sched: Make sure timers have migrated before killing the migration_thread
[linux-2.6.git] / kernel / auditfilter.c
1 /* auditfilter.c -- filtering of audit events
2  *
3  * Copyright 2003-2004 Red Hat, Inc.
4  * Copyright 2005 Hewlett-Packard Development Company, L.P.
5  * Copyright 2005 IBM Corporation
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License as published by
9  * the Free Software Foundation; either version 2 of the License, or
10  * (at your option) any later version.
11  *
12  * This program is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15  * GNU General Public License for more details.
16  *
17  * You should have received a copy of the GNU General Public License
18  * along with this program; if not, write to the Free Software
19  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
20  */
21
22 #include <linux/kernel.h>
23 #include <linux/audit.h>
24 #include <linux/kthread.h>
25 #include <linux/mutex.h>
26 #include <linux/fs.h>
27 #include <linux/namei.h>
28 #include <linux/netlink.h>
29 #include <linux/sched.h>
30 #include <linux/slab.h>
31 #include <linux/security.h>
32 #include "audit.h"
33
34 /*
35  * Locking model:
36  *
37  * audit_filter_mutex:
38  *              Synchronizes writes and blocking reads of audit's filterlist
39  *              data.  Rcu is used to traverse the filterlist and access
40  *              contents of structs audit_entry, audit_watch and opaque
41  *              LSM rules during filtering.  If modified, these structures
42  *              must be copied and replace their counterparts in the filterlist.
43  *              An audit_parent struct is not accessed during filtering, so may
44  *              be written directly provided audit_filter_mutex is held.
45  */
46
47 /* Audit filter lists, defined in <linux/audit.h> */
48 struct list_head audit_filter_list[AUDIT_NR_FILTERS] = {
49         LIST_HEAD_INIT(audit_filter_list[0]),
50         LIST_HEAD_INIT(audit_filter_list[1]),
51         LIST_HEAD_INIT(audit_filter_list[2]),
52         LIST_HEAD_INIT(audit_filter_list[3]),
53         LIST_HEAD_INIT(audit_filter_list[4]),
54         LIST_HEAD_INIT(audit_filter_list[5]),
55 #if AUDIT_NR_FILTERS != 6
56 #error Fix audit_filter_list initialiser
57 #endif
58 };
59 static struct list_head audit_rules_list[AUDIT_NR_FILTERS] = {
60         LIST_HEAD_INIT(audit_rules_list[0]),
61         LIST_HEAD_INIT(audit_rules_list[1]),
62         LIST_HEAD_INIT(audit_rules_list[2]),
63         LIST_HEAD_INIT(audit_rules_list[3]),
64         LIST_HEAD_INIT(audit_rules_list[4]),
65         LIST_HEAD_INIT(audit_rules_list[5]),
66 };
67
68 DEFINE_MUTEX(audit_filter_mutex);
69
70 static inline void audit_free_rule(struct audit_entry *e)
71 {
72         int i;
73         struct audit_krule *erule = &e->rule;
74         /* some rules don't have associated watches */
75         if (erule->watch)
76                 audit_put_watch(erule->watch);
77         if (erule->fields)
78                 for (i = 0; i < erule->field_count; i++) {
79                         struct audit_field *f = &erule->fields[i];
80                         kfree(f->lsm_str);
81                         security_audit_rule_free(f->lsm_rule);
82                 }
83         kfree(erule->fields);
84         kfree(erule->filterkey);
85         kfree(e);
86 }
87
88 void audit_free_rule_rcu(struct rcu_head *head)
89 {
90         struct audit_entry *e = container_of(head, struct audit_entry, rcu);
91         audit_free_rule(e);
92 }
93
94 /* Initialize an audit filterlist entry. */
95 static inline struct audit_entry *audit_init_entry(u32 field_count)
96 {
97         struct audit_entry *entry;
98         struct audit_field *fields;
99
100         entry = kzalloc(sizeof(*entry), GFP_KERNEL);
101         if (unlikely(!entry))
102                 return NULL;
103
104         fields = kzalloc(sizeof(*fields) * field_count, GFP_KERNEL);
105         if (unlikely(!fields)) {
106                 kfree(entry);
107                 return NULL;
108         }
109         entry->rule.fields = fields;
110
111         return entry;
112 }
113
114 /* Unpack a filter field's string representation from user-space
115  * buffer. */
116 char *audit_unpack_string(void **bufp, size_t *remain, size_t len)
117 {
118         char *str;
119
120         if (!*bufp || (len == 0) || (len > *remain))
121                 return ERR_PTR(-EINVAL);
122
123         /* Of the currently implemented string fields, PATH_MAX
124          * defines the longest valid length.
