Lines Matching refs:context
914 static inline void audit_proctitle_free(struct audit_context *context) in audit_proctitle_free() argument
916 kfree(context->proctitle.value); in audit_proctitle_free()
917 context->proctitle.value = NULL; in audit_proctitle_free()
918 context->proctitle.len = 0; in audit_proctitle_free()
921 static inline void audit_free_module(struct audit_context *context) in audit_free_module() argument
923 if (context->type == AUDIT_KERN_MODULE) { in audit_free_module()
924 kfree(context->module.name); in audit_free_module()
925 context->module.name = NULL; in audit_free_module()
928 static inline void audit_free_names(struct audit_context *context) in audit_free_names() argument
932 list_for_each_entry_safe(n, next, &context->names_list, list) { in audit_free_names()
939 context->name_count = 0; in audit_free_names()
940 path_put(&context->pwd); in audit_free_names()
941 context->pwd.dentry = NULL; in audit_free_names()
942 context->pwd.mnt = NULL; in audit_free_names()
945 static inline void audit_free_aux(struct audit_context *context) in audit_free_aux() argument
949 while ((aux = context->aux)) { in audit_free_aux()
950 context->aux = aux->next; in audit_free_aux()
953 context->aux = NULL; in audit_free_aux()
954 while ((aux = context->aux_pids)) { in audit_free_aux()
955 context->aux_pids = aux->next; in audit_free_aux()
958 context->aux_pids = NULL; in audit_free_aux()
976 ctx->context = AUDIT_CTX_UNUSED; in audit_reset_context()
1031 struct audit_context *context; in audit_alloc_context() local
1033 context = kzalloc(sizeof(*context), GFP_KERNEL); in audit_alloc_context()
1034 if (!context) in audit_alloc_context()
1036 context->context = AUDIT_CTX_UNUSED; in audit_alloc_context()
1037 context->state = state; in audit_alloc_context()
1038 context->prio = state == AUDIT_STATE_RECORD ? ~0ULL : 0; in audit_alloc_context()
1039 INIT_LIST_HEAD(&context->killed_trees); in audit_alloc_context()
1040 INIT_LIST_HEAD(&context->names_list); in audit_alloc_context()
1041 context->fds[0] = -1; in audit_alloc_context()
1042 context->return_valid = AUDITSC_INVALID; in audit_alloc_context()
1043 return context; in audit_alloc_context()
1057 struct audit_context *context; in audit_alloc() local
1070 context = audit_alloc_context(state); in audit_alloc()
1071 if (!context) { in audit_alloc()
1076 context->filterkey = key; in audit_alloc()
1078 audit_set_context(tsk, context); in audit_alloc()
1083 static inline void audit_free_context(struct audit_context *context) in audit_free_context() argument
1086 audit_reset_context(context); in audit_free_context()
1087 audit_proctitle_free(context); in audit_free_context()
1088 free_tree_refs(context); in audit_free_context()
1089 kfree(context->filterkey); in audit_free_context()
1090 kfree(context); in audit_free_context()
1093 static int audit_log_pid_context(struct audit_context *context, pid_t pid, in audit_log_pid_context() argument
1102 ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); in audit_log_pid_context()
1125 static void audit_log_execve_info(struct audit_context *context, in audit_log_execve_info() argument
1162 audit_log_format(*ab, "argc=%d", context->execve.argc); in audit_log_execve_info()
1234 *ab = audit_log_start(context, in audit_log_execve_info()
1291 } while (arg < context->execve.argc); in audit_log_execve_info()
1322 static void audit_log_time(struct audit_context *context, struct audit_buffer **ab) in audit_log_time() argument
1324 const struct audit_ntp_data *ntp = &context->time.ntp_data; in audit_log_time()
1325 const struct timespec64 *tk = &context->time.tk_injoffset; in audit_log_time()
1336 if (context->type == AUDIT_TIME_ADJNTPVAL) { in audit_log_time()
