Lines Matching refs:context
844 struct audit_context *context = tsk->audit_context; in audit_take_context() local
846 if (!context) in audit_take_context()
848 context->return_valid = return_valid; in audit_take_context()
864 context->return_code = -EINTR; in audit_take_context()
866 context->return_code = return_code; in audit_take_context()
868 if (context->in_syscall && !context->dummy) { in audit_take_context()
869 audit_filter_syscall(tsk, context, &audit_filter_list[AUDIT_FILTER_EXIT]); in audit_take_context()
870 audit_filter_inodes(tsk, context); in audit_take_context()
874 return context; in audit_take_context()
877 static inline void audit_proctitle_free(struct audit_context *context) in audit_proctitle_free() argument
879 kfree(context->proctitle.value); in audit_proctitle_free()
880 context->proctitle.value = NULL; in audit_proctitle_free()
881 context->proctitle.len = 0; in audit_proctitle_free()
884 static inline void audit_free_names(struct audit_context *context) in audit_free_names() argument
888 list_for_each_entry_safe(n, next, &context->names_list, list) { in audit_free_names()
895 context->name_count = 0; in audit_free_names()
896 path_put(&context->pwd); in audit_free_names()
897 context->pwd.dentry = NULL; in audit_free_names()
898 context->pwd.mnt = NULL; in audit_free_names()
901 static inline void audit_free_aux(struct audit_context *context) in audit_free_aux() argument
905 while ((aux = context->aux)) { in audit_free_aux()
906 context->aux = aux->next; in audit_free_aux()
909 while ((aux = context->aux_pids)) { in audit_free_aux()
910 context->aux_pids = aux->next; in audit_free_aux()
917 struct audit_context *context; in audit_alloc_context() local
919 context = kzalloc(sizeof(*context), GFP_KERNEL); in audit_alloc_context()
920 if (!context) in audit_alloc_context()
922 context->state = state; in audit_alloc_context()
923 context->prio = state == AUDIT_RECORD_CONTEXT ? ~0ULL : 0; in audit_alloc_context()
924 INIT_LIST_HEAD(&context->killed_trees); in audit_alloc_context()
925 INIT_LIST_HEAD(&context->names_list); in audit_alloc_context()
926 return context; in audit_alloc_context()
940 struct audit_context *context; in audit_alloc() local
953 if (!(context = audit_alloc_context(state))) { in audit_alloc()
958 context->filterkey = key; in audit_alloc()
960 audit_set_context(tsk, context); in audit_alloc()
965 static inline void audit_free_context(struct audit_context *context) in audit_free_context() argument
967 audit_free_names(context); in audit_free_context()
968 unroll_tree_refs(context, NULL, 0); in audit_free_context()
969 free_tree_refs(context); in audit_free_context()
970 audit_free_aux(context); in audit_free_context()
971 kfree(context->filterkey); in audit_free_context()
972 kfree(context->sockaddr); in audit_free_context()
973 audit_proctitle_free(context); in audit_free_context()
974 kfree(context); in audit_free_context()
977 static int audit_log_pid_context(struct audit_context *context, pid_t pid, in audit_log_pid_context() argument
986 ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); in audit_log_pid_context()
1009 static void audit_log_execve_info(struct audit_context *context, in audit_log_execve_info() argument
1046 audit_log_format(*ab, "argc=%d", context->execve.argc); in audit_log_execve_info()
1118 *ab = audit_log_start(context, in audit_log_execve_info()
1175 } while (arg < context->execve.argc); in audit_log_execve_info()
1183 static void show_special(struct audit_context *context, int *call_panic) in show_special() argument
1188 ab = audit_log_start(context, GFP_KERNEL, context->type); in show_special()
1192 switch (context->type) { in show_special()
1194 int nargs = context->socketcall.nargs; in show_special()
1198 context->socketcall.args[i]); in show_special()
1201 u32 osid = context->ipc.osid; in show_special()
1204 from_kuid(&init_user_ns, context->ipc.uid), in show_special()
1205 from_kgid(&init_user_ns, context->ipc.gid), in show_special()
