/* audit callback for unpack fields */ static void audit_cb(struct audit_buffer *ab, void *va) { struct common_audit_data *sa = va; if (aad(sa)->target) { const struct aa_profile *name = aad(sa)->target; audit_log_format(ab, " name="); audit_log_untrustedstring(ab, name->base.hname); } if (aad(sa)->iface.pos) audit_log_format(ab, " offset=%ld", aad(sa)->iface.pos); }
static unsigned int audit_tg(struct sk_buff *skb, const struct xt_target_param *par) { const struct xt_audit_info *info = par->targinfo; struct audit_buffer *ab; ab = audit_log_start(NULL, GFP_ATOMIC, AUDIT_NETFILTER_PKT); if (ab == NULL) goto errout; audit_log_format(ab, "action=%hhu hook=%u len=%u inif=%s outif=%s", info->type, par->hooknum, skb->len, par->in ? par->in->name : "?", par->out ? par->out->name : "?"); if (skb->mark) audit_log_format(ab, " mark=%#x", skb->mark); if (skb->dev && skb->dev->type == ARPHRD_ETHER) { audit_log_format(ab, " smac=%pM dmac=%pM macproto=0x%04x", eth_hdr(skb)->h_source, eth_hdr(skb)->h_dest, ntohs(eth_hdr(skb)->h_proto)); if (par->family == NFPROTO_BRIDGE) { switch (eth_hdr(skb)->h_proto) { case __constant_htons(ETH_P_IP): audit_ip4(ab, skb); break; case __constant_htons(ETH_P_IPV6): audit_ip6(ab, skb); break; } } } switch (par->family) { case NFPROTO_IPV4: audit_ip4(ab, skb); break; case NFPROTO_IPV6: audit_ip6(ab, skb); break; } audit_log_end(ab); errout: return XT_CONTINUE; }
void integrity_audit_msg(int audit_msgno, struct inode *inode, const unsigned char *fname, const char *op, const char *cause, int result, int audit_info) { struct audit_buffer *ab; if (!ima_audit && audit_info == 1) /* */ return; ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno); audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u", current->pid, current_cred()->uid, audit_get_loginuid(current), audit_get_sessionid(current)); audit_log_task_context(ab); audit_log_format(ab, " op="); audit_log_string(ab, op); audit_log_format(ab, " cause="); audit_log_string(ab, cause); audit_log_format(ab, " comm="); audit_log_untrustedstring(ab, current->comm); if (fname) { audit_log_format(ab, " name="); audit_log_untrustedstring(ab, fname); } if (inode) { audit_log_format(ab, " dev="); audit_log_untrustedstring(ab, inode->i_sb->s_id); audit_log_format(ab, " ino=%lu", inode->i_ino); } audit_log_format(ab, " res=%d", !result); audit_log_end(ab); }
void integrity_audit_msg(int audit_msgno, struct inode *inode, const unsigned char *fname, const char *op, const char *cause, int result, int audit_info) { struct audit_buffer *ab; char name[TASK_COMM_LEN]; if (!integrity_audit_info && audit_info == 1) /* Skip info messages */ return; ab = audit_log_start(current->audit_context, GFP_KERNEL, audit_msgno); audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u", task_pid_nr(current), from_kuid(&init_user_ns, current_cred()->uid), from_kuid(&init_user_ns, audit_get_loginuid(current)), audit_get_sessionid(current)); audit_log_task_context(ab); audit_log_format(ab, " op="); audit_log_string(ab, op); audit_log_format(ab, " cause="); audit_log_string(ab, cause); audit_log_format(ab, " comm="); audit_log_untrustedstring(ab, get_task_comm(name, current)); if (fname) { audit_log_format(ab, " name="); audit_log_untrustedstring(ab, fname); } if (inode) { audit_log_format(ab, " dev="); audit_log_untrustedstring(ab, inode->i_sb->s_id); audit_log_format(ab, " ino=%lu", inode->i_ino); } audit_log_format(ab, " res=%d", !result); audit_log_end(ab); }
