Re: [PATCH] audit: Add cmdline to taskinfo output 3.4.0

Wed, 23 Oct 2013 08:36:49 -0700 

On Wed, Oct 23, 2013 at 8:33 AM, William Roberts
<bill.c.robe...@gmail.com>wrote:

> From c41e75da7aa97067b5d12867db87c41d87dcefc4 Mon Sep 17 00:00:00 2001
> From: William Roberts <wrobe...@tresys.com>
> Date: Tue, 22 Oct 2013 14:23:27 -0700
> Subject: [PATCH] audit: Add cmdline to taskinfo output 3.4.0
>
> On some devices, the cmdline and task info vary. For instance, on
> Android, the cmdline is set to the package name, and the task info
> is the name of the VM, which is not very helpful.
>
> Change-Id: I98a417c9ab3b95664c49aa1c7513cfd8296b6a2a
> Signed-off-by: William Roberts <wrobe...@tresys.com>
> ---
>  fs/proc/base.c          |    2 +-
>  include/linux/proc_fs.h |    1 +
>  kernel/auditsc.c        |   16 ++++++++++++++++
>  3 files changed, 18 insertions(+), 1 deletion(-)
>
> diff --git a/fs/proc/base.c b/fs/proc/base.c
> index 2f198da..25b73d3 100644
> --- a/fs/proc/base.c
> +++ b/fs/proc/base.c
> @@ -209,7 +209,7 @@ struct mm_struct *mm_for_maps(struct task_struct *task)
>   return mm_access(task, PTRACE_MODE_READ);
>  }
>
> -static int proc_pid_cmdline(struct task_struct *task, char * buffer)
> +int proc_pid_cmdline(struct task_struct *task, char *buffer)
>  {
>   int res = 0;
>   unsigned int len;
> diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
> index 85c5073..d85ac14 100644
> --- a/include/linux/proc_fs.h
> +++ b/include/linux/proc_fs.h
> @@ -118,6 +118,7 @@ struct pid_namespace;
>
>  extern int pid_ns_prepare_proc(struct pid_namespace *ns);
>  extern void pid_ns_release_proc(struct pid_namespace *ns);
> +extern int proc_pid_cmdline(struct task_struct *task, char *buffer);
>
>  /*
>   * proc_tty.c
> diff --git a/kernel/auditsc.c b/kernel/auditsc.c
> index 27ad9dd..2e9bc8c 100644
> --- a/kernel/auditsc.c
> +++ b/kernel/auditsc.c
> @@ -67,6 +67,7 @@
>  #include <linux/syscalls.h>
>  #include <linux/capability.h>
>  #include <linux/fs_struct.h>
> +#include <linux/proc_fs.h>
>
>  #include "audit.h"
>
> @@ -1158,6 +1159,7 @@ static void audit_log_task_info(struct audit_buffer
> *ab, struct task_struct *tsk
>   char name[sizeof(tsk->comm)];
>   struct mm_struct *mm = tsk->mm;
>   struct vm_area_struct *vma;
> + unsigned long page;
>
>   /* tsk == current */
>
> @@ -1179,6 +1181,20 @@ static void audit_log_task_info(struct audit_buffer
> *ab, struct task_struct *tsk
>   }
>   up_read(&mm->mmap_sem);
>   }
> +
> + /* Get the process cmdline */
> + page = __get_free_page(GFP_TEMPORARY)
> + if (!page)
> + goto out;
> +
> + if (!proc_pid_cmdline(tsk, (char *)page))
> + goto free;
> +
> + audit_log_format(ab, " cmdline=");
> + audit_log_untrustedstring(ab, (char *)page);
> +free:
> + free_page(page);
> +out:
>   audit_log_task_context(ab);
>  }
>
> --
> 1.7.9.5
>
>
> --
> Respectfully,
>
> William C Roberts
>
>
whoops, disregard this patch. A quick fix on something from
checkpatch.plresulted in a missing semi-colon.

Reply via email to