Audit: collect sessionid in netlink messages
authorEric Paris <eparis@redhat.com>
Fri, 18 Apr 2008 14:09:25 +0000 (10:09 -0400)
committerAl Viro <viro@zeniv.linux.org.uk>
Mon, 28 Apr 2008 10:18:03 +0000 (06:18 -0400)
Previously I added sessionid output to all audit messages where it was
available but we still didn't know the sessionid of the sender of
netlink messages.  This patch adds that information to netlink messages
so we can audit who sent netlink messages.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
17 files changed:
drivers/char/tty_audit.c
include/linux/audit.h
include/linux/netlink.h
include/linux/tty.h
include/net/netlabel.h
include/net/xfrm.h
kernel/audit.c
kernel/auditfilter.c
net/key/af_key.c
net/netlabel/netlabel_unlabeled.c
net/netlabel/netlabel_user.c
net/netlabel/netlabel_user.h
net/netlink/af_netlink.c
net/xfrm/xfrm_policy.c
net/xfrm/xfrm_state.c
net/xfrm/xfrm_user.c
security/smack/smackfs.c

index 7722466e052faedeb2ec999ba0b2f67f8b300e3e..9739bbfc8f70bc23fab96c1ef98ace34d272b937 100644 (file)
@@ -151,14 +151,9 @@ void tty_audit_fork(struct signal_struct *sig)
 /**
  *     tty_audit_push_task     -       Flush task's pending audit data
  */
-void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid)
+void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)
 {
        struct tty_audit_buf *buf;
-       /* FIXME I think this is correct.  Check against netlink once that is
-        * I really need to read this code more closely.  But that's for
-        * another patch.
-        */
-       unsigned int sessionid = audit_get_sessionid(tsk);
 
        spin_lock_irq(&tsk->sighand->siglock);
        buf = tsk->signal->tty_audit_buf;
index 4ccb048cae1de97e0b4c9627f60c1f8cd7894f48..25f6ae30dd4bd8f3d9a8a79ca048a1d3697af313 100644 (file)
@@ -569,7 +569,8 @@ extern int              audit_update_lsm_rules(void);
 extern int audit_filter_user(struct netlink_skb_parms *cb, int type);
 extern int audit_filter_type(int type);
 extern int  audit_receive_filter(int type, int pid, int uid, int seq,
-                        void *data, size_t datasz, uid_t loginuid, u32 sid);
+                               void *data, size_t datasz, uid_t loginuid,
+                               u32 sessionid, u32 sid);
 extern int audit_enabled;
 #else
 #define audit_log(c,g,t,f,...) do { ; } while (0)
index fb0713b6ffaf910d6d5d58462d29f5fe2db03f8f..bec1062a25a1e83146e8478f2bb8443a05fcf288 100644 (file)
@@ -166,6 +166,7 @@ struct netlink_skb_parms
        __u32                   dst_group;
        kernel_cap_t            eff_cap;
        __u32                   loginuid;       /* Login (audit) uid */
+       __u32                   sessionid;      /* Session id (audit) */
        __u32                   sid;            /* SELinux security id */
 };
 
index dd8e08fe88551a3d9c9ca2529226bfa55631e69b..430624504ca0e553d5d2b338b41b2c45233a0540 100644 (file)
@@ -351,7 +351,7 @@ extern void tty_audit_add_data(struct tty_struct *tty, unsigned char *data,
 extern void tty_audit_exit(void);
 extern void tty_audit_fork(struct signal_struct *sig);
 extern void tty_audit_push(struct tty_struct *tty);
-extern void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid);
+extern void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid);
 extern void tty_audit_opening(void);
 #else
 static inline void tty_audit_add_data(struct tty_struct *tty,
@@ -367,7 +367,7 @@ static inline void tty_audit_fork(struct signal_struct *sig)
 static inline void tty_audit_push(struct tty_struct *tty)
 {
 }
-static inline void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid)
+static inline void tty_audit_push_task(struct task_struct *tsk, uid_t loginuid, u32 sessionid)
 {
 }
 static inline void tty_audit_opening(void)
index 5e53a85b5ca1bc56014a192b50304800298ae386..e4d2d6baa98388e4d673f5f57ddc20405a3fdb69 100644 (file)
@@ -103,6 +103,7 @@ struct cipso_v4_doi;
 struct netlbl_audit {
        u32 secid;
        uid_t loginuid;
+       u32 sessionid;
 };
 
 /*
index baa9f372cfd165b7496954bef31510990d4190bd..d1350bcccb03c68efb07bac000b16c0f9cb49ca1 100644 (file)
@@ -597,8 +597,9 @@ struct xfrm_spi_skb_cb {
 /* Audit Information */
 struct xfrm_audit
 {
-       u32     loginuid;
        u32     secid;
+       uid_t   loginuid;
+       u32     sessionid;
 };
 
