| audit.c (0dd8e06bdaa0a97e706ee1a489a1f6176c4ddc64) | audit.c (2a0a6ebee1d68552152ae8d4aeda91d806995dec) |
|---|---|
| 1/* audit.c -- Auditing support | 1/* audit.c -- Auditing support -*- linux-c -*- |
| 2 * Gateway between the kernel (e.g., selinux) and the user-space audit daemon. 3 * System-call specific features have moved to auditsc.c 4 * 5 * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina. 6 * All Rights Reserved. 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by --- 23 unchanged lines hidden (view full) --- 33 * 3) Ability to disable syscall auditing at boot time (audit=0). 34 * 4) Usable by other parts of the kernel (if audit_log* is called, 35 * then a syscall record will be generated automatically for the 36 * current syscall). 37 * 5) Netlink interface to user-space. 38 * 6) Support low-overhead kernel-based filtering to minimize the 39 * information that must be passed to user-space. 40 * | 2 * Gateway between the kernel (e.g., selinux) and the user-space audit daemon. 3 * System-call specific features have moved to auditsc.c 4 * 5 * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina. 6 * All Rights Reserved. 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by --- 23 unchanged lines hidden (view full) --- 33 * 3) Ability to disable syscall auditing at boot time (audit=0). 34 * 4) Usable by other parts of the kernel (if audit_log* is called, 35 * then a syscall record will be generated automatically for the 36 * current syscall). 37 * 5) Netlink interface to user-space. 38 * 6) Support low-overhead kernel-based filtering to minimize the 39 * information that must be passed to user-space. 40 * |
| 41 * Example user-space utilities: http://people.redhat.com/sgrubb/audit/ | 41 * Example user-space utilities: http://people.redhat.com/faith/audit/ |
| 42 */ 43 44#include <linux/init.h> 45#include <asm/atomic.h> 46#include <asm/types.h> 47#include <linux/mm.h> 48#include <linux/module.h> 49 --- 87 unchanged lines hidden (view full) --- 137 int len; /* used area of tmp */ 138 char tmp[AUDIT_BUFSIZ]; 139 140 /* Pointer to header and contents */ 141 struct nlmsghdr *nlh; 142 int total; 143 int type; 144 int pid; | 42 */ 43 44#include <linux/init.h> 45#include <asm/atomic.h> 46#include <asm/types.h> 47#include <linux/mm.h> 48#include <linux/module.h> 49 --- 87 unchanged lines hidden (view full) --- 137 int len; /* used area of tmp */ 138 char tmp[AUDIT_BUFSIZ]; 139 140 /* Pointer to header and contents */ 141 struct nlmsghdr *nlh; 142 int total; 143 int type; 144 int pid; |
| 145 int count; /* Times requeued */ |
|
| 145}; 146 147void audit_set_type(struct audit_buffer *ab, int type) 148{ 149 ab->type = type; 150} 151 152struct audit_entry { --- 80 unchanged lines hidden (view full) --- 233 atomic_read(&audit_backlog), 234 audit_rate_limit, 235 audit_backlog_limit); 236 audit_panic(message); 237 } 238 239} 240 | 146}; 147 148void audit_set_type(struct audit_buffer *ab, int type) 149{ 150 ab->type = type; 151} 152 153struct audit_entry { --- 80 unchanged lines hidden (view full) --- 234 atomic_read(&audit_backlog), 235 audit_rate_limit, 236 audit_backlog_limit); 237 audit_panic(message); 238 } 239 240} 241 |
| 241static int audit_set_rate_limit(int limit, uid_t loginuid) | 242static int audit_set_rate_limit(int limit) |
| 242{ 243 int old = audit_rate_limit; 244 audit_rate_limit = limit; | 243{ 244 int old = audit_rate_limit; 245 audit_rate_limit = limit; |
