void gr_log_varargs(int audit, const char *msg, int argtypes, ...) { int logtype; char *result = (audit == GR_DO_AUDIT) ? "successful" : "denied"; char *str1, *str2, *str3; int num1, num2; unsigned long ulong1, ulong2; struct dentry *dentry; struct vfsmount *mnt; struct file *file; struct task_struct *task; va_list ap; BEGIN_LOCKS(audit); logtype = gr_log_start(audit); if (logtype == FLOODING) { END_LOCKS(audit); return; } va_start(ap, argtypes); switch (argtypes) { case GR_TTYSNIFF: task = va_arg(ap, struct task_struct *); gr_log_middle_varargs(audit, msg, NIPQUAD(task->signal->curr_ip), gr_task_fullpath0(task), task->comm, task->pid, gr_parent_task_fullpath0(task), task->parent->comm, task->parent->pid); break; case GR_SYSCTL_HIDDEN: str1 = va_arg(ap, char *); gr_log_middle_varargs(audit, msg, result, str1); break; case GR_RBAC: dentry = va_arg(ap, struct dentry *); mnt = va_arg(ap, struct vfsmount *); gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt)); break; case GR_RBAC_STR: dentry = va_arg(ap, struct dentry *); mnt = va_arg(ap, struct vfsmount *); str1 = va_arg(ap, char *); gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1); break; case GR_STR_RBAC: str1 = va_arg(ap, char *); dentry = va_arg(ap, struct dentry *); mnt = va_arg(ap, struct vfsmount *); gr_log_middle_varargs(audit, msg, result, str1, gr_to_filename(dentry, mnt)); break; case GR_RBAC_MODE2: dentry = va_arg(ap, struct dentry *); mnt = va_arg(ap, struct vfsmount *); str1 = va_arg(ap, char *); str2 = va_arg(ap, char *); gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2); break; case GR_RBAC_MODE3: dentry = va_arg(ap, struct dentry *); mnt = va_arg(ap, struct vfsmount *); str1 = va_arg(ap, char *); str2 = va_arg(ap, char *); str3 = va_arg(ap, char *); gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2, str3); break; case GR_FILENAME: dentry = va_arg(ap, struct dentry *); mnt = va_arg(ap, struct vfsmount *); gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt)); break; case GR_STR_FILENAME: str1 = va_arg(ap, char *); dentry = va_arg(ap, struct dentry *); mnt = va_arg(ap, struct vfsmount *); gr_log_middle_varargs(audit, msg, str1, gr_to_filename(dentry, mnt)); break; case GR_FILENAME_STR: dentry = va_arg(ap, struct dentry *); mnt = va_arg(ap, struct vfsmount *); str1 = va_arg(ap, char *); gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), str1); break; case GR_FILENAME_TWO_INT: dentry = va_arg(ap, struct dentry *); mnt = va_arg(ap, struct vfsmount *); num1 = va_arg(ap, int); num2 = va_arg(ap, int); gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2); break; case GR_FILENAME_TWO_INT_STR: dentry = va_arg(ap, struct dentry *); mnt = va_arg(ap, struct vfsmount *); num1 = va_arg(ap, int); num2 = va_arg(ap, int); str1 = va_arg(ap, char *); gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2, str1); break; case GR_TEXTREL: file = va_arg(ap, struct file *); ulong1 = va_arg(ap, unsigned long); ulong2 = va_arg(ap, unsigned long); gr_log_middle_varargs(audit, msg, file ? gr_to_filename(file->f_path.dentry, file->f_path.mnt) : "<anonymous mapping>", ulong1, ulong2); break; case GR_PTRACE: task = va_arg(ap, struct task_struct *); gr_log_middle_varargs(audit, msg, task->exec_file ? gr_to_filename(task->exec_file->f_path.dentry, task->exec_file->f_path.mnt) : "(none)", task->comm, task->pid); break; case GR_RESOURCE: task = va_arg(ap, struct task_struct *); ulong1 = va_arg(ap, unsigned long); str1 = va_arg(ap, char *); ulong2 = va_arg(ap, unsigned long); gr_log_middle_varargs(audit, msg, ulong1, str1, ulong2, gr_task_fullpath(task), task->comm, task->pid, task->uid, task->euid, task->gid, task->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, task->parent->uid, task->parent->euid, task->parent->gid, task->parent->egid); break; case