/** * file_audit_cb - call back for file specific audit fields * @ab: audit_buffer (NOT NULL) * @va: audit struct to audit values of (NOT NULL) */ static void file_audit_cb(struct audit_buffer *ab, void *va) { struct common_audit_data *sa = va; kuid_t fsuid = current_fsuid(); if (aad(sa)->request & AA_AUDIT_FILE_MASK) { audit_log_format(ab, " requested_mask="); audit_file_mask(ab, aad(sa)->request); } if (aad(sa)->denied & AA_AUDIT_FILE_MASK) { audit_log_format(ab, " denied_mask="); audit_file_mask(ab, aad(sa)->denied); } if (aad(sa)->request & AA_AUDIT_FILE_MASK) { audit_log_format(ab, " fsuid=%d", from_kuid(&init_user_ns, fsuid)); audit_log_format(ab, " ouid=%d", from_kuid(&init_user_ns, aad(sa)->fs.ouid)); } if (aad(sa)->peer) { audit_log_format(ab, " target="); aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer, FLAG_VIEW_SUBNS, GFP_ATOMIC); } else if (aad(sa)->fs.target) { audit_log_format(ab, " target="); audit_log_untrustedstring(ab, aad(sa)->fs.target); } }
/* audit callback for net specific fields */ void audit_net_cb(struct audit_buffer *ab, void *va) { struct common_audit_data *sa = va; audit_log_format(ab, " family="); if (address_family_names[sa->u.net->family]) audit_log_string(ab, address_family_names[sa->u.net->family]); else audit_log_format(ab, "\"unknown(%d)\"", sa->u.net->family); audit_log_format(ab, " sock_type="); if (sock_type_names[aad(sa)->net.type]) audit_log_string(ab, sock_type_names[aad(sa)->net.type]); else audit_log_format(ab, "\"unknown(%d)\"", aad(sa)->net.type); audit_log_format(ab, " protocol=%d", aad(sa)->net.protocol); if (aad(sa)->request & NET_PERMS_MASK) { audit_log_format(ab, " requested_mask="); aa_audit_perm_mask(ab, aad(sa)->request, NULL, 0, net_mask_names, NET_PERMS_MASK); if (aad(sa)->denied & NET_PERMS_MASK) { audit_log_format(ab, " denied_mask="); aa_audit_perm_mask(ab, aad(sa)->denied, NULL, 0, net_mask_names, NET_PERMS_MASK); } } if (aad(sa)->peer) { audit_log_format(ab, " peer="); aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer, FLAGS_NONE, GFP_ATOMIC); } }
/* call back to audit ptrace fields */ static void audit_ptrace_cb(struct audit_buffer *ab, void *va) { struct common_audit_data *sa = va; if (aad(sa)->request & AA_PTRACE_PERM_MASK) { audit_log_format(ab, " requested_mask="); audit_ptrace_mask(ab, aad(sa)->request); if (aad(sa)->denied & AA_PTRACE_PERM_MASK) { audit_log_format(ab, " denied_mask="); audit_ptrace_mask(ab, aad(sa)->denied); } } audit_log_format(ab, " peer="); aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer, FLAGS_NONE, GFP_ATOMIC); }
/** * audit_cb - call back for signal specific audit fields * @ab: audit_buffer (NOT NULL) * @va: audit struct to audit values of (NOT NULL) */ static void audit_signal_cb(struct audit_buffer *ab, void *va) { struct common_audit_data *sa = va; if (aad(sa)->request & AA_SIGNAL_PERM_MASK) { audit_log_format(ab, " requested_mask="); audit_signal_mask(ab, aad(sa)->request); if (aad(sa)->denied & AA_SIGNAL_PERM_MASK) { audit_log_format(ab, " denied_mask="); audit_signal_mask(ab, aad(sa)->denied); } } if (aad(sa)->signal == SIGUNKNOWN) audit_log_format(ab, "signal=unknown(%d)", aad(sa)->unmappedsig); else if (aad(sa)->signal < MAXMAPPED_SIGNAME) audit_log_format(ab, " signal=%s", sig_names[aad(sa)->signal]); else audit_log_format(ab, " signal=rtmin+%d", aad(sa)->signal - SIGRT_BASE); audit_log_format(ab, " peer="); aa_label_xaudit(ab, labels_ns(aad(sa)->label), aad(sa)->peer, FLAGS_NONE, GFP_ATOMIC); }