/* audit callback for net specific fields */ void audit_net_cb(struct audit_buffer *ab, void *va) { struct common_audit_data *sa = va; audit_log_format(ab, " family="); if (address_family_names[sa->u.net->family]) audit_log_string(ab, address_family_names[sa->u.net->family]); else audit_log_format(ab, "\"unknown(%d)\"", sa->u.net->family); audit_log_format(ab, " sock_type="); if (sock_type_names[aad(sa)->net.type]) audit_log_string(ab, sock_type_names[aad(sa)->net.type]); else audit_log_format(ab, "\"unknown(%d)\"", aad(sa)->net.type); audit_log_format(ab, " protocol=%d", aad(sa)->net.protocol); if (aad(sa)->request & NET_PERMS_MASK) { audit_log_format(ab, " requested_mask="); aa_audit_perm_mask(ab, aad(sa)->request, NULL, 0, net_mask_names, NET_PERMS_MASK); if (aad(sa)->denied & NET_PERMS_MASK) { audit_log_format(ab, " denied_mask="); aa_audit_perm_mask(ab, aad(sa)->denied, NULL, 0, net_mask_names, NET_PERMS_MASK); } } if (aad(sa)->peer) { audit_log_format(ab, " peer="); aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer, FLAGS_NONE, GFP_ATOMIC); } }
/* audit callback for resource specific fields */ static void audit_cb(struct audit_buffer *ab, void *va) { struct common_audit_data *sa = va; audit_log_format(ab, " rlimit=%s value=%lu", rlim_names[sa->aad->rlim.rlim], sa->aad->rlim.max); }
/** * audit_cb - call back for capability components of audit struct * @ab - audit buffer (NOT NULL) * @va - audit struct to audit data from (NOT NULL) */ static void audit_cb(struct audit_buffer *ab, void *va) { struct common_audit_data *sa = va; audit_log_format(ab, " capname="); audit_log_untrustedstring(ab, capability_names[sa->u.cap]); }
/** * kse_audit_post_callback - SELinux specific information * will be called by generic audit code * @ab: the audit buffer * @a: audit_data */ static void kse_audit_post_callback(struct audit_buffer *ab, void *a) { struct common_audit_data *ad = a; pr_debug("kse post \n"); audit_log_format(ab, " "); kse_dump_query(ab, ad); }
/* call back to audit ptrace fields */ static void audit_ptrace_cb(struct audit_buffer *ab, void *va) { struct common_audit_data *sa = va; if (aad(sa)->request & AA_PTRACE_PERM_MASK) { audit_log_format(ab, " requested_mask="); audit_ptrace_mask(ab, aad(sa)->request); if (aad(sa)->denied & AA_PTRACE_PERM_MASK) { audit_log_format(ab, " denied_mask="); audit_ptrace_mask(ab, aad(sa)->denied); } } audit_log_format(ab, " peer="); audit_log_untrustedstring(ab, aad(sa)->target); }
/* call back to audit ptrace fields */ static void audit_ptrace_cb(struct audit_buffer *ab, void *va) { struct common_audit_data *sa = va; if (aad(sa)->request & AA_PTRACE_PERM_MASK) { audit_log_format(ab, " requested_mask="); audit_ptrace_mask(ab, aad(sa)->request); if (aad(sa)->denied & AA_PTRACE_PERM_MASK) { audit_log_format(ab, " denied_mask="); audit_ptrace_mask(ab, aad(sa)->denied); } } audit_log_format(ab, " peer="); aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer, FLAGS_NONE, GFP_ATOMIC); }
void aa_audit_perm_mask(struct audit_buffer *ab, u32 mask, const char *chrs, u32 chrsmask, const char **names, u32 namesmask) { char str[33]; audit_log_format(ab, "\""); if ((mask & chrsmask) && chrs) { aa_perm_mask_to_str(str, chrs, mask & chrsmask); mask &= ~chrsmask; audit_log_format(ab, "%s", str); if (mask & namesmask) audit_log_format(ab, " "); } if ((mask & namesmask) && names) aa_audit_perm_names(ab, names, mask & namesmask); audit_log_format(ab, "\""); }