1206 context->ipc.mode); in show_special()
1218 if (context->ipc.has_perm) { in show_special()
1220 ab = audit_log_start(context, GFP_KERNEL, in show_special()
1226 context->ipc.qbytes, in show_special()
1227 context->ipc.perm_uid, in show_special()
1228 context->ipc.perm_gid, in show_special()
1229 context->ipc.perm_mode); in show_special()
1236 context->mq_open.oflag, context->mq_open.mode, in show_special()
1237 context->mq_open.attr.mq_flags, in show_special()
1238 context->mq_open.attr.mq_maxmsg, in show_special()
1239 context->mq_open.attr.mq_msgsize, in show_special()
1240 context->mq_open.attr.mq_curmsgs); in show_special()
1246 context->mq_sendrecv.mqdes, in show_special()
1247 context->mq_sendrecv.msg_len, in show_special()
1248 context->mq_sendrecv.msg_prio, in show_special()
1249 (long long) context->mq_sendrecv.abs_timeout.tv_sec, in show_special()
1250 context->mq_sendrecv.abs_timeout.tv_nsec); in show_special()
1254 context->mq_notify.mqdes, in show_special()
1255 context->mq_notify.sigev_signo); in show_special()
1258 struct mq_attr *attr = &context->mq_getsetattr.mqstat; in show_special()
1262 context->mq_getsetattr.mqdes, in show_special()
1267 audit_log_format(ab, "pid=%d", context->capset.pid); in show_special()
1268 audit_log_cap(ab, "cap_pi", &context->capset.cap.inheritable); in show_special()
1269 audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted); in show_special()
1270 audit_log_cap(ab, "cap_pe", &context->capset.cap.effective); in show_special()
1271 audit_log_cap(ab, "cap_pa", &context->capset.cap.ambient); in show_special()
1274 audit_log_format(ab, "fd=%d flags=0x%x", context->mmap.fd, in show_special()
1275 context->mmap.flags); in show_special()
1278 audit_log_execve_info(context, &ab); in show_special()
1282 if (context->module.name) { in show_special()
1283 audit_log_untrustedstring(ab, context->module.name); in show_special()
1284 kfree(context->module.name); in show_special()
1306 struct audit_context *context) in audit_log_proctitle() argument
1314 ab = audit_log_start(context, GFP_KERNEL, AUDIT_PROCTITLE); in audit_log_proctitle()
1321 if (!context->proctitle.value) { in audit_log_proctitle()
1336 context->proctitle.value = buf; in audit_log_proctitle()
1337 context->proctitle.len = res; in audit_log_proctitle()
1339 msg = context->proctitle.value; in audit_log_proctitle()
1340 len = context->proctitle.len; in audit_log_proctitle()
1346 static void audit_log_exit(struct audit_context *context, struct task_struct *tsk) in audit_log_exit() argument
1354 context->personality = tsk->personality; in audit_log_exit()
1356 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL); in audit_log_exit()
1360 context->arch, context->major); in audit_log_exit()
1361 if (context->personality != PER_LINUX) in audit_log_exit()
1362 audit_log_format(ab, " per=%lx", context->personality); in audit_log_exit()
1363 if (context->return_valid) in audit_log_exit()
1365 (context->return_valid==AUDITSC_SUCCESS)?"yes":"no", in audit_log_exit()
1366 context->return_code); in audit_log_exit()
1370 context->argv[0], in audit_log_exit()
1371 context->argv[1], in audit_log_exit()
1372 context->argv[2], in audit_log_exit()
1373 context->argv[3], in audit_log_exit()
1374 context->name_count); in audit_log_exit()
1377 audit_log_key(ab, context->filterkey); in audit_log_exit()
1380 for (aux = context->aux; aux; aux = aux->next) { in audit_log_exit()
1382 ab = audit_log_start(context, GFP_KERNEL, aux->type); in audit_log_exit()
1408 if (context->type) in audit_log_exit()
1409 show_special(context, &call_panic); in audit_log_exit()
1411 if (context->fds[0] >= 0) { in audit_log_exit()
1412 ab = audit_log_start(context, GFP_KERNEL, AUDIT_FD_PAIR); in audit_log_exit()
1415 context->fds[0], context->fds[1]); in audit_log_exit()
1420 if (context->sockaddr_len) { in audit_log_exit()
1421 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SOCKADDR); in audit_log_exit()
1424 audit_log_n_hex(ab, (void *)context->sockaddr, in audit_log_exit()