125          */
126         if (len > PATH_MAX)
127                 return ERR_PTR(-ENAMETOOLONG);
128
129         str = kmalloc(len + 1, GFP_KERNEL);
130         if (unlikely(!str))
131                 return ERR_PTR(-ENOMEM);
132
133         memcpy(str, *bufp, len);
134         str[len] = 0;
135         *bufp += len;
136         *remain -= len;
137
138         return str;
139 }
140
141 /* Translate an inode field to kernel respresentation. */
142 static inline int audit_to_inode(struct audit_krule *krule,
143                                  struct audit_field *f)
144 {
145         if (krule->listnr != AUDIT_FILTER_EXIT ||
146             krule->watch || krule->inode_f || krule->tree ||
147             (f->op != Audit_equal && f->op != Audit_not_equal))
148                 return -EINVAL;
149
150         krule->inode_f = f;
151         return 0;
152 }
153
154 static __u32 *classes[AUDIT_SYSCALL_CLASSES];
155
156 int __init audit_register_class(int class, unsigned *list)
157 {
158         __u32 *p = kzalloc(AUDIT_BITMASK_SIZE * sizeof(__u32), GFP_KERNEL);
159         if (!p)
160                 return -ENOMEM;
161         while (*list != ~0U) {
162                 unsigned n = *list++;
163                 if (n >= AUDIT_BITMASK_SIZE * 32 - AUDIT_SYSCALL_CLASSES) {
164                         kfree(p);
165                         return -EINVAL;
166                 }
167                 p[AUDIT_WORD(n)] |= AUDIT_BIT(n);
168         }
169         if (class >= AUDIT_SYSCALL_CLASSES || classes[class]) {
170                 kfree(p);
171                 return -EINVAL;
172         }
173         classes[class] = p;
174         return 0;
175 }
176
177 int audit_match_class(int class, unsigned syscall)
178 {
179         if (unlikely(syscall >= AUDIT_BITMASK_SIZE * 32))
180                 return 0;
181         if (unlikely(class >= AUDIT_SYSCALL_CLASSES || !classes[class]))
182                 return 0;
183         return classes[class][AUDIT_WORD(syscall)] & AUDIT_BIT(syscall);
184 }
185
186 #ifdef CONFIG_AUDITSYSCALL
187 static inline int audit_match_class_bits(int class, u32 *mask)
188 {
189         int i;
190
191         if (classes[class]) {
192                 for (i = 0; i < AUDIT_BITMASK_SIZE; i++)
193                         if (mask[i] & classes[class][i])
194                                 return 0;
195         }
196         return 1;
197 }
198
199 static int audit_match_signal(struct audit_entry *entry)
200 {
201         struct audit_field *arch = entry->rule.arch_f;
202
203         if (!arch) {
204                 /* When arch is unspecified, we must check both masks on biarch
205                  * as syscall number alone is ambiguous. */
206                 return (audit_match_class_bits(AUDIT_CLASS_SIGNAL,
207                                                entry->rule.mask) &&
208                         audit_match_class_bits(AUDIT_CLASS_SIGNAL_32,
209                                                entry->rule.mask));
210         }
211
212         switch(audit_classify_arch(arch->val)) {
213         case 0: /* native */
214                 return (audit_match_class_bits(AUDIT_CLASS_SIGNAL,
215                                                entry->rule.mask));
216         case 1: /* 32bit on biarch */
217                 return (audit_match_class_bits(AUDIT_CLASS_SIGNAL_32,
218                                                entry->rule.mask));
219         default:
220                 return 1;
221         }
222 }
223 #endif
224
225 /* Common user-space to kernel rule translation. */
226 static inline struct audit_entry *audit_to_entry_common(struct audit_rule *rule)
227 {
228         unsigned listnr;
229         struct audit_entry *entry;
230         int i, err;
231
232         err = -EINVAL;
233         listnr = rule->flags & ~AUDIT_FILTER_PREPEND;
234         switch(listnr) {
235         default:
236                 goto exit_err;
237         case AUDIT_FILTER_USER:
238         case AUDIT_FILTER_TYPE:
239 #ifdef CONFIG_AUDITSYSCALL
240         case AUDIT_FILTER_ENTRY:
241         case AUDIT_FILTER_EXIT:
242         case AUDIT_FILTER_TASK:
243 #endif
244                 ;
245         }
246         if (unlikely(rule->action == AUDIT_POSSIBLE)) {
247                 printk(KERN_ERR "AUDIT_POSSIBLE is deprecated\n");
248                 goto exit_err;
249         }
250         if (rule->action != AUDIT_NEVER && rule->action != AUDIT_ALWAYS)
251                 goto exit_err;
252         if (rule->field_count > AUDIT_MAX_FIELDS)
253                 goto exit_err;
254
255         err = -ENOMEM;
256         entry = audit_init_entry(rule->field_count);
257         if (!entry)
258                 goto exit_err;
259
260         entry->rule.flags = rule->flags & AUDIT_FILTER_PREPEND;
261         entry->rule.listnr = listnr;
262         entry->rule.action = rule->action;
263         entry->rule.field_count = rule->field_count;
264
265         for (i = 0; i < AUDIT_BITMASK_SIZE; i++)
266                 entry->rule.mask[i] = rule->mask[i];
267
268         for (i = 0; i < AUDIT_SYSCALL_CLASSES; i++) {
269                 int bit = AUDIT_BITMASK_SIZE * 32 - i - 1;
270                 __u32 *p = &entry->rule.mask[AUDIT_WORD(bit)];
271                 __u32 *class;
272
273                 if (!(*p & AUDIT_BIT(bit)))
274                         continue;
275                 *p &= ~AUDIT_BIT(bit);
276                 class = classes[i];
277                 if (class) {
278                         int j;
279                         for (j = 0; j < AUDIT_BITMASK_SIZE; j++)
280                                 entry->rule.mask[j] |= class[j];
281                 }
282         }
283
284         return entry;
285
286 exit_err:
287         return ERR_PTR(err);
288 }
289
290 static u32 audit_ops[] =
291 {
292         [Audit_equal] = AUDIT_EQUAL,
293         [Audit_not_equal] = AUDIT_NOT_EQUAL,
294         [Audit_bitmask] = AUDIT_BIT_MASK,
295         [Audit_bittest] = AUDIT_BIT_TEST,
296         [Audit_lt] = AUDIT_LESS_THAN,
297         [Audit_gt] = AUDIT_GREATER_THAN,
298         [Audit_le] = AUDIT_LESS_THAN_OR_EQUAL,
299         [Audit_ge] = AUDIT_GREATER_THAN_OR_EQUAL,
300 };
301
302 static u32 audit_to_op(u32 op)
303 {
304         u32 n;
305         for (n = Audit_equal; n < Audit_bad && audit_ops[n] != op; n++)
306                 ;
307         return n;
308 }
309
310
311 /* Translate struct audit_rule to kernel's rule respresentation.