 #ifdef CONFIG_AUDITSYSCALL
@@ -616,13 +617,13 @@ static inline struct audit_buffer *xfrm_audit_start(const char *op)
        return audit_buf;
 }
 
-static inline void xfrm_audit_helper_usrinfo(u32 auid, u32 secid,
+static inline void xfrm_audit_helper_usrinfo(uid_t auid, u32 ses, u32 secid,
                                             struct audit_buffer *audit_buf)
 {
        char *secctx;
        u32 secctx_len;
 
-       audit_log_format(audit_buf, " auid=%u", auid);
+       audit_log_format(audit_buf, " auid=%u ses=%u", auid, ses);
        if (secid != 0 &&
            security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) {
                audit_log_format(audit_buf, " subj=%s", secctx);
@@ -632,13 +633,13 @@ static inline void xfrm_audit_helper_usrinfo(u32 auid, u32 secid,
 }
 
 extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
-                                 u32 auid, u32 secid);
+                                 u32 auid, u32 ses, u32 secid);
 extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
-                                 u32 auid, u32 secid);
+                                 u32 auid, u32 ses, u32 secid);
 extern void xfrm_audit_state_add(struct xfrm_state *x, int result,
-                                u32 auid, u32 secid);
+                                u32 auid, u32 ses, u32 secid);
 extern void xfrm_audit_state_delete(struct xfrm_state *x, int result,
-                                   u32 auid, u32 secid);
+                                   u32 auid, u32 ses, u32 secid);
 extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
                                             struct sk_buff *skb);
 extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family);
@@ -647,10 +648,10 @@ extern void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
 extern void xfrm_audit_state_icvfail(struct xfrm_state *x,
                                     struct sk_buff *skb, u8 proto);
 #else
-#define xfrm_audit_policy_add(x, r, a, s)      do { ; } while (0)
-#define xfrm_audit_policy_delete(x, r, a, s)   do { ; } while (0)
-#define xfrm_audit_state_add(x, r, a, s)       do { ; } while (0)
-#define xfrm_audit_state_delete(x, r, a, s)    do { ; } while (0)
+#define xfrm_audit_policy_add(x, r, a, se, s)  do { ; } while (0)
+#define xfrm_audit_policy_delete(x, r, a, se, s)       do { ; } while (0)
+#define xfrm_audit_state_add(x, r, a, se, s)   do { ; } while (0)
+#define xfrm_audit_state_delete(x, r, a, se, s)        do { ; } while (0)
 #define xfrm_audit_state_replay_overflow(x, s) do { ; } while (0)
 #define xfrm_audit_state_notfound_simple(s, f) do { ; } while (0)
 #define xfrm_audit_state_notfound(s, f, sp, sq)        do { ; } while (0)
index a7b16086d36f7b863a19697eed4877b67226b197..ad6d1abfa1d2687e1828a32f2fe187323b69a4e0 100644 (file)
@@ -252,14 +252,15 @@ void audit_log_lost(const char *message)
 }
 
 static int audit_log_config_change(char *function_name, int new, int old,
-                                  uid_t loginuid, u32 sid, int allow_changes)
+                                  uid_t loginuid, u32 sessionid, u32 sid,
+                                  int allow_changes)
 {
        struct audit_buffer *ab;
        int rc = 0;
 
        ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
-       audit_log_format(ab, "%s=%d old=%d by auid=%u", function_name, new,
-                        old, loginuid);
+       audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new,
+                        old, loginuid, sessionid);
        if (sid) {
                char *ctx = NULL;
                u32 len;
@@ -279,7 +280,8 @@ static int audit_log_config_change(char *function_name, int new, int old,
 }
 
 static int audit_do_config_change(char *function_name, int *to_change,
-                                 int new, uid_t loginuid, u32 sid)
+                                 int new, uid_t loginuid, u32 sessionid,
+                                 u32 sid)
 {
        int allow_changes, rc = 0, old = *to_change;
 
@@ -290,8 +292,8 @@ static int audit_do_config_change(char *function_name, int *to_change,
                allow_changes = 1;
 
        if (audit_enabled != AUDIT_OFF) {
-               rc = audit_log_config_change(function_name, new, old,
-                                            loginuid, sid, allow_changes);
+               rc = audit_log_config_change(function_name, new, old, loginuid,
+                                            sessionid, sid, allow_changes);
                if (rc)
                        allow_changes = 0;
        }
@@ -305,26 +307,28 @@ static int audit_do_config_change(char *function_name, int *to_change,
        return rc;
 }
 