1425 context->sockaddr_len); in audit_log_exit()
1430 for (aux = context->aux_pids; aux; aux = aux->next) { in audit_log_exit()
1434 if (audit_log_pid_context(context, axs->target_pid[i], in audit_log_exit()
1443 if (context->target_pid && in audit_log_exit()
1444 audit_log_pid_context(context, context->target_pid, in audit_log_exit()
1445 context->target_auid, context->target_uid, in audit_log_exit()
1446 context->target_sessionid, in audit_log_exit()
1447 context->target_sid, context->target_comm)) in audit_log_exit()
1450 if (context->pwd.dentry && context->pwd.mnt) { in audit_log_exit()
1451 ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD); in audit_log_exit()
1453 audit_log_d_path(ab, "cwd=", &context->pwd); in audit_log_exit()
1459 list_for_each_entry(n, &context->names_list, list) { in audit_log_exit()
1462 audit_log_name(context, n, NULL, i++, &call_panic); in audit_log_exit()
1465 audit_log_proctitle(tsk, context); in audit_log_exit()
1468 ab = audit_log_start(context, GFP_KERNEL, AUDIT_EOE); in audit_log_exit()
1483 struct audit_context *context; in __audit_free() local
1485 context = audit_take_context(tsk, 0, 0); in __audit_free()
1486 if (!context) in __audit_free()
1494 if (context->in_syscall && context->current_state == AUDIT_RECORD_CONTEXT) in __audit_free()
1495 audit_log_exit(context, tsk); in __audit_free()
1496 if (!list_empty(&context->killed_trees)) in __audit_free()
1497 audit_kill_trees(&context->killed_trees); in __audit_free()
1499 audit_free_context(context); in __audit_free()
1521 struct audit_context *context = audit_context(); in __audit_syscall_entry() local
1524 if (!audit_enabled || !context) in __audit_syscall_entry()
1527 BUG_ON(context->in_syscall || context->name_count); in __audit_syscall_entry()
1529 state = context->state; in __audit_syscall_entry()
1533 context->dummy = !audit_n_rules; in __audit_syscall_entry()
1534 if (!context->dummy && state == AUDIT_BUILD_CONTEXT) { in __audit_syscall_entry()
1535 context->prio = 0; in __audit_syscall_entry()
1540 context->arch = syscall_get_arch(); in __audit_syscall_entry()
1541 context->major = major; in __audit_syscall_entry()
1542 context->argv[0] = a1; in __audit_syscall_entry()
1543 context->argv[1] = a2; in __audit_syscall_entry()
1544 context->argv[2] = a3; in __audit_syscall_entry()
1545 context->argv[3] = a4; in __audit_syscall_entry()
1546 context->serial = 0; in __audit_syscall_entry()
1547 context->in_syscall = 1; in __audit_syscall_entry()
1548 context->current_state = state; in __audit_syscall_entry()
1549 context->ppid = 0; in __audit_syscall_entry()
1550 ktime_get_coarse_real_ts64(&context->ctime); in __audit_syscall_entry()
1566 struct audit_context *context; in __audit_syscall_exit() local
1573 context = audit_take_context(current, success, return_code); in __audit_syscall_exit()
1574 if (!context) in __audit_syscall_exit()
1577 if (context->in_syscall && context->current_state == AUDIT_RECORD_CONTEXT) in __audit_syscall_exit()
1578 audit_log_exit(context, current); in __audit_syscall_exit()
1580 context->in_syscall = 0; in __audit_syscall_exit()
1581 context->prio = context->state == AUDIT_RECORD_CONTEXT ? ~0ULL : 0; in __audit_syscall_exit()
1583 if (!list_empty(&context->killed_trees)) in __audit_syscall_exit()
1584 audit_kill_trees(&context->killed_trees); in __audit_syscall_exit()
1586 audit_free_names(context); in __audit_syscall_exit()
1587 unroll_tree_refs(context, NULL, 0); in __audit_syscall_exit()
1588 audit_free_aux(context); in __audit_syscall_exit()
1589 context->aux = NULL; in __audit_syscall_exit()
1590 context->aux_pids = NULL; in __audit_syscall_exit()
1591 context->target_pid = 0; in __audit_syscall_exit()
1592 context->target_sid = 0; in __audit_syscall_exit()
1593 context->sockaddr_len = 0; in __audit_syscall_exit()
1594 context->type = 0; in __audit_syscall_exit()
1595 context->fds[0] = -1; in __audit_syscall_exit()
1596 if (context->state != AUDIT_RECORD_CONTEXT) { in __audit_syscall_exit()
