Lines Matching refs:context
826 struct audit_context *context = tsk->audit_context; in audit_take_context() local
828 if (!context) in audit_take_context()
830 context->return_valid = return_valid; in audit_take_context()
846 context->return_code = -EINTR; in audit_take_context()
848 context->return_code = return_code; in audit_take_context()
850 if (context->in_syscall && !context->dummy) { in audit_take_context()
851 audit_filter_syscall(tsk, context, &audit_filter_list[AUDIT_FILTER_EXIT]); in audit_take_context()
852 audit_filter_inodes(tsk, context); in audit_take_context()
856 return context; in audit_take_context()
859 static inline void audit_proctitle_free(struct audit_context *context) in audit_proctitle_free() argument
861 kfree(context->proctitle.value); in audit_proctitle_free()
862 context->proctitle.value = NULL; in audit_proctitle_free()
863 context->proctitle.len = 0; in audit_proctitle_free()
866 static inline void audit_free_names(struct audit_context *context) in audit_free_names() argument
870 list_for_each_entry_safe(n, next, &context->names_list, list) { in audit_free_names()
877 context->name_count = 0; in audit_free_names()
878 path_put(&context->pwd); in audit_free_names()
879 context->pwd.dentry = NULL; in audit_free_names()
880 context->pwd.mnt = NULL; in audit_free_names()
883 static inline void audit_free_aux(struct audit_context *context) in audit_free_aux() argument
887 while ((aux = context->aux)) { in audit_free_aux()
888 context->aux = aux->next; in audit_free_aux()
891 while ((aux = context->aux_pids)) { in audit_free_aux()
892 context->aux_pids = aux->next; in audit_free_aux()
899 struct audit_context *context; in audit_alloc_context() local
901 context = kzalloc(sizeof(*context), GFP_KERNEL); in audit_alloc_context()
902 if (!context) in audit_alloc_context()
904 context->state = state; in audit_alloc_context()
905 context->prio = state == AUDIT_RECORD_CONTEXT ? ~0ULL : 0; in audit_alloc_context()
906 INIT_LIST_HEAD(&context->killed_trees); in audit_alloc_context()
907 INIT_LIST_HEAD(&context->names_list); in audit_alloc_context()
908 return context; in audit_alloc_context()
922 struct audit_context *context; in audit_alloc() local
935 if (!(context = audit_alloc_context(state))) { in audit_alloc()
940 context->filterkey = key; in audit_alloc()
942 tsk->audit_context = context; in audit_alloc()
947 static inline void audit_free_context(struct audit_context *context) in audit_free_context() argument
949 audit_free_names(context); in audit_free_context()
950 unroll_tree_refs(context, NULL, 0); in audit_free_context()
951 free_tree_refs(context); in audit_free_context()
952 audit_free_aux(context); in audit_free_context()
953 kfree(context->filterkey); in audit_free_context()
954 kfree(context->sockaddr); in audit_free_context()
955 audit_proctitle_free(context); in audit_free_context()
956 kfree(context); in audit_free_context()
959 static int audit_log_pid_context(struct audit_context *context, pid_t pid, in audit_log_pid_context() argument
968 ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); in audit_log_pid_context()
1002 static int audit_log_single_execve_arg(struct audit_context *context, in audit_log_single_execve_arg() argument
1086 *ab = audit_log_start(context, GFP_KERNEL, AUDIT_EXECVE); in audit_log_single_execve_arg()
1137 static void audit_log_execve_info(struct audit_context *context, in audit_log_execve_info() argument
1147 audit_log_format(*ab, "argc=%d", context->execve.argc); in audit_log_execve_info()
1161 for (i = 0; i < context->execve.argc; i++) { in audit_log_execve_info()
1162 len = audit_log_single_execve_arg(context, ab, i, in audit_log_execve_info()
1171 static void show_special(struct audit_context *context, int *call_panic) in show_special() argument
1176 ab = audit_log_start(context, GFP_KERNEL, context->type); in show_special()
1180 switch (context->type) { in show_special()
1182 int nargs = context->socketcall.nargs; in show_special()
