Lines Matching refs:ctx
148 static int audit_match_perm(struct audit_context *ctx, int mask) in audit_match_perm() argument
152 if (unlikely(!ctx)) in audit_match_perm()
154 n = ctx->major; in audit_match_perm()
156 switch (audit_classify_syscall(ctx->arch, n)) { in audit_match_perm()
180 return mask & ACC_MODE(ctx->argv[1]); in audit_match_perm()
182 return mask & ACC_MODE(ctx->argv[2]); in audit_match_perm()
184 return ((mask & AUDIT_PERM_WRITE) && ctx->argv[0] == SYS_BIND); in audit_match_perm()
188 return mask & ACC_MODE((u32)ctx->openat2.flags); in audit_match_perm()
194 static int audit_match_filetype(struct audit_context *ctx, int val) in audit_match_filetype() argument
199 if (unlikely(!ctx)) in audit_match_filetype()
202 list_for_each_entry(n, &ctx->names_list, list) { in audit_match_filetype()
221 static void audit_set_auditable(struct audit_context *ctx) in audit_set_auditable() argument
223 if (!ctx->prio) { in audit_set_auditable()
224 ctx->prio = 1; in audit_set_auditable()
225 ctx->current_state = AUDIT_STATE_RECORD; in audit_set_auditable()
229 static int put_tree_ref(struct audit_context *ctx, struct audit_chunk *chunk) in put_tree_ref() argument
231 struct audit_tree_refs *p = ctx->trees; in put_tree_ref()
232 int left = ctx->tree_count; in put_tree_ref()
236 ctx->tree_count = left; in put_tree_ref()
244 ctx->trees = p; in put_tree_ref()
245 ctx->tree_count = 30; in put_tree_ref()
251 static int grow_tree_refs(struct audit_context *ctx) in grow_tree_refs() argument
253 struct audit_tree_refs *p = ctx->trees; in grow_tree_refs()
255 ctx->trees = kzalloc(sizeof(struct audit_tree_refs), GFP_KERNEL); in grow_tree_refs()
256 if (!ctx->trees) { in grow_tree_refs()
257 ctx->trees = p; in grow_tree_refs()
261 p->next = ctx->trees; in grow_tree_refs()
263 ctx->first_trees = ctx->trees; in grow_tree_refs()
264 ctx->tree_count = 31; in grow_tree_refs()
268 static void unroll_tree_refs(struct audit_context *ctx, in unroll_tree_refs() argument
276 p = ctx->first_trees; in unroll_tree_refs()
283 for (q = p; q != ctx->trees; q = q->next, n = 31) { in unroll_tree_refs()
289 while (n-- > ctx->tree_count) { in unroll_tree_refs()
293 ctx->trees = p; in unroll_tree_refs()
294 ctx->tree_count = count; in unroll_tree_refs()
297 static void free_tree_refs(struct audit_context *ctx) in free_tree_refs() argument
301 for (p = ctx->first_trees; p; p = q) { in free_tree_refs()
307 static int match_tree_refs(struct audit_context *ctx, struct audit_tree *tree) in match_tree_refs() argument
315 for (p = ctx->first_trees; p != ctx->trees; p = p->next) { in match_tree_refs()
322 for (n = ctx->tree_count; n < 31; n++) in match_tree_refs()
332 struct audit_context *ctx) in audit_compare_uid() argument
343 if (ctx) { in audit_compare_uid()
344 list_for_each_entry(n, &ctx->names_list, list) { in audit_compare_uid()
356 struct audit_context *ctx) in audit_compare_gid() argument
367 if (ctx) { in audit_compare_gid()
368 list_for_each_entry(n, &ctx->names_list, list) { in audit_compare_gid()
380 struct audit_context *ctx, in audit_field_compare() argument
386 return audit_compare_uid(cred->uid, name, f, ctx); in audit_field_compare()
388 return audit_compare_gid(cred->gid, name, f, ctx); in audit_field_compare()
390 return audit_compare_uid(cred->euid, name, f, ctx); in audit_field_compare()
392 return audit_compare_gid(cred->egid, name, f, ctx); in audit_field_compare()
394 return audit_compare_uid(audit_get_loginuid(tsk), name, f, ctx); in audit_field_compare()
396 return audit_compare_uid(cred->suid, name, f, ctx); in audit_field_compare()
398 return audit_compare_gid(cred->sgid, name, f, ctx); in audit_field_compare()