1340 *ab = audit_log_start(context, in audit_log_time()
1357 *ab = audit_log_start(context, GFP_KERNEL, in audit_log_time()
1369 static void show_special(struct audit_context *context, int *call_panic) in show_special() argument
1374 ab = audit_log_start(context, GFP_KERNEL, context->type); in show_special()
1378 switch (context->type) { in show_special()
1380 int nargs = context->socketcall.nargs; in show_special()
1385 context->socketcall.args[i]); in show_special()
1388 u32 osid = context->ipc.osid; in show_special()
1391 from_kuid(&init_user_ns, context->ipc.uid), in show_special()
1392 from_kgid(&init_user_ns, context->ipc.gid), in show_special()
1393 context->ipc.mode); in show_special()
1406 if (context->ipc.has_perm) { in show_special()
1408 ab = audit_log_start(context, GFP_KERNEL, in show_special()
1414 context->ipc.qbytes, in show_special()
1415 context->ipc.perm_uid, in show_special()
1416 context->ipc.perm_gid, in show_special()
1417 context->ipc.perm_mode); in show_special()
1424 context->mq_open.oflag, context->mq_open.mode, in show_special()
1425 context->mq_open.attr.mq_flags, in show_special()
1426 context->mq_open.attr.mq_maxmsg, in show_special()
1427 context->mq_open.attr.mq_msgsize, in show_special()
1428 context->mq_open.attr.mq_curmsgs); in show_special()
1434 context->mq_sendrecv.mqdes, in show_special()
1435 context->mq_sendrecv.msg_len, in show_special()
1436 context->mq_sendrecv.msg_prio, in show_special()
1437 (long long) context->mq_sendrecv.abs_timeout.tv_sec, in show_special()
1438 context->mq_sendrecv.abs_timeout.tv_nsec); in show_special()
1442 context->mq_notify.mqdes, in show_special()
1443 context->mq_notify.sigev_signo); in show_special()
1446 struct mq_attr *attr = &context->mq_getsetattr.mqstat; in show_special()
1451 context->mq_getsetattr.mqdes, in show_special()
1456 audit_log_format(ab, "pid=%d", context->capset.pid); in show_special()
1457 audit_log_cap(ab, "cap_pi", &context->capset.cap.inheritable); in show_special()
1458 audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted); in show_special()
1459 audit_log_cap(ab, "cap_pe", &context->capset.cap.effective); in show_special()
1460 audit_log_cap(ab, "cap_pa", &context->capset.cap.ambient); in show_special()
1463 audit_log_format(ab, "fd=%d flags=0x%x", context->mmap.fd, in show_special()
1464 context->mmap.flags); in show_special()
1468 context->openat2.flags, in show_special()
1469 context->openat2.mode, in show_special()
1470 context->openat2.resolve); in show_special()
1473 audit_log_execve_info(context, &ab); in show_special()
1477 if (context->module.name) { in show_special()
1478 audit_log_untrustedstring(ab, context->module.name); in show_special()
1486 audit_log_time(context, &ab); in show_special()
1513 static void audit_log_name(struct audit_context *context, struct audit_names *n, in audit_log_name() argument
1518 ab = audit_log_start(context, GFP_KERNEL, AUDIT_PATH); in audit_log_name()
1537 if (context->pwd.dentry && context->pwd.mnt) in audit_log_name()
1538 audit_log_d_path(ab, " name=", &context->pwd); in audit_log_name()
1605 struct audit_context *context = audit_context(); in audit_log_proctitle() local
1608 ab = audit_log_start(context, GFP_KERNEL, AUDIT_PROCTITLE); in audit_log_proctitle()
1615 if (!context->proctitle.value) { in audit_log_proctitle()
1630 context->proctitle.value = buf; in audit_log_proctitle()
1631 context->proctitle.len = res; in audit_log_proctitle()
1633 msg = context->proctitle.value; in audit_log_proctitle()
1634 len = context->proctitle.len; in audit_log_proctitle()
1681 struct audit_context *context = audit_context(); in audit_log_exit() local