GR_CAP: task = va_arg(ap, struct task_struct *); str1 = va_arg(ap, char *); gr_log_middle_varargs(audit, msg, str1, gr_task_fullpath(task), task->comm, task->pid, task->uid, task->euid, task->gid, task->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, task->parent->uid, task->parent->euid, task->parent->gid, task->parent->egid); break; case GR_SIG: task = va_arg(ap, struct task_struct *); num1 = va_arg(ap, int); gr_log_middle_varargs(audit, msg, num1, gr_task_fullpath0(task), task->comm, task->pid, task->uid, task->euid, task->gid, task->egid, gr_parent_task_fullpath0(task), task->parent->comm, task->parent->pid, task->parent->uid, task->parent->euid, task->parent->gid, task->parent->egid); break; case GR_CRASH1: task = va_arg(ap, struct task_struct *); ulong1 = va_arg(ap, unsigned long); gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, task->uid, task->euid, task->gid, task->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, task->parent->uid, task->parent->euid, task->parent->gid, task->parent->egid, task->uid, ulong1); break; case GR_CRASH2: task = va_arg(ap, struct task_struct *); ulong1 = va_arg(ap, unsigned long); gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, task->uid, task->euid, task->gid, task->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, task->parent->uid, task->parent->euid, task->parent->gid, task->parent->egid, ulong1); break; case GR_PSACCT: { unsigned int wday, cday; __u8 whr, chr; __u8 wmin, cmin; __u8 wsec, csec; char cur_tty[64] = { 0 }; char parent_tty[64] = { 0 }; task = va_arg(ap, struct task_struct *); wday = va_arg(ap, unsigned int); cday = va_arg(ap, unsigned int); whr = va_arg(ap, int); chr = va_arg(ap, int); wmin = va_arg(ap, int); cmin = va_arg(ap, int); wsec = va_arg(ap, int); csec = va_arg(ap, int); ulong1 = va_arg(ap, unsigned long); gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, NIPQUAD(task->signal->curr_ip), tty_name(task->signal->tty, cur_tty), task->uid, task->euid, task->gid, task->egid, wday, whr, wmin, wsec, cday, chr, cmin, csec, (task->flags & PF_SIGNALED) ? "killed by signal" : "exited", ulong1, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, NIPQUAD(task->parent->signal->curr_ip), tty_name(task->parent->signal->tty, parent_tty), task->parent->uid, task->parent->euid, task->parent->gid, task->parent->egid); } break; default: gr_log_middle(audit, msg, ap); } va_end(ap); gr_log_end(audit); END_LOCKS(audit); }
void gr_log_varargs(int audit, const char *msg, int argtypes, ...) { int logtype; char *result = (audit == GR_DO_AUDIT) ? "successful" : "denied"; char *str1 = NULL, *str2 = NULL, *str3 = NULL; void *voidptr = NULL; int num1 = 0, num2 = 0; unsigned long ulong1 = 0, ulong2 = 0; struct dentry *dentry = NULL; struct vfsmount *mnt = NULL; struct file *file = NULL; struct task_struct *task = NULL; struct vm_area_struct *vma = NULL; const struct cred *cred, *pcred; va_list ap; BEGIN_LOCKS(audit); logtype = gr_log_start(audit); if (logtype == FLOODING) { END_LOCKS(audit); return; } va_start(ap, argtypes); switch (argtypes) { case GR_TTYSNIFF: task = va_arg(ap, struct task_struct *); gr_log_middle_varargs(audit, msg, &task->signal->curr_ip, gr_task_fullpath0(task), task->comm, task_pid_nr(task), gr_parent_task_fullpath0(task), task->real_parent->comm, task_pid_nr(task->real_parent)); break; case GR_SYSCTL_HIDDEN: str1 = va_arg(ap, char *); gr_log_middle_varargs(audit, msg, result, str1); break; case GR_RBAC: dentry = va_arg(ap, struct dentry *); mnt = va_arg(ap, struct vfsmount *); gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt)); break; case