parisc: add kernel audit feature
authorHelge Deller <deller@gmx.de>
Tue, 15 Oct 2013 17:25:46 +0000 (19:25 +0200)
committerHelge Deller <deller@gmx.de>
Thu, 7 Nov 2013 21:27:20 +0000 (22:27 +0100)
Implement missing functions for parisc to provide kernel audit feature.

Signed-off-by: Helge Deller <deller@gmx.de>
arch/parisc/Kconfig
arch/parisc/include/asm/ptrace.h
arch/parisc/include/asm/thread_info.h
arch/parisc/kernel/Makefile
arch/parisc/kernel/audit.c [new file with mode: 0644]
arch/parisc/kernel/compat_audit.c [new file with mode: 0644]
arch/parisc/kernel/ptrace.c
init/Kconfig

index ad2ce8dab9963c4dd6867ee83064460576084089..7dcde539d61e08b0bc586aa220b19ed31654c89c 100644 (file)
@@ -287,6 +287,9 @@ config SYSVIPC_COMPAT
        def_bool y
        depends on COMPAT && SYSVIPC
 
+config AUDIT_ARCH
+       def_bool y
+
 config HPUX
        bool "Support for HP-UX binaries"
        depends on !64BIT
index a2db278a5def69c4a6ac4745c3685e45600df156..3c3cb004b7e225344c9850805cce04192655e7d2 100644 (file)
@@ -19,5 +19,9 @@
 #define user_stack_pointer(regs)       ((regs)->gr[30])
 unsigned long profile_pc(struct pt_regs *);
 
+static inline unsigned long regs_return_value(struct pt_regs *regs)
+{
+       return regs->gr[20];
+}
 
 #endif
index 540c88fa8f863d44adcc254fe9a3917cf015aa4d..bc7cf120106b30e477264850e373f346eeb9bf82 100644 (file)
@@ -59,6 +59,7 @@ struct thread_info {
 #define TIF_32BIT               4       /* 32 bit binary */
 #define TIF_MEMDIE             5       /* is terminating due to OOM killer */
 #define TIF_RESTORE_SIGMASK    6       /* restore saved signal mask */
+#define TIF_SYSCALL_AUDIT      7       /* syscall auditing active */
 #define TIF_NOTIFY_RESUME      8       /* callback before returning to user */
 #define TIF_SINGLESTEP         9       /* single stepping? */
 #define TIF_BLOCKSTEP          10      /* branch stepping? */
@@ -68,6 +69,7 @@ struct thread_info {
 #define _TIF_NEED_RESCHED      (1 << TIF_NEED_RESCHED)
 #define _TIF_POLLING_NRFLAG    (1 << TIF_POLLING_NRFLAG)
 #define _TIF_32BIT             (1 << TIF_32BIT)
+#define _TIF_SYSCALL_AUDIT     (1 << TIF_SYSCALL_AUDIT)
 #define _TIF_NOTIFY_RESUME     (1 << TIF_NOTIFY_RESUME)
 #define _TIF_SINGLESTEP                (1 << TIF_SINGLESTEP)
 #define _TIF_BLOCKSTEP         (1 << TIF_BLOCKSTEP)
@@ -75,7 +77,7 @@ struct thread_info {
 #define _TIF_USER_WORK_MASK     (_TIF_SIGPENDING | _TIF_NOTIFY_RESUME | \
                                  _TIF_NEED_RESCHED)
 #define _TIF_SYSCALL_TRACE_MASK (_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP |        \
-                                _TIF_BLOCKSTEP)
+                                _TIF_BLOCKSTEP | _TIF_SYSCALL_AUDIT)
 