| 245 audit_log(NULL, "audit_rate_limit=%d old=%d by auid %u", 246 audit_rate_limit, old, loginuid); | 246 audit_log(current->audit_context, "audit_rate_limit=%d old=%d", 247 audit_rate_limit, old); |
| 247 return old; 248} 249 | 248 return old; 249} 250 |
| 250static int audit_set_backlog_limit(int limit, uid_t loginuid) | 251static int audit_set_backlog_limit(int limit) |
| 251{ 252 int old = audit_backlog_limit; 253 audit_backlog_limit = limit; | 252{ 253 int old = audit_backlog_limit; 254 audit_backlog_limit = limit; |
| 254 audit_log(NULL, "audit_backlog_limit=%d old=%d by auid %u", 255 audit_backlog_limit, old, loginuid); | 255 audit_log(current->audit_context, "audit_backlog_limit=%d old=%d", 256 audit_backlog_limit, old); |
| 256 return old; 257} 258 | 257 return old; 258} 259 |
| 259static int audit_set_enabled(int state, uid_t loginuid) | 260static int audit_set_enabled(int state) |
| 260{ 261 int old = audit_enabled; 262 if (state != 0 && state != 1) 263 return -EINVAL; 264 audit_enabled = state; | 261{ 262 int old = audit_enabled; 263 if (state != 0 && state != 1) 264 return -EINVAL; 265 audit_enabled = state; |
| 265 audit_log(NULL, "audit_enabled=%d old=%d by auid %u", 266 audit_enabled, old, loginuid); | 266 audit_log(current->audit_context, "audit_enabled=%d old=%d", 267 audit_enabled, old); |
| 267 return old; 268} 269 | 268 return old; 269} 270 |
| 270static int audit_set_failure(int state, uid_t loginuid) | 271static int audit_set_failure(int state) |
| 271{ 272 int old = audit_failure; 273 if (state != AUDIT_FAIL_SILENT 274 && state != AUDIT_FAIL_PRINTK 275 && state != AUDIT_FAIL_PANIC) 276 return -EINVAL; 277 audit_failure = state; | 272{ 273 int old = audit_failure; 274 if (state != AUDIT_FAIL_SILENT 275 && state != AUDIT_FAIL_PRINTK 276 && state != AUDIT_FAIL_PANIC) 277 return -EINVAL; 278 audit_failure = state; |
| 278 audit_log(NULL, "audit_failure=%d old=%d by auid %u", 279 audit_failure, old, loginuid); | 279 audit_log(current->audit_context, "audit_failure=%d old=%d", 280 audit_failure, old); |
| 280 return old; 281} 282 283#ifdef CONFIG_NET 284void audit_send_reply(int pid, int seq, int type, int done, int multi, 285 void *payload, int size) 286{ 287 struct sk_buff *skb; --- 50 unchanged lines hidden (view full) --- 338static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 339{ 340 u32 uid, pid, seq; 341 void *data; 342 struct audit_status *status_get, status_set; 343 int err; 344 struct audit_buffer *ab; 345 u16 msg_type = nlh->nlmsg_type; | 281 return old; 282} 283 284#ifdef CONFIG_NET 285void audit_send_reply(int pid, int seq, int type, int done, int multi, 286 void *payload, int size) 287{ 288 struct sk_buff *skb; --- 50 unchanged lines hidden (view full) --- 339static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) 340{ 341 u32 uid, pid, seq; 342 void *data; 343 struct audit_status *status_get, status_set; 344 int err; 345 struct audit_buffer *ab; 346 u16 msg_type = nlh->nlmsg_type; |
| 346 uid_t loginuid; /* loginuid of sender */ | |
| 347 348 err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type); 349 if (err) 350 return err; 351 352 pid = NETLINK_CREDS(skb)->pid; 353 uid = NETLINK_CREDS(skb)->uid; | 347 348 err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type); 349 if (err) 350 return err; 351 352 pid = NETLINK_CREDS(skb)->pid; 353 uid = NETLINK_CREDS(skb)->uid; |
| 354 loginuid = NETLINK_CB(skb).loginuid; | |