1186 context->socketcall.args[i]); in show_special()
1189 u32 osid = context->ipc.osid; in show_special()
1192 from_kuid(&init_user_ns, context->ipc.uid), in show_special()
1193 from_kgid(&init_user_ns, context->ipc.gid), in show_special()
1194 context->ipc.mode); in show_special()
1206 if (context->ipc.has_perm) { in show_special()
1208 ab = audit_log_start(context, GFP_KERNEL, in show_special()
1214 context->ipc.qbytes, in show_special()
1215 context->ipc.perm_uid, in show_special()
1216 context->ipc.perm_gid, in show_special()
1217 context->ipc.perm_mode); in show_special()
1224 context->mq_open.oflag, context->mq_open.mode, in show_special()
1225 context->mq_open.attr.mq_flags, in show_special()
1226 context->mq_open.attr.mq_maxmsg, in show_special()
1227 context->mq_open.attr.mq_msgsize, in show_special()
1228 context->mq_open.attr.mq_curmsgs); in show_special()
1234 context->mq_sendrecv.mqdes, in show_special()
1235 context->mq_sendrecv.msg_len, in show_special()
1236 context->mq_sendrecv.msg_prio, in show_special()
1237 context->mq_sendrecv.abs_timeout.tv_sec, in show_special()
1238 context->mq_sendrecv.abs_timeout.tv_nsec); in show_special()
1242 context->mq_notify.mqdes, in show_special()
1243 context->mq_notify.sigev_signo); in show_special()
1246 struct mq_attr *attr = &context->mq_getsetattr.mqstat; in show_special()
1250 context->mq_getsetattr.mqdes, in show_special()
1255 audit_log_format(ab, "pid=%d", context->capset.pid); in show_special()
1256 audit_log_cap(ab, "cap_pi", &context->capset.cap.inheritable); in show_special()
1257 audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted); in show_special()
1258 audit_log_cap(ab, "cap_pe", &context->capset.cap.effective); in show_special()
1261 audit_log_format(ab, "fd=%d flags=0x%x", context->mmap.fd, in show_special()
1262 context->mmap.flags); in show_special()
1265 audit_log_execve_info(context, &ab); in show_special()
1284 struct audit_context *context) in audit_log_proctitle() argument
1292 ab = audit_log_start(context, GFP_KERNEL, AUDIT_PROCTITLE); in audit_log_proctitle()
1299 if (!context->proctitle.value) { in audit_log_proctitle()
1314 context->proctitle.value = buf; in audit_log_proctitle()
1315 context->proctitle.len = res; in audit_log_proctitle()
1317 msg = context->proctitle.value; in audit_log_proctitle()
1318 len = context->proctitle.len; in audit_log_proctitle()
1324 static void audit_log_exit(struct audit_context *context, struct task_struct *tsk) in audit_log_exit() argument
1332 context->personality = tsk->personality; in audit_log_exit()
1334 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL); in audit_log_exit()
1338 context->arch, context->major); in audit_log_exit()
1339 if (context->personality != PER_LINUX) in audit_log_exit()
1340 audit_log_format(ab, " per=%lx", context->personality); in audit_log_exit()
1341 if (context->return_valid) in audit_log_exit()
1343 (context->return_valid==AUDITSC_SUCCESS)?"yes":"no", in audit_log_exit()
1344 context->return_code); in audit_log_exit()
1348 context->argv[0], in audit_log_exit()
1349 context->argv[1], in audit_log_exit()
1350 context->argv[2], in audit_log_exit()
1351 context->argv[3], in audit_log_exit()
1352 context->name_count); in audit_log_exit()
1355 audit_log_key(ab, context->filterkey); in audit_log_exit()
1358 for (aux = context->aux; aux; aux = aux->next) { in audit_log_exit()
1360 ab = audit_log_start(context, GFP_KERNEL, aux->type); in audit_log_exit()
1384 if (context->type) in audit_log_exit()
1385 show_special(context, &call_panic); in audit_log_exit()
1387 if (context->fds[0] >= 0) { in audit_log_exit()
1388 ab = audit_log_start(context, GFP_KERNEL, AUDIT_FD_PAIR); in audit_log_exit()
1391 context->fds[0], context->fds[1]); in audit_log_exit()
1396 if (context->sockaddr_len) { in audit_log_exit()
1397 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SOCKADDR); in audit_log_exit()