GR_RBAC_STR: dentry = va_arg(ap, struct dentry *); mnt = va_arg(ap, struct vfsmount *); str1 = va_arg(ap, char *); gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1); break; case GR_STR_RBAC: str1 = va_arg(ap, char *); dentry = va_arg(ap, struct dentry *); mnt = va_arg(ap, struct vfsmount *); gr_log_middle_varargs(audit, msg, result, str1, gr_to_filename(dentry, mnt)); break; case GR_RBAC_MODE2: dentry = va_arg(ap, struct dentry *); mnt = va_arg(ap, struct vfsmount *); str1 = va_arg(ap, char *); str2 = va_arg(ap, char *); gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2); break; case GR_RBAC_MODE3: dentry = va_arg(ap, struct dentry *); mnt = va_arg(ap, struct vfsmount *); str1 = va_arg(ap, char *); str2 = va_arg(ap, char *); str3 = va_arg(ap, char *); gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2, str3); break; case GR_FILENAME: dentry = va_arg(ap, struct dentry *); mnt = va_arg(ap, struct vfsmount *); gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt)); break; case GR_STR_FILENAME: str1 = va_arg(ap, char *); dentry = va_arg(ap, struct dentry *); mnt = va_arg(ap, struct vfsmount *); gr_log_middle_varargs(audit, msg, str1, gr_to_filename(dentry, mnt)); break; case GR_FILENAME_STR: dentry = va_arg(ap, struct dentry *); mnt = va_arg(ap, struct vfsmount *); str1 = va_arg(ap, char *); gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), str1); break; case GR_FILENAME_TWO_INT: dentry = va_arg(ap, struct dentry *); mnt = va_arg(ap, struct vfsmount *); num1 = va_arg(ap, int); num2 = va_arg(ap, int); gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2); break; case GR_FILENAME_TWO_INT_STR: dentry = va_arg(ap, struct dentry *); mnt = va_arg(ap, struct vfsmount *); num1 = va_arg(ap, int); num2 = va_arg(ap, int); str1 = va_arg(ap, char *); gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2, str1); break; case GR_TEXTREL: file = va_arg(ap, struct file *); ulong1 = va_arg(ap, unsigned long); ulong2 = va_arg(ap, unsigned long); gr_log_middle_varargs(audit, msg, file ? gr_to_filename(file->f_path.dentry, file->f_path.mnt) : "<anonymous mapping>", ulong1, ulong2); break; case GR_PTRACE: task = va_arg(ap, struct task_struct *); gr_log_middle_varargs(audit, msg, task->exec_file ? gr_to_filename(task->exec_file->f_path.dentry, task->exec_file->f_path.mnt) : "(none)", task->comm, task_pid_nr(task)); break; case GR_RESOURCE: task = va_arg(ap, struct task_struct *); cred = __task_cred(task); pcred = __task_cred(task->real_parent); ulong1 = va_arg(ap, unsigned long); str1 = va_arg(ap, char *); ulong2 = va_arg(ap, unsigned long); gr_log_middle_varargs(audit, msg, ulong1, str1, ulong2, gr_task_fullpath(task), task->comm, task_pid_nr(task), GR_GLOBAL_UID(cred->uid), GR_GLOBAL_UID(cred->euid), GR_GLOBAL_GID(cred->gid), GR_GLOBAL_GID(cred->egid), gr_parent_task_fullpath(task), task->real_parent->comm, task_pid_nr(task->real_parent), GR_GLOBAL_UID(pcred->uid), GR_GLOBAL_UID(pcred->euid), GR_GLOBAL_GID(pcred->gid), GR_GLOBAL_GID(pcred->egid)); break; case GR_CAP: task = va_arg(ap, struct task_struct *); cred = __task_cred(task); pcred = __task_cred(task->real_parent); str1 = va_arg(ap, char *); gr_log_middle_varargs(audit, msg, str1, gr_task_fullpath(task), task->comm, task_pid_nr(task), GR_GLOBAL_UID(cred->uid), GR_GLOBAL_UID(cred->euid), GR_GLOBAL_GID(cred->gid), GR_GLOBAL_GID(cred->egid), gr_parent_task_fullpath(task), task->real_parent->comm, task_pid_nr(task->real_parent), GR_GLOBAL_UID(pcred->uid), GR_GLOBAL_UID(pcred->euid), GR_GLOBAL_GID(pcred->gid), GR_GLOBAL_GID(pcred->egid)); break; case GR_SIG: str1 = va_arg(ap, char *); voidptr = va_arg(ap, void *); gr_log_middle_varargs(audit, msg, str1, voidptr); break; case GR_SIG2: task = va_arg(ap, struct task_struct *); cred = __task_cred(task); pcred = __task_cred(task->real_parent); num1 = va_arg(ap, int); gr_log_middle_varargs(audit, msg, num1, gr_task_fullpath0(task), task->comm, task_pid_nr(task), GR_GLOBAL_UID(cred->uid), GR_GLOBAL_UID(cred->euid), GR_GLOBAL_GID(cred->gid), GR_GLOBAL_GID(cred->egid), gr_parent_task_fullpath0(task), task->real_parent->comm, task_pid_nr(task->real_parent), GR_GLOBAL_UID(pcred->uid), GR_GLOBAL_UID(pcred->euid), GR_GLOBAL_GID(pcred->gid), GR_GLOBAL_GID(pcred->egid)); break; case GR_CRASH1: task = va_arg(ap, struct task_struct *); cred = __task_cred(task); pcred = __task_cred(task->real_parent); ulong1 = va_arg(ap, unsigned long); gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task_pid_nr(task), GR_GLOBAL_UID(cred->uid), GR_GLOBAL_UID(cred->euid), GR_GLOBAL_GID(cred->gid), GR_GLOBAL_GID(cred->egid), gr_parent_task_fullpath(task), task->real_parent->comm, task_pid_nr(task->real_parent), GR_GLOBAL_UID(pcred->uid), GR_GLOBAL_UID(pcred->euid), GR_GLOBAL_GID(pcred->gid), GR_GLOBAL_GID(pcred->egid), GR_GLOBAL_UID(cred->uid), ulong1); break; case GR_CRASH2: task = va_arg(ap, struct task_struct *); cred = __task_cred(task); pcred = __task_cred(task->real_parent); ulong1 = va_arg(ap, unsigned long); gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task_pid_nr(task), GR_GLOBAL_UID(cred->uid), GR_GLOBAL_UID(cred->euid), GR_GLOBAL_GID(cred->gid), GR_GLOBAL_GID(cred->egid), gr_parent_task_fullpath(task), task->real_parent->comm, task_pid_nr(task->real_parent), GR_GLOBAL_UID(pcred->uid), GR_GLOBAL_UID(pcred->euid), GR_GLOBAL_GID(pcred->gid), GR_GLOBAL_GID(pcred->egid), ulong1); break; case GR_RWXMAP: file = va_arg(ap, struct file *); gr_log_middle_varargs(audit, msg, file ? gr_to_filename(file->f_path.dentry, file->f_path.mnt) : "<anonymous mapping>"); break; case GR_RWXMAPVMA: vma = va_arg(ap, struct vm_area_struct *); if (vma->vm_file) str1 = gr_to_filename(vma->vm_file->f_path.dentry, vma->vm_file->f_path.mnt); else if (vma->vm_flags & (VM_GROWSDOWN | VM_GROWSUP)) str1 = "<stack>"; else if (vma->vm_start <= current->mm->brk && vma->vm_end >= current->mm->start_brk) str1 = "<heap>"; else str1 = "<anonymous mapping>"; gr_log_middle_varargs(audit, msg, str1); break; case GR_PSACCT: { unsigned int wday, cday; __u8 whr, chr; __u8 wmin, cmin; __u8 wsec, csec; char cur_tty[64] = { 0 }; char parent_tty[64] = { 0 }; task = va_arg(ap, struct task_struct *); wday = va_arg(ap, unsigned int); cday = va_arg(ap, unsigned int); whr = va_arg(ap, int); chr = va_arg(ap, int); wmin = va_arg(ap, int); cmin = va_arg(ap, int); wsec = va_arg(ap, int); csec = va_arg(ap, int); ulong1 = va_arg(ap, unsigned long); cred = __task_cred(task); pcred = __task_cred(task->real_parent); gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task_pid_nr(task), &task->signal->curr_ip, tty_name(task->signal->tty, cur_tty), GR_GLOBAL_UID(cred->uid), GR_GLOBAL_UID(cred->euid), GR_GLOBAL_GID(cred->gid), GR_GLOBAL_GID(cred->egid), wday, whr, wmin, wsec, cday, chr, cmin, csec, (task->flags & PF_SIGNALED) ? "killed by signal" : "exited", ulong1, gr_parent_task_fullpath(task), task->real_parent->comm, task_pid_nr(task->real_parent), &task->real_parent->signal->curr_ip, tty_name(task->real_parent->signal->tty, parent_tty), GR_GLOBAL_UID(pcred->uid), GR_GLOBAL_UID(pcred->euid), GR_GLOBAL_GID(pcred->gid), GR_GLOBAL_GID(pcred->egid)); } break; default: gr_log_middle(audit, msg, ap); } va_end(ap); // these don't need DEFAULTSECARGS printed on the end if (argtypes == GR_CRASH1 || argtypes == GR_CRASH2) gr_log_end(audit, 0); else gr_log_end(audit, 1); END_LOCKS(audit); }