-static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sid)
+static int audit_set_rate_limit(int limit, uid_t loginuid, u32 sessionid,
+                               u32 sid)
 {
        return audit_do_config_change("audit_rate_limit", &audit_rate_limit,
-                                     limit, loginuid, sid);
+                                     limit, loginuid, sessionid, sid);
 }
 
-static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sid)
+static int audit_set_backlog_limit(int limit, uid_t loginuid, u32 sessionid,
+                                  u32 sid)
 {
        return audit_do_config_change("audit_backlog_limit", &audit_backlog_limit,
-                                     limit, loginuid, sid);
+                                     limit, loginuid, sessionid, sid);
 }
 
-static int audit_set_enabled(int state, uid_t loginuid, u32 sid)
+static int audit_set_enabled(int state, uid_t loginuid, u32 sessionid, u32 sid)
 {
        int rc;
        if (state < AUDIT_OFF || state > AUDIT_LOCKED)
                return -EINVAL;
 
        rc =  audit_do_config_change("audit_enabled", &audit_enabled, state,
-                                    loginuid, sid);
+                                    loginuid, sessionid, sid);
 
        if (!rc)
                audit_ever_enabled |= !!state;
@@ -332,7 +336,7 @@ static int audit_set_enabled(int state, uid_t loginuid, u32 sid)
        return rc;
 }
 
-static int audit_set_failure(int state, uid_t loginuid, u32 sid)
+static int audit_set_failure(int state, uid_t loginuid, u32 sessionid, u32 sid)
 {
        if (state != AUDIT_FAIL_SILENT
            && state != AUDIT_FAIL_PRINTK
@@ -340,7 +344,7 @@ static int audit_set_failure(int state, uid_t loginuid, u32 sid)
                return -EINVAL;
 
        return audit_do_config_change("audit_failure", &audit_failure, state,
-                                     loginuid, sid);
+                                     loginuid, sessionid, sid);
 }
 
 static int kauditd_thread(void *dummy)
@@ -385,7 +389,7 @@ static int kauditd_thread(void *dummy)
        return 0;
 }
 
-static int audit_prepare_user_tty(pid_t pid, uid_t loginuid)
+static int audit_prepare_user_tty(pid_t pid, uid_t loginuid, u32 sessionid)
 {
        struct task_struct *tsk;
        int err;
@@ -404,7 +408,7 @@ static int audit_prepare_user_tty(pid_t pid, uid_t loginuid)
        if (err)
                goto out;
 
-       tty_audit_push_task(tsk, loginuid);
+       tty_audit_push_task(tsk, loginuid, sessionid);
 out:
        read_unlock(&tasklist_lock);
        return err;
@@ -534,7 +538,8 @@ static int audit_netlink_ok(struct sk_buff *skb, u16 msg_type)
 }
 
 static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
-                                    u32 pid, u32 uid, uid_t auid, u32 sid)
+                                    u32 pid, u32 uid, uid_t auid, u32 ses,
+                                    u32 sid)
 {
        int rc = 0;
        char *ctx = NULL;
@@ -546,8 +551,8 @@ static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
        }
 
        *ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
-       audit_log_format(*ab, "user pid=%d uid=%u auid=%u",
-                        pid, uid, auid);
+       audit_log_format(*ab, "user pid=%d uid=%u auid=%u ses=%u",
+                        pid, uid, auid, ses);
        if (sid) {
                rc = security_secid_to_secctx(sid, &ctx, &len);
                if (rc)
@@ -570,6 +575,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
        struct audit_buffer     *ab;
        u16                     msg_type = nlh->nlmsg_type;
        uid_t                   loginuid; /* loginuid of sender */
+       u32                     sessionid;
        struct audit_sig_info   *sig_data;
        char                    *ctx = NULL;
        u32                     len;
@@ -591,6 +597,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
        pid  = NETLINK_CREDS(skb)->pid;
        uid  = NETLINK_CREDS(skb)->uid;
        loginuid = NETLINK_CB(skb).loginuid;
+       sessionid = NETLINK_CB(skb).sessionid;
        sid  = NETLINK_CB(skb).sid;
        seq  = nlh->nlmsg_seq;
        data = NLMSG_DATA(nlh);
@@ -613,12 +620,12 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                status_get   = (struct audit_status *)data;
                if (status_get->mask & AUDIT_STATUS_ENABLED) {
                        err = audit_set_enabled(status_get->enabled,
-                                                       loginuid, sid);
+                                               loginuid, sessionid, sid);
                        if (err < 0) return err;
                }
                if (status_get->mask & AUDIT_STATUS_FAILURE) {
                        err = audit_set_failure(status_get->failure,
-                                                        loginuid, sid);
+                                               loginuid, sessionid, sid);
                        if (err < 0) return err;
                }
                if (status_get->mask & AUDIT_STATUS_PID) {
@@ -627,17 +634,17 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                        if (audit_enabled != AUDIT_OFF)
                                audit_log_config_change("audit_pid", new_pid,
                                                        audit_pid, loginuid,
-                                                       sid, 1);
+                                                       sessionid, sid, 1);
 
