xref: /OK3568_Linux_fs/kernel/security/lsm_audit.c (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun // SPDX-License-Identifier: GPL-2.0-only
2*4882a593Smuzhiyun /*
3*4882a593Smuzhiyun  * common LSM auditing functions
4*4882a593Smuzhiyun  *
5*4882a593Smuzhiyun  * Based on code written for SELinux by :
6*4882a593Smuzhiyun  *			Stephen Smalley, <sds@tycho.nsa.gov>
7*4882a593Smuzhiyun  * 			James Morris <jmorris@redhat.com>
8*4882a593Smuzhiyun  * Author : Etienne Basset, <etienne.basset@ensta.org>
9*4882a593Smuzhiyun  */
10*4882a593Smuzhiyun 
11*4882a593Smuzhiyun #include <linux/types.h>
12*4882a593Smuzhiyun #include <linux/stddef.h>
13*4882a593Smuzhiyun #include <linux/kernel.h>
14*4882a593Smuzhiyun #include <linux/gfp.h>
15*4882a593Smuzhiyun #include <linux/fs.h>
16*4882a593Smuzhiyun #include <linux/init.h>
17*4882a593Smuzhiyun #include <net/sock.h>
18*4882a593Smuzhiyun #include <linux/un.h>
19*4882a593Smuzhiyun #include <net/af_unix.h>
20*4882a593Smuzhiyun #include <linux/audit.h>
21*4882a593Smuzhiyun #include <linux/ipv6.h>
22*4882a593Smuzhiyun #include <linux/ip.h>
23*4882a593Smuzhiyun #include <net/ip.h>
24*4882a593Smuzhiyun #include <net/ipv6.h>
25*4882a593Smuzhiyun #include <linux/tcp.h>
26*4882a593Smuzhiyun #include <linux/udp.h>
27*4882a593Smuzhiyun #include <linux/dccp.h>
28*4882a593Smuzhiyun #include <linux/sctp.h>
29*4882a593Smuzhiyun #include <linux/lsm_audit.h>
30*4882a593Smuzhiyun 
31*4882a593Smuzhiyun /**
32*4882a593Smuzhiyun  * ipv4_skb_to_auditdata : fill auditdata from skb
33*4882a593Smuzhiyun  * @skb : the skb
34*4882a593Smuzhiyun  * @ad : the audit data to fill
35*4882a593Smuzhiyun  * @proto : the layer 4 protocol
36*4882a593Smuzhiyun  *
37*4882a593Smuzhiyun  * return  0 on success
38*4882a593Smuzhiyun  */
ipv4_skb_to_auditdata(struct sk_buff * skb,struct common_audit_data * ad,u8 * proto)39*4882a593Smuzhiyun int ipv4_skb_to_auditdata(struct sk_buff *skb,
40*4882a593Smuzhiyun 		struct common_audit_data *ad, u8 *proto)
41*4882a593Smuzhiyun {
42*4882a593Smuzhiyun 	int ret = 0;
43*4882a593Smuzhiyun 	struct iphdr *ih;
44*4882a593Smuzhiyun 
45*4882a593Smuzhiyun 	ih = ip_hdr(skb);
46*4882a593Smuzhiyun 	if (ih == NULL)
47*4882a593Smuzhiyun 		return -EINVAL;
48*4882a593Smuzhiyun 
49*4882a593Smuzhiyun 	ad->u.net->v4info.saddr = ih->saddr;
50*4882a593Smuzhiyun 	ad->u.net->v4info.daddr = ih->daddr;
51*4882a593Smuzhiyun 
52*4882a593Smuzhiyun 	if (proto)
53*4882a593Smuzhiyun 		*proto = ih->protocol;
54*4882a593Smuzhiyun 	/* non initial fragment */
55*4882a593Smuzhiyun 	if (ntohs(ih->frag_off) & IP_OFFSET)
56*4882a593Smuzhiyun 		return 0;
57*4882a593Smuzhiyun 
58*4882a593Smuzhiyun 	switch (ih->protocol) {
59*4882a593Smuzhiyun 	case IPPROTO_TCP: {
60*4882a593Smuzhiyun 		struct tcphdr *th = tcp_hdr(skb);
61*4882a593Smuzhiyun 		if (th == NULL)
62*4882a593Smuzhiyun 			break;
63*4882a593Smuzhiyun 
64*4882a593Smuzhiyun 		ad->u.net->sport = th->source;
65*4882a593Smuzhiyun 		ad->u.net->dport = th->dest;