| 355 seq = nlh->nlmsg_seq; 356 data = NLMSG_DATA(nlh); 357 358 switch (msg_type) { 359 case AUDIT_GET: 360 status_set.enabled = audit_enabled; 361 status_set.failure = audit_failure; 362 status_set.pid = audit_pid; --- 4 unchanged lines hidden (view full) --- 367 audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_GET, 0, 0, 368 &status_set, sizeof(status_set)); 369 break; 370 case AUDIT_SET: 371 if (nlh->nlmsg_len < sizeof(struct audit_status)) 372 return -EINVAL; 373 status_get = (struct audit_status *)data; 374 if (status_get->mask & AUDIT_STATUS_ENABLED) { | 354 seq = nlh->nlmsg_seq; 355 data = NLMSG_DATA(nlh); 356 357 switch (msg_type) { 358 case AUDIT_GET: 359 status_set.enabled = audit_enabled; 360 status_set.failure = audit_failure; 361 status_set.pid = audit_pid; --- 4 unchanged lines hidden (view full) --- 366 audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_GET, 0, 0, 367 &status_set, sizeof(status_set)); 368 break; 369 case AUDIT_SET: 370 if (nlh->nlmsg_len < sizeof(struct audit_status)) 371 return -EINVAL; 372 status_get = (struct audit_status *)data; 373 if (status_get->mask & AUDIT_STATUS_ENABLED) { |
| 375 err = audit_set_enabled(status_get->enabled, loginuid); | 374 err = audit_set_enabled(status_get->enabled); |
| 376 if (err < 0) return err; 377 } 378 if (status_get->mask & AUDIT_STATUS_FAILURE) { | 375 if (err < 0) return err; 376 } 377 if (status_get->mask & AUDIT_STATUS_FAILURE) { |
| 379 err = audit_set_failure(status_get->failure, loginuid); | 378 err = audit_set_failure(status_get->failure); |
| 380 if (err < 0) return err; 381 } 382 if (status_get->mask & AUDIT_STATUS_PID) { 383 int old = audit_pid; 384 audit_pid = status_get->pid; | 379 if (err < 0) return err; 380 } 381 if (status_get->mask & AUDIT_STATUS_PID) { 382 int old = audit_pid; 383 audit_pid = status_get->pid; |
| 385 audit_log(NULL, "audit_pid=%d old=%d by auid %u", 386 audit_pid, old, loginuid); | 384 audit_log(current->audit_context, 385 "audit_pid=%d old=%d", audit_pid, old); |
| 387 } 388 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) | 386 } 387 if (status_get->mask & AUDIT_STATUS_RATE_LIMIT) |
| 389 audit_set_rate_limit(status_get->rate_limit, loginuid); | 388 audit_set_rate_limit(status_get->rate_limit); |
| 390 if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) | 389 if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT) |
| 391 audit_set_backlog_limit(status_get->backlog_limit, 392 loginuid); | 390 audit_set_backlog_limit(status_get->backlog_limit); |
| 393 break; 394 case AUDIT_USER: 395 ab = audit_log_start(NULL); 396 if (!ab) 397 break; /* audit_panic has been called */ 398 audit_log_format(ab, | 391 break; 392 case AUDIT_USER: 393 ab = audit_log_start(NULL); 394 if (!ab) 395 break; /* audit_panic has been called */ 396 audit_log_format(ab, |
| 399 "user pid=%d uid=%d length=%d loginuid=%u" 400 " msg='%.1024s'", | 397 "user pid=%d uid=%d length=%d msg='%.1024s'", |
| 401 pid, uid, 402 (int)(nlh->nlmsg_len 403 - ((char *)data - (char *)nlh)), | 398 pid, uid, 399 (int)(nlh->nlmsg_len 400 - ((char *)data - (char *)nlh)), |
| 404 loginuid, (char *)data); | 401 (char *)data); |
| 405 ab->type = AUDIT_USER; 406 ab->pid = pid; 407 audit_log_end(ab); 408 break; 409 case AUDIT_ADD: 410 case AUDIT_DEL: 411 if (nlh->nlmsg_len < sizeof(struct audit_rule)) 412 return -EINVAL; 413 /* fallthrough */ 414 case AUDIT_LIST: 415#ifdef CONFIG_AUDITSYSCALL 416 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, | 402 ab->type = AUDIT_USER; 403 ab->pid = pid; 404 audit_log_end(ab); 405 break; 406 case AUDIT_ADD: 407 case AUDIT_DEL: 408 if (nlh->nlmsg_len < sizeof(struct audit_rule)) 409 return -EINVAL; 410 /* fallthrough */ 411 case AUDIT_LIST: 412#ifdef CONFIG_AUDITSYSCALL 413 err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid, |