                        audit_pid = new_pid;
                        audit_nlk_pid = NETLINK_CB(skb).pid;
                }
                if (status_get->mask & AUDIT_STATUS_RATE_LIMIT)
                        err = audit_set_rate_limit(status_get->rate_limit,
-                                                        loginuid, sid);
+                                                  loginuid, sessionid, sid);
                if (status_get->mask & AUDIT_STATUS_BACKLOG_LIMIT)
                        err = audit_set_backlog_limit(status_get->backlog_limit,
-                                                       loginuid, sid);
+                                                     loginuid, sessionid, sid);
                break;
        case AUDIT_USER:
        case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG:
@@ -649,12 +656,13 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                if (err == 1) {
                        err = 0;
                        if (msg_type == AUDIT_USER_TTY) {
-                               err = audit_prepare_user_tty(pid, loginuid);
+                               err = audit_prepare_user_tty(pid, loginuid,
+                                                            sessionid);
                                if (err)
                                        break;
                        }
                        audit_log_common_recv_msg(&ab, msg_type, pid, uid,
-                                                 loginuid, sid);
+                                                 loginuid, sessionid, sid);
 
                        if (msg_type != AUDIT_USER_TTY)
                                audit_log_format(ab, " msg='%.1024s'",
@@ -677,7 +685,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                        return -EINVAL;
                if (audit_enabled == AUDIT_LOCKED) {
                        audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
-                                                 uid, loginuid, sid);
+                                                 uid, loginuid, sessionid, sid);
 
                        audit_log_format(ab, " audit_enabled=%d res=0",
                                         audit_enabled);
@@ -688,7 +696,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
        case AUDIT_LIST:
                err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
                                           uid, seq, data, nlmsg_len(nlh),
-                                          loginuid, sid);
+                                          loginuid, sessionid, sid);
                break;
        case AUDIT_ADD_RULE:
        case AUDIT_DEL_RULE:
@@ -696,7 +704,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                        return -EINVAL;
                if (audit_enabled == AUDIT_LOCKED) {
                        audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
-                                                 uid, loginuid, sid);
+                                                 uid, loginuid, sessionid, sid);
 
                        audit_log_format(ab, " audit_enabled=%d res=0",
                                         audit_enabled);
@@ -707,13 +715,13 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
        case AUDIT_LIST_RULES:
                err = audit_receive_filter(nlh->nlmsg_type, NETLINK_CB(skb).pid,
                                           uid, seq, data, nlmsg_len(nlh),
-                                          loginuid, sid);
+                                          loginuid, sessionid, sid);
                break;
        case AUDIT_TRIM:
                audit_trim_trees();
 
                audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
-                                         uid, loginuid, sid);
+                                         uid, loginuid, sessionid, sid);
 
                audit_log_format(ab, " op=trim res=1");
                audit_log_end(ab);
@@ -745,7 +753,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                err = audit_tag_tree(old, new);
 
                audit_log_common_recv_msg(&ab, AUDIT_CONFIG_CHANGE, pid,
-                                         uid, loginuid, sid);
+                                         uid, loginuid, sessionid, sid);
 
                audit_log_format(ab, " op=make_equiv old=");
                audit_log_untrustedstring(ab, old);
index 28fef6bf85348ea0e363a9ecfc1b362df817656e..af3ae91c47b13dede97543d8e939ba4f76c58bce 100644 (file)
@@ -1500,8 +1500,9 @@ static void audit_list_rules(int pid, int seq, struct sk_buff_head *q)
 }
 
 /* Log rule additions and removals */
-static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action,
-                                 struct audit_krule *rule, int res)
+static void audit_log_rule_change(uid_t loginuid, u32 sessionid, u32 sid,
+                                 char *action, struct audit_krule *rule,
+                                 int res)
 {
        struct audit_buffer *ab;
 