312  * Exists for backward compatibility with userspace. */
313 static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule)
314 {
315         struct audit_entry *entry;
316         int err = 0;
317         int i;
318
319         entry = audit_to_entry_common(rule);
320         if (IS_ERR(entry))
321                 goto exit_nofree;
322
323         for (i = 0; i < rule->field_count; i++) {
324                 struct audit_field *f = &entry->rule.fields[i];
325                 u32 n;
326
327                 n = rule->fields[i] & (AUDIT_NEGATE|AUDIT_OPERATORS);
328
329                 /* Support for legacy operators where
330                  * AUDIT_NEGATE bit signifies != and otherwise assumes == */
331                 if (n & AUDIT_NEGATE)
332                         f->op = Audit_not_equal;
333                 else if (!n)
334                         f->op = Audit_equal;
335                 else
336                         f->op = audit_to_op(n);
337
338                 entry->rule.vers_ops = (n & AUDIT_OPERATORS) ? 2 : 1;
339
340                 f->type = rule->fields[i] & ~(AUDIT_NEGATE|AUDIT_OPERATORS);
341                 f->val = rule->values[i];
342
343                 err = -EINVAL;
344                 if (f->op == Audit_bad)
345                         goto exit_free;
346
347                 switch(f->type) {
348                 default:
349                         goto exit_free;
350                 case AUDIT_PID:
351                 case AUDIT_UID:
352                 case AUDIT_EUID:
353                 case AUDIT_SUID:
354                 case AUDIT_FSUID:
355                 case AUDIT_GID:
356                 case AUDIT_EGID:
357                 case AUDIT_SGID:
358                 case AUDIT_FSGID:
359                 case AUDIT_LOGINUID:
360                 case AUDIT_PERS:
361                 case AUDIT_MSGTYPE:
362                 case AUDIT_PPID:
363                 case AUDIT_DEVMAJOR:
364                 case AUDIT_DEVMINOR:
365                 case AUDIT_EXIT:
366                 case AUDIT_SUCCESS:
367                         /* bit ops are only useful on syscall args */
368                         if (f->op == Audit_bitmask || f->op == Audit_bittest)
369                                 goto exit_free;
370                         break;
371                 case AUDIT_ARG0:
372                 case AUDIT_ARG1:
373                 case AUDIT_ARG2:
374                 case AUDIT_ARG3:
375                         break;
376                 /* arch is only allowed to be = or != */
377                 case AUDIT_ARCH:
378                         if (f->op != Audit_not_equal && f->op != Audit_equal)
379                                 goto exit_free;
380                         entry->rule.arch_f = f;
381                         break;
382                 case AUDIT_PERM:
383                         if (f->val & ~15)
384                                 goto exit_free;
385                         break;
386                 case AUDIT_FILETYPE:
387                         if ((f->val & ~S_IFMT) > S_IFMT)
388                                 goto exit_free;
389                         break;
390                 case AUDIT_INODE:
391                         err = audit_to_inode(&entry->rule, f);
392                         if (err)
393                                 goto exit_free;
394                         break;
395                 }
396         }
397
398         if (entry->rule.inode_f && entry->rule.inode_f->op == Audit_not_equal)
399                 entry->rule.inode_f = NULL;
400
401 exit_nofree:
402         return entry;
403
404 exit_free:
405         audit_free_rule(entry);
406         return ERR_PTR(err);
407 }
408
409 /* Translate struct audit_rule_data to kernel's rule respresentation. */
410 static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
411                                                size_t datasz)
412 {
413         int err = 0;
414         struct audit_entry *entry;
415         void *bufp;
416         size_t remain = datasz - sizeof(struct audit_rule_data);
417         int i;
418         char *str;
419
420         entry = audit_to_entry_common((struct audit_rule *)data);
421         if (IS_ERR(entry))
422                 goto exit_nofree;
423
424         bufp = data->buf;
425         entry->rule.vers_ops = 2;
426         for (i = 0; i < data->field_count; i++) {
427                 struct audit_field *f = &entry->rule.fields[i];
428
429                 err = -EINVAL;
430
431                 f->op = audit_to_op(data->fieldflags[i]);
432                 if (f->op == Audit_bad)
433                         goto exit_free;
434
435                 f->type = data->fields[i];
436                 f->val = data->values[i];
437                 f->lsm_str = NULL;
438                 f->lsm_rule = NULL;
439                 switch(f->type) {
440                 case AUDIT_PID:
441                 case AUDIT_UID:
442                 case AUDIT_EUID:
443                 case AUDIT_SUID:
444                 case AUDIT_FSUID:
445                 case AUDIT_GID:
446                 case AUDIT_EGID:
447                 case AUDIT_SGID:
448                 case AUDIT_FSGID:
449                 case AUDIT_LOGINUID:
450                 case AUDIT_PERS:
451                 case AUDIT_MSGTYPE:
452                 case AUDIT_PPID:
453                 case AUDIT_DEVMAJOR:
454                 case AUDIT_DEVMINOR:
455                 case AUDIT_EXIT:
456                 case AUDIT_SUCCESS:
457                 case AUDIT_ARG0:
458                 case AUDIT_ARG1:
459                 case AUDIT_ARG2:
460                 case AUDIT_ARG3:
461                         break;
462                 case AUDIT_ARCH:
463                         entry->rule.arch_f = f;
464                         break;
465                 case AUDIT_SUBJ_USER:
466                 case AUDIT_SUBJ_ROLE:
467                 case AUDIT_SUBJ_TYPE:
468                 case AUDIT_SUBJ_SEN:
469                 case AUDIT_SUBJ_CLR:
470                 case AUDIT_OBJ_USER:
471                 case AUDIT_OBJ_ROLE:
472                 case AUDIT_OBJ_TYPE:
473                 case AUDIT_OBJ_LEV_LOW:
474                 case AUDIT_OBJ_LEV_HIGH:
475                         str = audit_unpack_string(&bufp, &remain, f->val);
476                         if (IS_ERR(str))
477                                 goto exit_free;
478                         entry->rule.buflen += f->val;
479
480                         err = security_audit_rule_init(f->type, f->op, str,
481                                                        (void **)&f->lsm_rule);
482                         /* Keep currently invalid fields around in case they
483                          * become valid after a policy reload. */
484                         if (err == -EINVAL) {
485                                 printk(KERN_WARNING "audit rule for LSM "
486                                        "\'%s\' is invalid\n",  str);
487                                 err = 0;
488                         }
489                         if (err) {
490                                 kfree(str);
491                                 goto exit_free;
492                         } else
493                                 f->lsm_str = str;
494                         break;
495                 case AUDIT_WATCH:
496                         str = audit_unpack_string(&bufp, &remain, f->val);
497                         if (IS_ERR(str))
498                                 goto exit_free;
499                         entry->rule.buflen += f->val;
500
501                         err = audit_to_watch(&entry->rule, str, f->val, f->op);
502                         if (err) {
503                                 kfree(str);
504                                 goto exit_free;
505                         }
506                         break;
507                 case AUDIT_DIR:
508                         str = audit_unpack_string(&bufp, &remain, f->val);
509                         if (IS_ERR(str))
510                                 goto exit_free;
511                         entry->rule.buflen += f->val;
512
513                         err = audit_make_tree(&entry->rule, str, f->op);
514                         kfree(str);
515                         if (err)
516                                 goto exit_free;
517                         break;
518                 case AUDIT_INODE:
519                         err = audit_to_inode(&entry->rule, f);
520                         if (err)
521                                 goto exit_free;
522                         break;
523                 case AUDIT_FILTERKEY:
524                         err = -EINVAL;
525                         if (entry->rule.filterkey || f->val > AUDIT_MAX_KEY_LEN)
526                                 goto exit_free;
527                         str = audit_unpack_string(&bufp, &remain, f->val);
528                         if (IS_ERR(str))
529                                 goto exit_free;
530                         entry->rule.buflen += f->val;
531                         entry->rule.filterkey = str;
532                         break;
533                 case AUDIT_PERM:
534                         if (f->val & ~15)
535                                 goto exit_free;
536                         break;
537                 case AUDIT_FILETYPE:
538                         if ((f->val & ~S_IFMT) > S_IFMT)
539                                 goto exit_free;
540                         break;
541                 default:
542                         goto exit_free;
543                 }
544         }
545
546         if (entry->rule.inode_f && entry->rule.inode_f->op == Audit_not_equal)
547                 entry->rule.inode_f = NULL;
548
549 exit_nofree:
550         return entry;
551
552 exit_free:
553         audit_free_rule(entry);
554         return ERR_PTR(err);
555 }
556
557 /* Pack a filter field's string representation into data block. */
558 static inline size_t audit_pack_string(void **bufp, const char *str)
559 {
560         size_t len = strlen(str);
561
562         memcpy(*bufp, str, len);
563         *bufp += len;
564
565         return len;
566 }
567
568 /* Translate kernel rule respresentation to struct audit_rule.
