LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: Kentaro Takeda <takedakn@nttdata.co.jp>
To: akpm@linux-foundation.org
Cc: linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	Kentaro Takeda <takedakn@nttdata.co.jp>,
	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Subject: [TOMOYO #6 retry 10/21] Auditing interface.
Date: Wed, 09 Jan 2008 09:53:30 +0900	[thread overview]
Message-ID: <20080109005422.592401660@nttdata.co.jp> (raw)
In-Reply-To: <20080109005320.323184643@nttdata.co.jp>

TOMOYO Linux uses /sys/kernel/security/tomoyo/ interface
for reporting access logs in domain policy format.
One is 'grant_log', used for auditing accesses which are
granted in the TOMOYO Linux policy.
The other is 'reject_log', used for auditing accesses which
are not granted in the TOMOYO Linux policy.
The userland daemon /usr/lib/ccs/ccs-auditd will save these logs.

Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
 security/tomoyo/audit.c |  239 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 239 insertions(+)

--- /dev/null
+++ linux-2.6-mm/security/tomoyo/audit.c
@@ -0,0 +1,239 @@
+/*
+ * security/tomoyo/audit.c
+ *
+ * Audit functions for TOMOYO Linux
+ */
+
+#include "tomoyo.h"
+
+#ifdef CONFIG_SECURITY_TOMOYO_USE_AUDITD
+/**
+ * tmy_audit - write audit log.
+ * @fmt:  format strings for printf().
+ *
+ * Returns zero on success.
+ * Returns nonzero on failure.
+ *
+ * Write audit log.
+ */
+int tmy_audit(const char *fmt, ...)
+{
+	struct audit_buffer *ab;
+	int len;
+	va_list args;
+	char *buf;
+	char *cp;
+	ab = audit_log_start(current->audit_context, GFP_KERNEL, AUDIT_KERNEL);
+	if (!ab)
+		return -ENOMEM;
+	buf = kzalloc(PAGE_SIZE, GFP_KERNEL);
+	if (!buf)
+		goto out;
+	va_start(args, fmt);
+	len = vsnprintf(buf, PAGE_SIZE - 1, fmt, args);
+	va_end(args);
+	if (len > PAGE_SIZE - 1) {
+		kfree(buf);
+		buf = kzalloc(len + 16, GFP_KERNEL);
+		if (!buf)
+			goto out;
+		va_start(args, fmt);
+		vsnprintf(buf, len + 15, fmt, args);
+		va_end(args);
+	}
+	cp = strchr(buf, '\0') - 1;
+	if (cp >= buf && *cp == '\n')
+		*cp = '\0';
+	audit_log_format(ab, "TOMOYO: %s", buf);
+	kfree(buf);
+out: ;
+	audit_log_end(ab);
+	return buf ? 0 : -ENOMEM;
+}
+#endif
+
+static DECLARE_WAIT_QUEUE_HEAD(grant_log_wait);
+static DECLARE_WAIT_QUEUE_HEAD(reject_log_wait);
+
+static DEFINE_SPINLOCK(audit_log_lock);
+
+struct log_entry {
+	struct list_head list;
+	char *log;
+};
+
+static LIST_HEAD(grant_log);
+static LIST_HEAD(reject_log);
+
+static int grant_log_count;
+static int reject_log_count;
+
+/**
+ * tmy_audit_grant - get flags of auditing grant logs.
+ *
+ * Returns current value of auditing grant log flags.
+ */
+bool tmy_audit_grant(void)
+{
+	return grant_log_count < tmy_flags(TMY_MAX_GRANT_LOG);
+}
+
+/**
+ * tmy_audit_reject - get flags of auditing reject logs.
+ *
+ * Returns current value of auditing reject log flags.
+ */
+bool tmy_audit_reject(void)
+{
+	return reject_log_count < tmy_flags(TMY_MAX_REJECT_LOG);
+}
+
+/**
+ * tmy_init_audit_log - allocate and initialize audit buffer.
+ * @len: pointer to length of requested size.
+ * @profile: profile number for this log.
+ * @mode: profile value for this log.
+ *
+ * Returns pointer to audit buffer on success. @len received allocated size.
+ * Returns NULL on failure.
+ *
+ * @len must not be a NULL.
+ */
+char *tmy_init_audit_log(int *len, const u8 profile, const unsigned int mode)
+{
+	char *buf;
+	struct timeval tv;