/** * kse_dump_query - Display a SID pair and a class in human-readable form. * @ssid: source security identifier * @tsid: target security identifier * @tclass: target security class */ static void kse_dump_query(struct audit_buffer *ab, struct common_audit_data *ad) { int rc; char *scontext; u32 scontext_len; struct task_security_struct *tss1 = ad->kse_audit_data.tss1; int flag = ad->kse_audit_data.flag; int tclass = ad->kse_audit_data.tclass; if (tss1 == NULL) return; rc = iss_to_context(0, &tss1->mlevel, &tss1->ilevel, &scontext, &scontext_len); if (rc) audit_log_format(ab, "source type %d ml %d il %d ", tss1->mlevel.level_type, tss1->mlevel.level_value, tss1->ilevel.level_value); else { audit_log_format(ab, "scontext=%s ", scontext); kfree(scontext); } if (flag == 0) { struct task_security_struct *tss2 = ad->kse_audit_data.tss2; if (tss2 == NULL) return; rc = iss_to_context(0, &tss2->mlevel, &tss2->ilevel, &scontext, &scontext_len); if (rc) audit_log_format(ab, "target type %d ml %d il %d ", tss2->mlevel.level_type, tss2->mlevel.level_value, tss2->ilevel.level_value); else { audit_log_format(ab, "tcontext=%s ", scontext); kfree(scontext); } } else if (flag == 1) { struct inode_security_struct *iss = ad->kse_audit_data.iss; if (iss == NULL) return; rc = iss_to_context(0, &iss->mlevel, &iss->ilevel, &scontext, &scontext_len); if (rc) audit_log_format(ab, "target type %d ml %d il %d ", iss->mlevel.level_type, iss->mlevel.level_value, iss->ilevel.level_value); else { audit_log_format(ab, "tcontext=%s ", scontext); kfree(scontext); } } BUG_ON(tclass >= ARRAY_SIZE(secclass_map)); audit_log_format(ab, " tclass=%s", secclass_map[tclass-1].name); }
/* audit callback for net specific fields */ static void audit_cb(struct audit_buffer *ab, void *va) { struct common_audit_data *sa = va; audit_log_format(ab, " family="); if (address_family_names[sa->u.net->family]) { audit_log_string(ab, address_family_names[sa->u.net->family]); } else { audit_log_format(ab, "\"unknown(%d)\"", sa->u.net->family); } audit_log_format(ab, " sock_type="); if (sock_type_names[sa->aad->net.type]) { audit_log_string(ab, sock_type_names[sa->aad->net.type]); } else { audit_log_format(ab, "\"unknown(%d)\"", sa->aad->net.type); } audit_log_format(ab, " protocol=%d", sa->aad->net.protocol); }
/** * aa_audit_perms_cb - generic callback fn for auditing perms * @ab: audit buffer (NOT NULL) * @va: audit struct to audit values of (NOT NULL) */ static void aa_audit_perms_cb(struct audit_buffer *ab, void *va) { struct common_audit_data *sa = va; if (aad(sa)->request) { audit_log_format(ab, " requested_mask="); aa_audit_perm_mask(ab, aad(sa)->request, aa_file_perm_chrs, PERMS_CHRS_MASK, aa_file_perm_names, PERMS_NAMES_MASK); } if (aad(sa)->denied) { audit_log_format(ab, "denied_mask="); aa_audit_perm_mask(ab, aad(sa)->denied, aa_file_perm_chrs, PERMS_CHRS_MASK, aa_file_perm_names, PERMS_NAMES_MASK); } audit_log_format(ab, " target="); audit_log_untrustedstring(ab, aad(sa)->target); }
/** * netlbl_af4list_audit_addr - Audit an IPv4 address * @audit_buf: audit buffer * @src: true if source address, false if destination * @dev: network interface * @addr: IP address * @mask: IP address mask * * Description: * Write the IPv4 address and address mask, if necessary, to @audit_buf. * */ void netlbl_af4list_audit_addr(struct audit_buffer *audit_buf, int src, const char *dev, __be32 addr, __be32 mask) { u32 mask_val = ntohl(mask); char *dir = (src ? "src" : "dst"); if (dev != NULL) audit_log_format(audit_buf, " netif=%s", dev); audit_log_format(audit_buf, " %s=%pI4", dir, &addr); if (mask_val != 0xffffffff) { u32 mask_len = 0; while (mask_val > 0) { mask_val <<= 1; mask_len++; } audit_log_format(audit_buf, " %s_prefixlen=%d", dir, mask_len); } }