1686 context->personality = current->personality; in audit_log_exit()
1688 switch (context->context) { in audit_log_exit()
1690 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL); in audit_log_exit()
1694 context->arch, context->major); in audit_log_exit()
1695 if (context->personality != PER_LINUX) in audit_log_exit()
1696 audit_log_format(ab, " per=%lx", context->personality); in audit_log_exit()
1697 if (context->return_valid != AUDITSC_INVALID) in audit_log_exit()
1699 (context->return_valid == AUDITSC_SUCCESS ? in audit_log_exit()
1701 context->return_code); in audit_log_exit()
1704 context->argv[0], in audit_log_exit()
1705 context->argv[1], in audit_log_exit()
1706 context->argv[2], in audit_log_exit()
1707 context->argv[3], in audit_log_exit()
1708 context->name_count); in audit_log_exit()
1710 audit_log_key(ab, context->filterkey); in audit_log_exit()
1714 audit_log_uring(context); in audit_log_exit()
1721 for (aux = context->aux; aux; aux = aux->next) { in audit_log_exit()
1723 ab = audit_log_start(context, GFP_KERNEL, aux->type); in audit_log_exit()
1753 if (context->type) in audit_log_exit()
1754 show_special(context, &call_panic); in audit_log_exit()
1756 if (context->fds[0] >= 0) { in audit_log_exit()
1757 ab = audit_log_start(context, GFP_KERNEL, AUDIT_FD_PAIR); in audit_log_exit()
1760 context->fds[0], context->fds[1]); in audit_log_exit()
1765 if (context->sockaddr_len) { in audit_log_exit()
1766 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SOCKADDR); in audit_log_exit()
1769 audit_log_n_hex(ab, (void *)context->sockaddr, in audit_log_exit()
1770 context->sockaddr_len); in audit_log_exit()
1775 for (aux = context->aux_pids; aux; aux = aux->next) { in audit_log_exit()
1779 if (audit_log_pid_context(context, axs->target_pid[i], in audit_log_exit()
1788 if (context->target_pid && in audit_log_exit()
1789 audit_log_pid_context(context, context->target_pid, in audit_log_exit()
1790 context->target_auid, context->target_uid, in audit_log_exit()
1791 context->target_sessionid, in audit_log_exit()
1792 context->target_sid, context->target_comm)) in audit_log_exit()
1795 if (context->pwd.dentry && context->pwd.mnt) { in audit_log_exit()
1796 ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD); in audit_log_exit()
1798 audit_log_d_path(ab, "cwd=", &context->pwd); in audit_log_exit()
1804 list_for_each_entry(n, &context->names_list, list) { in audit_log_exit()
1807 audit_log_name(context, n, NULL, i++, &call_panic); in audit_log_exit()
1810 if (context->context == AUDIT_CTX_SYSCALL) in audit_log_exit()
1814 ab = audit_log_start(context, GFP_KERNEL, AUDIT_EOE); in audit_log_exit()
1829 struct audit_context *context = tsk->audit_context; in __audit_free() local
1831 if (!context) in __audit_free()
1835 if (!list_empty(&context->killed_trees)) in __audit_free()
1836 audit_kill_trees(context); in __audit_free()
1843 if (tsk == current && !context->dummy) { in __audit_free()
1844 context->return_valid = AUDITSC_INVALID; in __audit_free()
1845 context->return_code = 0; in __audit_free()
1846 if (context->context == AUDIT_CTX_SYSCALL) { in __audit_free()
1847 audit_filter_syscall(tsk, context); in __audit_free()
1848 audit_filter_inodes(tsk, context); in __audit_free()
1849 if (context->current_state == AUDIT_STATE_RECORD) in __audit_free()
1851 } else if (context->context == AUDIT_CTX_URING) { in __audit_free()
1853 audit_filter_uring(tsk, context); in __audit_free()
1854 audit_filter_inodes(tsk, context); in __audit_free()
1855 if (context->current_state == AUDIT_STATE_RECORD) in __audit_free()
1856 audit_log_uring(context); in __audit_free()
1861 audit_free_context(context); in __audit_free()
