security: add ioctl specific auditing to lsm_audit

(cherry pick from commit 671a2781ff01abf4fdc8904881fc3abd3a8279af)

Add information about ioctl calls to the LSM audit data. Log the
file path and command number.

Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by: Nick Kralevich <nnk@google.com>
[PM: subject line tweak]
Signed-off-by: Paul Moore <pmoore@redhat.com>
Bug: 22846070
Change-Id: I88a6ecdd59297a315a6fb9c82c0a798bdb6bafaa

diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
index 1cc89e9df480cc14c9c7cf5723995c0bea470688..ffb9c9da4f39f8779a55bc832b3f6657e45f23ac 100644 (file)
--- a/include/linux/lsm_audit.h
+++ b/include/linux/lsm_audit.h
@@ -40,6 +40,11 @@ struct lsm_network_audit {
        } fam;
 };
 
+struct lsm_ioctlop_audit {
+       struct path path;
+       u16 cmd;
+};
+
 /* Auxiliary data to use in generating the audit record. */
 struct common_audit_data {
        char type;
@@ -53,6 +58,7 @@ struct common_audit_data {
 #define LSM_AUDIT_DATA_KMOD    8
 #define LSM_AUDIT_DATA_INODE   9
 #define LSM_AUDIT_DATA_DENTRY  10
+#define LSM_AUDIT_DATA_IOCTL_OP        11
        union   {
                struct path path;
                struct dentry *dentry;
@@ -68,6 +74,7 @@ struct common_audit_data {
                } key_struct;
 #endif
                char *kmod_name;
+               struct lsm_ioctlop_audit *op;
        } u;
        /* this union contains LSM specific data */
        union {

diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 8d8d97dbb389b1d305352cee29e4dbcc0191af64..8f6b8e8a4cc8ae4ec6e93da615e4fe5ec23f35a3 100644 (file)
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -245,6 +245,21 @@ static void dump_common_audit_data(struct audit_buffer *ab,
                }
                break;
        }
+       case LSM_AUDIT_DATA_IOCTL_OP: {
+               struct inode *inode;
+
+               audit_log_d_path(ab, " path=", &a->u.op->path);
+
+               inode = a->u.op->path.dentry->d_inode;
+               if (inode) {
+                       audit_log_format(ab, " dev=");
+                       audit_log_untrustedstring(ab, inode->i_sb->s_id);
+                       audit_log_format(ab, " ino=%lu", inode->i_ino);
+               }
+
+               audit_log_format(ab, " ioctlcmd=%hx", a->u.op->cmd);
+               break;
+       }
        case LSM_AUDIT_DATA_DENTRY: {
                struct inode *inode;