66*4882a593Smuzhiyun 		break;
67*4882a593Smuzhiyun 	}
68*4882a593Smuzhiyun 	case IPPROTO_UDP: {
69*4882a593Smuzhiyun 		struct udphdr *uh = udp_hdr(skb);
70*4882a593Smuzhiyun 		if (uh == NULL)
71*4882a593Smuzhiyun 			break;
72*4882a593Smuzhiyun 
73*4882a593Smuzhiyun 		ad->u.net->sport = uh->source;
74*4882a593Smuzhiyun 		ad->u.net->dport = uh->dest;
75*4882a593Smuzhiyun 		break;
76*4882a593Smuzhiyun 	}
77*4882a593Smuzhiyun 	case IPPROTO_DCCP: {
78*4882a593Smuzhiyun 		struct dccp_hdr *dh = dccp_hdr(skb);
79*4882a593Smuzhiyun 		if (dh == NULL)
80*4882a593Smuzhiyun 			break;
81*4882a593Smuzhiyun 
82*4882a593Smuzhiyun 		ad->u.net->sport = dh->dccph_sport;
83*4882a593Smuzhiyun 		ad->u.net->dport = dh->dccph_dport;
84*4882a593Smuzhiyun 		break;
85*4882a593Smuzhiyun 	}
86*4882a593Smuzhiyun 	case IPPROTO_SCTP: {
87*4882a593Smuzhiyun 		struct sctphdr *sh = sctp_hdr(skb);
88*4882a593Smuzhiyun 		if (sh == NULL)
89*4882a593Smuzhiyun 			break;
90*4882a593Smuzhiyun 		ad->u.net->sport = sh->source;
91*4882a593Smuzhiyun 		ad->u.net->dport = sh->dest;
92*4882a593Smuzhiyun 		break;
93*4882a593Smuzhiyun 	}
94*4882a593Smuzhiyun 	default:
95*4882a593Smuzhiyun 		ret = -EINVAL;
96*4882a593Smuzhiyun 	}
97*4882a593Smuzhiyun 	return ret;
98*4882a593Smuzhiyun }
99*4882a593Smuzhiyun #if IS_ENABLED(CONFIG_IPV6)
100*4882a593Smuzhiyun /**
101*4882a593Smuzhiyun  * ipv6_skb_to_auditdata : fill auditdata from skb
102*4882a593Smuzhiyun  * @skb : the skb
103*4882a593Smuzhiyun  * @ad : the audit data to fill
104*4882a593Smuzhiyun  * @proto : the layer 4 protocol
105*4882a593Smuzhiyun  *
106*4882a593Smuzhiyun  * return  0 on success
107*4882a593Smuzhiyun  */
ipv6_skb_to_auditdata(struct sk_buff * skb,struct common_audit_data * ad,u8 * proto)108*4882a593Smuzhiyun int ipv6_skb_to_auditdata(struct sk_buff *skb,
109*4882a593Smuzhiyun 		struct common_audit_data *ad, u8 *proto)
110*4882a593Smuzhiyun {
111*4882a593Smuzhiyun 	int offset, ret = 0;
112*4882a593Smuzhiyun 	struct ipv6hdr *ip6;
113*4882a593Smuzhiyun 	u8 nexthdr;
114*4882a593Smuzhiyun 	__be16 frag_off;
115*4882a593Smuzhiyun 
116*4882a593Smuzhiyun 	ip6 = ipv6_hdr(skb);
117*4882a593Smuzhiyun 	if (ip6 == NULL)
118*4882a593Smuzhiyun 		return -EINVAL;
119*4882a593Smuzhiyun 	ad->u.net->v6info.saddr = ip6->saddr;
120*4882a593Smuzhiyun 	ad->u.net->v6info.daddr = ip6->daddr;
121*4882a593Smuzhiyun 	ret = 0;
122*4882a593Smuzhiyun 	/* IPv6 can have several extension header before the Transport header
123*4882a593Smuzhiyun 	 * skip them */
124*4882a593Smuzhiyun 	offset = skb_network_offset(skb);
125*4882a593Smuzhiyun 	offset += sizeof(*ip6);
126*4882a593Smuzhiyun 	nexthdr = ip6->nexthdr;
127*4882a593Smuzhiyun 	offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
128*4882a593Smuzhiyun 	if (offset < 0)
129*4882a593Smuzhiyun 		return 0;
130*4882a593Smuzhiyun 	if (proto)
131*4882a593Smuzhiyun 		*proto = nexthdr;
132*4882a593Smuzhiyun 	switch (nexthdr) {
133*4882a593Smuzhiyun 	case IPPROTO_TCP: {