569  * Exists for backward compatibility with userspace. */
570 static struct audit_rule *audit_krule_to_rule(struct audit_krule *krule)
571 {
572         struct audit_rule *rule;
573         int i;
574
575         rule = kzalloc(sizeof(*rule), GFP_KERNEL);
576         if (unlikely(!rule))
577                 return NULL;
578
579         rule->flags = krule->flags | krule->listnr;
580         rule->action = krule->action;
581         rule->field_count = krule->field_count;
582         for (i = 0; i < rule->field_count; i++) {
583                 rule->values[i] = krule->fields[i].val;
584                 rule->fields[i] = krule->fields[i].type;
585
586                 if (krule->vers_ops == 1) {
587                         if (krule->fields[i].op == Audit_not_equal)
588                                 rule->fields[i] |= AUDIT_NEGATE;
589                 } else {
590                         rule->fields[i] |= audit_ops[krule->fields[i].op];
591                 }
592         }
593         for (i = 0; i < AUDIT_BITMASK_SIZE; i++) rule->mask[i] = krule->mask[i];
594
595         return rule;
596 }
597
598 /* Translate kernel rule respresentation to struct audit_rule_data. */
599 static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule)
600 {
601         struct audit_rule_data *data;
602         void *bufp;
603         int i;
604
605         data = kmalloc(sizeof(*data) + krule->buflen, GFP_KERNEL);
606         if (unlikely(!data))
607                 return NULL;
608         memset(data, 0, sizeof(*data));
609
610         data->flags = krule->flags | krule->listnr;
611         data->action = krule->action;
612         data->field_count = krule->field_count;
613         bufp = data->buf;
614         for (i = 0; i < data->field_count; i++) {
615                 struct audit_field *f = &krule->fields[i];
616
617                 data->fields[i] = f->type;
618                 data->fieldflags[i] = audit_ops[f->op];
619                 switch(f->type) {
620                 case AUDIT_SUBJ_USER:
621                 case AUDIT_SUBJ_ROLE:
622                 case AUDIT_SUBJ_TYPE:
623                 case AUDIT_SUBJ_SEN:
624                 case AUDIT_SUBJ_CLR:
625                 case AUDIT_OBJ_USER:
626                 case AUDIT_OBJ_ROLE:
627                 case AUDIT_OBJ_TYPE:
628                 case AUDIT_OBJ_LEV_LOW:
629                 case AUDIT_OBJ_LEV_HIGH:
630                         data->buflen += data->values[i] =
631                                 audit_pack_string(&bufp, f->lsm_str);
632                         break;
633                 case AUDIT_WATCH:
634                         data->buflen += data->values[i] =
635                                 audit_pack_string(&bufp,
636                                                   audit_watch_path(krule->watch));
637                         break;
638                 case AUDIT_DIR:
639                         data->buflen += data->values[i] =
640                                 audit_pack_string(&bufp,
641                                                   audit_tree_path(krule->tree));
642                         break;
643                 case AUDIT_FILTERKEY:
644                         data->buflen += data->values[i] =
645                                 audit_pack_string(&bufp, krule->filterkey);
646                         break;
647                 default:
648                         data->values[i] = f->val;
649                 }
650         }
651         for (i = 0; i < AUDIT_BITMASK_SIZE; i++) data->mask[i] = krule->mask[i];
652
653         return data;
654 }
655
656 /* Compare two rules in kernel format.  Considered success if rules
657  * don't match. */
658 static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b)
659 {
660         int i;
661
662         if (a->flags != b->flags ||
663             a->listnr != b->listnr ||
664             a->action != b->action ||
665             a->field_count != b->field_count)
666                 return 1;
667
668         for (i = 0; i < a->field_count; i++) {
669                 if (a->fields[i].type != b->fields[i].type ||
670                     a->fields[i].op != b->fields[i].op)
671                         return 1;
672
673                 switch(a->fields[i].type) {
674                 case AUDIT_SUBJ_USER:
675                 case AUDIT_SUBJ_ROLE:
676                 case AUDIT_SUBJ_TYPE:
677                 case AUDIT_SUBJ_SEN:
678                 case AUDIT_SUBJ_CLR:
679                 case AUDIT_OBJ_USER:
680                 case AUDIT_OBJ_ROLE:
681                 case AUDIT_OBJ_TYPE:
682                 case AUDIT_OBJ_LEV_LOW:
683                 case AUDIT_OBJ_LEV_HIGH:
684                         if (strcmp(a->fields[i].lsm_str, b->fields[i].lsm_str))
685                                 return 1;
686                         break;
687                 case AUDIT_WATCH:
688                         if (strcmp(audit_watch_path(a->watch),
689                                    audit_watch_path(b->watch)))
690                                 return 1;
691                         break;
692                 case AUDIT_DIR:
693                         if (strcmp(audit_tree_path(a->tree),