@@ -1511,7 +1512,7 @@ static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action,
        ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
        if (!ab)
                return;
-       audit_log_format(ab, "auid=%u", loginuid);
+       audit_log_format(ab, "auid=%u ses=%u", loginuid, sessionid);
        if (sid) {
                char *ctx = NULL;
                u32 len;
@@ -1543,7 +1544,7 @@ static void audit_log_rule_change(uid_t loginuid, u32 sid, char *action,
  * @sid: SE Linux Security ID of sender
  */
 int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
-                        size_t datasz, uid_t loginuid, u32 sid)
+                        size_t datasz, uid_t loginuid, u32 sessionid, u32 sid)
 {
        struct task_struct *tsk;
        struct audit_netlink_list *dest;
@@ -1590,7 +1591,8 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
 
                err = audit_add_rule(entry,
                                     &audit_filter_list[entry->rule.listnr]);
-               audit_log_rule_change(loginuid, sid, "add", &entry->rule, !err);
+               audit_log_rule_change(loginuid, sessionid, sid, "add",
+                                     &entry->rule, !err);
 
                if (err)
                        audit_free_rule(entry);
@@ -1606,8 +1608,8 @@ int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
 
                err = audit_del_rule(entry,
                                     &audit_filter_list[entry->rule.listnr]);
-               audit_log_rule_change(loginuid, sid, "remove", &entry->rule,
-                                     !err);
+               audit_log_rule_change(loginuid, sessionid, sid, "remove",
+                                     &entry->rule, !err);
 
                audit_free_rule(entry);
                break;
index 2403a31fe0f64ea6de774982e2ba3c6b7ea36a35..9e7236ff6bcc029e6886b43c32416bcdaa51d252 100644 (file)
@@ -1498,7 +1498,8 @@ static int pfkey_add(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hdr,
                err = xfrm_state_update(x);
 
        xfrm_audit_state_add(x, err ? 0 : 1,
-                            audit_get_loginuid(current), 0);
+                            audit_get_loginuid(current),
+                            audit_get_sessionid(current), 0);
 
        if (err < 0) {
                x->km.state = XFRM_STATE_DEAD;
@@ -1552,7 +1553,8 @@ static int pfkey_delete(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
        km_state_notify(x, &c);
 out:
        xfrm_audit_state_delete(x, err ? 0 : 1,
-                              audit_get_loginuid(current), 0);
+                               audit_get_loginuid(current),
+                               audit_get_sessionid(current), 0);
        xfrm_state_put(x);
 
        return err;
@@ -1728,6 +1730,7 @@ static int pfkey_flush(struct sock *sk, struct sk_buff *skb, struct sadb_msg *hd
                return -EINVAL;
 
        audit_info.loginuid = audit_get_loginuid(current);
+       audit_info.sessionid = audit_get_sessionid(current);
        audit_info.secid = 0;
        err = xfrm_state_flush(proto, &audit_info);
        if (err)
@@ -2324,7 +2327,8 @@ static int pfkey_spdadd(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
                                 hdr->sadb_msg_type != SADB_X_SPDUPDATE);
 
        xfrm_audit_policy_add(xp, err ? 0 : 1,
-                            audit_get_loginuid(current), 0);
+                             audit_get_loginuid(current),
+                             audit_get_sessionid(current), 0);
 
        if (err)
                goto out;
@@ -2406,7 +2410,8 @@ static int pfkey_spddelete(struct sock *sk, struct sk_buff *skb, struct sadb_msg
                return -ENOENT;
 
        xfrm_audit_policy_delete(xp, err ? 0 : 1,
-                               audit_get_loginuid(current), 0);
+                                audit_get_loginuid(current),
+                                audit_get_sessionid(current), 0);
 
        if (err)
                goto out;
@@ -2667,7 +2672,8 @@ static int pfkey_spdget(struct sock *sk, struct sk_buff *skb, struct sadb_msg *h
 
        if (delete) {
                xfrm_audit_policy_delete(xp, err ? 0 : 1,
-                               audit_get_loginuid(current), 0);
+                               audit_get_loginuid(current),
+                               audit_get_sessionid(current), 0);
 
                if (err)
                        goto out;
@@ -2767,6 +2773,7 @@ static int pfkey_spdflush(struct sock *sk, struct sk_buff *skb, struct sadb_msg
        int err;
 
        audit_info.loginuid = audit_get_loginuid(current);
+       audit_info.sessionid = audit_get_sessionid(current);
        audit_info.secid = 0;
        err = xfrm_policy_flush(XFRM_POLICY_TYPE_MAIN, &audit_info);
        if (err)
index d282ad1570a77482a58b836065f79e3ae2714a61..0099da5b2591e5295429b7578688fa6949db3db1 100644 (file)
@@ -1780,6 +1780,7 @@ int __init netlbl_unlabel_defconf(void)
         * messages so don't worry to much about these values. */
        security_task_getsecid(current, &audit_info.secid);
        audit_info.loginuid = 0;
+       audit_info.sessionid = 0;
 
        entry = kzalloc(sizeof(*entry), GFP_KERNEL);
        if (entry == NULL)
index b17d4203806e2102812bcd4cbe4754340cde9395..68706b4e3bf8a5d800510854a074537c762cf73d 100644 (file)
@@ -107,7 +107,9 @@ struct audit_buffer *netlbl_audit_start_common(int type,
        if (audit_buf == NULL)
                return NULL;
 
