}
67012e82 JJ	97
80594fc2	98	if (aad(sa)->name) {
67012e82	99	audit_log_format(ab, " name=");
80594fc2	100	audit_log_untrustedstring(ab, aad(sa)->name);
67012e82 JJ	101	}
	102	}
	103
	104	/**
	105	* aa_audit_msg - Log a message to the audit subsystem
	106	* @sa: audit event structure (NOT NULL)
	107	* @cb: optional callback fn for type specific fields (MAYBE NULL)
	108	*/
	109	void aa_audit_msg(int type, struct common_audit_data *sa,
	110	void (cb) (struct audit_buffer , void *))
	111	{
80594fc2 JJ	112	/* TODO: redirect messages for profile to the correct ns
	113	* rejects from subns should goto the audit associated
	114	* with it, and audits from parent ns should got ns
	115	* associated with it
	116	*/
	117	aad(sa)->type = type;
b61c37f5	118	common_lsm_audit(sa, audit_pre, cb);
67012e82 JJ	119	}
	120
	121	/**
	122	* aa_audit - Log a profile based audit event to the audit subsystem
	123	* @type: audit type for the message
	124	* @profile: profile to check against (NOT NULL)
67012e82 JJ	125	* @sa: audit event (NOT NULL)
	126	* @cb: optional callback fn for type specific fields (MAYBE NULL)
	127	*
	128	* Handle default message switching based off of audit mode flags
	129	*
	130	* Returns: error on failure
	131	*/
80594fc2	132	int aa_audit(int type, struct aa_profile profile, struct common_audit_data sa,
67012e82 JJ	133	void (cb) (struct audit_buffer , void *))
	134	{
	135	BUG_ON(!profile);
	136
	137	if (type == AUDIT_APPARMOR_AUTO) {
80594fc2	138	if (likely(!aad(sa)->error)) {
67012e82 JJ	139	if (AUDIT_MODE(profile) != AUDIT_ALL)
	140	return 0;
	141	type = AUDIT_APPARMOR_AUDIT;
	142	} else if (COMPLAIN_MODE(profile))
	143	type = AUDIT_APPARMOR_ALLOWED;
	144	else
	145	type = AUDIT_APPARMOR_DENIED;
	146	}
	147	if (AUDIT_MODE(profile) == AUDIT_QUIET \|\|
	148	(type == AUDIT_APPARMOR_DENIED &&
	149	AUDIT_MODE(profile) == AUDIT_QUIET))
80594fc2	150	return aad(sa)->error;
67012e82 JJ	151
	152	if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED)
	153	type = AUDIT_APPARMOR_KILL;
	154
80594fc2	155	aad(sa)->label = &profile->label;
67012e82 JJ	156
	157	aa_audit_msg(type, sa, cb);
	158
80594fc2	159	if (aad(sa)->type == AUDIT_APPARMOR_KILL)
0972c74e	160	(void)send_sig_info(SIGKILL, NULL,
b6b1b81b JJ	161	sa->type == LSM_AUDIT_DATA_TASK && sa->u.tsk ?
b6b1b81b JJ	162	sa->u.tsk : current);
67012e82	163
80594fc2 JJ	164	if (aad(sa)->type == AUDIT_APPARMOR_ALLOWED)
80594fc2 JJ	165	return complain_error(aad(sa)->error);
67012e82	166
80594fc2	167	return aad(sa)->error;
67012e82	168	}