Lines Matching refs:context
907 static inline void audit_proctitle_free(struct audit_context *context) in audit_proctitle_free() argument
909 kfree(context->proctitle.value); in audit_proctitle_free()
910 context->proctitle.value = NULL; in audit_proctitle_free()
911 context->proctitle.len = 0; in audit_proctitle_free()
914 static inline void audit_free_module(struct audit_context *context) in audit_free_module() argument
916 if (context->type == AUDIT_KERN_MODULE) { in audit_free_module()
917 kfree(context->module.name); in audit_free_module()
918 context->module.name = NULL; in audit_free_module()
921 static inline void audit_free_names(struct audit_context *context) in audit_free_names() argument
925 list_for_each_entry_safe(n, next, &context->names_list, list) { in audit_free_names()
932 context->name_count = 0; in audit_free_names()
933 path_put(&context->pwd); in audit_free_names()
934 context->pwd.dentry = NULL; in audit_free_names()
935 context->pwd.mnt = NULL; in audit_free_names()
938 static inline void audit_free_aux(struct audit_context *context) in audit_free_aux() argument
942 while ((aux = context->aux)) { in audit_free_aux()
943 context->aux = aux->next; in audit_free_aux()
946 context->aux = NULL; in audit_free_aux()
947 while ((aux = context->aux_pids)) { in audit_free_aux()
948 context->aux_pids = aux->next; in audit_free_aux()
951 context->aux_pids = NULL; in audit_free_aux()
969 ctx->context = AUDIT_CTX_UNUSED; in audit_reset_context()
1024 struct audit_context *context; in audit_alloc_context() local
1026 context = kzalloc(sizeof(*context), GFP_KERNEL); in audit_alloc_context()
1027 if (!context) in audit_alloc_context()
1029 context->context = AUDIT_CTX_UNUSED; in audit_alloc_context()
1030 context->state = state; in audit_alloc_context()
1031 context->prio = state == AUDIT_STATE_RECORD ? ~0ULL : 0; in audit_alloc_context()
1032 INIT_LIST_HEAD(&context->killed_trees); in audit_alloc_context()
1033 INIT_LIST_HEAD(&context->names_list); in audit_alloc_context()
1034 context->fds[0] = -1; in audit_alloc_context()
1035 context->return_valid = AUDITSC_INVALID; in audit_alloc_context()
1036 return context; in audit_alloc_context()
1050 struct audit_context *context; in audit_alloc() local
1063 if (!(context = audit_alloc_context(state))) { in audit_alloc()
1068 context->filterkey = key; in audit_alloc()
1070 audit_set_context(tsk, context); in audit_alloc()
1075 static inline void audit_free_context(struct audit_context *context) in audit_free_context() argument
1078 audit_reset_context(context); in audit_free_context()
1079 audit_proctitle_free(context); in audit_free_context()
1080 free_tree_refs(context); in audit_free_context()
1081 kfree(context->filterkey); in audit_free_context()
1082 kfree(context); in audit_free_context()
1085 static int audit_log_pid_context(struct audit_context *context, pid_t pid, in audit_log_pid_context() argument
1094 ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); in audit_log_pid_context()
1117 static void audit_log_execve_info(struct audit_context *context, in audit_log_execve_info() argument
1154 audit_log_format(*ab, "argc=%d", context->execve.argc); in audit_log_execve_info()
1226 *ab = audit_log_start(context, in audit_log_execve_info()
1283 } while (arg < context->execve.argc); in audit_log_execve_info()
1318 static void audit_log_time(struct audit_context *context, struct audit_buffer **ab) in audit_log_time() argument
1320 const struct audit_ntp_data *ntp = &context->time.ntp_data; in audit_log_time()
1321 const struct timespec64 *tk = &context->time.tk_injoffset; in audit_log_time()
1332 if (context->type == AUDIT_TIME_ADJNTPVAL) { in audit_log_time()
