2 * security/tomoyo/audit.c
4 * Pathname restriction functions.
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
10 #include <linux/slab.h>
13 * tomoyo_print_header - Get header line of audit log.
15 * @r: Pointer to "struct tomoyo_request_info".
17 * Returns string representation.
19 * This function uses kmalloc(), so caller must kfree() if this function
22 static char *tomoyo_print_header(struct tomoyo_request_info
*r
)
24 struct tomoyo_time stamp
;
25 const pid_t gpid
= task_pid_nr(current
);
26 static const int tomoyo_buffer_len
= 4096;
27 char *buffer
= kmalloc(tomoyo_buffer_len
, GFP_NOFS
);
34 tomoyo_convert_time(tv
.tv_sec
, &stamp
);
37 ppid
= task_tgid_vnr(current
->real_parent
);
39 snprintf(buffer
, tomoyo_buffer_len
- 1,
40 "#%04u/%02u/%02u %02u:%02u:%02u# profile=%u mode=%s "
41 "granted=%s (global-pid=%u) task={ pid=%u ppid=%u "
42 "uid=%u gid=%u euid=%u egid=%u suid=%u sgid=%u "
43 "fsuid=%u fsgid=%u }",
44 stamp
.year
, stamp
.month
, stamp
.day
, stamp
.hour
,
45 stamp
.min
, stamp
.sec
, r
->profile
, tomoyo_mode
[r
->mode
],
46 tomoyo_yesno(r
->granted
), gpid
, task_tgid_vnr(current
), ppid
,
47 current_uid(), current_gid(), current_euid(), current_egid(),
48 current_suid(), current_sgid(), current_fsuid(),
54 * tomoyo_init_log - Allocate buffer for audit logs.
56 * @r: Pointer to "struct tomoyo_request_info".
57 * @len: Buffer size needed for @fmt and @args.
58 * @fmt: The printf()'s format string.
59 * @args: va_list structure for @fmt.
61 * Returns pointer to allocated memory.
63 * This function uses kzalloc(), so caller must kfree() if this function
66 char *tomoyo_init_log(struct tomoyo_request_info
*r
, int len
, const char *fmt
,
70 const char *header
= NULL
;
72 const char *domainname
= tomoyo_domain()->domainname
->name
;
73 header
= tomoyo_print_header(r
);
76 /* +10 is for '\n' etc. and '\0'. */
77 len
+= strlen(domainname
) + strlen(header
) + 10;
78 len
= tomoyo_round2(len
);
79 buf
= kzalloc(len
, GFP_NOFS
);
83 pos
= snprintf(buf
, len
, "%s", header
);
84 pos
+= snprintf(buf
+ pos
, len
- pos
, "\n%s\n", domainname
);
85 vsnprintf(buf
+ pos
, len
- pos
, fmt
, args
);
91 /* Wait queue for /sys/kernel/security/tomoyo/audit. */
92 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_log_wait
);
94 /* Structure for audit log. */
96 struct list_head list
;
101 /* The list for "struct tomoyo_log". */
102 static LIST_HEAD(tomoyo_log
);
104 /* Lock for "struct list_head tomoyo_log". */
105 static DEFINE_SPINLOCK(tomoyo_log_lock
);
107 /* Length of "stuct list_head tomoyo_log". */
108 static unsigned int tomoyo_log_count
;
111 * tomoyo_get_audit - Get audit mode.
113 * @ns: Pointer to "struct tomoyo_policy_namespace".
114 * @profile: Profile number.
115 * @index: Index number of functionality.
116 * @is_granted: True if granted log, false otherwise.
118 * Returns true if this request should be audited, false otherwise.