| 417 uid, seq, data, loginuid); | 414 uid, seq, data); |
| 418#else 419 err = -EOPNOTSUPP; 420#endif 421 break; 422 default: 423 err = -EINVAL; 424 break; 425 } 426 427 return err < 0 ? err : 0; 428} 429 430/* Get message from skb (based on rtnetlink_rcv_skb). Each message is 431 * processed by audit_receive_msg. Malformed skbs with wrong length are 432 * discarded silently. */ | 415#else 416 err = -EOPNOTSUPP; 417#endif 418 break; 419 default: 420 err = -EINVAL; 421 break; 422 } 423 424 return err < 0 ? err : 0; 425} 426 427/* Get message from skb (based on rtnetlink_rcv_skb). Each message is 428 * processed by audit_receive_msg. Malformed skbs with wrong length are 429 * discarded silently. */ |
| 433static int audit_receive_skb(struct sk_buff *skb) | 430static void audit_receive_skb(struct sk_buff *skb) |
| 434{ 435 int err; 436 struct nlmsghdr *nlh; 437 u32 rlen; 438 439 while (skb->len >= NLMSG_SPACE(0)) { 440 nlh = (struct nlmsghdr *)skb->data; 441 if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len) | 431{ 432 int err; 433 struct nlmsghdr *nlh; 434 u32 rlen; 435 436 while (skb->len >= NLMSG_SPACE(0)) { 437 nlh = (struct nlmsghdr *)skb->data; 438 if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len) |
| 442 return 0; | 439 return; |
| 443 rlen = NLMSG_ALIGN(nlh->nlmsg_len); 444 if (rlen > skb->len) 445 rlen = skb->len; 446 if ((err = audit_receive_msg(skb, nlh))) { 447 netlink_ack(skb, nlh, err); 448 } else if (nlh->nlmsg_flags & NLM_F_ACK) 449 netlink_ack(skb, nlh, 0); 450 skb_pull(skb, rlen); 451 } | 440 rlen = NLMSG_ALIGN(nlh->nlmsg_len); 441 if (rlen > skb->len) 442 rlen = skb->len; 443 if ((err = audit_receive_msg(skb, nlh))) { 444 netlink_ack(skb, nlh, err); 445 } else if (nlh->nlmsg_flags & NLM_F_ACK) 446 netlink_ack(skb, nlh, 0); 447 skb_pull(skb, rlen); 448 } |
| 452 return 0; | |
| 453} 454 455/* Receive messages from netlink socket. */ 456static void audit_receive(struct sock *sk, int length) 457{ 458 struct sk_buff *skb; | 449} 450 451/* Receive messages from netlink socket. */ 452static void audit_receive(struct sock *sk, int length) 453{ 454 struct sk_buff *skb; |
| 455 unsigned int qlen; |
|
| 459 | 456 |
| 460 if (down_trylock(&audit_netlink_sem)) 461 return; | 457 down(&audit_netlink_sem); |
| 462 | 458 |
| 463 /* FIXME: this must not cause starvation */ 464 while ((skb = skb_dequeue(&sk->sk_receive_queue))) { 465 if (audit_receive_skb(skb) && skb->len) 466 skb_queue_head(&sk->sk_receive_queue, skb); 467 else 468 kfree_skb(skb); | 459 for (qlen = skb_queue_len(&sk->sk_receive_queue); qlen; qlen--) { 460 skb = skb_dequeue(&sk->sk_receive_queue); 461 audit_receive_skb(skb); 462 kfree_skb(skb); |
| 469 } 470 up(&audit_netlink_sem); 471} 472 473/* Move data from tmp buffer into an skb. This is an extra copy, and 474 * that is unfortunate. However, the copy will only occur when a record 475 * is being written to user space, which is already a high-overhead 476 * operation. (Elimination of the copy is possible, for example, by --- 4 unchanged lines hidden (view full) --- 481 struct sk_buff *skb; 482 char *start; 483 int extra = ab->nlh ? 0 : NLMSG_SPACE(0); 484 485 /* possible resubmission */ 486 if (ab->len == 0) 487 return; 488 | 463 } 464 up(&audit_netlink_sem); 465} 466 467/* Move data from tmp buffer into an skb. This is an extra copy, and 468 * that is unfortunate. However, the copy will only occur when a record 469 * is being written to user space, which is already a high-overhead 470 * operation. (Elimination of the copy is possible, for example, by --- 4 unchanged lines hidden (view full) --- 475 struct sk_buff *skb; 476 char *start; 477 int extra = ab->nlh ? 0 : NLMSG_SPACE(0); 478 479 /* possible resubmission */ 480 if (ab->len == 0) 481 return; 482 |