-       audit_log_format(audit_buf, "netlabel: auid=%u", audit_info->loginuid);
+       audit_log_format(audit_buf, "netlabel: auid=%u ses=%u",
+                        audit_info->loginuid,
+                        audit_info->sessionid);
 
        if (audit_info->secid != 0 &&
            security_secid_to_secctx(audit_info->secid,
index 6d7f4ab46c2bd7499d726eac6b5190332e87e69c..6caef8b20611c55443fb1d4617f33cebfa42d835 100644 (file)
@@ -51,6 +51,7 @@ static inline void netlbl_netlink_auditinfo(struct sk_buff *skb,
 {
        audit_info->secid = NETLINK_CB(skb).sid;
        audit_info->loginuid = NETLINK_CB(skb).loginuid;
+       audit_info->sessionid = NETLINK_CB(skb).sessionid;
 }
 
 /* NetLabel NETLINK I/O functions */
index 46f3e44bb83a583bbacfc4d84765082aaee7f4e8..9b97f8006c9c6edfd0dea0dde522b6a7e64c171f 100644 (file)
@@ -1248,6 +1248,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
        NETLINK_CB(skb).pid     = nlk->pid;
        NETLINK_CB(skb).dst_group = dst_group;
        NETLINK_CB(skb).loginuid = audit_get_loginuid(current);
+       NETLINK_CB(skb).sessionid = audit_get_sessionid(current);
        security_task_getsecid(current, &(NETLINK_CB(skb).sid));
        memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
 
index e0c0390613c0bca03920328ae2ad77052a22ecff..cae9fd81554350eb1893aa1da37ada7f646b5a08 100644 (file)
@@ -762,6 +762,7 @@ xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info)
                        if (err) {
                                xfrm_audit_policy_delete(pol, 0,
                                                         audit_info->loginuid,
+                                                        audit_info->sessionid,
                                                         audit_info->secid);
                                return err;
                        }
@@ -777,6 +778,7 @@ xfrm_policy_flush_secctx_check(u8 type, struct xfrm_audit *audit_info)
                                if (err) {
                                        xfrm_audit_policy_delete(pol, 0,
                                                        audit_info->loginuid,
+                                                       audit_info->sessionid,
                                                        audit_info->secid);
                                        return err;
                                }
@@ -819,6 +821,7 @@ int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info)
                        write_unlock_bh(&xfrm_policy_lock);
 
                        xfrm_audit_policy_delete(pol, 1, audit_info->loginuid,
+                                                audit_info->sessionid,
                                                 audit_info->secid);
 
                        xfrm_policy_kill(pol);
@@ -841,6 +844,7 @@ int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info)
 
                                xfrm_audit_policy_delete(pol, 1,
                                                         audit_info->loginuid,
+                                                        audit_info->sessionid,
                                                         audit_info->secid);
                                xfrm_policy_kill(pol);
                                killed++;
@@ -2472,14 +2476,14 @@ static void xfrm_audit_common_policyinfo(struct xfrm_policy *xp,
 }
 
 void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
-                          u32 auid, u32 secid)
+                          uid_t auid, u32 sessionid, u32 secid)
 {
        struct audit_buffer *audit_buf;
 
        audit_buf = xfrm_audit_start("SPD-add");
        if (audit_buf == NULL)
                return;
-       xfrm_audit_helper_usrinfo(auid, secid, audit_buf);
+       xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
        audit_log_format(audit_buf, " res=%u", result);
        xfrm_audit_common_policyinfo(xp, audit_buf);
        audit_log_end(audit_buf);
@@ -2487,14 +2491,14 @@ void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
 EXPORT_SYMBOL_GPL(xfrm_audit_policy_add);
 
 void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
-                             u32 auid, u32 secid)
+                             uid_t auid, u32 sessionid, u32 secid)
 {
        struct audit_buffer *audit_buf;
 