static void audit_mark_log_rule_change(struct audit_fsnotify_mark *audit_mark, char *op) { struct audit_buffer *ab; struct audit_krule *rule = audit_mark->rule; if (!audit_enabled) return; ab = audit_log_start(NULL, GFP_NOFS, AUDIT_CONFIG_CHANGE); if (unlikely(!ab)) return; audit_log_format(ab, "auid=%u ses=%u op=%s", from_kuid(&init_user_ns, audit_get_loginuid(current)), audit_get_sessionid(current), op); audit_log_format(ab, " path="); audit_log_untrustedstring(ab, audit_mark->path); audit_log_key(ab, rule->filterkey); audit_log_format(ab, " list=%d res=1", rule->listnr); audit_log_end(ab); }
static void audit_unix_addr(struct audit_buffer *ab, const char *str, struct sockaddr_un *addr, int addrlen) { int len = unix_addr_len(addrlen); if (!addr || len <= 0) { audit_log_format(ab, " %s=none", str); } else if (addr->sun_path[0]) { audit_log_format(ab, " %s=", str); audit_log_untrustedstring(ab, addr->sun_path); } else { audit_log_format(ab, " %s=\"@", str); if (audit_string_contains_control(&addr->sun_path[1], len - 1)) audit_log_n_hex(ab, &addr->sun_path[1], len - 1); else audit_log_format(ab, "%.*s", len - 1, &addr->sun_path[1]); audit_log_format(ab, "\""); } }
/** * audit_cb - call back for signal specific audit fields * @ab: audit_buffer (NOT NULL) * @va: audit struct to audit values of (NOT NULL) */ static void audit_signal_cb(struct audit_buffer *ab, void *va) { struct common_audit_data *sa = va; if (aad(sa)->request & AA_SIGNAL_PERM_MASK) { audit_log_format(ab, " requested_mask="); audit_signal_mask(ab, aad(sa)->request); if (aad(sa)->denied & AA_SIGNAL_PERM_MASK) { audit_log_format(ab, " denied_mask="); audit_signal_mask(ab, aad(sa)->denied); } } if (aad(sa)->signal <= MAXMAPPED_SIG) audit_log_format(ab, " signal=%s", sig_names[aad(sa)->signal]); else audit_log_format(ab, " signal=rtmin+%d", aad(sa)->signal - 128); audit_log_format(ab, " peer="); audit_log_untrustedstring(ab, aad(sa)->target); }
/* audit callback for net specific fields */ void audit_net_cb(struct audit_buffer *ab, void *va) { struct common_audit_data *sa = va; audit_log_format(ab, " family="); if (address_family_names[sa->u.net->family]) { audit_log_string(ab, address_family_names[sa->u.net->family]); } else { audit_log_format(ab, "\"unknown(%d)\"", sa->u.net->family); } audit_log_format(ab, " sock_type="); if (sock_type_names[aad(sa)->net.type]) { audit_log_string(ab, sock_type_names[aad(sa)->net.type]); } else { audit_log_format(ab, "\"unknown(%d)\"", aad(sa)->net.type); } audit_log_format(ab, " protocol=%d", aad(sa)->net.protocol); if (aad(sa)->request & NET_PERMS_MASK) { audit_log_format(ab, " requested_mask="); aa_audit_perm_mask(ab, aad(sa)->request, NULL, 0, net_mask_names, NET_PERMS_MASK); if (aad(sa)->denied & NET_PERMS_MASK) { audit_log_format(ab, " denied_mask="); aa_audit_perm_mask(ab, aad(sa)->denied, NULL, 0, net_mask_names, NET_PERMS_MASK); } } if (sa->u.net->family == AF_UNIX) { if ((aad(sa)->request & ~NET_PEER_MASK) && aad(sa)->net.addr) audit_unix_addr(ab, "addr", unix_addr(aad(sa)->net.addr), aad(sa)->net.addrlen); else audit_unix_sk_addr(ab, "addr", sa->u.net->sk); if (aad(sa)->request & NET_PEER_MASK) { if (aad(sa)->net.addr) audit_unix_addr(ab, "peer_addr", unix_addr(aad(sa)->net.addr), aad(sa)->net.addrlen); else audit_unix_sk_addr(ab, "peer_addr", aad(sa)->net.peer_sk); } } if (aad(sa)->target) { audit_log_format(ab, " peer="); audit_log_untrustedstring(ab, aad(sa)->target); } }
static void audit_ip4(struct audit_buffer *ab, struct sk_buff *skb) { struct iphdr _iph; const struct iphdr *ih; ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph); if (!ih) { audit_log_format(ab, " truncated=1"); return; } audit_log_format(ab, " saddr=%pI4 daddr=%pI4 ipid=%hu proto=%hhu", &ih->saddr, &ih->daddr, ntohs(ih->id), ih->protocol); if (ntohs(ih->frag_off) & IP_OFFSET) { audit_log_format(ab, " frag=1"); return; } audit_proto(ab, skb, ih->protocol, ih->ihl * 4); }