134*4882a593Smuzhiyun 		struct tcphdr _tcph, *th;
135*4882a593Smuzhiyun 
136*4882a593Smuzhiyun 		th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
137*4882a593Smuzhiyun 		if (th == NULL)
138*4882a593Smuzhiyun 			break;
139*4882a593Smuzhiyun 
140*4882a593Smuzhiyun 		ad->u.net->sport = th->source;
141*4882a593Smuzhiyun 		ad->u.net->dport = th->dest;
142*4882a593Smuzhiyun 		break;
143*4882a593Smuzhiyun 	}
144*4882a593Smuzhiyun 	case IPPROTO_UDP: {
145*4882a593Smuzhiyun 		struct udphdr _udph, *uh;
146*4882a593Smuzhiyun 
147*4882a593Smuzhiyun 		uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
148*4882a593Smuzhiyun 		if (uh == NULL)
149*4882a593Smuzhiyun 			break;
150*4882a593Smuzhiyun 
151*4882a593Smuzhiyun 		ad->u.net->sport = uh->source;
152*4882a593Smuzhiyun 		ad->u.net->dport = uh->dest;
153*4882a593Smuzhiyun 		break;
154*4882a593Smuzhiyun 	}
155*4882a593Smuzhiyun 	case IPPROTO_DCCP: {
156*4882a593Smuzhiyun 		struct dccp_hdr _dccph, *dh;
157*4882a593Smuzhiyun 
158*4882a593Smuzhiyun 		dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
159*4882a593Smuzhiyun 		if (dh == NULL)
160*4882a593Smuzhiyun 			break;
161*4882a593Smuzhiyun 
162*4882a593Smuzhiyun 		ad->u.net->sport = dh->dccph_sport;
163*4882a593Smuzhiyun 		ad->u.net->dport = dh->dccph_dport;
164*4882a593Smuzhiyun 		break;
165*4882a593Smuzhiyun 	}
166*4882a593Smuzhiyun 	case IPPROTO_SCTP: {
167*4882a593Smuzhiyun 		struct sctphdr _sctph, *sh;
168*4882a593Smuzhiyun 
169*4882a593Smuzhiyun 		sh = skb_header_pointer(skb, offset, sizeof(_sctph), &_sctph);
170*4882a593Smuzhiyun 		if (sh == NULL)
171*4882a593Smuzhiyun 			break;
172*4882a593Smuzhiyun 		ad->u.net->sport = sh->source;
173*4882a593Smuzhiyun 		ad->u.net->dport = sh->dest;
174*4882a593Smuzhiyun 		break;
175*4882a593Smuzhiyun 	}
176*4882a593Smuzhiyun 	default:
177*4882a593Smuzhiyun 		ret = -EINVAL;
178*4882a593Smuzhiyun 	}
179*4882a593Smuzhiyun 	return ret;
180*4882a593Smuzhiyun }
181*4882a593Smuzhiyun #endif
182*4882a593Smuzhiyun 
183*4882a593Smuzhiyun 
print_ipv6_addr(struct audit_buffer * ab,struct in6_addr * addr,__be16 port,char * name1,char * name2)184*4882a593Smuzhiyun static inline void print_ipv6_addr(struct audit_buffer *ab,
185*4882a593Smuzhiyun 				   struct in6_addr *addr, __be16 port,
186*4882a593Smuzhiyun 				   char *name1, char *name2)
187*4882a593Smuzhiyun {
188*4882a593Smuzhiyun 	if (!ipv6_addr_any(addr))
189*4882a593Smuzhiyun 		audit_log_format(ab, " %s=%pI6c", name1, addr);
190*4882a593Smuzhiyun 	if (port)
191*4882a593Smuzhiyun 		audit_log_format(ab, " %s=%d", name2, ntohs(port));
192*4882a593Smuzhiyun }
193*4882a593Smuzhiyun 
print_ipv4_addr(struct audit_buffer * ab,__be32 addr,__be16 port,char * name1,char * name2)194*4882a593Smuzhiyun static inline void print_ipv4_addr(struct audit_buffer *ab, __be32 addr,
195*4882a593Smuzhiyun 				   __be16 port, char *name1, char *name2)
196*4882a593Smuzhiyun {
197*4882a593Smuzhiyun 	if (addr)
198*4882a593Smuzhiyun 		audit_log_format(ab, " %s=%pI4", name1, &addr);