1915 if (ctx->context == AUDIT_CTX_SYSCALL) in __audit_uring_entry()
1922 ctx->context = AUDIT_CTX_URING; in __audit_uring_entry()
1942 if (ctx->context != AUDIT_CTX_URING) in __audit_uring_exit()
1948 if (ctx->context == AUDIT_CTX_SYSCALL) { in __audit_uring_exit()
2014 struct audit_context *context = audit_context(); in __audit_syscall_entry() local
2017 if (!audit_enabled || !context) in __audit_syscall_entry()
2020 WARN_ON(context->context != AUDIT_CTX_UNUSED); in __audit_syscall_entry()
2021 WARN_ON(context->name_count); in __audit_syscall_entry()
2022 if (context->context != AUDIT_CTX_UNUSED || context->name_count) { in __audit_syscall_entry()
2027 state = context->state; in __audit_syscall_entry()
2031 context->dummy = !audit_n_rules; in __audit_syscall_entry()
2032 if (!context->dummy && state == AUDIT_STATE_BUILD) { in __audit_syscall_entry()
2033 context->prio = 0; in __audit_syscall_entry()
2038 context->arch = syscall_get_arch(current); in __audit_syscall_entry()
2039 context->major = major; in __audit_syscall_entry()
2040 context->argv[0] = a1; in __audit_syscall_entry()
2041 context->argv[1] = a2; in __audit_syscall_entry()
2042 context->argv[2] = a3; in __audit_syscall_entry()
2043 context->argv[3] = a4; in __audit_syscall_entry()
2044 context->context = AUDIT_CTX_SYSCALL; in __audit_syscall_entry()
2045 context->current_state = state; in __audit_syscall_entry()
2046 ktime_get_coarse_real_ts64(&context->ctime); in __audit_syscall_entry()
2062 struct audit_context *context = audit_context(); in __audit_syscall_exit() local
2064 if (!context || context->dummy || in __audit_syscall_exit()
2065 context->context != AUDIT_CTX_SYSCALL) in __audit_syscall_exit()
2069 if (!list_empty(&context->killed_trees)) in __audit_syscall_exit()
2070 audit_kill_trees(context); in __audit_syscall_exit()
2072 audit_return_fixup(context, success, return_code); in __audit_syscall_exit()
2074 audit_filter_syscall(current, context); in __audit_syscall_exit()
2075 audit_filter_inodes(current, context); in __audit_syscall_exit()
2076 if (context->current_state != AUDIT_STATE_RECORD) in __audit_syscall_exit()
2082 audit_reset_context(context); in __audit_syscall_exit()
2087 struct audit_context *context; in handle_one() local
2094 context = audit_context(); in handle_one()
2095 p = context->trees; in handle_one()
2096 count = context->tree_count; in handle_one()
2102 if (likely(put_tree_ref(context, chunk))) in handle_one()
2104 if (unlikely(!grow_tree_refs(context))) { in handle_one()
2106 audit_set_auditable(context); in handle_one()
2108 unroll_tree_refs(context, p, count); in handle_one()
2111 put_tree_ref(context, chunk); in handle_one()
2116 struct audit_context *context; in handle_path() local
2123 context = audit_context(); in handle_path()
2124 p = context->trees; in handle_path()
2125 count = context->tree_count; in handle_path()
2139 if (unlikely(!put_tree_ref(context, chunk))) { in handle_path()
2154 unroll_tree_refs(context, p, count); in handle_path()
2158 if (grow_tree_refs(context)) { in handle_path()
2160 unroll_tree_refs(context, p, count); in handle_path()
2165 unroll_tree_refs(context, p, count); in handle_path()
2166 audit_set_auditable(context); in handle_path()
2172 static struct audit_names *audit_alloc_name(struct audit_context *context, in audit_alloc_name() argument
2177 if (context->name_count < AUDIT_NAMES) { in audit_alloc_name()
2178 aname = &context->preallocated_names[context->name_count]; in audit_alloc_name()
2189 list_add_tail(&aname->list, &context->names_list); in audit_alloc_name()
2191 context->name_count++; in audit_alloc_name()
2192 if (!context->pwd.dentry) in audit_alloc_name()