+	struct task_struct *task = current;
+	const char *domainname = TMY_SECURITY->domain->domainname->name;
+	do_gettimeofday(&tv);
+	*len += strlen(domainname) + 256;
+	buf = tmy_alloc(*len);
+	if (!buf)
+		return NULL;
+	snprintf(buf, (*len) - 1, "#timestamp=%lu profile=%u mode=%u "
+		 "pid=%d uid=%d gid=%d euid=%d egid=%d "
+		 "suid=%d sgid=%d fsuid=%d fsgid=%d \n%s\n",
+		 tv.tv_sec, profile, mode,
+		 task->pid, task->uid, task->gid, task->euid, task->egid,
+		 task->suid, task->sgid, task->fsuid, task->fsgid, domainname);
+	return buf;
+}
+
+/**
+ * tmy_write_audit_log - write audit log.
+ * @buf:        pointer to access log contents.
+ * @is_granted: is the access request granted?
+ *
+ * Returns zero on success.
+ * Returns nonzero on failure.
+ *
+ * Write audit log.
+ * Caller must allocate @buf with tmy_init_audit_log().
+ */
+int tmy_write_audit_log(char *buf, const bool is_granted)
+{
+	struct log_entry *new_entry;
+	new_entry = tmy_alloc(sizeof(*new_entry));
+	if (!new_entry) {
+		tmy_free(buf);
+		return -ENOMEM;
+	}
+	INIT_LIST_HEAD(&new_entry->list);
+	new_entry->log = buf;
+	/***** CRITICAL SECTION START *****/
+	spin_lock(&audit_log_lock);
+	if (is_granted) {
+		list_add_tail(&new_entry->list, &grant_log);
+		grant_log_count++;
+		buf = NULL;
+		tmy_update_counter(TMY_UPDATE_GRANT_LOG);
+	} else {
+		list_add_tail(&new_entry->list, &reject_log);
+		reject_log_count++;
+		buf = NULL;
+		tmy_update_counter(TMY_UPDATE_REJECT_LOG);
+	}
+	spin_unlock(&audit_log_lock);
+	/***** CRITICAL SECTION END *****/
+	if (is_granted)
+		wake_up(&grant_log_wait);
+	else
+		wake_up(&reject_log_wait);
+	return 0;
+}
+
+int tmy_read_grant_log(struct io_buffer *head)
+{
+	struct log_entry *ptr = NULL;
+	if (head->read_avail)
+		return 0;
+	if (head->read_buf) {
+		tmy_free(head->read_buf);
+		head->read_buf = NULL;
+		head->readbuf_size = 0;
+	}
+	/***** CRITICAL SECTION START *****/
+	spin_lock(&audit_log_lock);
+	if (!list_empty(&grant_log)) {
+		ptr = list_entry(grant_log.next, struct log_entry, list);
+		list_del(&ptr->list);
+		grant_log_count--;
+	}
+	spin_unlock(&audit_log_lock);
+	/***** CRITICAL SECTION END *****/
+	if (ptr) {
+		head->read_buf = ptr->log;
+		head->read_avail = strlen(ptr->log) + 1;
+		head->readbuf_size = head->read_avail;
+		tmy_free(ptr);
+	}
+	return 0;
+}
+
+int tmy_poll_grant_log(struct file *file, poll_table *wait)
+{
+	if (grant_log_count)
+		return POLLIN | POLLRDNORM;
+	poll_wait(file, &grant_log_wait, wait);
+	if (grant_log_count)
+		return POLLIN | POLLRDNORM;
+	return 0;
+}
+
+int tmy_read_reject_log(struct io_buffer *head)
+{
+	struct log_entry *ptr = NULL;
+	if (head->read_avail)
+		return 0;
+	if (head->read_buf) {
+		tmy_free(head->read_buf);
+		head->read_buf = NULL;
+		head->readbuf_size = 0;
+	}
+	/***** CRITICAL SECTION START *****/
+	spin_lock(&audit_log_lock);
+	if (!list_empty(&reject_log)) {
+		ptr = list_entry(reject_log.next, struct log_entry, list);
+		list_del(&ptr->list);
+		reject_log_count--;
+	}
+	spin_unlock(&audit_log_lock);
+	/***** CRITICAL SECTION END *****/
+	if (ptr) {
+		head->read_buf = ptr->log;
+		head->read_avail = strlen(ptr->log) + 1;
+		head->readbuf_size = head->read_avail;
+		tmy_free(ptr);
+	}
+	return 0;
+}
+
+int tmy_poll_reject_log(struct file *file, poll_table *wait)
+{
+	if (reject_log_count)
+		return POLLIN | POLLRDNORM;
+	poll_wait(file, &reject_log_wait, wait);
+	if (reject_log_count)
+		return POLLIN | POLLRDNORM;
+	return 0;
+}

