sh: syscall audit support.
authorYuichi Nakamura <ynakam@hitachisoft.jp>
Sat, 10 Nov 2007 10:21:34 +0000 (19:21 +0900)
committerPaul Mundt <lethal@linux-sh.org>
Mon, 28 Jan 2008 04:18:57 +0000 (13:18 +0900)
Support syscall auditing..

Signed-off-by: Yuichi Nakamura <ynakam@hitachisoft.jp>
Signed-off-by: Paul Mundt <lethal@linux-sh.org>
arch/sh/kernel/entry-common.S
arch/sh/kernel/ptrace_32.c
include/asm-sh/thread_info.h
init/Kconfig

index e0317ed080c3402d870ab51c75dd34853f73b797..397ac71d97f1ada251c6c030ad39b4e795f3f480 100644 (file)
@@ -224,7 +224,7 @@ work_resched:
 syscall_exit_work:
        ! r0: current_thread_info->flags
        ! r8: current_thread_info
-       tst     #_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP, r0
+       tst     #_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP | _TIF_SYSCALL_AUDIT, r0
        bt/s    work_pending
         tst    #_TIF_NEED_RESCHED, r0
 #ifdef CONFIG_TRACE_IRQFLAGS
@@ -234,6 +234,8 @@ syscall_exit_work:
 #endif
        sti
        ! XXX setup arguments...
+       mov     r15, r4
+       mov     #1, r5
        mov.l   4f, r0                  ! do_syscall_trace
        jsr     @r0
         nop
@@ -244,6 +246,8 @@ syscall_exit_work:
 syscall_trace_entry:
        !                       Yes it is traced.
        ! XXX setup arguments...
+       mov     r15, r4
+       mov     #0, r5
        mov.l   4f, r11         ! Call do_syscall_trace which notifies
        jsr     @r11            ! superior (will chomp R[0-7])
         nop
@@ -366,7 +370,7 @@ ENTRY(system_call)
        !
        get_current_thread_info r8, r10
        mov.l   @(TI_FLAGS,r8), r8
-       mov     #_TIF_SYSCALL_TRACE, r10
+       mov     #(_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT), r10
        tst     r10, r8
        bf      syscall_trace_entry
        !
index ac725f0aeb72a992d7d10bfee54a66cd3d7cce79..ce0664a58b49c1e0ca4096a3a875679aa38bafae 100644 (file)
@@ -6,7 +6,7 @@
  *     edited by Linus Torvalds
  *
  * SuperH version:   Copyright (C) 1999, 2000  Kaz Kojima & Niibe Yutaka
- *
+ * Audit support: Yuichi Nakamura <ynakam@hitachisoft.jp>
  */
 #include <linux/kernel.h>
 #include <linux/sched.h>
@@ -19,6 +19,7 @@
 #include <linux/security.h>
 #include <linux/signal.h>
 #include <linux/io.h>
+#include <linux/audit.h>
 #include <asm/uaccess.h>
 #include <asm/pgtable.h>
 #include <asm/system.h>
@@ -248,15 +249,20 @@ long arch_ptrace(struct task_struct *child, long request, long addr, long data)
        return ret;
 }
 
-asmlinkage void do_syscall_trace(void)
+asmlinkage void do_syscall_trace(struct pt_regs *regs, int entryexit)
 {
        struct task_struct *tsk = current;
 
+       if (unlikely(current->audit_context) && entryexit)
+               audit_syscall_exit(AUDITSC_RESULT(regs->regs[0]),
+                                  regs->regs[0]);
+
        if (!test_thread_flag(TIF_SYSCALL_TRACE) &&
            !test_thread_flag(TIF_SINGLESTEP))
-               return;
+               goto out;
        if (!(tsk->ptrace & PT_PTRACED))
-               return;
+               goto out;
+
        /* the 0x80 provides a way for the tracing parent to distinguish
           between a syscall stop and SIGTRAP delivery */
        ptrace_notify(SIGTRAP | ((current->ptrace & PT_TRACESYSGOOD) &&
@@ -271,4 +277,11 @@ asmlinkage void do_syscall_trace(void)
                send_sig(tsk->exit_code, tsk, 1);
                tsk->exit_code = 0;
        }
+
+out:
+       if (unlikely(current->audit_context) && !entryexit)
+               audit_syscall_entry(AUDIT_ARCH_SH, regs->regs[3],
+                                   regs->regs[4], regs->regs[5],
+                                   regs->regs[6], regs->regs[7]);
+
 }
index d49ee9d868e547be1c1ac00b6b56cea1d0a64335..c6577d3dc46d594e33bc4a572f71d44bb02a88f2 100644 (file)
@@ -113,6 +113,7 @@ static inline struct thread_info *current_thread_info(void)
 #define TIF_NEED_RESCHED       2       /* rescheduling necessary */
 #define TIF_RESTORE_SIGMASK    3       /* restore signal mask in do_signal() */
 #define TIF_SINGLESTEP         4       /* singlestepping active */
+#define TIF_SYSCALL_AUDIT      5
 #define TIF_USEDFPU            16      /* FPU was used by this task this quantum (SMP) */
 #define TIF_POLLING_NRFLAG     17      /* true if poll_idle() is polling TIF_NEED_RESCHED */
 #define TIF_MEMDIE             18
@@ -123,6 +124,7 @@ static inline struct thread_info *current_thread_info(void)
 #define _TIF_NEED_RESCHED      (1<<TIF_NEED_RESCHED)
 #define _TIF_RESTORE_SIGMASK   (1<<TIF_RESTORE_SIGMASK)
 #define _TIF_SINGLESTEP                (1<<TIF_SINGLESTEP)
+#define _TIF_SYSCALL_AUDIT             (1<<TIF_SYSCALL_AUDIT)
 #define _TIF_USEDFPU           (1<<TIF_USEDFPU)
 #define _TIF_POLLING_NRFLAG    (1<<TIF_POLLING_NRFLAG)
 #define _TIF_FREEZE            (1<<TIF_FREEZE)
index 0eda68f0ad540778b7f071bd2f5493adaf29a484..288444b4cd8ae8a7e1b74614b9fd4745c635de7a 100644 (file)
@@ -238,7 +238,7 @@ config AUDIT
 
 config AUDITSYSCALL
        bool "Enable system-call auditing support"
-       depends on AUDIT && (X86 || PPC || PPC64 || S390 || IA64 || UML || SPARC64)
+       depends on AUDIT && (X86 || PPC || PPC64 || S390 || IA64 || UML || SPARC64|| SUPERH)
        default y if SECURITY_SELINUX
        help
          Enable low-overhead system-call auditing infrastructure that