/** * audit_cb - call back for mount specific audit fields * @ab: audit_buffer (NOT NULL) * @va: audit struct to audit values of (NOT NULL) */ static void audit_cb(struct audit_buffer *ab, void *va) { struct common_audit_data *sa = va; if (aad(sa)->mnt.type) { audit_log_format(ab, " fstype="); audit_log_untrustedstring(ab, aad(sa)->mnt.type); } if (aad(sa)->mnt.src_name) { audit_log_format(ab, " srcname="); audit_log_untrustedstring(ab, aad(sa)->mnt.src_name); } if (aad(sa)->mnt.trans) { audit_log_format(ab, " trans="); audit_log_untrustedstring(ab, aad(sa)->mnt.trans); } if (aad(sa)->mnt.flags) { audit_log_format(ab, " flags=\""); audit_mnt_flags(ab, aad(sa)->mnt.flags); audit_log_format(ab, "\""); } if (aad(sa)->mnt.data) { audit_log_format(ab, " options="); audit_log_untrustedstring(ab, aad(sa)->mnt.data); } }
/** * file_audit_cb - call back for file specific audit fields * @ab: audit_buffer (NOT NULL) * @va: audit struct to audit values of (NOT NULL) */ static void file_audit_cb(struct audit_buffer *ab, void *va) { struct common_audit_data *sa = va; kuid_t fsuid = current_fsuid(); if (aad(sa)->request & AA_AUDIT_FILE_MASK) { audit_log_format(ab, " requested_mask="); audit_file_mask(ab, aad(sa)->request); } if (aad(sa)->denied & AA_AUDIT_FILE_MASK) { audit_log_format(ab, " denied_mask="); audit_file_mask(ab, aad(sa)->denied); } if (aad(sa)->request & AA_AUDIT_FILE_MASK) { audit_log_format(ab, " fsuid=%d", from_kuid(&init_user_ns, fsuid)); audit_log_format(ab, " ouid=%d", from_kuid(&init_user_ns, aad(sa)->fs.ouid)); } if (aad(sa)->peer) { audit_log_format(ab, " target="); aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer, FLAG_VIEW_SUBNS, GFP_ATOMIC); } else if (aad(sa)->fs.target) { audit_log_format(ab, " target="); audit_log_untrustedstring(ab, aad(sa)->fs.target); } }
/** * avc_dump_query - Display a SID pair and a class in human-readable form. * @ssid: source security identifier * @tsid: target security identifier * @tclass: target security class */ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tclass) { int rc; char *scontext; u32 scontext_len; #ifdef CONFIG_GRKERNSEC_SELINUX_AVC_LOG_IPADDR if (current->signal->curr_ip) audit_log_format(ab, "ipaddr=%u.%u.%u.%u ", NIPQUAD(current->signal->curr_ip)); #endif rc = security_sid_to_context(ssid, &scontext, &scontext_len); if (rc) audit_log_format(ab, "ssid=%d", ssid); else { audit_log_format(ab, "scontext=%s", scontext); kfree(scontext); } rc = security_sid_to_context(tsid, &scontext, &scontext_len); if (rc) audit_log_format(ab, " tsid=%d", tsid); else { audit_log_format(ab, " tcontext=%s", scontext); kfree(scontext); } BUG_ON(tclass >= ARRAY_SIZE(class_to_string) || !class_to_string[tclass]); audit_log_format(ab, " tclass=%s", class_to_string[tclass]); }
static void audit_proto(struct audit_buffer *ab, struct sk_buff *skb, unsigned int proto, unsigned int offset) { switch (proto) { case IPPROTO_TCP: case IPPROTO_UDP: case IPPROTO_UDPLITE: { const __be16 *pptr; __be16 _ports[2]; pptr = skb_header_pointer(skb, offset, sizeof(_ports), _ports); if (pptr == NULL) { audit_log_format(ab, " truncated=1"); return; } audit_log_format(ab, " sport=%hu dport=%hu", ntohs(pptr[0]), ntohs(pptr[1])); } break; case IPPROTO_ICMP: case IPPROTO_ICMPV6: { const u8 *iptr; u8 _ih[2]; iptr = skb_header_pointer(skb, offset, sizeof(_ih), &_ih); if (iptr == NULL) { audit_log_format(ab, " truncated=1"); return; } audit_log_format(ab, " icmptype=%hhu icmpcode=%hhu", iptr[0], iptr[1]); } break; } }