1400 audit_log_n_hex(ab, (void *)context->sockaddr, in audit_log_exit()
1401 context->sockaddr_len); in audit_log_exit()
1406 for (aux = context->aux_pids; aux; aux = aux->next) { in audit_log_exit()
1410 if (audit_log_pid_context(context, axs->target_pid[i], in audit_log_exit()
1419 if (context->target_pid && in audit_log_exit()
1420 audit_log_pid_context(context, context->target_pid, in audit_log_exit()
1421 context->target_auid, context->target_uid, in audit_log_exit()
1422 context->target_sessionid, in audit_log_exit()
1423 context->target_sid, context->target_comm)) in audit_log_exit()
1426 if (context->pwd.dentry && context->pwd.mnt) { in audit_log_exit()
1427 ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD); in audit_log_exit()
1429 audit_log_d_path(ab, " cwd=", &context->pwd); in audit_log_exit()
1435 list_for_each_entry(n, &context->names_list, list) { in audit_log_exit()
1438 audit_log_name(context, n, NULL, i++, &call_panic); in audit_log_exit()
1441 audit_log_proctitle(tsk, context); in audit_log_exit()
1444 ab = audit_log_start(context, GFP_KERNEL, AUDIT_EOE); in audit_log_exit()
1459 struct audit_context *context; in __audit_free() local
1461 context = audit_take_context(tsk, 0, 0); in __audit_free()
1462 if (!context) in __audit_free()
1470 if (context->in_syscall && context->current_state == AUDIT_RECORD_CONTEXT) in __audit_free()
1471 audit_log_exit(context, tsk); in __audit_free()
1472 if (!list_empty(&context->killed_trees)) in __audit_free()
1473 audit_kill_trees(&context->killed_trees); in __audit_free()
1475 audit_free_context(context); in __audit_free()
1498 struct audit_context *context = tsk->audit_context; in __audit_syscall_entry() local
1501 if (!context) in __audit_syscall_entry()
1504 BUG_ON(context->in_syscall || context->name_count); in __audit_syscall_entry()
1509 context->arch = syscall_get_arch(); in __audit_syscall_entry()
1510 context->major = major; in __audit_syscall_entry()
1511 context->argv[0] = a1; in __audit_syscall_entry()
1512 context->argv[1] = a2; in __audit_syscall_entry()
1513 context->argv[2] = a3; in __audit_syscall_entry()
1514 context->argv[3] = a4; in __audit_syscall_entry()
1516 state = context->state; in __audit_syscall_entry()
1517 context->dummy = !audit_n_rules; in __audit_syscall_entry()
1518 if (!context->dummy && state == AUDIT_BUILD_CONTEXT) { in __audit_syscall_entry()
1519 context->prio = 0; in __audit_syscall_entry()
1520 state = audit_filter_syscall(tsk, context, &audit_filter_list[AUDIT_FILTER_ENTRY]); in __audit_syscall_entry()
1525 context->serial = 0; in __audit_syscall_entry()
1526 context->ctime = CURRENT_TIME; in __audit_syscall_entry()
1527 context->in_syscall = 1; in __audit_syscall_entry()
1528 context->current_state = state; in __audit_syscall_entry()
1529 context->ppid = 0; in __audit_syscall_entry()
1546 struct audit_context *context; in __audit_syscall_exit() local
1553 context = audit_take_context(tsk, success, return_code); in __audit_syscall_exit()
1554 if (!context) in __audit_syscall_exit()
1557 if (context->in_syscall && context->current_state == AUDIT_RECORD_CONTEXT) in __audit_syscall_exit()
1558 audit_log_exit(context, tsk); in __audit_syscall_exit()
1560 context->in_syscall = 0; in __audit_syscall_exit()
1561 context->prio = context->state == AUDIT_RECORD_CONTEXT ? ~0ULL : 0; in __audit_syscall_exit()
1563 if (!list_empty(&context->killed_trees)) in __audit_syscall_exit()
1564 audit_kill_trees(&context->killed_trees); in __audit_syscall_exit()
1566 audit_free_names(context); in __audit_syscall_exit()
1567 unroll_tree_refs(context, NULL, 0); in __audit_syscall_exit()
1568 audit_free_aux(context); in __audit_syscall_exit()
1569 context->aux = NULL; in __audit_syscall_exit()
1570 context->aux_pids = NULL; in __audit_syscall_exit()
1571 context->target_pid = 0; in __audit_syscall_exit()
1572 context->target_sid = 0; in __audit_syscall_exit()
1573 context->sockaddr_len = 0; in __audit_syscall_exit()