| 489 skb = skb_peek_tail(&ab->sklist); | 483 skb = skb_peek(&ab->sklist); |
| 490 if (!skb || skb_tailroom(skb) <= ab->len + extra) { 491 skb = alloc_skb(2 * ab->len + extra, GFP_ATOMIC); 492 if (!skb) { 493 ab->len = 0; /* Lose information in ab->tmp */ 494 audit_log_lost("out of memory in audit_log_move"); 495 return; 496 } 497 __skb_queue_tail(&ab->sklist, skb); --- 22 unchanged lines hidden (view full) --- 520 ab->nlh->nlmsg_flags = 0; 521 ab->nlh->nlmsg_seq = 0; 522 ab->nlh->nlmsg_pid = ab->pid; 523 } 524 skb_get(skb); /* because netlink_* frees */ 525 retval = netlink_unicast(audit_sock, skb, audit_pid, 526 MSG_DONTWAIT); 527 } | 484 if (!skb || skb_tailroom(skb) <= ab->len + extra) { 485 skb = alloc_skb(2 * ab->len + extra, GFP_ATOMIC); 486 if (!skb) { 487 ab->len = 0; /* Lose information in ab->tmp */ 488 audit_log_lost("out of memory in audit_log_move"); 489 return; 490 } 491 __skb_queue_tail(&ab->sklist, skb); --- 22 unchanged lines hidden (view full) --- 514 ab->nlh->nlmsg_flags = 0; 515 ab->nlh->nlmsg_seq = 0; 516 ab->nlh->nlmsg_pid = ab->pid; 517 } 518 skb_get(skb); /* because netlink_* frees */ 519 retval = netlink_unicast(audit_sock, skb, audit_pid, 520 MSG_DONTWAIT); 521 } |
| 528 if (retval == -EAGAIN && 529 (atomic_read(&audit_backlog)) < audit_backlog_limit) { 530 skb_queue_head(&ab->sklist, skb); | 522 if (retval == -EAGAIN && ab->count < 5) { 523 ++ab->count; 524 skb_queue_tail(&ab->sklist, skb); |
| 531 audit_log_end_irq(ab); 532 return 1; 533 } 534 if (retval < 0) { 535 if (retval == -ECONNREFUSED) { 536 printk(KERN_ERR 537 "audit: *NO* daemon at audit_pid=%d\n", 538 audit_pid); 539 audit_pid = 0; 540 } else 541 audit_log_lost("netlink socket too busy"); 542 } 543 if (!audit_pid) { /* No daemon */ 544 int offset = ab->nlh ? NLMSG_SPACE(0) : 0; 545 int len = skb->len - offset; | 525 audit_log_end_irq(ab); 526 return 1; 527 } 528 if (retval < 0) { 529 if (retval == -ECONNREFUSED) { 530 printk(KERN_ERR 531 "audit: *NO* daemon at audit_pid=%d\n", 532 audit_pid); 533 audit_pid = 0; 534 } else 535 audit_log_lost("netlink socket too busy"); 536 } 537 if (!audit_pid) { /* No daemon */ 538 int offset = ab->nlh ? NLMSG_SPACE(0) : 0; 539 int len = skb->len - offset; |
| 546 skb->data[offset + len] = '\0'; 547 printk(KERN_ERR "%s\n", skb->data + offset); | 540 printk(KERN_ERR "%*.*s\n", 541 len, len, skb->data + offset); |
| 548 } 549 kfree_skb(skb); 550 ab->nlh = NULL; 551 } 552 return 0; 553} 554 555/* Initialize audit support at boot time. */ --- 62 unchanged lines hidden (view full) --- 618 * syscall, then the syscall is marked as auditable and an audit record 619 * will be written at syscall exit. If there is no associated task, tsk 620 * should be NULL. */ 621struct audit_buffer *audit_log_start(struct audit_context *ctx) 622{ 623 struct audit_buffer *ab = NULL; 624 unsigned long flags; 625 struct timespec t; | 542 } 543 kfree_skb(skb); 544 ab->nlh = NULL; 545 } 546 return 0; 547} 548 549/* Initialize audit support at boot time. */ --- 62 unchanged lines hidden (view full) --- 612 * syscall, then the syscall is marked as auditable and an audit record 613 * will be written at syscall exit. If there is no associated task, tsk 614 * should be NULL. */ 615struct audit_buffer *audit_log_start(struct audit_context *ctx) 616{ 617 struct audit_buffer *ab = NULL; 618 unsigned long flags; 619 struct timespec t; |