120 static bool tomoyo_get_audit(const struct tomoyo_policy_namespace
*ns
,
121 const u8 profile
, const u8 index
,
122 const bool is_granted
)
125 const u8 category
= tomoyo_index2category
[index
] +
126 TOMOYO_MAX_MAC_INDEX
;
127 struct tomoyo_profile
*p
;
128 if (!tomoyo_policy_loaded
)
130 p
= tomoyo_profile(ns
, profile
);
131 if (tomoyo_log_count
>= p
->pref
[TOMOYO_PREF_MAX_AUDIT_LOG
])
133 mode
= p
->config
[index
];
134 if (mode
== TOMOYO_CONFIG_USE_DEFAULT
)
135 mode
= p
->config
[category
];
136 if (mode
== TOMOYO_CONFIG_USE_DEFAULT
)
137 mode
= p
->default_config
;
139 return mode
& TOMOYO_CONFIG_WANT_GRANT_LOG
;
140 return mode
& TOMOYO_CONFIG_WANT_REJECT_LOG
;
144 * tomoyo_write_log2 - Write an audit log.
146 * @r: Pointer to "struct tomoyo_request_info".
147 * @len: Buffer size needed for @fmt and @args.
148 * @fmt: The printf()'s format string.
149 * @args: va_list structure for @fmt.
153 void tomoyo_write_log2(struct tomoyo_request_info
*r
, int len
, const char *fmt
,
157 struct tomoyo_log
*entry
;
158 bool quota_exceeded
= false;
159 if (!tomoyo_get_audit(r
->domain
->ns
, r
->profile
, r
->type
, r
->granted
))
161 buf
= tomoyo_init_log(r
, len
, fmt
, args
);
164 entry
= kzalloc(sizeof(*entry
), GFP_NOFS
);
170 len
= tomoyo_round2(strlen(buf
) + 1);
172 * The entry->size is used for memory quota checks.
173 * Don't go beyond strlen(entry->log).
175 entry
->size
= len
+ tomoyo_round2(sizeof(*entry
));
176 spin_lock(&tomoyo_log_lock
);
177 if (tomoyo_memory_quota
[TOMOYO_MEMORY_AUDIT
] &&
178 tomoyo_memory_used
[TOMOYO_MEMORY_AUDIT
] + entry
->size
>=
179 tomoyo_memory_quota
[TOMOYO_MEMORY_AUDIT
]) {
180 quota_exceeded
= true;
182 tomoyo_memory_used
[TOMOYO_MEMORY_AUDIT
] += entry
->size
;
183 list_add_tail(&entry
->list
, &tomoyo_log
);
186 spin_unlock(&tomoyo_log_lock
);
187 if (quota_exceeded
) {
192 wake_up(&tomoyo_log_wait
);
198 * tomoyo_write_log - Write an audit log.
200 * @r: Pointer to "struct tomoyo_request_info".
201 * @fmt: The printf()'s format string, followed by parameters.
205 void tomoyo_write_log(struct tomoyo_request_info
*r
, const char *fmt
, ...)
210 len
= vsnprintf((char *) &len
, 1, fmt
, args
) + 1;
213 tomoyo_write_log2(r
, len
, fmt
, args
);
218 * tomoyo_read_log - Read an audit log.
220 * @head: Pointer to "struct tomoyo_io_buffer".
224 void tomoyo_read_log(struct tomoyo_io_buffer
*head
)
226 struct tomoyo_log
*ptr
= NULL
;
229 kfree(head
->read_buf
);
230 head
->read_buf
= NULL
;
231 spin_lock(&tomoyo_log_lock
);
232 if (!list_empty(&tomoyo_log
)) {
233 ptr
= list_entry(tomoyo_log
.next
, typeof(*ptr
), list
);
234 list_del(&ptr
->list
);
236 tomoyo_memory_used
[TOMOYO_MEMORY_AUDIT
] -= ptr
->size
;
238 spin_unlock(&tomoyo_log_lock
);
240 head
->read_buf
= ptr
->log
;
241 head
->r
.w
[head
->r
.w_pos
++] = head
->read_buf
;
247 * tomoyo_poll_log - Wait for an audit log.
249 * @file: Pointer to "struct file".
250 * @wait: Pointer to "poll_table".
252 * Returns POLLIN | POLLRDNORM when ready to read an audit log.
254 int tomoyo_poll_log(struct file
*file
, poll_table
*wait
)
256 if (tomoyo_log_count
)
257 return POLLIN
| POLLRDNORM
;
258 poll_wait(file
, &tomoyo_log_wait
, wait
);
259 if (tomoyo_log_count
)
260 return POLLIN
| POLLRDNORM
;