2193 get_fs_pwd(current->fs, &context->pwd); in audit_alloc_name()
2208 struct audit_context *context = audit_context(); in __audit_reusename() local
2211 list_for_each_entry(n, &context->names_list, list) { in __audit_reusename()
2231 struct audit_context *context = audit_context(); in __audit_getname() local
2234 if (context->context == AUDIT_CTX_UNUSED) in __audit_getname()
2237 n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN); in __audit_getname()
2298 struct audit_context *context = audit_context(); in __audit_inode() local
2306 if (context->context == AUDIT_CTX_UNUSED) in __audit_inode()
2344 list_for_each_entry_reverse(n, &context->names_list, list) { in __audit_inode()
2371 n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN); in __audit_inode()
2416 struct audit_context *context = audit_context(); in __audit_inode_child() local
2424 if (context->context == AUDIT_CTX_UNUSED) in __audit_inode_child()
2447 list_for_each_entry(n, &context->names_list, list) { in __audit_inode_child()
2466 list_for_each_entry(n, &context->names_list, list) { in __audit_inode_child()
2486 n = audit_alloc_name(context, AUDIT_TYPE_PARENT); in __audit_inode_child()
2493 found_child = audit_alloc_name(context, type); in __audit_inode_child()
2525 if (ctx->context == AUDIT_CTX_UNUSED) in auditsc_get_stamp()
2548 struct audit_context *context = audit_context(); in __audit_mq_open() local
2551 memcpy(&context->mq_open.attr, attr, sizeof(struct mq_attr)); in __audit_mq_open()
2553 memset(&context->mq_open.attr, 0, sizeof(struct mq_attr)); in __audit_mq_open()
2555 context->mq_open.oflag = oflag; in __audit_mq_open()
2556 context->mq_open.mode = mode; in __audit_mq_open()
2558 context->type = AUDIT_MQ_OPEN; in __audit_mq_open()
2572 struct audit_context *context = audit_context(); in __audit_mq_sendrecv() local
2573 struct timespec64 *p = &context->mq_sendrecv.abs_timeout; in __audit_mq_sendrecv()
2580 context->mq_sendrecv.mqdes = mqdes; in __audit_mq_sendrecv()
2581 context->mq_sendrecv.msg_len = msg_len; in __audit_mq_sendrecv()
2582 context->mq_sendrecv.msg_prio = msg_prio; in __audit_mq_sendrecv()
2584 context->type = AUDIT_MQ_SENDRECV; in __audit_mq_sendrecv()
2596 struct audit_context *context = audit_context(); in __audit_mq_notify() local
2599 context->mq_notify.sigev_signo = notification->sigev_signo; in __audit_mq_notify()
2601 context->mq_notify.sigev_signo = 0; in __audit_mq_notify()
2603 context->mq_notify.mqdes = mqdes; in __audit_mq_notify()
2604 context->type = AUDIT_MQ_NOTIFY; in __audit_mq_notify()
2615 struct audit_context *context = audit_context(); in __audit_mq_getsetattr() local
2617 context->mq_getsetattr.mqdes = mqdes; in __audit_mq_getsetattr()
2618 context->mq_getsetattr.mqstat = *mqstat; in __audit_mq_getsetattr()
2619 context->type = AUDIT_MQ_GETSETATTR; in __audit_mq_getsetattr()
2629 struct audit_context *context = audit_context(); in __audit_ipc_obj() local
2631 context->ipc.uid = ipcp->uid; in __audit_ipc_obj()
2632 context->ipc.gid = ipcp->gid; in __audit_ipc_obj()
2633 context->ipc.mode = ipcp->mode; in __audit_ipc_obj()
2634 context->ipc.has_perm = 0; in __audit_ipc_obj()
2635 security_ipc_getsecid(ipcp, &context->ipc.osid); in __audit_ipc_obj()
2636 context->type = AUDIT_IPC; in __audit_ipc_obj()
2650 struct audit_context *context = audit_context(); in __audit_ipc_set_perm() local
2652 context->ipc.qbytes = qbytes; in __audit_ipc_set_perm()
2653 context->ipc.perm_uid = uid; in __audit_ipc_set_perm()
2654 context->ipc.perm_gid = gid; in __audit_ipc_set_perm()
2655 context->ipc.perm_mode = mode; in __audit_ipc_set_perm()
2656 context->ipc.has_perm = 1; in __audit_ipc_set_perm()
2661 struct audit_context *context = audit_context(); in __audit_bprm() local