        audit_buf = xfrm_audit_start("SPD-delete");
        if (audit_buf == NULL)
                return;
-       xfrm_audit_helper_usrinfo(auid, secid, audit_buf);
+       xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
        audit_log_format(audit_buf, " res=%u", result);
        xfrm_audit_common_policyinfo(xp, audit_buf);
        audit_log_end(audit_buf);
index 5dcc10b93c861df1e675589947137bf0006d392e..c3f5f70934ec014d2cc01c90ac913b8d527bc48c 100644 (file)
@@ -496,7 +496,8 @@ expired:
                km_state_expired(x, 1, 0);
 
        xfrm_audit_state_delete(x, err ? 0 : 1,
-                               audit_get_loginuid(current), 0);
+                               audit_get_loginuid(current),
+                               audit_get_sessionid(current), 0);
 
 out:
        spin_unlock(&x->lock);
@@ -603,6 +604,7 @@ xfrm_state_flush_secctx_check(u8 proto, struct xfrm_audit *audit_info)
                           (err = security_xfrm_state_delete(x)) != 0) {
                                xfrm_audit_state_delete(x, 0,
                                                        audit_info->loginuid,
+                                                       audit_info->sessionid,
                                                        audit_info->secid);
                                return err;
                        }
@@ -641,6 +643,7 @@ restart:
                                err = xfrm_state_delete(x);
                                xfrm_audit_state_delete(x, err ? 0 : 1,
                                                        audit_info->loginuid,
+                                                       audit_info->sessionid,
                                                        audit_info->secid);
                                xfrm_state_put(x);
 
@@ -2123,14 +2126,14 @@ static void xfrm_audit_helper_pktinfo(struct sk_buff *skb, u16 family,
 }
 
 void xfrm_audit_state_add(struct xfrm_state *x, int result,
-                         u32 auid, u32 secid)
+                         uid_t auid, u32 sessionid, u32 secid)
 {
        struct audit_buffer *audit_buf;
 
        audit_buf = xfrm_audit_start("SAD-add");
        if (audit_buf == NULL)
                return;
-       xfrm_audit_helper_usrinfo(auid, secid, audit_buf);
+       xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
        xfrm_audit_helper_sainfo(x, audit_buf);
        audit_log_format(audit_buf, " res=%u", result);
        audit_log_end(audit_buf);
@@ -2138,14 +2141,14 @@ void xfrm_audit_state_add(struct xfrm_state *x, int result,
 EXPORT_SYMBOL_GPL(xfrm_audit_state_add);
 
 void xfrm_audit_state_delete(struct xfrm_state *x, int result,
-                            u32 auid, u32 secid)
+                            uid_t auid, u32 sessionid, u32 secid)
 {
        struct audit_buffer *audit_buf;
 
        audit_buf = xfrm_audit_start("SAD-delete");
        if (audit_buf == NULL)
                return;
-       xfrm_audit_helper_usrinfo(auid, secid, audit_buf);
+       xfrm_audit_helper_usrinfo(auid, sessionid, secid, audit_buf);
        xfrm_audit_helper_sainfo(x, audit_buf);
        audit_log_format(audit_buf, " res=%u", result);
        audit_log_end(audit_buf);
index 22a30ae582a2738cc8453fcdefe1893caa1b6263..a1b0fbe3ea351f6e7e953078ffd90d29dd29e196 100644 (file)
@@ -407,6 +407,9 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
        struct xfrm_state *x;
        int err;
        struct km_event c;
+       uid_t loginuid = NETLINK_CB(skb).loginuid;
+       u32 sessionid = NETLINK_CB(skb).sessionid;
+       u32 sid = NETLINK_CB(skb).sid;
 
        err = verify_newsa_info(p, attrs);
        if (err)
@@ -422,8 +425,7 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
        else
                err = xfrm_state_update(x);
 
-       xfrm_audit_state_add(x, err ? 0 : 1, NETLINK_CB(skb).loginuid,
-                            NETLINK_CB(skb).sid);
+       xfrm_audit_state_add(x, err ? 0 : 1, loginuid, sessionid, sid);
 
        if (err < 0) {
                x->km.state = XFRM_STATE_DEAD;
@@ -478,6 +480,9 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
        int err = -ESRCH;
        struct km_event c;
        struct xfrm_usersa_id *p = nlmsg_data(nlh);
+       uid_t loginuid = NETLINK_CB(skb).loginuid;
+       u32 sessionid = NETLINK_CB(skb).sessionid;
+       u32 sid = NETLINK_CB(skb).sid;
 
        x = xfrm_user_state_lookup(p, attrs, &err);
        if (x == NULL)
@@ -502,8 +507,7 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
        km_state_notify(x, &c);
 
