audit_rng should collect information about the inode used to add/remove random data.
Signed-off-by: Eric Paris <[email protected]> --- drivers/char/random.c | 8 ++++---- include/linux/audit.h | 8 ++++---- kernel/auditsc.c | 4 +++- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/drivers/char/random.c b/drivers/char/random.c index 94ee4a6..ed1099a 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -1049,7 +1049,7 @@ random_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos) } out: - audit_rng("random", count); + audit_rng(file->f_path.dentry, "random", count); return (count ? count : retval); } @@ -1061,7 +1061,7 @@ urandom_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos) count = extract_entropy_user(&nonblocking_pool, buf, nbytes); if (count >= 0) - audit_rng("urandom", count); + audit_rng(file->f_path.dentry, "urandom", count); return count; } @@ -1111,12 +1111,12 @@ static ssize_t random_write(struct file *file, const char __user *buffer, ret = write_pool(&blocking_pool, buffer, count); if (ret) return ret; - audit_rng("random", count); + audit_rng(file->f_path.dentry, "random", count); ret = write_pool(&nonblocking_pool, buffer, count); if (ret) return ret; - audit_rng("urandom", count); + audit_rng(file->f_path.dentry, "urandom", count); return (ssize_t)count; } diff --git a/include/linux/audit.h b/include/linux/audit.h index 2f90d9e..ba47df6 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -430,7 +430,7 @@ extern void __audit_inode(const char *name, const struct dentry *dentry); extern void __audit_inode_child(const struct dentry *dentry, const struct inode *parent); extern void __audit_ptrace(struct task_struct *t); -extern int __audit_rng(const char *name, size_t len); +extern int __audit_rng(struct dentry *dentry, const char *name, size_t len); static inline int audit_dummy_context(void) { @@ -459,11 +459,11 @@ static inline void audit_ptrace(struct task_struct *t) __audit_ptrace(t); } -static inline int audit_rng(const char *name, size_t len) +static inline int audit_rng(struct dentry *dentry, const char *name, size_t len) { if (likely(audit_dummy_context())) return 0; - return __audit_rng(name, len); + return __audit_rng(dentry, name, len); } /* Private API (for audit.c only) */ @@ -584,7 +584,7 @@ extern int audit_signals; #define audit_log_capset(pid, ncr, ocr) ((void)0) #define audit_mmap_fd(fd, flags) ((void)0) #define audit_ptrace(t) ((void)0) -#define audit_rng(c, l) (0) +#define audit_rng(d, c, l) (0) #define audit_n_rules 0 #define audit_signals 0 #endif diff --git a/kernel/auditsc.c b/kernel/auditsc.c index 5500adf..0880546 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c @@ -2325,11 +2325,13 @@ int audit_bprm(struct linux_binprm *bprm) return 0; } -int __audit_rng(const char *name, size_t len) +int __audit_rng(struct dentry *dentry, const char *name, size_t len) { struct audit_aux_data_rng *ax; struct audit_context *context = current->audit_context; + audit_inode(NULL, dentry); + ax = kmalloc(sizeof(*ax), GFP_KERNEL); if (!ax) return -ENOMEM; -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