694                                    audit_tree_path(b->tree)))
695                                 return 1;
696                         break;
697                 case AUDIT_FILTERKEY:
698                         /* both filterkeys exist based on above type compare */
699                         if (strcmp(a->filterkey, b->filterkey))
700                                 return 1;
701                         break;
702                 default:
703                         if (a->fields[i].val != b->fields[i].val)
704                                 return 1;
705                 }
706         }
707
708         for (i = 0; i < AUDIT_BITMASK_SIZE; i++)
709                 if (a->mask[i] != b->mask[i])
710                         return 1;
711
712         return 0;
713 }
714
715 /* Duplicate LSM field information.  The lsm_rule is opaque, so must be
716  * re-initialized. */
717 static inline int audit_dupe_lsm_field(struct audit_field *df,
718                                            struct audit_field *sf)
719 {
720         int ret = 0;
721         char *lsm_str;
722
723         /* our own copy of lsm_str */
724         lsm_str = kstrdup(sf->lsm_str, GFP_KERNEL);
725         if (unlikely(!lsm_str))
726                 return -ENOMEM;
727         df->lsm_str = lsm_str;
728
729         /* our own (refreshed) copy of lsm_rule */
730         ret = security_audit_rule_init(df->type, df->op, df->lsm_str,
731                                        (void **)&df->lsm_rule);
732         /* Keep currently invalid fields around in case they
733          * become valid after a policy reload. */
734         if (ret == -EINVAL) {
735                 printk(KERN_WARNING "audit rule for LSM \'%s\' is "
736                        "invalid\n", df->lsm_str);
737                 ret = 0;
738         }
739
740         return ret;
741 }
742
743 /* Duplicate an audit rule.  This will be a deep copy with the exception
744  * of the watch - that pointer is carried over.  The LSM specific fields
745  * will be updated in the copy.  The point is to be able to replace the old
746  * rule with the new rule in the filterlist, then free the old rule.
747  * The rlist element is undefined; list manipulations are handled apart from
748  * the initial copy. */
749 struct audit_entry *audit_dupe_rule(struct audit_krule *old,
750                                     struct audit_watch *watch)
751 {
752         u32 fcount = old->field_count;
753         struct audit_entry *entry;
754         struct audit_krule *new;
755         char *fk;
756         int i, err = 0;
757
758         entry = audit_init_entry(fcount);
759         if (unlikely(!entry))
760                 return ERR_PTR(-ENOMEM);
761
762         new = &entry->rule;
763         new->vers_ops = old->vers_ops;
764         new->flags = old->flags;
765         new->listnr = old->listnr;
766         new->action = old->action;
767         for (i = 0; i < AUDIT_BITMASK_SIZE; i++)
768                 new->mask[i] = old->mask[i];
769         new->prio = old->prio;
770         new->buflen = old->buflen;
771         new->inode_f = old->inode_f;
772         new->watch = NULL;
773         new->field_count = old->field_count;
774         /*
775          * note that we are OK with not refcounting here; audit_match_tree()
776          * never dereferences tree and we can't get false positives there
777          * since we'd have to have rule gone from the list *and* removed
778          * before the chunks found by lookup had been allocated, i.e. before
779          * the beginning of list scan.
780          */
781         new->tree = old->tree;
782         memcpy(new->fields, old->fields, sizeof(struct audit_field) * fcount);
783
784         /* deep copy this information, updating the lsm_rule fields, because
785          * the originals will all be freed when the old rule is freed. */
786         for (i = 0; i < fcount; i++) {
787                 switch (new->fields[i].type) {
788                 case AUDIT_SUBJ_USER:
789                 case AUDIT_SUBJ_ROLE:
790                 case AUDIT_SUBJ_TYPE:
791                 case AUDIT_SUBJ_SEN:
792                 case AUDIT_SUBJ_CLR:
793                 case AUDIT_OBJ_USER:
794                 case AUDIT_OBJ_ROLE:
795                 case AUDIT_OBJ_TYPE:
796                 case AUDIT_OBJ_LEV_LOW:
797                 case AUDIT_OBJ_LEV_HIGH:
798                         err = audit_dupe_lsm_field(&new->fields[i],
799                                                        &old->fields[i]);
800                         break;
801                 case AUDIT_FILTERKEY:
802                         fk = kstrdup(old->filterkey, GFP_KERNEL);
803                         if (unlikely(!fk))
804                                 err = -ENOMEM;
805                         else
806                                 new->filterkey = fk;
807                 }
808                 if (err) {
809                         audit_free_rule(entry);
810                         return ERR_PTR(err);
811                 }
812         }
813
814         if (watch) {
815                 audit_get_watch(watch);
816                 new->watch = watch;
817         }
818
819         return entry;
820 }
821
822 /* Find an existing audit rule.