| 626 unsigned int serial; | 620 int serial = 0; |
| 627 628 if (!audit_initialized) 629 return NULL; 630 631 if (audit_backlog_limit 632 && atomic_read(&audit_backlog) > audit_backlog_limit) { 633 if (audit_rate_check()) 634 printk(KERN_WARNING --- 25 unchanged lines hidden (view full) --- 660 skb_queue_head_init(&ab->sklist); 661 662 ab->ctx = ctx; 663 ab->len = 0; 664 ab->nlh = NULL; 665 ab->total = 0; 666 ab->type = AUDIT_KERNEL; 667 ab->pid = 0; | 621 622 if (!audit_initialized) 623 return NULL; 624 625 if (audit_backlog_limit 626 && atomic_read(&audit_backlog) > audit_backlog_limit) { 627 if (audit_rate_check()) 628 printk(KERN_WARNING --- 25 unchanged lines hidden (view full) --- 654 skb_queue_head_init(&ab->sklist); 655 656 ab->ctx = ctx; 657 ab->len = 0; 658 ab->nlh = NULL; 659 ab->total = 0; 660 ab->type = AUDIT_KERNEL; 661 ab->pid = 0; |
| 662 ab->count = 0; |
|
| 668 669#ifdef CONFIG_AUDITSYSCALL 670 if (ab->ctx) 671 audit_get_stamp(ab->ctx, &t, &serial); 672 else 673#endif | 663 664#ifdef CONFIG_AUDITSYSCALL 665 if (ab->ctx) 666 audit_get_stamp(ab->ctx, &t, &serial); 667 else 668#endif |
| 674 { | |
| 675 t = CURRENT_TIME; | 669 t = CURRENT_TIME; |
| 676 serial = 0; 677 } | 670 |
| 678 audit_log_format(ab, "audit(%lu.%03lu:%u): ", 679 t.tv_sec, t.tv_nsec/1000000, serial); 680 return ab; 681} 682 683 684/* Format an audit message into the audit buffer. If there isn't enough 685 * room in the audit buffer, more room will be allocated and vsnprint --- 33 unchanged lines hidden (view full) --- 719 720 if (!ab) 721 return; 722 va_start(args, fmt); 723 audit_log_vformat(ab, fmt, args); 724 va_end(args); 725} 726 | 671 audit_log_format(ab, "audit(%lu.%03lu:%u): ", 672 t.tv_sec, t.tv_nsec/1000000, serial); 673 return ab; 674} 675 676 677/* Format an audit message into the audit buffer. If there isn't enough 678 * room in the audit buffer, more room will be allocated and vsnprint --- 33 unchanged lines hidden (view full) --- 712 713 if (!ab) 714 return; 715 va_start(args, fmt); 716 audit_log_vformat(ab, fmt, args); 717 va_end(args); 718} 719 |
| 727void audit_log_hex(struct audit_buffer *ab, const unsigned char *buf, size_t len) 728{ 729 int i; 730 731 for (i=0; i<len; i++) 732 audit_log_format(ab, "%02x", buf[i]); 733} 734 735void audit_log_untrustedstring(struct audit_buffer *ab, const char *string) 736{ 737 const unsigned char *p = string; 738 739 while (*p) { 740 if (*p == '"' || *p == ' ' || *p < 0x20 || *p > 0x7f) { 741 audit_log_hex(ab, string, strlen(string)); 742 return; 743 } 744 p++; 745 } 746 audit_log_format(ab, "\"%s\"", string); 747} 748 749 | |
| 750/* This is a helper-function to print the d_path without using a static 751 * buffer or allocating another buffer in addition to the one in 752 * audit_buffer. */ 753void audit_log_d_path(struct audit_buffer *ab, const char *prefix, 754 struct dentry *dentry, struct vfsmount *vfsmnt) 755{ 756 char *p; 757 int len, avail; --- 109 unchanged lines hidden --- | 720/* This is a helper-function to print the d_path without using a static 721 * buffer or allocating another buffer in addition to the one in 722 * audit_buffer. */ 723void audit_log_d_path(struct audit_buffer *ab, const char *prefix, 724 struct dentry *dentry, struct vfsmount *vfsmnt) 725{ 726 char *p; 727 int len, avail; --- 109 unchanged lines hidden --- |