This patch adds audit support to POSIX message queues. It applies cleanly to the lspp.b12 branch of Al Viro's git tree. There are new auxiliary data structures, and collection and emission routines in kernel/auditsc.c. New hooks in ipc/mqueue.c collect arguments from the syscalls.
I tested the patch by building the examples from the POSIX MQ library tarball. Build them -lrt, not against the old MQ library in the tarball. Here's the URL: http://www.geocities.com/wronski12/posix_ipc/libmqueue-4.41.tar.gz Do auditctl -a exit,always -S for mq_open, mq_timedsend, mq_timedreceive, mq_notify, mq_getsetattr. mq_unlink has no new hooks. Please see the corresponding userspace patch to get correct output from auditd for the new record types. Assumptions/Notes: - Capturing the name arg is not required for sys_mq_open() sys_mq_open and mq_unlink() as it is already collected in the syscall record. - I was collecting more data from the notification struct for mq_notify(). However nothing other than the signal number appeared to be useful. I don't like copying the entire sigevent struct just to get the signal number. - Because mq_getsetattr() takes both in and out parameters, uninitialized data can show up in the audit records. - I don't like having to copy as many parameters as I did from userspace. The intent is to ensure the in parameters are captured no matter the error path. Also, in mq_open() the existing copy_from_user() is done in another function. Multiple hooks to avoid introducing the new copy_from_user() would be messy. - I don't like what I did with the return code in mq_getsetattr(). But the idea is only to return the audit hook's return code if the code above it did not fail. include/linux/audit.h | 15 ++ ipc/mqueue.c | 21 +++- kernel/auditsc.c | 254 +++++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 288 insertions(+), 2 deletions(-) Signed-off-by: George Wilson <[EMAIL PROTECTED]> -- diff --git a/include/linux/audit.h b/include/linux/audit.h index 3c69de2..60b3119 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -26,6 +26,7 @@ #include <linux/sched.h> #include <linux/elf.h> +#include <linux/mqueue.h> /* The netlink messages for the audit system is divided into blocks: * 1000 - 1099 are for commanding the audit system @@ -85,6 +86,10 @@ #define AUDIT_CWD 1307 /* Current working directory */ #define AUDIT_EXECVE 1309 /* execve arguments */ #define AUDIT_IPC_SET_PERM 1311 /* IPC new permissions record type */ +#define AUDIT_MQ_OPEN 1312 /* POSIX MQ open record type */ +#define AUDIT_MQ_SENDRECV 1313 /* POSIX MQ send/receive record type */ +#define AUDIT_MQ_NOTIFY 1314 /* POSIX MQ notify record type */ +#define AUDIT_MQ_GETSETATTR 1315 /* POSIX MQ get/set attribute record type */ #define AUDIT_AVC 1400 /* SE Linux avc denial or grant */ #define AUDIT_SELINUX_ERR 1401 /* Internal SE Linux Errors */ @@ -332,6 +337,11 @@ extern int audit_socketcall(int nargs, u extern int audit_sockaddr(int len, void *addr); extern int audit_avc_path(struct dentry *dentry, struct vfsmount *mnt); extern int audit_set_macxattr(const char *name); +extern int audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr); +extern int audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, const struct timespec __user *u_abs_timeout); +extern int audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, unsigned int __user *u_msg_prio, const struct timespec __user *u_abs_timeout); +extern int audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification); +extern int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat, struct mq_attr *omqstat); #else #define audit_alloc(t) ({ 0; }) #define audit_free(t) do { ; } while (0) @@ -352,6 +362,11 @@ extern int audit_set_macxattr(const char #define audit_sockaddr(len, addr) ({ 0; }) #define audit_avc_path(dentry, mnt) ({ 0; }) #define audit_set_macxattr(n) do { ; } while (0) +#define audit_mq_open(n) do { ; } while (0) +#define audit_mq_timedsend(n) do { ; } while (0) +#define audit_mq_timedreceive(n) do { ; } while (0) +#define audit_mq_notify(n) do { ; } while (0) +#define audit_mq_getsetattr(n) do { ; } while (0) #endif #ifdef CONFIG_AUDIT diff --git a/ipc/mqueue.c b/ipc/mqueue.c index 41ecbd4..8f6a82d 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -8,6 +8,8 @@ * Lockless receive & send, fd based notify: * Manfred Spraul ([EMAIL PROTECTED]) * + * Audit: George Wilson ([EMAIL PROTECTED]) + * * This file is released under the GPL. */ @@ -24,6 +26,7 @@ #include <linux/skbuff.h> #include <linux/netlink.h> #include <linux/syscalls.h> +#include <linux/audit.h> #include <linux/signal.h> #include <linux/mutex.h> @@ -660,6 +663,9 @@ asmlinkage long sys_mq_open(const char _ if (IS_ERR(name = getname(u_name))) return PTR_ERR(name); + if ((error = audit_mq_open(oflag, mode, u_attr)) != 0) + return error; + fd = get_unused_fd(); if (fd < 0) goto out_putname; @@ -814,6 +820,9 @@ asmlinkage long sys_mq_timedsend(mqd_t m long timeout; int ret; + if ((ret = audit_mq_timedsend(mqdes, msg_len, msg_prio, u_abs_timeout)) != 0) + return ret; + if (unlikely(msg_prio >= (unsigned long) MQ_PRIO_MAX)) return -EINVAL; @@ -896,6 +905,9 @@ asmlinkage ssize_t sys_mq_timedreceive(m struct mqueue_inode_info *info; struct ext_wait_queue wait; + if ((ret = audit_mq_timedreceive(mqdes, msg_len, u_msg_prio, u_abs_timeout)) != 0) + return ret; + timeout = prepare_timeout(u_abs_timeout); ret = -EBADF; @@ -975,6 +987,9 @@ asmlinkage long sys_mq_notify(mqd_t mqde struct mqueue_inode_info *info; struct sk_buff *nc; + if ((ret = audit_mq_notify(mqdes, u_notification)) != 0) + return ret; + nc = NULL; sock = NULL; if (u_notification != NULL) { @@ -1087,7 +1102,7 @@ asmlinkage long sys_mq_getsetattr(mqd_t const struct mq_attr __user *u_mqstat, struct mq_attr __user *u_omqstat) { - int ret; + int ret, audret; struct mq_attr mqstat, omqstat; struct file *filp; struct inode *inode; @@ -1130,9 +1145,13 @@ asmlinkage long sys_mq_getsetattr(mqd_t sizeof(struct mq_attr))) ret = -EFAULT; + out_fput: fput(filp); out: + audret = audit_mq_getsetattr(mqdes, &mqstat, &omqstat); + if (ret == 0) + ret = audret; return ret; } diff --git a/kernel/auditsc.c b/kernel/auditsc.c index c30f146..2fdead5 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -3,7 +3,7 @@ * * Copyright 2003-2004 Red Hat Inc., Durham, North Carolina. * Copyright 2005 Hewlett-Packard Development Company, L.P. - * Copyright (C) 2005 IBM Corporation + * Copyright (C) 2005, 2006 IBM Corporation * All Rights Reserved. * * This program is free software; you can redistribute it and/or modify @@ -29,6 +29,9 @@ * this file -- see entry.S) is based on a GPL'd patch written by * [EMAIL PROTECTED] and Copyright 2003 SuSE Linux AG. * + * POSIX message queue support added by George Wilson <[EMAIL PROTECTED]>, + * 2006. + * * The support of additional filter rules compares (>, <, >=, <=) was * added by Dustin Kirkland <[EMAIL PROTECTED]>, 