 out:
-       xfrm_audit_state_delete(x, err ? 0 : 1, NETLINK_CB(skb).loginuid,
-                               NETLINK_CB(skb).sid);
+       xfrm_audit_state_delete(x, err ? 0 : 1, loginuid, sessionid, sid);
        xfrm_state_put(x);
        return err;
 }
@@ -1123,6 +1127,9 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
        struct km_event c;
        int err;
        int excl;
+       uid_t loginuid = NETLINK_CB(skb).loginuid;
+       u32 sessionid = NETLINK_CB(skb).sessionid;
+       u32 sid = NETLINK_CB(skb).sid;
 
        err = verify_newpolicy_info(p);
        if (err)
@@ -1141,8 +1148,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
         * a type XFRM_MSG_UPDPOLICY - JHS */
        excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY;
        err = xfrm_policy_insert(p->dir, xp, excl);
-       xfrm_audit_policy_add(xp, err ? 0 : 1, NETLINK_CB(skb).loginuid,
-                             NETLINK_CB(skb).sid);
+       xfrm_audit_policy_add(xp, err ? 0 : 1, loginuid, sessionid, sid);
 
        if (err) {
                security_xfrm_policy_free(xp->security);
@@ -1371,9 +1377,12 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
                                            NETLINK_CB(skb).pid);
                }
        } else {
-               xfrm_audit_policy_delete(xp, err ? 0 : 1,
-                                        NETLINK_CB(skb).loginuid,
-                                        NETLINK_CB(skb).sid);
+               uid_t loginuid = NETLINK_CB(skb).loginuid;
+               u32 sessionid = NETLINK_CB(skb).sessionid;
+               u32 sid = NETLINK_CB(skb).sid;
+
+               xfrm_audit_policy_delete(xp, err ? 0 : 1, loginuid, sessionid,
+                                        sid);
 
                if (err != 0)
                        goto out;
@@ -1399,6 +1408,7 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh,
        int err;
 
        audit_info.loginuid = NETLINK_CB(skb).loginuid;
+       audit_info.sessionid = NETLINK_CB(skb).sessionid;
        audit_info.secid = NETLINK_CB(skb).sid;
        err = xfrm_state_flush(p->proto, &audit_info);
        if (err)
@@ -1546,6 +1556,7 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
                return err;
 
        audit_info.loginuid = NETLINK_CB(skb).loginuid;
+       audit_info.sessionid = NETLINK_CB(skb).sessionid;
        audit_info.secid = NETLINK_CB(skb).sid;
        err = xfrm_policy_flush(type, &audit_info);
        if (err)
@@ -1604,9 +1615,11 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
        read_unlock(&xp->lock);
        err = 0;
        if (up->hard) {
+               uid_t loginuid = NETLINK_CB(skb).loginuid;
+               uid_t sessionid = NETLINK_CB(skb).sessionid;
+               u32 sid = NETLINK_CB(skb).sid;
                xfrm_policy_delete(xp, p->dir);
-               xfrm_audit_policy_delete(xp, 1, NETLINK_CB(skb).loginuid,
-                                        NETLINK_CB(skb).sid);
+               xfrm_audit_policy_delete(xp, 1, loginuid, sessionid, sid);
 
        } else {
                // reset the timers here?
@@ -1640,9 +1653,11 @@ static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
        km_state_expired(x, ue->hard, current->pid);
 
        if (ue->hard) {
+               uid_t loginuid = NETLINK_CB(skb).loginuid;
+               uid_t sessionid = NETLINK_CB(skb).sessionid;
+               u32 sid = NETLINK_CB(skb).sid;
                __xfrm_state_delete(x);
-               xfrm_audit_state_delete(x, 1, NETLINK_CB(skb).loginuid,
-                                       NETLINK_CB(skb).sid);
+               xfrm_audit_state_delete(x, 1, loginuid, sessionid, sid);
        }
        err = 0;
 out:
index 6ba283783b70af178d7c66bca1e44eb632674f2b..5d1bee0fa51331e9263649cb2dbd5fd7aae0275d 100644 (file)
@@ -324,6 +324,7 @@ void smk_cipso_doi(void)
        struct netlbl_audit audit_info;
 
        audit_info.loginuid = audit_get_loginuid(current);
+       audit_info.sessionid = audit_get_sessionid(current);
        audit_info.secid = smack_to_secid(current->security);
 
        rc = netlbl_cfg_map_del(NULL, &audit_info);
@@ -356,6 +357,7 @@ void smk_unlbl_ambient(char *oldambient)
        struct netlbl_audit audit_info;
 
        audit_info.loginuid = audit_get_loginuid(current);
+       audit_info.sessionid = audit_get_sessionid(current);
        audit_info.secid = smack_to_secid(current->security);
 
        if (oldambient != NULL) {