[PATCH] Audit of POSIX Message Queue Syscalls v.2

Amy Griffis amy.griffis at hp.com
Wed May 24 21:32:21 UTC 2006 

On Wed, May 24, 2006 at 04:09:55PM -0500, George C. Wilson wrote:
> @@ -1230,6 +1298,200 @@ uid_t audit_get_loginuid(struct audit_co
>  }
>  
>  /**
> + * audit_mq_open - record audit data for a POSIX MQ open
> + * @oflag: open flag
> + * @mode: mode bits
> + * @u_attr: queue attributes
> + *
> + * Returns 0 for success or NULL context or < 0 on error.
> + */
> +int audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr)
> +{
> +	struct audit_aux_data_mq_open *ax;
> +	struct audit_context *context = current->audit_context;
> +
> +	if (!audit_enabled)
> +		return 0;

Should be checking !context->in_syscall instead of !audit_enabled,
please see
https://www.redhat.com/archives/linux-audit/2006-May/msg00083.html

Same applies to all the new audit_mq_* routines.

> +
> +	if (likely(!context))
> +		return 0;
> +
> +	ax = kmalloc(sizeof(*ax), GFP_ATOMIC);
> +	if (!ax)
> +		return -ENOMEM;
> +
> +	if (u_attr != NULL) {
> +		if (copy_from_user(&ax->attr, u_attr, sizeof(ax->attr)))
> +			return -EFAULT;
> +	} else
> +		memset(&ax->attr, 0, sizeof(ax->attr));
> +
> +	ax->oflag = oflag;
> +	ax->mode = mode;
> +
> +	ax->d.type = AUDIT_MQ_OPEN;
> +	ax->d.next = context->aux;
> +	context->aux = (void *)ax;
> +	return 0;
> +}
> +
> +/**
> + * audit_mq_timedsend - record audit data for a POSIX MQ timed send
> + * @mqdes: MQ descriptor
> + * @msg_len: Message length
> + * @msg_prio: Message priority
> + * @abs_timeout: Message timeout in absolute time
> + *
> + * Returns 0 for success or NULL context or < 0 on error.
> + */
> +int audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio,
> +			const struct timespec __user *u_abs_timeout)
> +{
> +	struct audit_aux_data_mq_sendrecv *ax;
> +	struct audit_context *context = current->audit_context;
> +
> +	if (!audit_enabled)
> +		return 0;
> +
> +	if (likely(!context))
> +		return 0;
> +
> +	ax = kmalloc(sizeof(*ax), GFP_ATOMIC);
> +	if (!ax)
> +		return -ENOMEM;
> +
> +	if (u_abs_timeout != NULL) {
> +		if (copy_from_user(&ax->abs_timeout, u_abs_timeout, sizeof(ax->abs_timeout)))
> +			return -EFAULT;
> +	} else
> +		memset(&ax->abs_timeout, 0, sizeof(ax->abs_timeout));
> +
> +	ax->mqdes = mqdes;
> +	ax->msg_len = msg_len;
> +	ax->msg_prio = msg_prio;
> +
> +	ax->d.type = AUDIT_MQ_SENDRECV;
> +	ax->d.next = context->aux;
> +	context->aux = (void *)ax;
> +	return 0;
> +}
> +
> +/**
> + * audit_mq_timedreceive - record audit data for a POSIX MQ timed receive
> + * @mqdes: MQ descriptor
> + * @msg_len: Message length
> + * @msg_prio: Message priority
> + * @abs_timeout: Message timeout in absolute time
> + *
> + * Returns 0 for success or NULL context or < 0 on error.
> + */
> +int audit_mq_timedreceive(mqd_t mqdes, size_t msg_len,
> +				unsigned int __user *u_msg_prio,
> +				const struct timespec __user *u_abs_timeout)
> +{
> +	struct audit_aux_data_mq_sendrecv *ax;
> +	struct audit_context *context = current->audit_context;
> +
> +	if (!audit_enabled)
> +		return 0;
> +
> +	if (likely(!context))
> +		return 0;
> +
> +	ax = kmalloc(sizeof(*ax), GFP_ATOMIC);
> +	if (!ax)
> +		return -ENOMEM;
> +
> +	if (u_msg_prio != NULL) {
> +		if (get_user(ax->msg_prio, u_msg_prio))
> +			return -EFAULT;
> +	} else
> +		ax->msg_prio = 0;
> +
> +	if (u_abs_timeout != NULL) {
> +		if (copy_from_user(&ax->abs_timeout, u_abs_timeout, sizeof(ax->abs_timeout)))
> +			return -EFAULT;
> +	} else
> +		memset(&ax->abs_timeout, 0, sizeof(ax->abs_timeout));
> +
> +	ax->mqdes = mqdes;
> +	ax->msg_len = msg_len;
> +
> +	ax->d.type = AUDIT_MQ_SENDRECV;
> +	ax->d.next = context->aux;
> +	context->aux = (void *)ax;
> +	return 0;
> +}
> +
> +/**
> + * audit_mq_notify - record audit data for a POSIX MQ notify
> + * @mqdes: MQ descriptor
> + * @u_notification: Notification event
> + *
> + * Returns 0 for success or NULL context or < 0 on error.
> + */
> +
> +int audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification)
> +{
> +	struct audit_aux_data_mq_notify *ax;
> +	struct audit_context *context = current->audit_context;
> +
> +	if (!audit_enabled)
> +		return 0;
> +
> +	if (likely(!context))
> +		return 0;
> +
> +	ax = kmalloc(sizeof(*ax), GFP_ATOMIC);
> +	if (!ax)
> +		return -ENOMEM;
> +
> +	if (u_notification != NULL) {
> +		if (copy_from_user(&ax->notification, u_notification, sizeof(ax->notification)))
> +			return -EFAULT;
> +	} else
> +		memset(&ax->notification, 0, sizeof(ax->notification));
> +
> +	ax->mqdes = mqdes;
> +
> +	ax->d.type = AUDIT_MQ_NOTIFY;
> +	ax->d.next = context->aux;
> +	context->aux = (void *)ax;
> +	return 0;
> +}
> +
> +/**
> + * audit_mq_getsetattr - record audit data for a POSIX MQ get/set attribute
> + * @mqdes: MQ descriptor
> + * @mqstat: MQ flags
> + *
> + * Returns 0 for success or NULL context or < 0 on error.
> + */
> +int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat)
> +{
> +	struct audit_aux_data_mq_getsetattr *ax;
> +	struct audit_context *context = current->audit_context;
> +
> +	if (!audit_enabled)
> +		return 0;
> +
> +	if (likely(!context))
> +		return 0;
> +
> +	ax = kmalloc(sizeof(*ax), GFP_ATOMIC);
> +	if (!ax)
> +		return -ENOMEM;
> +
> +	ax->mqdes = mqdes;
> +	ax->mqstat = *mqstat;
> +
> +	ax->d.type = AUDIT_MQ_GETSETATTR;
> +	ax->d.next = context->aux;
> +	context->aux = (void *)ax;
> +	return 0;
> +}
> +
> +/**
>   * audit_ipc_obj - record audit data for ipc object
>   * @ipcp: ipc permissions
>   *
> -- 
> George Wilson <ltcgcw at us.ibm.com>
> IBM Linux Technology Center
> 
> --
> Linux-audit mailing list
> Linux-audit at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-audit
>

More information about the Linux-audit mailing list