1574 context->type = 0; in __audit_syscall_exit()
1575 context->fds[0] = -1; in __audit_syscall_exit()
1576 if (context->state != AUDIT_RECORD_CONTEXT) { in __audit_syscall_exit()
1577 kfree(context->filterkey); in __audit_syscall_exit()
1578 context->filterkey = NULL; in __audit_syscall_exit()
1580 tsk->audit_context = context; in __audit_syscall_exit()
1586 struct audit_context *context; in handle_one() local
1592 context = current->audit_context; in handle_one()
1593 p = context->trees; in handle_one()
1594 count = context->tree_count; in handle_one()
1600 if (likely(put_tree_ref(context, chunk))) in handle_one()
1602 if (unlikely(!grow_tree_refs(context))) { in handle_one()
1604 audit_set_auditable(context); in handle_one()
1606 unroll_tree_refs(context, p, count); in handle_one()
1609 put_tree_ref(context, chunk); in handle_one()
1616 struct audit_context *context; in handle_path() local
1623 context = current->audit_context; in handle_path()
1624 p = context->trees; in handle_path()
1625 count = context->tree_count; in handle_path()
1637 if (unlikely(!put_tree_ref(context, chunk))) { in handle_path()
1652 unroll_tree_refs(context, p, count); in handle_path()
1656 if (grow_tree_refs(context)) { in handle_path()
1658 unroll_tree_refs(context, p, count); in handle_path()
1663 unroll_tree_refs(context, p, count); in handle_path()
1664 audit_set_auditable(context); in handle_path()
1671 static struct audit_names *audit_alloc_name(struct audit_context *context, in audit_alloc_name() argument
1676 if (context->name_count < AUDIT_NAMES) { in audit_alloc_name()
1677 aname = &context->preallocated_names[context->name_count]; in audit_alloc_name()
1688 list_add_tail(&aname->list, &context->names_list); in audit_alloc_name()
1690 context->name_count++; in audit_alloc_name()
1705 struct audit_context *context = current->audit_context; in __audit_reusename() local
1708 list_for_each_entry(n, &context->names_list, list) { in __audit_reusename()
1728 struct audit_context *context = current->audit_context; in __audit_getname() local
1731 if (!context->in_syscall) in __audit_getname()
1734 n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN); in __audit_getname()
1743 if (!context->pwd.dentry) in __audit_getname()
1744 get_fs_pwd(current->fs, &context->pwd); in __audit_getname()
1756 struct audit_context *context = current->audit_context; in __audit_inode() local
1761 if (!context->in_syscall) in __audit_inode()
1783 list_for_each_entry_reverse(n, &context->names_list, list) { in __audit_inode()
1810 n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN); in __audit_inode()
1855 struct audit_context *context = current->audit_context; in __audit_inode_child() local
1860 if (!context->in_syscall) in __audit_inode_child()
1867 list_for_each_entry(n, &context->names_list, list) { in __audit_inode_child()
1884 list_for_each_entry(n, &context->names_list, list) { in __audit_inode_child()
1904 n = audit_alloc_name(context, AUDIT_TYPE_PARENT); in __audit_inode_child()
1911 found_child = audit_alloc_name(context, type); in __audit_inode_child()
2043 struct audit_context *context = current->audit_context; in __audit_mq_open() local
2046 memcpy(&context->mq_open.attr, attr, sizeof(struct mq_attr)); in __audit_mq_open()
2048 memset(&context->mq_open.attr, 0, sizeof(struct mq_attr)); in __audit_mq_open()
2050 context->mq_open.oflag = oflag; in __audit_mq_open()
2051 context->mq_open.mode = mode; in __audit_mq_open()
2053 context->type = AUDIT_MQ_OPEN; in __audit_mq_open()
2067 struct audit_context *context = current->audit_context; in __audit_mq_sendrecv() local
2068 struct timespec *p = &context->mq_sendrecv.abs_timeout; in __audit_mq_sendrecv()
2075 context->mq_sendrecv.mqdes = mqdes; in __audit_mq_sendrecv()
2076 context->mq_sendrecv.msg_len = msg_len; in __audit_mq_sendrecv()
2077 context->mq_sendrecv.msg_prio = msg_prio; in __audit_mq_sendrecv()
2079 context->type = AUDIT_MQ_SENDRECV; in __audit_mq_sendrecv()
