]>
Commit | Line | Data |
---|---|---|
67012e82 JJ |
1 | /* |
2 | * AppArmor security module | |
3 | * | |
4 | * This file contains AppArmor auditing functions | |
5 | * | |
6 | * Copyright (C) 1998-2008 Novell/SUSE | |
7 | * Copyright 2009-2010 Canonical Ltd. | |
8 | * | |
9 | * This program is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU General Public License as | |
11 | * published by the Free Software Foundation, version 2 of the | |
12 | * License. | |
13 | */ | |
14 | ||
15 | #include <linux/audit.h> | |
16 | #include <linux/socket.h> | |
17 | ||
18 | #include "include/apparmor.h" | |
19 | #include "include/audit.h" | |
20 | #include "include/policy.h" | |
80594fc2 | 21 | #include "include/policy_ns.h" |
67012e82 | 22 | |
67012e82 | 23 | |
2d4cee7e | 24 | const char *const audit_mode_names[] = { |
67012e82 JJ |
25 | "normal", |
26 | "quiet_denied", | |
27 | "quiet", | |
28 | "noquiet", | |
29 | "all" | |
30 | }; | |
31 | ||
2d4cee7e | 32 | static const char *const aa_audit_type[] = { |
67012e82 JJ |
33 | "AUDIT", |
34 | "ALLOWED", | |
35 | "DENIED", | |
36 | "HINT", | |
37 | "STATUS", | |
38 | "ERROR", | |
b492d50b | 39 | "KILLED", |
ade3ddc0 | 40 | "AUTO" |
67012e82 JJ |
41 | }; |
42 | ||
43 | /* | |
44 | * Currently AppArmor auditing is fed straight into the audit framework. | |
45 | * | |
46 | * TODO: | |
47 | * netlink interface for complain mode | |
48 | * user auditing, - send user auditing to netlink interface | |
49 | * system control of whether user audit messages go to system log | |
50 | */ | |
51 | ||
52 | /** | |
53 | * audit_base - core AppArmor function. | |
54 | * @ab: audit buffer to fill (NOT NULL) | |
55 | * @ca: audit structure containing data to audit (NOT NULL) | |
56 | * | |
57 | * Record common AppArmor audit data from @sa | |
58 | */ | |
59 | static void audit_pre(struct audit_buffer *ab, void *ca) | |
60 | { | |
61 | struct common_audit_data *sa = ca; | |
67012e82 JJ |
62 | |
63 | if (aa_g_audit_header) { | |
64 | audit_log_format(ab, "apparmor="); | |
80594fc2 | 65 | audit_log_string(ab, aa_audit_type[aad(sa)->type]); |
67012e82 JJ |
66 | } |
67 | ||
80594fc2 | 68 | if (aad(sa)->op) { |
67012e82 | 69 | audit_log_format(ab, " operation="); |
80594fc2 | 70 | audit_log_string(ab, aad(sa)->op); |
67012e82 JJ |
71 | } |
72 | ||
80594fc2 | 73 | if (aad(sa)->info) { |
67012e82 | 74 | audit_log_format(ab, " info="); |
80594fc2 JJ |
75 | audit_log_string(ab, aad(sa)->info); |
76 | if (aad(sa)->error) | |
77 | audit_log_format(ab, " error=%d", aad(sa)->error); | |
67012e82 JJ |
78 | } |
79 | ||
80594fc2 JJ |
80 | if (aad(sa)->label) { |
81 | struct aa_label *label = aad(sa)->label; | |
82 | if (label_isprofile(label)) { | |
83 | struct aa_profile *profile = labels_profile(label); | |
84 | if (profile->ns != root_ns) { | |
85 | audit_log_format(ab, " namespace="); | |
86 | audit_log_untrustedstring(ab, | |
87 | profile->ns->base.hname); | |
88 | } | |
89 | audit_log_format(ab, " profile="); | |
90 | audit_log_untrustedstring(ab, profile->base.hname); | |