400 return audit_compare_uid(cred->fsuid, name, f, ctx); in audit_field_compare()
402 return audit_compare_gid(cred->fsgid, name, f, ctx); in audit_field_compare()
463 struct audit_context *ctx, in audit_filter_rules() argument
473 if (ctx && rule->prio <= ctx->prio) in audit_filter_rules()
490 if (ctx) { in audit_filter_rules()
491 if (!ctx->ppid) in audit_filter_rules()
492 ctx->ppid = task_ppid_nr(tsk); in audit_filter_rules()
493 result = audit_comparator(ctx->ppid, f->op, f->val); in audit_filter_rules()
547 if (ctx) in audit_filter_rules()
548 result = audit_comparator(ctx->arch, f->op, f->val); in audit_filter_rules()
552 if (ctx && ctx->return_valid != AUDITSC_INVALID) in audit_filter_rules()
553 result = audit_comparator(ctx->return_code, f->op, f->val); in audit_filter_rules()
556 if (ctx && ctx->return_valid != AUDITSC_INVALID) { in audit_filter_rules()
558 result = audit_comparator(ctx->return_valid, f->op, AUDITSC_SUCCESS); in audit_filter_rules()
560 result = audit_comparator(ctx->return_valid, f->op, AUDITSC_FAILURE); in audit_filter_rules()
568 } else if (ctx) { in audit_filter_rules()
569 list_for_each_entry(n, &ctx->names_list, list) { in audit_filter_rules()
583 } else if (ctx) { in audit_filter_rules()
584 list_for_each_entry(n, &ctx->names_list, list) { in audit_filter_rules()
596 else if (ctx) { in audit_filter_rules()
597 list_for_each_entry(n, &ctx->names_list, list) { in audit_filter_rules()
608 } else if (ctx) { in audit_filter_rules()
609 list_for_each_entry(n, &ctx->names_list, list) { in audit_filter_rules()
620 } else if (ctx) { in audit_filter_rules()
621 list_for_each_entry(n, &ctx->names_list, list) { in audit_filter_rules()
639 if (ctx) { in audit_filter_rules()
640 result = match_tree_refs(ctx, rule->tree); in audit_filter_rules()
653 if (ctx && ctx->sockaddr) in audit_filter_rules()
654 result = audit_comparator(ctx->sockaddr->ss_family, in audit_filter_rules()
701 } else if (ctx) { in audit_filter_rules()
702 list_for_each_entry(n, &ctx->names_list, list) { in audit_filter_rules()
714 if (!ctx || ctx->type != AUDIT_IPC) in audit_filter_rules()
716 if (security_audit_rule_match(ctx->ipc.osid, in audit_filter_rules()
726 if (ctx) in audit_filter_rules()
727 result = audit_comparator(ctx->argv[f->type-AUDIT_ARG0], f->op, f->val); in audit_filter_rules()
734 result = audit_match_perm(ctx, f->val); in audit_filter_rules()
739 result = audit_match_filetype(ctx, f->val); in audit_filter_rules()
744 result = audit_field_compare(tsk, cred, f, ctx, name); in audit_filter_rules()
751 if (ctx) { in audit_filter_rules()
753 kfree(ctx->filterkey); in audit_filter_rules()
754 ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC); in audit_filter_rules()
756 ctx->prio = rule->prio; in audit_filter_rules()
814 struct audit_context *ctx) in audit_filter_uring() argument
825 if (audit_in_mask(&e->rule, ctx->uring_op) && in audit_filter_uring()
826 audit_filter_rules(tsk, &e->rule, ctx, NULL, &state, in audit_filter_uring()
829 ctx->current_state = state; in audit_filter_uring()
842 struct audit_context *ctx) in audit_filter_syscall() argument
852 if (audit_in_mask(&e->rule, ctx->major) && in audit_filter_syscall()
853 audit_filter_rules(tsk, &e->rule, ctx, NULL, in audit_filter_syscall()
856 ctx->current_state = state; in audit_filter_syscall()
870 struct audit_context *ctx) { in audit_filter_inode_name() argument
877 if (audit_in_mask(&e->rule, ctx->major) && in audit_filter_inode_name()
878 audit_filter_rules(tsk, &e->rule, ctx, n, &state, false)) { in audit_filter_inode_name()
879 ctx->current_state = state; in audit_filter_inode_name()