1336 *ab = audit_log_start(context, in audit_log_time()
1353 *ab = audit_log_start(context, GFP_KERNEL, in audit_log_time()
1365 static void show_special(struct audit_context *context, int *call_panic) in show_special() argument
1370 ab = audit_log_start(context, GFP_KERNEL, context->type); in show_special()
1374 switch (context->type) { in show_special()
1376 int nargs = context->socketcall.nargs; in show_special()
1381 context->socketcall.args[i]); in show_special()
1384 u32 osid = context->ipc.osid; in show_special()
1387 from_kuid(&init_user_ns, context->ipc.uid), in show_special()
1388 from_kgid(&init_user_ns, context->ipc.gid), in show_special()
1389 context->ipc.mode); in show_special()
1402 if (context->ipc.has_perm) { in show_special()
1404 ab = audit_log_start(context, GFP_KERNEL, in show_special()
1410 context->ipc.qbytes, in show_special()
1411 context->ipc.perm_uid, in show_special()
1412 context->ipc.perm_gid, in show_special()
1413 context->ipc.perm_mode); in show_special()
1420 context->mq_open.oflag, context->mq_open.mode, in show_special()
1421 context->mq_open.attr.mq_flags, in show_special()
1422 context->mq_open.attr.mq_maxmsg, in show_special()
1423 context->mq_open.attr.mq_msgsize, in show_special()
1424 context->mq_open.attr.mq_curmsgs); in show_special()
1430 context->mq_sendrecv.mqdes, in show_special()
1431 context->mq_sendrecv.msg_len, in show_special()
1432 context->mq_sendrecv.msg_prio, in show_special()
1433 (long long) context->mq_sendrecv.abs_timeout.tv_sec, in show_special()
1434 context->mq_sendrecv.abs_timeout.tv_nsec); in show_special()
1438 context->mq_notify.mqdes, in show_special()
1439 context->mq_notify.sigev_signo); in show_special()
1442 struct mq_attr *attr = &context->mq_getsetattr.mqstat; in show_special()
1447 context->mq_getsetattr.mqdes, in show_special()
1452 audit_log_format(ab, "pid=%d", context->capset.pid); in show_special()
1453 audit_log_cap(ab, "cap_pi", &context->capset.cap.inheritable); in show_special()
1454 audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted); in show_special()
1455 audit_log_cap(ab, "cap_pe", &context->capset.cap.effective); in show_special()
1456 audit_log_cap(ab, "cap_pa", &context->capset.cap.ambient); in show_special()
1459 audit_log_format(ab, "fd=%d flags=0x%x", context->mmap.fd, in show_special()
1460 context->mmap.flags); in show_special()
1464 context->openat2.flags, in show_special()
1465 context->openat2.mode, in show_special()
1466 context->openat2.resolve); in show_special()
1469 audit_log_execve_info(context, &ab); in show_special()
1473 if (context->module.name) { in show_special()
1474 audit_log_untrustedstring(ab, context->module.name); in show_special()
1482 audit_log_time(context, &ab); in show_special()
1509 static void audit_log_name(struct audit_context *context, struct audit_names *n, in audit_log_name() argument
1514 ab = audit_log_start(context, GFP_KERNEL, AUDIT_PATH); in audit_log_name()
1533 if (context->pwd.dentry && context->pwd.mnt) in audit_log_name()
1534 audit_log_d_path(ab, " name=", &context->pwd); in audit_log_name()
1601 struct audit_context *context = audit_context(); in audit_log_proctitle() local
1604 ab = audit_log_start(context, GFP_KERNEL, AUDIT_PROCTITLE); in audit_log_proctitle()
1611 if (!context->proctitle.value) { in audit_log_proctitle()
1626 context->proctitle.value = buf; in audit_log_proctitle()
1627 context->proctitle.len = res; in audit_log_proctitle()
1629 msg = context->proctitle.value; in audit_log_proctitle()
1630 len = context->proctitle.len; in audit_log_proctitle()
1677 struct audit_context *context = audit_context(); in audit_log_exit() local