823  * Caller must hold audit_filter_mutex to prevent stale rule data. */
824 static struct audit_entry *audit_find_rule(struct audit_entry *entry,
825                                            struct list_head **p)
826 {
827         struct audit_entry *e, *found = NULL;
828         struct list_head *list;
829         int h;
830
831         if (entry->rule.inode_f) {
832                 h = audit_hash_ino(entry->rule.inode_f->val);
833                 *p = list = &audit_inode_hash[h];
834         } else if (entry->rule.watch) {
835                 /* we don't know the inode number, so must walk entire hash */
836                 for (h = 0; h < AUDIT_INODE_BUCKETS; h++) {
837                         list = &audit_inode_hash[h];
838                         list_for_each_entry(e, list, list)
839                                 if (!audit_compare_rule(&entry->rule, &e->rule)) {
840                                         found = e;
841                                         goto out;
842                                 }
843                 }
844                 goto out;
845         } else {
846                 *p = list = &audit_filter_list[entry->rule.listnr];
847         }
848
849         list_for_each_entry(e, list, list)
850                 if (!audit_compare_rule(&entry->rule, &e->rule)) {
851                         found = e;
852                         goto out;
853                 }
854
855 out:
856         return found;
857 }
858
859 static u64 prio_low = ~0ULL/2;
860 static u64 prio_high = ~0ULL/2 - 1;
861
862 /* Add rule to given filterlist if not a duplicate. */
863 static inline int audit_add_rule(struct audit_entry *entry)
864 {
865         struct audit_entry *e;
866         struct audit_watch *watch = entry->rule.watch;
867         struct audit_tree *tree = entry->rule.tree;
868         struct list_head *list;
869         int h, err;
870 #ifdef CONFIG_AUDITSYSCALL
871         int dont_count = 0;
872
873         /* If either of these, don't count towards total */
874         if (entry->rule.listnr == AUDIT_FILTER_USER ||
875                 entry->rule.listnr == AUDIT_FILTER_TYPE)
876                 dont_count = 1;
877 #endif
878
879         mutex_lock(&audit_filter_mutex);
880         e = audit_find_rule(entry, &list);
881         if (e) {
882                 mutex_unlock(&audit_filter_mutex);
883                 err = -EEXIST;
884                 /* normally audit_add_tree_rule() will free it on failure */
885                 if (tree)
886                         audit_put_tree(tree);
887                 goto error;
888         }
889
890         if (watch) {
891                 /* audit_filter_mutex is dropped and re-taken during this call */
892                 err = audit_add_watch(&entry->rule);
893                 if (err) {
894                         mutex_unlock(&audit_filter_mutex);
895                         goto error;
896                 }
897                 /* entry->rule.watch may have changed during audit_add_watch() */
898                 watch = entry->rule.watch;
899                 h = audit_hash_ino((u32)audit_watch_inode(watch));
900                 list = &audit_inode_hash[h];
901         }
902         if (tree) {
903                 err = audit_add_tree_rule(&entry->rule);
904                 if (err) {
905                         mutex_unlock(&audit_filter_mutex);
906                         goto error;
907                 }
908         }
909
910         entry->rule.prio = ~0ULL;
911         if (entry->rule.listnr == AUDIT_FILTER_EXIT) {
912                 if (entry->rule.flags & AUDIT_FILTER_PREPEND)
913                         entry->rule.prio = ++prio_high;
914                 else
915                         entry->rule.prio = --prio_low;
916         }
917
918         if (entry->rule.flags & AUDIT_FILTER_PREPEND) {
919                 list_add(&entry->rule.list,
920                          &audit_rules_list[entry->rule.listnr]);
921                 list_add_rcu(&entry->list, list);
922                 entry->rule.flags &= ~AUDIT_FILTER_PREPEND;
923         } else {
924                 list_add_tail(&entry->rule.list,
925                               &audit_rules_list[entry->rule.listnr]);
926                 list_add_tail_rcu(&entry->list, list);
927         }
928 #ifdef CONFIG_AUDITSYSCALL
929         if (!dont_count)
930                 audit_n_rules++;
931
932         if (!audit_match_signal(entry))
933                 audit_signals++;
934 #endif
935         mutex_unlock(&audit_filter_mutex);
936
937         return 0;
938
939 error:
940         if (watch)
941                 audit_put_watch(watch); /* tmp watch, matches initial get */
942         return err;
943 }
944
945 /* Remove an existing rule from filterlist. */
946 static inline int audit_del_rule(struct audit_entry *entry)
947 {
948         struct audit_entry  *e;
949         struct audit_watch *watch = entry->rule.watch;
950         struct audit_tree *tree = entry->rule.tree;
951         struct list_head *list;
952         LIST_HEAD(inotify_list);
953         int ret = 0;
954 #ifdef CONFIG_AUDITSYSCALL
955         int dont_count = 0;
956
957         /* If either of these, don't count towards total */
958         if (entry->rule.listnr == AUDIT_FILTER_USER ||
959                 entry->rule.listnr == AUDIT_FILTER_TYPE)
960                 dont_count = 1;
961 #endif
962
963         mutex_lock(&audit_filter_mutex);
964         e = audit_find_rule(entry, &list);
965         if (!e) {
966                 mutex_unlock(&audit_filter_mutex);
967                 ret = -ENOENT;
968                 goto out;
969         }
970
971         if (e->rule.watch)
972                 audit_remove_watch_rule(&e->rule, &inotify_list);
973
974         if (e->rule.tree)
975                 audit_remove_tree_rule(&e->rule);
976
977         list_del_rcu(&e->list);
978         list_del(&e->rule.list);
979         call_rcu(&e->rcu, audit_free_rule_rcu);
980
981 #ifdef CONFIG_AUDITSYSCALL
982         if (!dont_count)
983                 audit_n_rules--;
984
985         if (!audit_match_signal(entry))
986                 audit_signals--;
987 #endif
988         mutex_unlock(&audit_filter_mutex);
989
990         if (!list_empty(&inotify_list))
991                 audit_inotify_unregister(&inotify_list);
992
993 out:
994         if (watch)
995                 audit_put_watch(watch); /* match initial get */
996         if (tree)
997                 audit_put_tree(tree);   /* that's the temporary one */
998
999         return ret;
1000 }
1001
1002 /* List rules using struct audit_rule.  Exists for backward
1003  * compatibility with userspace. */
1004 static void audit_list(int pid, int seq, struct sk_buff_head *q)
1005 {
1006         struct sk_buff *skb;
1007         struct audit_krule *r;
1008         int i;
1009
1010         /* This is a blocking read, so use audit_filter_mutex instead of rcu
1011          * iterator to sync with list writers. */
1012         for (i=0; i<AUDIT_NR_FILTERS; i++) {
1013                 list_for_each_entry(r, &audit_rules_list[i], list) {
1014                         struct audit_rule *rule;