2663 context->type = AUDIT_EXECVE; in __audit_bprm()
2664 context->execve.argc = bprm->argc; in __audit_bprm()
2676 struct audit_context *context = audit_context(); in __audit_socketcall() local
2680 context->type = AUDIT_SOCKETCALL; in __audit_socketcall()
2681 context->socketcall.nargs = nargs; in __audit_socketcall()
2682 memcpy(context->socketcall.args, args, nargs * sizeof(unsigned long)); in __audit_socketcall()
2694 struct audit_context *context = audit_context(); in __audit_fd_pair() local
2696 context->fds[0] = fd1; in __audit_fd_pair()
2697 context->fds[1] = fd2; in __audit_fd_pair()
2709 struct audit_context *context = audit_context(); in __audit_sockaddr() local
2711 if (!context->sockaddr) { in __audit_sockaddr()
2716 context->sockaddr = p; in __audit_sockaddr()
2719 context->sockaddr_len = len; in __audit_sockaddr()
2720 memcpy(context->sockaddr, a, len); in __audit_sockaddr()
2726 struct audit_context *context = audit_context(); in __audit_ptrace() local
2728 context->target_pid = task_tgid_nr(t); in __audit_ptrace()
2729 context->target_auid = audit_get_loginuid(t); in __audit_ptrace()
2730 context->target_uid = task_uid(t); in __audit_ptrace()
2731 context->target_sessionid = audit_get_sessionid(t); in __audit_ptrace()
2732 security_task_getsecid_obj(t, &context->target_sid); in __audit_ptrace()
2733 memcpy(context->target_comm, t->comm, TASK_COMM_LEN); in __audit_ptrace()
2802 struct audit_context *context = audit_context(); in __audit_log_bprm_fcaps() local
2810 ax->d.next = context->aux; in __audit_log_bprm_fcaps()
2811 context->aux = (void *)ax; in __audit_log_bprm_fcaps()
2844 struct audit_context *context = audit_context(); in __audit_log_capset() local
2846 context->capset.pid = task_tgid_nr(current); in __audit_log_capset()
2847 context->capset.cap.effective = new->cap_effective; in __audit_log_capset()
2848 context->capset.cap.inheritable = new->cap_effective; in __audit_log_capset()
2849 context->capset.cap.permitted = new->cap_permitted; in __audit_log_capset()
2850 context->capset.cap.ambient = new->cap_ambient; in __audit_log_capset()
2851 context->type = AUDIT_CAPSET; in __audit_log_capset()
2856 struct audit_context *context = audit_context(); in __audit_mmap_fd() local
2858 context->mmap.fd = fd; in __audit_mmap_fd()
2859 context->mmap.flags = flags; in __audit_mmap_fd()
2860 context->type = AUDIT_MMAP; in __audit_mmap_fd()
2865 struct audit_context *context = audit_context(); in __audit_openat2_how() local
2867 context->openat2.flags = how->flags; in __audit_openat2_how()
2868 context->openat2.mode = how->mode; in __audit_openat2_how()
2869 context->openat2.resolve = how->resolve; in __audit_openat2_how()
2870 context->type = AUDIT_OPENAT2; in __audit_openat2_how()
2875 struct audit_context *context = audit_context(); in __audit_log_kern_module() local
2877 context->module.name = kstrdup(name, GFP_KERNEL); in __audit_log_kern_module()
2878 if (!context->module.name) in __audit_log_kern_module()
2880 context->type = AUDIT_KERN_MODULE; in __audit_log_kern_module()
2902 struct audit_context *context = audit_context(); in __audit_tk_injoffset() local
2905 if (!context->type) in __audit_tk_injoffset()
2906 context->type = AUDIT_TIME_INJOFFSET; in __audit_tk_injoffset()
2907 memcpy(&context->time.tk_injoffset, &offset, sizeof(offset)); in __audit_tk_injoffset()
2912 struct audit_context *context = audit_context(); in __audit_ntp_log() local
2918 context->type = AUDIT_TIME_ADJNTPVAL; in __audit_ntp_log()
2919 memcpy(&context->time.ntp_data, ad, sizeof(*ad)); in __audit_ntp_log()
3039 if (likely(!ctx || ctx->context == AUDIT_CTX_UNUSED)) in audit_killed_trees()