1682 context->personality = current->personality; in audit_log_exit()
1684 switch (context->context) { in audit_log_exit()
1686 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL); in audit_log_exit()
1690 context->arch, context->major); in audit_log_exit()
1691 if (context->personality != PER_LINUX) in audit_log_exit()
1692 audit_log_format(ab, " per=%lx", context->personality); in audit_log_exit()
1693 if (context->return_valid != AUDITSC_INVALID) in audit_log_exit()
1695 (context->return_valid == AUDITSC_SUCCESS ? in audit_log_exit()
1697 context->return_code); in audit_log_exit()
1700 context->argv[0], in audit_log_exit()
1701 context->argv[1], in audit_log_exit()
1702 context->argv[2], in audit_log_exit()
1703 context->argv[3], in audit_log_exit()
1704 context->name_count); in audit_log_exit()
1706 audit_log_key(ab, context->filterkey); in audit_log_exit()
1710 audit_log_uring(context); in audit_log_exit()
1717 for (aux = context->aux; aux; aux = aux->next) { in audit_log_exit()
1719 ab = audit_log_start(context, GFP_KERNEL, aux->type); in audit_log_exit()
1749 if (context->type) in audit_log_exit()
1750 show_special(context, &call_panic); in audit_log_exit()
1752 if (context->fds[0] >= 0) { in audit_log_exit()
1753 ab = audit_log_start(context, GFP_KERNEL, AUDIT_FD_PAIR); in audit_log_exit()
1756 context->fds[0], context->fds[1]); in audit_log_exit()
1761 if (context->sockaddr_len) { in audit_log_exit()
1762 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SOCKADDR); in audit_log_exit()
1765 audit_log_n_hex(ab, (void *)context->sockaddr, in audit_log_exit()
1766 context->sockaddr_len); in audit_log_exit()
1771 for (aux = context->aux_pids; aux; aux = aux->next) { in audit_log_exit()
1775 if (audit_log_pid_context(context, axs->target_pid[i], in audit_log_exit()
1784 if (context->target_pid && in audit_log_exit()
1785 audit_log_pid_context(context, context->target_pid, in audit_log_exit()
1786 context->target_auid, context->target_uid, in audit_log_exit()
1787 context->target_sessionid, in audit_log_exit()
1788 context->target_sid, context->target_comm)) in audit_log_exit()
1791 if (context->pwd.dentry && context->pwd.mnt) { in audit_log_exit()
1792 ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD); in audit_log_exit()
1794 audit_log_d_path(ab, "cwd=", &context->pwd); in audit_log_exit()
1800 list_for_each_entry(n, &context->names_list, list) { in audit_log_exit()
1803 audit_log_name(context, n, NULL, i++, &call_panic); in audit_log_exit()
1806 if (context->context == AUDIT_CTX_SYSCALL) in audit_log_exit()
1810 ab = audit_log_start(context, GFP_KERNEL, AUDIT_EOE); in audit_log_exit()
1825 struct audit_context *context = tsk->audit_context; in __audit_free() local
1827 if (!context) in __audit_free()
1831 if (!list_empty(&context->killed_trees)) in __audit_free()
1832 audit_kill_trees(context); in __audit_free()
1839 if (tsk == current && !context->dummy) { in __audit_free()
1840 context->return_valid = AUDITSC_INVALID; in __audit_free()
1841 context->return_code = 0; in __audit_free()
1842 if (context->context == AUDIT_CTX_SYSCALL) { in __audit_free()
1843 audit_filter_syscall(tsk, context); in __audit_free()
1844 audit_filter_inodes(tsk, context); in __audit_free()
1845 if (context->current_state == AUDIT_STATE_RECORD) in __audit_free()
1847 } else if (context->context == AUDIT_CTX_URING) { in __audit_free()
1849 audit_filter_uring(tsk, context); in __audit_free()
1850 audit_filter_inodes(tsk, context); in __audit_free()
1851 if (context->current_state == AUDIT_STATE_RECORD) in __audit_free()
1852 audit_log_uring(context); in __audit_free()
1857 audit_free_context(context); in __audit_free()