-- 

  parent reply	other threads:[~2008-01-09  0:58 UTC|newest]

Thread overview: 33+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-01-09  0:53 [TOMOYO #6 retry 00/21] TOMOYO Linux - MAC based on process invocation history Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 01/21] TOMOYO Linux documentation Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 02/21] Add struct vfsmount to struct task_struct Kentaro Takeda
2008-01-15 21:16   ` Serge E. Hallyn
2008-01-16  0:22     ` Kentaro Takeda
2008-01-16 14:39       ` Serge E. Hallyn
2008-01-17  4:55         ` Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 03/21] Add wrapper functions for VFS helper functions Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 04/21] Replace VFS with wrapper functions Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 05/21] Add packet filtering based on processs security context Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 06/21] Data structures and prototype defitions Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 07/21] Memory and pathname management functions Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 08/21] Utility functions and policy manipulation interface Kentaro Takeda
2008-01-09  4:25   ` James Morris
2008-01-09  4:29     ` James Morris
2008-01-12  2:06       ` [TOMOYO #6 retry 08/21] Utility functions and policy manipulationinterface Tetsuo Handa
2008-01-12  3:06         ` James Morris
2008-01-12  4:45         ` Greg KH
2008-01-12  7:34           ` [TOMOYO #6 retry 08/21] Utility functions and policymanipulationinterface Tetsuo Handa
2008-01-09  4:31     ` [TOMOYO #6 retry 08/21] Utility functions and policy manipulation interface Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 09/21] Domain transition functions Kentaro Takeda
2008-01-09  0:53 ` Kentaro Takeda [this message]
2008-01-09  0:53 ` [TOMOYO #6 retry 11/21] File access control functions Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 12/21] argv0 check functions Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 13/21] environment variable name " Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 14/21] Network access control functions Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 15/21] Namespace manipulation " Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 16/21] Signal " Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 17/21] Capability access " Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 18/21] LSM adapter functions Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 19/21] Conditional permission support Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 20/21] Kconfig and Makefile Kentaro Takeda
2008-01-09  0:53 ` [TOMOYO #6 retry 21/21] Add signal hooks at sleepable location Kentaro Takeda

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080109005422.592401660@nttdata.co.jp \
    --to=takedakn@nttdata.co.jp \
    --cc=akpm@linux-foundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=penguin-kernel@I-love.SAKURA.ne.jp \
    --subject='Re: [TOMOYO #6 retry 10/21] Auditing interface.' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).