1597 kfree(context->filterkey); in __audit_syscall_exit()
1598 context->filterkey = NULL; in __audit_syscall_exit()
1600 audit_set_context(current, context); in __audit_syscall_exit()
1606 struct audit_context *context; in handle_one() local
1612 context = audit_context(); in handle_one()
1613 p = context->trees; in handle_one()
1614 count = context->tree_count; in handle_one()
1620 if (likely(put_tree_ref(context, chunk))) in handle_one()
1622 if (unlikely(!grow_tree_refs(context))) { in handle_one()
1624 audit_set_auditable(context); in handle_one()
1626 unroll_tree_refs(context, p, count); in handle_one()
1629 put_tree_ref(context, chunk); in handle_one()
1636 struct audit_context *context; in handle_path() local
1643 context = audit_context(); in handle_path()
1644 p = context->trees; in handle_path()
1645 count = context->tree_count; in handle_path()
1657 if (unlikely(!put_tree_ref(context, chunk))) { in handle_path()
1672 unroll_tree_refs(context, p, count); in handle_path()
1676 if (grow_tree_refs(context)) { in handle_path()
1678 unroll_tree_refs(context, p, count); in handle_path()
1683 unroll_tree_refs(context, p, count); in handle_path()
1684 audit_set_auditable(context); in handle_path()
1691 static struct audit_names *audit_alloc_name(struct audit_context *context, in audit_alloc_name() argument
1696 if (context->name_count < AUDIT_NAMES) { in audit_alloc_name()
1697 aname = &context->preallocated_names[context->name_count]; in audit_alloc_name()
1708 list_add_tail(&aname->list, &context->names_list); in audit_alloc_name()
1710 context->name_count++; in audit_alloc_name()
1725 struct audit_context *context = audit_context(); in __audit_reusename() local
1728 list_for_each_entry(n, &context->names_list, list) { in __audit_reusename()
1748 struct audit_context *context = audit_context(); in __audit_getname() local
1751 if (!context->in_syscall) in __audit_getname()
1754 n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN); in __audit_getname()
1763 if (!context->pwd.dentry) in __audit_getname()
1764 get_fs_pwd(current->fs, &context->pwd); in __audit_getname()
1776 struct audit_context *context = audit_context(); in __audit_inode() local
1781 if (!context->in_syscall) in __audit_inode()
1803 list_for_each_entry_reverse(n, &context->names_list, list) { in __audit_inode()
1830 n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN); in __audit_inode()
1875 struct audit_context *context = audit_context(); in __audit_inode_child() local
1883 if (!context->in_syscall) in __audit_inode_child()
1910 list_for_each_entry(n, &context->names_list, list) { in __audit_inode_child()
1927 list_for_each_entry(n, &context->names_list, list) { in __audit_inode_child()
1947 n = audit_alloc_name(context, AUDIT_TYPE_PARENT); in __audit_inode_child()
1954 found_child = audit_alloc_name(context, type); in __audit_inode_child()
2094 struct audit_context *context = audit_context(); in __audit_mq_open() local
2097 memcpy(&context->mq_open.attr, attr, sizeof(struct mq_attr)); in __audit_mq_open()
2099 memset(&context->mq_open.attr, 0, sizeof(struct mq_attr)); in __audit_mq_open()
2101 context->mq_open.oflag = oflag; in __audit_mq_open()
2102 context->mq_open.mode = mode; in __audit_mq_open()
2104 context->type = AUDIT_MQ_OPEN; in __audit_mq_open()
2118 struct audit_context *context = audit_context(); in __audit_mq_sendrecv() local
2119 struct timespec64 *p = &context->mq_sendrecv.abs_timeout; in __audit_mq_sendrecv()
2126 context->mq_sendrecv.mqdes = mqdes; in __audit_mq_sendrecv()
2127 context->mq_sendrecv.msg_len = msg_len; in __audit_mq_sendrecv()
2128 context->mq_sendrecv.msg_prio = msg_prio; in __audit_mq_sendrecv()
2130 context->type = AUDIT_MQ_SENDRECV; in __audit_mq_sendrecv()
2142 struct audit_context *context = audit_context(); in __audit_mq_notify() local
2145 context->mq_notify.sigev_signo = notification->sigev_signo; in __audit_mq_notify()
2147 context->mq_notify.sigev_signo = 0; in __audit_mq_notify()