1911 if (ctx->context == AUDIT_CTX_SYSCALL) in __audit_uring_entry()
1918 ctx->context = AUDIT_CTX_URING; in __audit_uring_entry()
1938 if (ctx->context != AUDIT_CTX_URING) in __audit_uring_exit()
1944 if (ctx->context == AUDIT_CTX_SYSCALL) { in __audit_uring_exit()
2010 struct audit_context *context = audit_context(); in __audit_syscall_entry() local
2013 if (!audit_enabled || !context) in __audit_syscall_entry()
2016 WARN_ON(context->context != AUDIT_CTX_UNUSED); in __audit_syscall_entry()
2017 WARN_ON(context->name_count); in __audit_syscall_entry()
2018 if (context->context != AUDIT_CTX_UNUSED || context->name_count) { in __audit_syscall_entry()
2023 state = context->state; in __audit_syscall_entry()
2027 context->dummy = !audit_n_rules; in __audit_syscall_entry()
2028 if (!context->dummy && state == AUDIT_STATE_BUILD) { in __audit_syscall_entry()
2029 context->prio = 0; in __audit_syscall_entry()
2034 context->arch = syscall_get_arch(current); in __audit_syscall_entry()
2035 context->major = major; in __audit_syscall_entry()
2036 context->argv[0] = a1; in __audit_syscall_entry()
2037 context->argv[1] = a2; in __audit_syscall_entry()
2038 context->argv[2] = a3; in __audit_syscall_entry()
2039 context->argv[3] = a4; in __audit_syscall_entry()
2040 context->context = AUDIT_CTX_SYSCALL; in __audit_syscall_entry()
2041 context->current_state = state; in __audit_syscall_entry()
2042 ktime_get_coarse_real_ts64(&context->ctime); in __audit_syscall_entry()
2058 struct audit_context *context = audit_context(); in __audit_syscall_exit() local
2060 if (!context || context->dummy || in __audit_syscall_exit()
2061 context->context != AUDIT_CTX_SYSCALL) in __audit_syscall_exit()
2065 if (!list_empty(&context->killed_trees)) in __audit_syscall_exit()
2066 audit_kill_trees(context); in __audit_syscall_exit()
2068 audit_return_fixup(context, success, return_code); in __audit_syscall_exit()
2070 audit_filter_syscall(current, context); in __audit_syscall_exit()
2071 audit_filter_inodes(current, context); in __audit_syscall_exit()
2072 if (context->current_state != AUDIT_STATE_RECORD) in __audit_syscall_exit()
2078 audit_reset_context(context); in __audit_syscall_exit()
2083 struct audit_context *context; in handle_one() local
2090 context = audit_context(); in handle_one()
2091 p = context->trees; in handle_one()
2092 count = context->tree_count; in handle_one()
2098 if (likely(put_tree_ref(context, chunk))) in handle_one()
2100 if (unlikely(!grow_tree_refs(context))) { in handle_one()
2102 audit_set_auditable(context); in handle_one()
2104 unroll_tree_refs(context, p, count); in handle_one()
2107 put_tree_ref(context, chunk); in handle_one()
2112 struct audit_context *context; in handle_path() local
2119 context = audit_context(); in handle_path()
2120 p = context->trees; in handle_path()
2121 count = context->tree_count; in handle_path()
2135 if (unlikely(!put_tree_ref(context, chunk))) { in handle_path()
2150 unroll_tree_refs(context, p, count); in handle_path()
2154 if (grow_tree_refs(context)) { in handle_path()
2156 unroll_tree_refs(context, p, count); in handle_path()
2161 unroll_tree_refs(context, p, count); in handle_path()
2162 audit_set_auditable(context); in handle_path()
2168 static struct audit_names *audit_alloc_name(struct audit_context *context, in audit_alloc_name() argument
2173 if (context->name_count < AUDIT_NAMES) { in audit_alloc_name()
2174 aname = &context->preallocated_names[context->name_count]; in audit_alloc_name()
2185 list_add_tail(&aname->list, &context->names_list); in audit_alloc_name()
2187 context->name_count++; in audit_alloc_name()
2188 if (!context->pwd.dentry) in audit_alloc_name()
2189 get_fs_pwd(current->fs, &context->pwd); in audit_alloc_name()