91 | } else { | |
92 | audit_log_format(ab, " label="); | |
93 | aa_label_xaudit(ab, root_ns, label, FLAG_VIEW_SUBNS, | |
94 | GFP_ATOMIC); | |
67012e82 | 95 | } |
67012e82 JJ |
96 | } |
97 | ||
80594fc2 | 98 | if (aad(sa)->name) { |
67012e82 | 99 | audit_log_format(ab, " name="); |
80594fc2 | 100 | audit_log_untrustedstring(ab, aad(sa)->name); |
67012e82 JJ |
101 | } |
102 | } | |
103 | ||
104 | /** | |
105 | * aa_audit_msg - Log a message to the audit subsystem | |
106 | * @sa: audit event structure (NOT NULL) | |
107 | * @cb: optional callback fn for type specific fields (MAYBE NULL) | |
108 | */ | |
109 | void aa_audit_msg(int type, struct common_audit_data *sa, | |
110 | void (*cb) (struct audit_buffer *, void *)) | |
111 | { | |
80594fc2 JJ |
112 | /* TODO: redirect messages for profile to the correct ns |
113 | * rejects from subns should goto the audit associated | |
114 | * with it, and audits from parent ns should got ns | |
115 | * associated with it | |
116 | */ | |
117 | aad(sa)->type = type; | |
b61c37f5 | 118 | common_lsm_audit(sa, audit_pre, cb); |
67012e82 JJ |
119 | } |
120 | ||
121 | /** | |
122 | * aa_audit - Log a profile based audit event to the audit subsystem | |
123 | * @type: audit type for the message | |
124 | * @profile: profile to check against (NOT NULL) | |
67012e82 JJ |
125 | * @sa: audit event (NOT NULL) |
126 | * @cb: optional callback fn for type specific fields (MAYBE NULL) | |
127 | * | |
128 | * Handle default message switching based off of audit mode flags | |
129 | * | |
130 | * Returns: error on failure | |
131 | */ | |
80594fc2 | 132 | int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa, |
67012e82 JJ |
133 | void (*cb) (struct audit_buffer *, void *)) |
134 | { | |
135 | BUG_ON(!profile); | |
136 | ||
137 | if (type == AUDIT_APPARMOR_AUTO) { | |
80594fc2 | 138 | if (likely(!aad(sa)->error)) { |
67012e82 JJ |
139 | if (AUDIT_MODE(profile) != AUDIT_ALL) |
140 | return 0; | |
141 | type = AUDIT_APPARMOR_AUDIT; | |
142 | } else if (COMPLAIN_MODE(profile)) | |
143 | type = AUDIT_APPARMOR_ALLOWED; | |
144 | else | |
145 | type = AUDIT_APPARMOR_DENIED; | |
146 | } | |
147 | if (AUDIT_MODE(profile) == AUDIT_QUIET || | |
148 | (type == AUDIT_APPARMOR_DENIED && | |
149 | AUDIT_MODE(profile) == AUDIT_QUIET)) | |
80594fc2 | 150 | return aad(sa)->error; |
67012e82 JJ |
151 | |
152 | if (KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED) | |
153 | type = AUDIT_APPARMOR_KILL; | |
154 | ||
80594fc2 | 155 | aad(sa)->label = &profile->label; |
67012e82 JJ |
156 | |
157 | aa_audit_msg(type, sa, cb); | |
158 | ||
80594fc2 | 159 | if (aad(sa)->type == AUDIT_APPARMOR_KILL) |
0972c74e | 160 | (void)send_sig_info(SIGKILL, NULL, |
b6b1b81b JJ |
161 | sa->type == LSM_AUDIT_DATA_TASK && sa->u.tsk ? |
162 | sa->u.tsk : current); | |
67012e82 | 163 | |
80594fc2 JJ |
164 | if (aad(sa)->type == AUDIT_APPARMOR_ALLOWED) |
165 | return complain_error(aad(sa)->error); | |
67012e82 | 166 | |
80594fc2 | 167 | return aad(sa)->error; |
67012e82 | 168 | } |