2091 struct audit_context *context = current->audit_context; in __audit_mq_notify() local
2094 context->mq_notify.sigev_signo = notification->sigev_signo; in __audit_mq_notify()
2096 context->mq_notify.sigev_signo = 0; in __audit_mq_notify()
2098 context->mq_notify.mqdes = mqdes; in __audit_mq_notify()
2099 context->type = AUDIT_MQ_NOTIFY; in __audit_mq_notify()
2110 struct audit_context *context = current->audit_context; in __audit_mq_getsetattr() local
2111 context->mq_getsetattr.mqdes = mqdes; in __audit_mq_getsetattr()
2112 context->mq_getsetattr.mqstat = *mqstat; in __audit_mq_getsetattr()
2113 context->type = AUDIT_MQ_GETSETATTR; in __audit_mq_getsetattr()
2123 struct audit_context *context = current->audit_context; in __audit_ipc_obj() local
2124 context->ipc.uid = ipcp->uid; in __audit_ipc_obj()
2125 context->ipc.gid = ipcp->gid; in __audit_ipc_obj()
2126 context->ipc.mode = ipcp->mode; in __audit_ipc_obj()
2127 context->ipc.has_perm = 0; in __audit_ipc_obj()
2128 security_ipc_getsecid(ipcp, &context->ipc.osid); in __audit_ipc_obj()
2129 context->type = AUDIT_IPC; in __audit_ipc_obj()
2143 struct audit_context *context = current->audit_context; in __audit_ipc_set_perm() local
2145 context->ipc.qbytes = qbytes; in __audit_ipc_set_perm()
2146 context->ipc.perm_uid = uid; in __audit_ipc_set_perm()
2147 context->ipc.perm_gid = gid; in __audit_ipc_set_perm()
2148 context->ipc.perm_mode = mode; in __audit_ipc_set_perm()
2149 context->ipc.has_perm = 1; in __audit_ipc_set_perm()
2154 struct audit_context *context = current->audit_context; in __audit_bprm() local
2156 context->type = AUDIT_EXECVE; in __audit_bprm()
2157 context->execve.argc = bprm->argc; in __audit_bprm()
2169 struct audit_context *context = current->audit_context; in __audit_socketcall() local
2173 context->type = AUDIT_SOCKETCALL; in __audit_socketcall()
2174 context->socketcall.nargs = nargs; in __audit_socketcall()
2175 memcpy(context->socketcall.args, args, nargs * sizeof(unsigned long)); in __audit_socketcall()
2187 struct audit_context *context = current->audit_context; in __audit_fd_pair() local
2188 context->fds[0] = fd1; in __audit_fd_pair()
2189 context->fds[1] = fd2; in __audit_fd_pair()
2201 struct audit_context *context = current->audit_context; in __audit_sockaddr() local
2203 if (!context->sockaddr) { in __audit_sockaddr()
2207 context->sockaddr = p; in __audit_sockaddr()
2210 context->sockaddr_len = len; in __audit_sockaddr()
2211 memcpy(context->sockaddr, a, len); in __audit_sockaddr()
2217 struct audit_context *context = current->audit_context; in __audit_ptrace() local
2219 context->target_pid = task_pid_nr(t); in __audit_ptrace()
2220 context->target_auid = audit_get_loginuid(t); in __audit_ptrace()
2221 context->target_uid = task_uid(t); in __audit_ptrace()
2222 context->target_sessionid = audit_get_sessionid(t); in __audit_ptrace()
2223 security_task_getsecid(t, &context->target_sid); in __audit_ptrace()
2224 memcpy(context->target_comm, t->comm, TASK_COMM_LEN); in __audit_ptrace()
2305 struct audit_context *context = current->audit_context; in __audit_log_bprm_fcaps() local
2313 ax->d.next = context->aux; in __audit_log_bprm_fcaps()
2314 context->aux = (void *)ax; in __audit_log_bprm_fcaps()
2343 struct audit_context *context = current->audit_context; in __audit_log_capset() local
2344 context->capset.pid = task_pid_nr(current); in __audit_log_capset()
2345 context->capset.cap.effective = new->cap_effective; in __audit_log_capset()
2346 context->capset.cap.inheritable = new->cap_effective; in __audit_log_capset()
2347 context->capset.cap.permitted = new->cap_permitted; in __audit_log_capset()
2348 context->type = AUDIT_CAPSET; in __audit_log_capset()
2353 struct audit_context *context = current->audit_context; in __audit_mmap_fd() local
2354 context->mmap.fd = fd; in __audit_mmap_fd()
2355 context->mmap.flags = flags; in __audit_mmap_fd()
2356 context->type = AUDIT_MMAP; in __audit_mmap_fd()