2005. * @@ -102,6 +105,34 @@ struct audit_aux_data { #define AUDIT_AUX_IPCPERM 0 +struct audit_aux_data_mq_open { + struct audit_aux_data d; + int oflag; + mode_t mode; + struct mq_attr attr; +}; + +struct audit_aux_data_mq_sendrecv { + struct audit_aux_data d; + mqd_t mqdes; + size_t msg_len; + unsigned int msg_prio; + struct timespec abs_timeout; +}; + +struct audit_aux_data_mq_notify { + struct audit_aux_data d; + mqd_t mqdes; + struct sigevent notification; +}; + +struct audit_aux_data_mq_getsetattr { + struct audit_aux_data d; + mqd_t mqdes; + struct mq_attr mqstat; + struct mq_attr omqstat; +}; + struct audit_aux_data_ipcctl { struct audit_aux_data d; struct ipc_perm p; @@ -709,6 +740,46 @@ static void audit_log_exit(struct audit_ continue; /* audit_panic has been called */ switch (aux->type) { + case AUDIT_MQ_OPEN: { + struct audit_aux_data_mq_open *axi = (void *)aux; + audit_log_format(ab, + "oflag=0x%x mode=%#o mq_flags=0x%lx mq_maxmsg=%ld " + "mq_msgsize=%ld mq_curmsgs=%ld", + axi->oflag, axi->mode, axi->attr.mq_flags, + axi->attr.mq_maxmsg, axi->attr.mq_msgsize, + axi->attr.mq_curmsgs); + break; } + + case AUDIT_MQ_SENDRECV: { + struct audit_aux_data_mq_sendrecv *axi = (void *)aux; + audit_log_format(ab, + "mqdes=%d msg_len=%ld msg_prio=%u " + "abs_timeout_sec=%ld abs_timeout_nsec=%ld", + axi->mqdes, axi->msg_len, axi->msg_prio, + axi->abs_timeout.tv_sec, axi->abs_timeout.tv_nsec); + break; } + + case AUDIT_MQ_NOTIFY: { + struct audit_aux_data_mq_notify *axi = (void *)aux; + audit_log_format(ab, + "mqdes=%d sigev_signo=%d", + axi->mqdes, + axi->notification.sigev_signo); + break; } + + case AUDIT_MQ_GETSETATTR: { + struct audit_aux_data_mq_getsetattr *axi = (void *)aux; + audit_log_format(ab, + "mqdes=%d mq_flags=0x%lx mq_maxmsg=%ld mq_msgsize=%ld " + "mq_curmsgs=%ld omq_flags=0x%lx omq_maxmsg=%ld " + "omq_msgsize=%ld omq_curmsgs=%ld", + axi->mqdes, + axi->mqstat.mq_flags, axi->mqstat.mq_maxmsg, + axi->mqstat.mq_msgsize, axi->mqstat.mq_curmsgs, + axi->omqstat.mq_flags, axi->omqstat.mq_maxmsg, + axi->omqstat.mq_msgsize, axi->omqstat.mq_curmsgs); + break; } + case AUDIT_IPC: { struct audit_aux_data_ipcctl *axi = (void *)aux; audit_log_format(ab, @@ -1242,6 +1313,187 @@ uid_t audit_get_loginuid(struct audit_co } /** + * audit_mq_open - record audit data for a POSIX MQ open + * @oflag: open flag + * @mode: mode bits + * @u_attr: queue attributes + * + * Returns 0 for success or NULL context or < 0 on error. + */ +int audit_mq_open(int oflag, mode_t mode, struct mq_attr __user *u_attr) +{ + struct audit_aux_data_mq_open *ax; + struct audit_context *context = current->audit_context; + + if (likely(!context)) + return 0; + + ax = kmalloc(sizeof(*ax), GFP_ATOMIC); + if (!ax) + return -ENOMEM; + + if (u_attr != NULL) { + if (copy_from_user(&ax->attr, u_attr, sizeof(ax->attr))) + return -EFAULT; + } else + memset(&ax->attr, 0, sizeof(ax->attr)); + + ax->oflag = oflag; + ax->mode = mode; + + ax->d.type = AUDIT_MQ_OPEN; + ax->d.next = context->aux; + context->aux = (void *)ax; + return 0; +} + +/** + * audit_mq_timedsend - record audit data for a POSIX MQ timed send + * @mqdes: MQ descriptor + * @msg_len: Message length + * @msg_prio: Message priority + * @abs_timeout: Message timeout in absolute time + * + * Returns 0 for success or NULL context or < 0 on error. + */ +int audit_mq_timedsend(mqd_t mqdes, size_t msg_len, unsigned int msg_prio, + const struct timespec __user *u_abs_timeout) +{ + struct audit_aux_data_mq_sendrecv *ax; + struct audit_context *context = current->audit_context; + + if (likely(!context)) + return 0; + + ax = kmalloc(sizeof(*ax), GFP_ATOMIC); + if (!ax) + return -ENOMEM; + + if (u_abs_timeout != NULL) { + if (copy_from_user(&ax->abs_timeout, u_abs_timeout, sizeof(ax->abs_timeout))) + return -EFAULT; + } else + memset(&ax->abs_timeout, 0, sizeof(ax->abs_timeout)); + + ax->mqdes = mqdes; + ax->msg_len = msg_len; + ax->msg_prio = msg_prio; + + ax->d.type = AUDIT_MQ_SENDRECV; + ax->d.next = context->aux; + context->aux = (void *)ax; + return 0; +} + +/** + * audit_mq_timedreceive - record audit data for a POSIX MQ timed receive + * @mqdes: MQ descriptor + * @msg_len: Message length + * @msg_prio: Message priority + * @abs_timeout: Message timeout in absolute time + * + * Returns 0 for success or NULL context or < 0 on error. + */ +int audit_mq_timedreceive(mqd_t mqdes, size_t msg_len, + unsigned int __user *u_msg_prio, + const struct timespec __user *u_abs_timeout) +{ + struct audit_aux_data_mq_sendrecv *ax; + struct audit_context *context = current->audit_context; + + if (likely(!context)) + return 0; + + ax = kmalloc(sizeof(*ax), GFP_ATOMIC); + if (!ax) + return -ENOMEM; + + if (u_msg_prio != NULL) { + if (get_user(ax->msg_prio, u_msg_prio)) + return -EFAULT; + } else + ax->msg_prio = 0; + + if (u_abs_timeout != NULL) { + if (copy_from_user(&ax->abs_timeout, u_abs_timeout, sizeof(ax->abs_timeout))) + return -EFAULT; + } else + memset(&ax->abs_timeout, 0, sizeof(ax->abs_timeout)); + + ax->mqdes = mqdes; + ax->msg_len = msg_len; + + ax->d.type = AUDIT_MQ_SENDRECV; + ax->d.next = context->aux; + context->aux = (void *)ax; + return 0; +} + +/** + * audit_mq_notify - record audit data for a POSIX MQ notify + * @mqdes: MQ descriptor + * @u_notification: Notification event + * + * Returns 0 for success or NULL context or < 0 on error. + */ + +int audit_mq_notify(mqd_t mqdes, const struct sigevent __user *u_notification) +{ + struct audit_aux_data_mq_notify *ax; + struct audit_context *context = current->audit_context; + + if (likely(!context)) + return 0; + + ax = kmalloc(sizeof(*ax), GFP_ATOMIC); + if (!ax) + return -ENOMEM; + + if (u_notification != NULL) { + if (copy_from_user(&ax->notification, u_notification, sizeof(ax->notification))) + return -EFAULT; + } else + memset(&ax->notification, 0, sizeof(ax->notification)); + + ax->mqdes = mqdes; + + ax->d.type = AUDIT_MQ_NOTIFY; + ax->d.next = context->aux; + context->aux = (void *)ax; + return 0; +} + +/** + * audit_mq_getsetattr - record audit data for a POSIX MQ get/set attribute + * @mqdes: MQ descriptor + * @mqstat: MQ flags + * @omqstat: Old MQ flags + * + * Returns 0 for success or NULL context or < 0 on error. + */ +int audit_mq_getsetattr(mqd_t mqdes, struct mq_attr *mqstat, struct mq_attr *omqstat) +{ + struct audit_aux_data_mq_getsetattr *ax; + struct audit_context *context = current->audit_context; + + if (likely(!context)) + return 0; + + ax = kmalloc(sizeof(*ax), GFP_ATOMIC); + if (!ax) + return -ENOMEM; + + ax->mqdes = mqdes; + ax->mqstat = *mqstat; + ax->omqstat = *omqstat; + + ax->d.type = AUDIT_MQ_GETSETATTR; + ax->d.next = context->aux; + context->aux = (void *)ax; + return 0; +} + +/** * audit_ipc_obj - record audit data for ipc object * @ipcp: ipc permissions * -- George Wilson <[EMAIL PROTECTED]> IBM Linux Technology Center -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