891 void audit_filter_inodes(struct task_struct *tsk, struct audit_context *ctx) in audit_filter_inodes() argument
900 list_for_each_entry(n, &ctx->names_list, list) { in audit_filter_inodes()
901 if (audit_filter_inode_name(tsk, n, ctx)) in audit_filter_inodes()
963 static void audit_reset_context(struct audit_context *ctx) in audit_reset_context() argument
965 if (!ctx) in audit_reset_context()
969 ctx->context = AUDIT_CTX_UNUSED; in audit_reset_context()
970 if (ctx->dummy) in audit_reset_context()
987 ctx->current_state = ctx->state; in audit_reset_context()
988 ctx->serial = 0; in audit_reset_context()
989 ctx->major = 0; in audit_reset_context()
990 ctx->uring_op = 0; in audit_reset_context()
991 ctx->ctime = (struct timespec64){ .tv_sec = 0, .tv_nsec = 0 }; in audit_reset_context()
992 memset(ctx->argv, 0, sizeof(ctx->argv)); in audit_reset_context()
993 ctx->return_code = 0; in audit_reset_context()
994 ctx->prio = (ctx->state == AUDIT_STATE_RECORD ? ~0ULL : 0); in audit_reset_context()
995 ctx->return_valid = AUDITSC_INVALID; in audit_reset_context()
996 audit_free_names(ctx); in audit_reset_context()
997 if (ctx->state != AUDIT_STATE_RECORD) { in audit_reset_context()
998 kfree(ctx->filterkey); in audit_reset_context()
999 ctx->filterkey = NULL; in audit_reset_context()
1001 audit_free_aux(ctx); in audit_reset_context()
1002 kfree(ctx->sockaddr); in audit_reset_context()
1003 ctx->sockaddr = NULL; in audit_reset_context()
1004 ctx->sockaddr_len = 0; in audit_reset_context()
1005 ctx->ppid = 0; in audit_reset_context()
1006 ctx->uid = ctx->euid = ctx->suid = ctx->fsuid = KUIDT_INIT(0); in audit_reset_context()
1007 ctx->gid = ctx->egid = ctx->sgid = ctx->fsgid = KGIDT_INIT(0); in audit_reset_context()
1008 ctx->personality = 0; in audit_reset_context()
1009 ctx->arch = 0; in audit_reset_context()
1010 ctx->target_pid = 0; in audit_reset_context()
1011 ctx->target_auid = ctx->target_uid = KUIDT_INIT(0); in audit_reset_context()
1012 ctx->target_sessionid = 0; in audit_reset_context()
1013 ctx->target_sid = 0; in audit_reset_context()
1014 ctx->target_comm[0] = '\0'; in audit_reset_context()
1015 unroll_tree_refs(ctx, NULL, 0); in audit_reset_context()
1016 WARN_ON(!list_empty(&ctx->killed_trees)); in audit_reset_context()
1017 audit_free_module(ctx); in audit_reset_context()
1018 ctx->fds[0] = -1; in audit_reset_context()
1019 ctx->type = 0; /* reset last for audit_free_*() */ in audit_reset_context()
1090 char *ctx = NULL; in audit_log_pid_context() local
1102 if (security_secid_to_secctx(sid, &ctx, &len)) { in audit_log_pid_context()
1106 audit_log_format(ab, " obj=%s", ctx); in audit_log_pid_context()
1107 security_release_secctx(ctx, len); in audit_log_pid_context()
1391 char *ctx = NULL; in show_special() local
1394 if (security_secid_to_secctx(osid, &ctx, &len)) { in show_special()
1398 audit_log_format(ab, " obj=%s", ctx); in show_special()
1399 security_release_secctx(ctx, len); in show_special()
1558 char *ctx = NULL; in audit_log_name() local
1562 n->osid, &ctx, &len)) { in audit_log_name()
1567 audit_log_format(ab, " obj=%s", ctx); in audit_log_name()
1568 security_release_secctx(ctx, len); in audit_log_name()
1640 static void audit_log_uring(struct audit_context *ctx) in audit_log_uring() argument
1645 ab = audit_log_start(ctx, GFP_ATOMIC, AUDIT_URINGOP); in audit_log_uring()
1649 audit_log_format(ab, "uring_op=%d", ctx->uring_op); in audit_log_uring()
1650 if (ctx->return_valid != AUDITSC_INVALID) in audit_log_uring()
1652 (ctx->return_valid == AUDITSC_SUCCESS ? in audit_log_uring()
1654 ctx->return_code); in audit_log_uring()
1659 ctx->name_count, in audit_log_uring()
1670 audit_log_key(ab, ctx->filterkey); in audit_log_uring()
