On Mon, Nov 18, 2013 at 12:09 PM, William Roberts <bill.c.robe...@gmail.com> wrote: > On Mon, Nov 18, 2013 at 12:06 PM, William Roberts > <bill.c.robe...@gmail.com> wrote: >> Change-Id: I795b14db029f64da2112a50a4b175b9b0afdf44d >> --- >> kernel/auditsc.c | 4 ++++ >> 1 file changed, 4 insertions(+) >> >> diff --git a/kernel/auditsc.c b/kernel/auditsc.c >> index d917c76..4a45f63 100644 >> --- a/kernel/auditsc.c >> +++ b/kernel/auditsc.c >> @@ -270,6 +270,7 @@ struct audit_context { >> } mmap; >> }; >> int fds[2]; >> + char *cmdline; >> >> #if AUDIT_DEBUG >> int put_count; >> @@ -1061,6 +1062,7 @@ static inline struct audit_context >> *audit_alloc_context(enum audit_state state) >> audit_zero_context(context, state); >> INIT_LIST_HEAD(&context->killed_trees); >> INIT_LIST_HEAD(&context->names_list); >> + printk("BILL cmdline: %p---%p", context, context->cmdline); >> return context; >> } >> >> @@ -1157,6 +1159,7 @@ static void audit_log_add_cmdline(struct audit_buffer >> *ab, >> { >> int len; >> unsigned long page; >> + struct audit_context *audit_ctx = tsk->audit_context; >> char *msg = "(null)"; >> >> audit_log_format(ab, " cmdline="); >> @@ -1181,6 +1184,7 @@ static void audit_log_add_cmdline(struct audit_buffer >> *ab, >> msg = (char *)page; >> audit_log_untrustedstring(ab, msg); >> free_page(page); >> + printk("BILL cmdline-use: %p", audit_ctx); >> } >> >> EXPORT_SYMBOL(audit_log_task_context); >> -- >> 1.7.9.5 >> > > Working on the version that caches, applying this patch, you can see > that the audit_ctx is not initialized yet for caching... so do we > perhaps print the cmdline elsewhere in the flow the results in this > struct being initialized, or re-work the initialization?
Looks like I could do it in here: __audit_syscall_exit() but then the cmdline info won't be in the same place... and I don't want to just scatter stuff all around. Cacheing when the process is created is too early in its life to get the value post setproctitle(). This is where I could see adding an explicit value and setter/getter via prctl would be of value, and we have a defined interface that we can use for marking the cache dirty. -- Respectfully, William C Roberts -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov with the words "unsubscribe seandroid-list" without quotes as the message.