1015
1016                         rule = audit_krule_to_rule(r);
1017                         if (unlikely(!rule))
1018                                 break;
1019                         skb = audit_make_reply(pid, seq, AUDIT_LIST, 0, 1,
1020                                          rule, sizeof(*rule));
1021                         if (skb)
1022                                 skb_queue_tail(q, skb);
1023                         kfree(rule);
1024                 }
1025         }
1026         skb = audit_make_reply(pid, seq, AUDIT_LIST, 1, 1, NULL, 0);
1027         if (skb)
1028                 skb_queue_tail(q, skb);
1029 }
1030
1031 /* List rules using struct audit_rule_data. */
1032 static void audit_list_rules(int pid, int seq, struct sk_buff_head *q)
1033 {
1034         struct sk_buff *skb;
1035         struct audit_krule *r;
1036         int i;
1037
1038         /* This is a blocking read, so use audit_filter_mutex instead of rcu
1039          * iterator to sync with list writers. */
1040         for (i=0; i<AUDIT_NR_FILTERS; i++) {
1041                 list_for_each_entry(r, &audit_rules_list[i], list) {
1042                         struct audit_rule_data *data;
1043
1044                         data = audit_krule_to_data(r);
1045                         if (unlikely(!data))
1046                                 break;
1047                         skb = audit_make_reply(pid, seq, AUDIT_LIST_RULES, 0, 1,
1048                                          data, sizeof(*data) + data->buflen);
1049                         if (skb)
1050                                 skb_queue_tail(q, skb);
1051                         kfree(data);
1052                 }
1053         }
1054         skb = audit_make_reply(pid, seq, AUDIT_LIST_RULES, 1, 1, NULL, 0);
1055         if (skb)
1056                 skb_queue_tail(q, skb);
1057 }
1058
1059 /* Log rule additions and removals */
1060 static void audit_log_rule_change(uid_t loginuid, u32 sessionid, u32 sid,
1061                                   char *action, struct audit_krule *rule,
1062                                   int res)
1063 {
1064         struct audit_buffer *ab;
1065
1066         if (!audit_enabled)
1067                 return;
1068
1069         ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
1070         if (!ab)
1071                 return;
1072         audit_log_format(ab, "auid=%u ses=%u", loginuid, sessionid);
1073         if (sid) {
1074                 char *ctx = NULL;
1075                 u32 len;
1076                 if (security_secid_to_secctx(sid, &ctx, &len))
1077                         audit_log_format(ab, " ssid=%u", sid);
1078                 else {
1079                         audit_log_format(ab, " subj=%s", ctx);
1080                         security_release_secctx(ctx, len);
1081                 }
1082         }
1083         audit_log_format(ab, " op=");
1084         audit_log_string(ab, action);
1085         audit_log_key(ab, rule->filterkey);
1086         audit_log_format(ab, " list=%d res=%d", rule->listnr, res);
1087         audit_log_end(ab);
1088 }
1089
1090 /**
1091  * audit_receive_filter - apply all rules to the specified message type
1092  * @type: audit message type
1093  * @pid: target pid for netlink audit messages
1094  * @uid: target uid for netlink audit messages
1095  * @seq: netlink audit message sequence (serial) number
1096  * @data: payload data
1097  * @datasz: size of payload data
1098  * @loginuid: loginuid of sender
1099  * @sessionid: sessionid for netlink audit message
1100  * @sid: SE Linux Security ID of sender
1101  */
1102 int audit_receive_filter(int type, int pid, int uid, int seq, void *data,
1103                          size_t datasz, uid_t loginuid, u32 sessionid, u32 sid)
1104 {
1105         struct task_struct *tsk;
1106         struct audit_netlink_list *dest;
1107         int err = 0;
1108         struct audit_entry *entry;
1109
1110         switch (type) {
1111         case AUDIT_LIST:
1112         case AUDIT_LIST_RULES:
1113                 /* We can't just spew out the rules here because we might fill
1114                  * the available socket buffer space and deadlock waiting for
1115                  * auditctl to read from it... which isn't ever going to
1116                  * happen if we're actually running in the context of auditctl
1117                  * trying to _send_ the stuff */
1118
1119                 dest = kmalloc(sizeof(struct audit_netlink_list), GFP_KERNEL);
1120                 if (!dest)
1121                         return -ENOMEM;
1122                 dest->pid = pid;
1123                 skb_queue_head_init(&dest->q);
1124
1125                 mutex_lock(&audit_filter_mutex);
1126                 if (type == AUDIT_LIST)
1127                         audit_list(pid, seq, &dest->q);
1128                 else
1129                         audit_list_rules(pid, seq, &dest->q);
1130                 mutex_unlock(&audit_filter_mutex);
1131
1132                 tsk = kthread_run(audit_send_list, dest, "audit_send_list");
1133                 if (IS_ERR(tsk)) {
1134                         skb_queue_purge(&dest->q);
1135                         kfree(dest);
1136                         err = PTR_ERR(tsk);
1137                 }
1138                 break;
1139         case AUDIT_ADD:
1140         case AUDIT_ADD_RULE:
1141                 if (type == AUDIT_ADD)
1142                         entry = audit_rule_to_entry(data);
1143                 else
1144                         entry = audit_data_to_entry(data, datasz);
1145                 if (IS_ERR(entry))
1146                         return PTR_ERR(entry);
1147
1148                 err = audit_add_rule(entry);
1149                 audit_log_rule_change(loginuid, sessionid, sid, "add rule",
1150                                       &entry->rule, !err);
1151
1152                 if (err)
1153                         audit_free_rule(entry);
1154                 break;
1155         case AUDIT_DEL:
1156         case AUDIT_DEL_RULE:
1157                 if (type == AUDIT_DEL)
1158                         entry = audit_rule_to_entry(data);
1159                 else
1160                         entry = audit_data_to_entry(data, datasz);
1161                 if (IS_ERR(entry))
1162                         return PTR_ERR(entry);
1163
1164                 err = audit_del_rule(entry);
1165                 audit_log_rule_change(loginuid, sessionid, sid, "remove rule",
1166                                       &entry->rule, !err);
1167
1168                 audit_free_rule(entry);
1169                 break;
1170         default:
1171                 return -EINVAL;
1172         }
1173
1174         return err;
1175 }
1176
1177 int audit_comparator(u32 left, u32 op, u32 right)
1178 {
1179         switch (op) {
1180         case Audit_equal:
1181                 return (left == right);
1182         case Audit_not_equal:
1183                 return (left != right);
1184         case Audit_lt:
1185                 return (left < right);
1186         case Audit_le:
1187                 return (left <= right);
1188         case Audit_gt:
1189                 return (left > right);
1190         case Audit_ge:
1191                 return (left >= right);
1192         case Audit_bitmask:
1193                 return (left & right);
1194         case Audit_bittest:
1195                 return ((left & right) == right);
1196         default:
1197                 BUG();
1198                 return 0;
1199         }
1200 }
1201
1202 /* Compare given dentry name with last component in given path,
1203  * return of 0 indicates a match. */
1204 int audit_compare_dname_path(const char *dname, const char *path,
1205                              int *dirlen)
1206 {
1207         int dlen, plen;
1208         const char *p;
1209
1210         if (!dname || !path)
1211                 return 1;
1212
1213         dlen = strlen(dname);
1214         plen = strlen(path);
1215         if (plen < dlen)
1216                 return 1;
1217
1218         /* disregard trailing slashes */
1219         p = path + plen - 1;
1220         while ((*p == '/') && (p > path))
1221                 p--;
1222
1223         /* find last path component */
1224         p = p - dlen + 1;
1225         if (p < path)
1226                 return 1;
1227         else if (p > path) {
1228                 if (*--p != '/')
1229                         return 1;
1230                 else
1231                         p++;
1232         }
1233
1234         /* return length of path's directory component */
1235         if (dirlen)
1236                 *dirlen = p - path;
1237         return strncmp(p, dname, dlen);
1238 }
1239
1240 static int audit_filter_user_rules(struct netlink_skb_parms *cb,
1241                                    struct audit_krule *rule,
1242                                    enum audit_state *state)
1243 {
1244         int i;
1245
1246         for (i = 0; i < rule->field_count; i++) {
1247                 struct audit_field *f = &rule->fields[i];
1248                 int result = 0;
1249
1250                 switch (f->type) {
1251                 case AUDIT_PID:
1252                         result = audit_comparator(cb->creds.pid, f->op, f->val);
1253                         break;
1254                 case AUDIT_UID:
1255                         result = audit_comparator(cb->creds.uid, f->op, f->val);
1256                         break;
1257                 case AUDIT_GID:
1258                         result = audit_comparator(cb->creds.gid, f->op, f->val);
1259                         break;
1260                 case AUDIT_LOGINUID:
1261                         result = audit_comparator(cb->loginuid, f->op, f->val);
1262                         break;
1263                 }
1264
1265                 if (!result)
1266                         return 0;
1267         }
1268         switch (rule->action) {
1269         case AUDIT_NEVER:    *state = AUDIT_DISABLED;       break;
1270         case AUDIT_ALWAYS:   *state = AUDIT_RECORD_CONTEXT; break;
1271         }
1272         return 1;
1273 }
1274
1275 int audit_filter_user(struct netlink_skb_parms *cb)
1276 {
1277         enum audit_state state = AUDIT_DISABLED;
1278         struct audit_entry *e;
1279         int ret = 1;
1280
1281         rcu_read_lock();
1282         list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_USER], list) {
1283                 if (audit_filter_user_rules(cb, &e->rule, &state)) {
1284                         if (state == AUDIT_DISABLED)
1285                                 ret = 0;
1286                         break;
1287                 }
1288         }
1289         rcu_read_unlock();
1290
1291         return ret; /* Audit by default */
1292 }
1293
1294 int audit_filter_type(int type)
1295 {
1296         struct audit_entry *e;
1297         int result = 0;
1298
1299         rcu_read_lock();
1300         if (list_empty(&audit_filter_list[AUDIT_FILTER_TYPE]))
1301                 goto unlock_and_return;
1302
1303         list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_TYPE],
1304                                 list) {
1305                 int i;
1306                 for (i = 0; i < e->rule.field_count; i++) {
1307                         struct audit_field *f = &e->rule.fields[i];
1308                         if (f->type == AUDIT_MSGTYPE) {
1309                                 result = audit_comparator(type, f->op, f->val);
1310                                 if (!result)
1311                                         break;
1312                         }
1313                 }
1314                 if (result)
1315                         goto unlock_and_return;
1316         }
1317 unlock_and_return:
1318         rcu_read_unlock();
1319         return result;
1320 }
1321
1322 static int update_lsm_rule(struct audit_krule *r)
1323 {
1324         struct audit_entry *entry = container_of(r, struct audit_entry, rule);
1325         struct audit_entry *nentry;
1326         struct audit_watch *watch;
1327         struct audit_tree *tree;
1328         int err = 0;
1329
1330         if (!security_audit_rule_known(r))
1331                 return 0;
1332
1333         watch = r->watch;
1334         tree = r->tree;
1335         nentry = audit_dupe_rule(r, watch);
1336         if (IS_ERR(nentry)) {
1337                 /* save the first error encountered for the
1338                  * return value */
1339                 err = PTR_ERR(nentry);
1340                 audit_panic("error updating LSM filters");
1341                 if (watch)
1342                         list_del(&r->rlist);
1343                 list_del_rcu(&entry->list);
1344                 list_del(&r->list);
1345         } else {
1346                 if (watch) {
1347                         list_add(&nentry->rule.rlist, audit_watch_rules(watch));
1348                         list_del(&r->rlist);
1349                 } else if (tree)
1350                         list_replace_init(&r->rlist, &nentry->rule.rlist);
1351                 list_replace_rcu(&entry->list, &nentry->list);
1352                 list_replace(&r->list, &nentry->rule.list);
1353         }
1354         call_rcu(&entry->rcu, audit_free_rule_rcu);
1355
1356         return err;
1357 }
1358
1359 /* This function will re-initialize the lsm_rule field of all applicable rules.
1360  * It will traverse the filter lists serarching for rules that contain LSM
1361  * specific filter fields.  When such a rule is found, it is copied, the
1362  * LSM field is re-initialized, and the old rule is replaced with the
1363  * updated rule. */
1364 int audit_update_lsm_rules(void)
1365 {
1366         struct audit_krule *r, *n;
1367         int i, err = 0;
1368
1369         /* audit_filter_mutex synchronizes the writers */
1370         mutex_lock(&audit_filter_mutex);
1371
1372         for (i = 0; i < AUDIT_NR_FILTERS; i++) {
1373                 list_for_each_entry_safe(r, n, &audit_rules_list[i], list) {
1374                         int res = update_lsm_rule(r);
1375                         if (!err)
1376                                 err = res;
1377                 }
1378         }
1379         mutex_unlock(&audit_filter_mutex);
1380
1381         return err;
1382 }