1869 static void audit_return_fixup(struct audit_context *ctx, in audit_return_fixup() argument
1882 ctx->return_code = -EINTR; in audit_return_fixup()
1884 ctx->return_code = code; in audit_return_fixup()
1885 ctx->return_valid = (success ? AUDITSC_SUCCESS : AUDITSC_FAILURE); in audit_return_fixup()
1899 struct audit_context *ctx = audit_context(); in __audit_uring_entry() local
1901 if (ctx->state == AUDIT_STATE_DISABLED) in __audit_uring_entry()
1910 ctx->uring_op = op; in __audit_uring_entry()
1911 if (ctx->context == AUDIT_CTX_SYSCALL) in __audit_uring_entry()
1914 ctx->dummy = !audit_n_rules; in __audit_uring_entry()
1915 if (!ctx->dummy && ctx->state == AUDIT_STATE_BUILD) in __audit_uring_entry()
1916 ctx->prio = 0; in __audit_uring_entry()
1918 ctx->context = AUDIT_CTX_URING; in __audit_uring_entry()
1919 ctx->current_state = ctx->state; in __audit_uring_entry()
1920 ktime_get_coarse_real_ts64(&ctx->ctime); in __audit_uring_entry()
1935 struct audit_context *ctx = audit_context(); in __audit_uring_exit() local
1937 if (ctx->dummy) { in __audit_uring_exit()
1938 if (ctx->context != AUDIT_CTX_URING) in __audit_uring_exit()
1943 audit_return_fixup(ctx, success, code); in __audit_uring_exit()
1944 if (ctx->context == AUDIT_CTX_SYSCALL) { in __audit_uring_exit()
1965 audit_filter_syscall(current, ctx); in __audit_uring_exit()
1966 if (ctx->current_state != AUDIT_STATE_RECORD) in __audit_uring_exit()
1967 audit_filter_uring(current, ctx); in __audit_uring_exit()
1968 audit_filter_inodes(current, ctx); in __audit_uring_exit()
1969 if (ctx->current_state != AUDIT_STATE_RECORD) in __audit_uring_exit()
1972 audit_log_uring(ctx); in __audit_uring_exit()
1977 if (!list_empty(&ctx->killed_trees)) in __audit_uring_exit()
1978 audit_kill_trees(ctx); in __audit_uring_exit()
1981 audit_filter_uring(current, ctx); in __audit_uring_exit()
1982 audit_filter_inodes(current, ctx); in __audit_uring_exit()
1983 if (ctx->current_state != AUDIT_STATE_RECORD) in __audit_uring_exit()
1988 audit_reset_context(ctx); in __audit_uring_exit()
2518 int auditsc_get_stamp(struct audit_context *ctx, in auditsc_get_stamp() argument
2521 if (ctx->context == AUDIT_CTX_UNUSED) in auditsc_get_stamp()
2523 if (!ctx->serial) in auditsc_get_stamp()
2524 ctx->serial = audit_serial(); in auditsc_get_stamp()
2525 t->tv_sec = ctx->ctime.tv_sec; in auditsc_get_stamp()
2526 t->tv_nsec = ctx->ctime.tv_nsec; in auditsc_get_stamp()
2527 *serial = ctx->serial; in auditsc_get_stamp()
2528 if (!ctx->prio) { in auditsc_get_stamp()
2529 ctx->prio = 1; in auditsc_get_stamp()
2530 ctx->current_state = AUDIT_STATE_RECORD; in auditsc_get_stamp()
2742 struct audit_context *ctx = audit_context(); in audit_signal_info_syscall() local
2750 if (!ctx->target_pid) { in audit_signal_info_syscall()
2751 ctx->target_pid = task_tgid_nr(t); in audit_signal_info_syscall()
2752 ctx->target_auid = audit_get_loginuid(t); in audit_signal_info_syscall()
2753 ctx->target_uid = t_uid; in audit_signal_info_syscall()
2754 ctx->target_sessionid = audit_get_sessionid(t); in audit_signal_info_syscall()
2755 security_task_getsecid_obj(t, &ctx->target_sid); in audit_signal_info_syscall()
2756 memcpy(ctx->target_comm, t->comm, TASK_COMM_LEN); in audit_signal_info_syscall()
2760 axp = (void *)ctx->aux_pids; in audit_signal_info_syscall()
2767 axp->d.next = ctx->aux_pids; in audit_signal_info_syscall()
2768 ctx->aux_pids = (void *)axp; in audit_signal_info_syscall()
3023 struct audit_context *ctx = audit_context(); in audit_killed_trees() local
3024 if (likely(!ctx || ctx->context == AUDIT_CTX_UNUSED)) in audit_killed_trees()
3026 return &ctx->killed_trees; in audit_killed_trees()