2204 struct audit_context *context = audit_context(); in __audit_reusename() local
2207 list_for_each_entry(n, &context->names_list, list) { in __audit_reusename()
2227 struct audit_context *context = audit_context(); in __audit_getname() local
2230 if (context->context == AUDIT_CTX_UNUSED) in __audit_getname()
2233 n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN); in __audit_getname()
2294 struct audit_context *context = audit_context(); in __audit_inode() local
2302 if (context->context == AUDIT_CTX_UNUSED) in __audit_inode()
2340 list_for_each_entry_reverse(n, &context->names_list, list) { in __audit_inode()
2367 n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN); in __audit_inode()
2412 struct audit_context *context = audit_context(); in __audit_inode_child() local
2420 if (context->context == AUDIT_CTX_UNUSED) in __audit_inode_child()
2443 list_for_each_entry(n, &context->names_list, list) { in __audit_inode_child()
2462 list_for_each_entry(n, &context->names_list, list) { in __audit_inode_child()
2482 n = audit_alloc_name(context, AUDIT_TYPE_PARENT); in __audit_inode_child()
2489 found_child = audit_alloc_name(context, type); in __audit_inode_child()
2521 if (ctx->context == AUDIT_CTX_UNUSED) in auditsc_get_stamp()
2544 struct audit_context *context = audit_context(); in __audit_mq_open() local
2547 memcpy(&context->mq_open.attr, attr, sizeof(struct mq_attr)); in __audit_mq_open()
2549 memset(&context->mq_open.attr, 0, sizeof(struct mq_attr)); in __audit_mq_open()
2551 context->mq_open.oflag = oflag; in __audit_mq_open()
2552 context->mq_open.mode = mode; in __audit_mq_open()
2554 context->type = AUDIT_MQ_OPEN; in __audit_mq_open()
2568 struct audit_context *context = audit_context(); in __audit_mq_sendrecv() local
2569 struct timespec64 *p = &context->mq_sendrecv.abs_timeout; in __audit_mq_sendrecv()
2576 context->mq_sendrecv.mqdes = mqdes; in __audit_mq_sendrecv()
2577 context->mq_sendrecv.msg_len = msg_len; in __audit_mq_sendrecv()
2578 context->mq_sendrecv.msg_prio = msg_prio; in __audit_mq_sendrecv()
2580 context->type = AUDIT_MQ_SENDRECV; in __audit_mq_sendrecv()
2592 struct audit_context *context = audit_context(); in __audit_mq_notify() local
2595 context->mq_notify.sigev_signo = notification->sigev_signo; in __audit_mq_notify()
2597 context->mq_notify.sigev_signo = 0; in __audit_mq_notify()
2599 context->mq_notify.mqdes = mqdes; in __audit_mq_notify()
2600 context->type = AUDIT_MQ_NOTIFY; in __audit_mq_notify()
2611 struct audit_context *context = audit_context(); in __audit_mq_getsetattr() local
2613 context->mq_getsetattr.mqdes = mqdes; in __audit_mq_getsetattr()
2614 context->mq_getsetattr.mqstat = *mqstat; in __audit_mq_getsetattr()
2615 context->type = AUDIT_MQ_GETSETATTR; in __audit_mq_getsetattr()
2625 struct audit_context *context = audit_context(); in __audit_ipc_obj() local
2627 context->ipc.uid = ipcp->uid; in __audit_ipc_obj()
2628 context->ipc.gid = ipcp->gid; in __audit_ipc_obj()
2629 context->ipc.mode = ipcp->mode; in __audit_ipc_obj()
2630 context->ipc.has_perm = 0; in __audit_ipc_obj()
2631 security_ipc_getsecid(ipcp, &context->ipc.osid); in __audit_ipc_obj()
2632 context->type = AUDIT_IPC; in __audit_ipc_obj()
2646 struct audit_context *context = audit_context(); in __audit_ipc_set_perm() local
2648 context->ipc.qbytes = qbytes; in __audit_ipc_set_perm()
2649 context->ipc.perm_uid = uid; in __audit_ipc_set_perm()
2650 context->ipc.perm_gid = gid; in __audit_ipc_set_perm()
2651 context->ipc.perm_mode = mode; in __audit_ipc_set_perm()
2652 context->ipc.has_perm = 1; in __audit_ipc_set_perm()
2657 struct audit_context *context = audit_context(); in __audit_bprm() local