static void tty_audit_log(const char *description, struct task_struct *tsk, uid_t loginuid, unsigned sessionid, int major, int minor, unsigned char *data, size_t size) { struct audit_buffer *ab; ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_TTY); if (ab) { char name[sizeof(tsk->comm)]; uid_t uid = task_uid(tsk); audit_log_format(ab, "%s pid=%u uid=%u auid=%u ses=%u " "major=%d minor=%d comm=", description, tsk->pid, uid, loginuid, sessionid, major, minor); get_task_comm(name, tsk); audit_log_untrustedstring(ab, name); audit_log_format(ab, " data="); audit_log_n_hex(ab, data, size); audit_log_end(ab); } }
/** * netlbl_audit_start_common - Start an audit message * @type: audit message type * @audit_info: NetLabel audit information * * Description: * Start an audit message using the type specified in @type and fill the audit * message with some fields common to all NetLabel audit messages. Returns * a pointer to the audit buffer on success, NULL on failure. * */ struct audit_buffer *netlbl_audit_start_common(int type, struct netlbl_audit *audit_info) { struct audit_context *audit_ctx = current->audit_context; struct audit_buffer *audit_buf; char *secctx; u32 secctx_len; audit_buf = audit_log_start(audit_ctx, GFP_ATOMIC, type); if (audit_buf == NULL) return NULL; audit_log_format(audit_buf, "netlabel: auid=%u", audit_info->loginuid); if (audit_info->secid != 0 && security_secid_to_secctx(audit_info->secid, &secctx, &secctx_len) == 0) audit_log_format(audit_buf, " subj=%s", secctx); return audit_buf; }
static void file_audit_cb(struct audit_buffer *ab, void *va) { struct common_audit_data *sa = va; uid_t fsuid = current_fsuid(); if (sa->aad->fs.request & AA_AUDIT_FILE_MASK) { audit_log_format(ab, " requested_mask="); audit_file_mask(ab, sa->aad->fs.request); } if (sa->aad->fs.denied & AA_AUDIT_FILE_MASK) { audit_log_format(ab, " denied_mask="); audit_file_mask(ab, sa->aad->fs.denied); } if (sa->aad->fs.request & AA_AUDIT_FILE_MASK) { audit_log_format(ab, " fsuid=%d", fsuid); audit_log_format(ab, " ouid=%d", sa->aad->fs.ouid); } if (sa->aad->fs.target) { audit_log_format(ab, " target="); audit_log_untrustedstring(ab, sa->aad->fs.target); } }
static void audit_ip6(struct audit_buffer *ab, struct sk_buff *skb) { struct ipv6hdr _ip6h; const struct ipv6hdr *ih; u8 nexthdr; int offset; ih = skb_header_pointer(skb, skb_network_offset(skb), sizeof(_ip6h), &_ip6h); if (!ih) { audit_log_format(ab, " truncated=1"); return; } nexthdr = ih->nexthdr; offset = ipv6_skip_exthdr(skb, skb_network_offset(skb) + sizeof(_ip6h), &nexthdr); audit_log_format(ab, " saddr=%pI6c daddr=%pI6c proto=%hhu", &ih->saddr, &ih->daddr, nexthdr); if (offset) audit_proto(ab, skb, nexthdr, offset); }
/** * avc_dump_query - Display a SID pair and a class in human-readable form. * @ssid: source security identifier * @tsid: target security identifier * @tclass: target security class */ static void avc_dump_query(struct audit_buffer *ab, u32 ssid, u32 tsid, u16 tclass) { int rc; char *scontext; u32 scontext_len; rc = security_sid_to_context(ssid, &scontext, &scontext_len); if (rc) audit_log_format(ab, "ssid=%d", ssid); else { audit_log_format(ab, "scontext=%s", scontext); kfree(scontext); } rc = security_sid_to_context(tsid, &scontext, &scontext_len); if (rc) audit_log_format(ab, " tsid=%d", tsid); else { audit_log_format(ab, " tcontext=%s", scontext); kfree(scontext); } audit_log_format(ab, " tclass=%s", class_to_string[tclass]); }
void aa_audit_perm_names(struct audit_buffer *ab, const char **names, u32 mask) { const char *fmt = "%s"; unsigned int i, perm = 1; bool prev = false; for (i = 0; i < 32; perm <<= 1, i++) { if (mask & perm) { audit_log_format(ab, fmt, names[i]); if (!prev) { prev = true; fmt = " %s"; } } } }