 #endif /* __KERNEL__ */
 
index 66ee3f12df5880db00852baad257c9ad895d11a4..ff87b4603e3dc7d2b60caa2a0047e3eada177397 100644 (file)
@@ -29,7 +29,9 @@ obj-$(CONFIG_PCI)     += pci.o
 obj-$(CONFIG_MODULES)  += module.o
 obj-$(CONFIG_64BIT)    += binfmt_elf32.o sys_parisc32.o signal32.o
 obj-$(CONFIG_STACKTRACE)+= stacktrace.o
+obj-$(CONFIG_AUDIT)    += audit.o
+obj64-$(CONFIG_AUDIT)  += compat_audit.o
 # only supported for PCX-W/U in 64-bit mode at the moment
-obj-$(CONFIG_64BIT)    += perf.o perf_asm.o
+obj-$(CONFIG_64BIT)    += perf.o perf_asm.o $(obj64-y)
 obj-$(CONFIG_FUNCTION_TRACER)          += ftrace.o
 obj-$(CONFIG_FUNCTION_GRAPH_TRACER)    += ftrace.o
diff --git a/arch/parisc/kernel/audit.c b/arch/parisc/kernel/audit.c
new file mode 100644 (file)
index 0000000..eb64a61
--- /dev/null
@@ -0,0 +1,81 @@
+#include <linux/init.h>
+#include <linux/types.h>
+#include <linux/audit.h>
+#include <asm/unistd.h>
+
+static unsigned dir_class[] = {
+#include <asm-generic/audit_dir_write.h>
+~0U
+};
+
+static unsigned read_class[] = {
+#include <asm-generic/audit_read.h>
+~0U
+};
+
+static unsigned write_class[] = {
+#include <asm-generic/audit_write.h>
+~0U
+};
+
+static unsigned chattr_class[] = {
+#include <asm-generic/audit_change_attr.h>
+~0U
+};
+
+static unsigned signal_class[] = {
+#include <asm-generic/audit_signal.h>
+~0U
+};
+
+int audit_classify_arch(int arch)
+{
+#ifdef CONFIG_COMPAT
+       if (arch == AUDIT_ARCH_PARISC)
+               return 1;
+#endif
+       return 0;
+}
+
+int audit_classify_syscall(int abi, unsigned syscall)
+{
+#ifdef CONFIG_COMPAT
+       extern int parisc32_classify_syscall(unsigned);
+       if (abi == AUDIT_ARCH_PARISC)
+               return parisc32_classify_syscall(syscall);
+#endif
+       switch (syscall) {
+       case __NR_open:
+               return 2;
+       case __NR_openat:
+               return 3;
+       case __NR_execve:
+               return 5;
+       default:
+               return 0;
+       }
+}
+
+static int __init audit_classes_init(void)
+{
+#ifdef CONFIG_COMPAT
+       extern __u32 parisc32_dir_class[];
+       extern __u32 parisc32_write_class[];
+       extern __u32 parisc32_read_class[];
+       extern __u32 parisc32_chattr_class[];
+       extern __u32 parisc32_signal_class[];
+       audit_register_class(AUDIT_CLASS_WRITE_32, parisc32_write_class);
+       audit_register_class(AUDIT_CLASS_READ_32, parisc32_read_class);
+       audit_register_class(AUDIT_CLASS_DIR_WRITE_32, parisc32_dir_class);
+       audit_register_class(AUDIT_CLASS_CHATTR_32, parisc32_chattr_class);
+       audit_register_class(AUDIT_CLASS_SIGNAL_32, parisc32_signal_class);
+#endif
+       audit_register_class(AUDIT_CLASS_WRITE, write_class);
+       audit_register_class(AUDIT_CLASS_READ, read_class);
+       audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class);
+       audit_register_class(AUDIT_CLASS_CHATTR, chattr_class);
+       audit_register_class(AUDIT_CLASS_SIGNAL, signal_class);
+       return 0;
+}
+
+__initcall(audit_classes_init);
diff --git a/arch/parisc/kernel/compat_audit.c b/arch/parisc/kernel/compat_audit.c
new file mode 100644 (file)
index 0000000..c74478f
--- /dev/null
@@ -0,0 +1,40 @@
+#include <asm/unistd.h>
+
+unsigned int parisc32_dir_class[] = {
+#include <asm-generic/audit_dir_write.h>
+~0U
+};
+
+unsigned int parisc32_chattr_class[] = {
+#include <asm-generic/audit_change_attr.h>
+~0U
+};
+
+unsigned int parisc32_write_class[] = {
+#include <asm-generic/audit_write.h>
+~0U
+};
+
+unsigned int parisc32_read_class[] = {
+#include <asm-generic/audit_read.h>
+~0U
+};
+
+unsigned int parisc32_signal_class[] = {
+#include <asm-generic/audit_signal.h>
+~0U
+};
+
+int parisc32_classify_syscall(unsigned syscall)
+{
+       switch (syscall) {
+       case __NR_open:
+               return 2;
+       case __NR_openat:
+               return 3;
+       case __NR_execve:
+               return 5;
+       default:
+               return 1;
+       }
+}
index 534abd4936e1ecf96a8f872d9ba90f930c1aff9e..e842ee233db44ef902899280fbadd456175a4de3 100644 (file)
@@ -19,6 +19,7 @@
 #include <linux/security.h>
 #include <linux/compat.h>
 #include <linux/signal.h>
+#include <linux/audit.h>
 
 #include <asm/uaccess.h>
 #include <asm/pgtable.h>
@@ -267,11 +268,28 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
 
 long do_syscall_trace_enter(struct pt_regs *regs)
 {
+       long ret = 0;
+
        if (test_thread_flag(TIF_SYSCALL_TRACE) &&
            tracehook_report_syscall_entry(regs))
-               return -1L;
-
-       return regs->gr[20];
+               ret = -1L;
+
+#ifdef CONFIG_64BIT
+       if (!is_compat_task())
+               audit_syscall_entry(AUDIT_ARCH_PARISC64,
+                       regs->gr[20],
+                       regs->gr[26], regs->gr[25],
+                       regs->gr[24], regs->gr[23]);
+       else
+#endif
+               audit_syscall_entry(AUDIT_ARCH_PARISC,
+                       regs->gr[20] & 0xffffffff,
+                       regs->gr[26] & 0xffffffff,
+                       regs->gr[25] & 0xffffffff,
+                       regs->gr[24] & 0xffffffff,
+                       regs->gr[23] & 0xffffffff);
+
+       return ret ? : regs->gr[20];
 }
 
 void do_syscall_trace_exit(struct pt_regs *regs)
@@ -279,6 +297,8 @@ void do_syscall_trace_exit(struct pt_regs *regs)
        int stepping = test_thread_flag(TIF_SINGLESTEP) ||
                test_thread_flag(TIF_BLOCKSTEP);
 
+       audit_syscall_exit(regs);
+
        if (stepping || test_thread_flag(TIF_SYSCALL_TRACE))
                tracehook_report_syscall_exit(regs, stepping);
 }
index 3ecd8a1178f102d832cdf3b4af0a908997ea648b..d9887456007a83b212eb41dabf95f7d8c781c6b4 100644 (file)
@@ -284,7 +284,7 @@ config AUDIT
 
 config AUDITSYSCALL
        bool "Enable system-call auditing support"
-       depends on AUDIT && (X86 || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT))
+       depends on AUDIT && (X86 || PARISC || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT))
        default y if SECURITY_SELINUX
        help
          Enable low-overhead system-call auditing infrastructure that