2659 context->type = AUDIT_EXECVE; in __audit_bprm()
2660 context->execve.argc = bprm->argc; in __audit_bprm()
2672 struct audit_context *context = audit_context(); in __audit_socketcall() local
2676 context->type = AUDIT_SOCKETCALL; in __audit_socketcall()
2677 context->socketcall.nargs = nargs; in __audit_socketcall()
2678 memcpy(context->socketcall.args, args, nargs * sizeof(unsigned long)); in __audit_socketcall()
2690 struct audit_context *context = audit_context(); in __audit_fd_pair() local
2692 context->fds[0] = fd1; in __audit_fd_pair()
2693 context->fds[1] = fd2; in __audit_fd_pair()
2705 struct audit_context *context = audit_context(); in __audit_sockaddr() local
2707 if (!context->sockaddr) { in __audit_sockaddr()
2712 context->sockaddr = p; in __audit_sockaddr()
2715 context->sockaddr_len = len; in __audit_sockaddr()
2716 memcpy(context->sockaddr, a, len); in __audit_sockaddr()
2722 struct audit_context *context = audit_context(); in __audit_ptrace() local
2724 context->target_pid = task_tgid_nr(t); in __audit_ptrace()
2725 context->target_auid = audit_get_loginuid(t); in __audit_ptrace()
2726 context->target_uid = task_uid(t); in __audit_ptrace()
2727 context->target_sessionid = audit_get_sessionid(t); in __audit_ptrace()
2728 security_task_getsecid_obj(t, &context->target_sid); in __audit_ptrace()
2729 memcpy(context->target_comm, t->comm, TASK_COMM_LEN); in __audit_ptrace()
2798 struct audit_context *context = audit_context(); in __audit_log_bprm_fcaps() local
2806 ax->d.next = context->aux; in __audit_log_bprm_fcaps()
2807 context->aux = (void *)ax; in __audit_log_bprm_fcaps()
2840 struct audit_context *context = audit_context(); in __audit_log_capset() local
2842 context->capset.pid = task_tgid_nr(current); in __audit_log_capset()
2843 context->capset.cap.effective = new->cap_effective; in __audit_log_capset()
2844 context->capset.cap.inheritable = new->cap_effective; in __audit_log_capset()
2845 context->capset.cap.permitted = new->cap_permitted; in __audit_log_capset()
2846 context->capset.cap.ambient = new->cap_ambient; in __audit_log_capset()
2847 context->type = AUDIT_CAPSET; in __audit_log_capset()
2852 struct audit_context *context = audit_context(); in __audit_mmap_fd() local
2854 context->mmap.fd = fd; in __audit_mmap_fd()
2855 context->mmap.flags = flags; in __audit_mmap_fd()
2856 context->type = AUDIT_MMAP; in __audit_mmap_fd()
2861 struct audit_context *context = audit_context(); in __audit_openat2_how() local
2863 context->openat2.flags = how->flags; in __audit_openat2_how()
2864 context->openat2.mode = how->mode; in __audit_openat2_how()
2865 context->openat2.resolve = how->resolve; in __audit_openat2_how()
2866 context->type = AUDIT_OPENAT2; in __audit_openat2_how()
2871 struct audit_context *context = audit_context(); in __audit_log_kern_module() local
2873 context->module.name = kstrdup(name, GFP_KERNEL); in __audit_log_kern_module()
2874 if (!context->module.name) in __audit_log_kern_module()
2876 context->type = AUDIT_KERN_MODULE; in __audit_log_kern_module()
2887 struct audit_context *context = audit_context(); in __audit_tk_injoffset() local
2890 if (!context->type) in __audit_tk_injoffset()
2891 context->type = AUDIT_TIME_INJOFFSET; in __audit_tk_injoffset()
2892 memcpy(&context->time.tk_injoffset, &offset, sizeof(offset)); in __audit_tk_injoffset()
2897 struct audit_context *context = audit_context(); in __audit_ntp_log() local
2903 context->type = AUDIT_TIME_ADJNTPVAL; in __audit_ntp_log()
2904 memcpy(&context->time.ntp_data, ad, sizeof(*ad)); in __audit_ntp_log()
3024 if (likely(!ctx || ctx->context == AUDIT_CTX_UNUSED)) in audit_killed_trees()