2149 context->mq_notify.mqdes = mqdes; in __audit_mq_notify()
2150 context->type = AUDIT_MQ_NOTIFY; in __audit_mq_notify()
2161 struct audit_context *context = audit_context(); in __audit_mq_getsetattr() local
2162 context->mq_getsetattr.mqdes = mqdes; in __audit_mq_getsetattr()
2163 context->mq_getsetattr.mqstat = *mqstat; in __audit_mq_getsetattr()
2164 context->type = AUDIT_MQ_GETSETATTR; in __audit_mq_getsetattr()
2174 struct audit_context *context = audit_context(); in __audit_ipc_obj() local
2175 context->ipc.uid = ipcp->uid; in __audit_ipc_obj()
2176 context->ipc.gid = ipcp->gid; in __audit_ipc_obj()
2177 context->ipc.mode = ipcp->mode; in __audit_ipc_obj()
2178 context->ipc.has_perm = 0; in __audit_ipc_obj()
2179 security_ipc_getsecid(ipcp, &context->ipc.osid); in __audit_ipc_obj()
2180 context->type = AUDIT_IPC; in __audit_ipc_obj()
2194 struct audit_context *context = audit_context(); in __audit_ipc_set_perm() local
2196 context->ipc.qbytes = qbytes; in __audit_ipc_set_perm()
2197 context->ipc.perm_uid = uid; in __audit_ipc_set_perm()
2198 context->ipc.perm_gid = gid; in __audit_ipc_set_perm()
2199 context->ipc.perm_mode = mode; in __audit_ipc_set_perm()
2200 context->ipc.has_perm = 1; in __audit_ipc_set_perm()
2205 struct audit_context *context = audit_context(); in __audit_bprm() local
2207 context->type = AUDIT_EXECVE; in __audit_bprm()
2208 context->execve.argc = bprm->argc; in __audit_bprm()
2220 struct audit_context *context = audit_context(); in __audit_socketcall() local
2224 context->type = AUDIT_SOCKETCALL; in __audit_socketcall()
2225 context->socketcall.nargs = nargs; in __audit_socketcall()
2226 memcpy(context->socketcall.args, args, nargs * sizeof(unsigned long)); in __audit_socketcall()
2238 struct audit_context *context = audit_context(); in __audit_fd_pair() local
2239 context->fds[0] = fd1; in __audit_fd_pair()
2240 context->fds[1] = fd2; in __audit_fd_pair()
2252 struct audit_context *context = audit_context(); in __audit_sockaddr() local
2254 if (!context->sockaddr) { in __audit_sockaddr()
2258 context->sockaddr = p; in __audit_sockaddr()
2261 context->sockaddr_len = len; in __audit_sockaddr()
2262 memcpy(context->sockaddr, a, len); in __audit_sockaddr()
2268 struct audit_context *context = audit_context(); in __audit_ptrace() local
2270 context->target_pid = task_tgid_nr(t); in __audit_ptrace()
2271 context->target_auid = audit_get_loginuid(t); in __audit_ptrace()
2272 context->target_uid = task_uid(t); in __audit_ptrace()
2273 context->target_sessionid = audit_get_sessionid(t); in __audit_ptrace()
2274 security_task_getsecid(t, &context->target_sid); in __audit_ptrace()
2275 memcpy(context->target_comm, t->comm, TASK_COMM_LEN); in __audit_ptrace()
2357 struct audit_context *context = audit_context(); in __audit_log_bprm_fcaps() local
2365 ax->d.next = context->aux; in __audit_log_bprm_fcaps()
2366 context->aux = (void *)ax; in __audit_log_bprm_fcaps()
2397 struct audit_context *context = audit_context(); in __audit_log_capset() local
2398 context->capset.pid = task_tgid_nr(current); in __audit_log_capset()
2399 context->capset.cap.effective = new->cap_effective; in __audit_log_capset()
2400 context->capset.cap.inheritable = new->cap_effective; in __audit_log_capset()
2401 context->capset.cap.permitted = new->cap_permitted; in __audit_log_capset()
2402 context->capset.cap.ambient = new->cap_ambient; in __audit_log_capset()
2403 context->type = AUDIT_CAPSET; in __audit_log_capset()
2408 struct audit_context *context = audit_context(); in __audit_mmap_fd() local
2409 context->mmap.fd = fd; in __audit_mmap_fd()
2410 context->mmap.flags = flags; in __audit_mmap_fd()
2411 context->type = AUDIT_MMAP; in __audit_mmap_fd()
2416 struct audit_context *context = audit_context(); in __audit_log_kern_module() local
2418 context->module.name = kstrdup(name, GFP_KERNEL); in __audit_log_kern_module()
2419 if (!context->module.name) in __audit_log_kern_module()
2421 context->type = AUDIT_KERN_MODULE; in __audit_log_kern_module()