199*4882a593Smuzhiyun 	if (port)
200*4882a593Smuzhiyun 		audit_log_format(ab, " %s=%d", name2, ntohs(port));
201*4882a593Smuzhiyun }
202*4882a593Smuzhiyun 
203*4882a593Smuzhiyun /**
204*4882a593Smuzhiyun  * dump_common_audit_data - helper to dump common audit data
205*4882a593Smuzhiyun  * @a : common audit data
206*4882a593Smuzhiyun  *
207*4882a593Smuzhiyun  */
dump_common_audit_data(struct audit_buffer * ab,struct common_audit_data * a)208*4882a593Smuzhiyun static void dump_common_audit_data(struct audit_buffer *ab,
209*4882a593Smuzhiyun 				   struct common_audit_data *a)
210*4882a593Smuzhiyun {
211*4882a593Smuzhiyun 	char comm[sizeof(current->comm)];
212*4882a593Smuzhiyun 
213*4882a593Smuzhiyun 	/*
214*4882a593Smuzhiyun 	 * To keep stack sizes in check force programers to notice if they
215*4882a593Smuzhiyun 	 * start making this union too large!  See struct lsm_network_audit
216*4882a593Smuzhiyun 	 * as an example of how to deal with large data.
217*4882a593Smuzhiyun 	 */
218*4882a593Smuzhiyun 	BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2);
219*4882a593Smuzhiyun 
220*4882a593Smuzhiyun 	audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current));
221*4882a593Smuzhiyun 	audit_log_untrustedstring(ab, memcpy(comm, current->comm, sizeof(comm)));
222*4882a593Smuzhiyun 
223*4882a593Smuzhiyun 	switch (a->type) {
224*4882a593Smuzhiyun 	case LSM_AUDIT_DATA_NONE:
225*4882a593Smuzhiyun 		return;
226*4882a593Smuzhiyun 	case LSM_AUDIT_DATA_IPC:
227*4882a593Smuzhiyun 		audit_log_format(ab, " key=%d ", a->u.ipc_id);
228*4882a593Smuzhiyun 		break;
229*4882a593Smuzhiyun 	case LSM_AUDIT_DATA_CAP:
230*4882a593Smuzhiyun 		audit_log_format(ab, " capability=%d ", a->u.cap);
231*4882a593Smuzhiyun 		break;
232*4882a593Smuzhiyun 	case LSM_AUDIT_DATA_PATH: {
233*4882a593Smuzhiyun 		struct inode *inode;
234*4882a593Smuzhiyun 
235*4882a593Smuzhiyun 		audit_log_d_path(ab, " path=", &a->u.path);
236*4882a593Smuzhiyun 
237*4882a593Smuzhiyun 		inode = d_backing_inode(a->u.path.dentry);
238*4882a593Smuzhiyun 		if (inode) {
239*4882a593Smuzhiyun 			audit_log_format(ab, " dev=");
240*4882a593Smuzhiyun 			audit_log_untrustedstring(ab, inode->i_sb->s_id);
241*4882a593Smuzhiyun 			audit_log_format(ab, " ino=%lu", inode->i_ino);
242*4882a593Smuzhiyun 		}
243*4882a593Smuzhiyun 		audit_getcwd();
244*4882a593Smuzhiyun 		break;
245*4882a593Smuzhiyun 	}
246*4882a593Smuzhiyun 	case LSM_AUDIT_DATA_FILE: {
247*4882a593Smuzhiyun 		struct inode *inode;
248*4882a593Smuzhiyun 
249*4882a593Smuzhiyun 		audit_log_d_path(ab, " path=", &a->u.file->f_path);
250*4882a593Smuzhiyun 
251*4882a593Smuzhiyun 		inode = file_inode(a->u.file);
252*4882a593Smuzhiyun 		if (inode) {
253*4882a593Smuzhiyun 			audit_log_format(ab, " dev=");
254*4882a593Smuzhiyun 			audit_log_untrustedstring(ab, inode->i_sb->s_id);
255*4882a593Smuzhiyun 			audit_log_format(ab, " ino=%lu", inode->i_ino);
256*4882a593Smuzhiyun 		}
257*4882a593Smuzhiyun 		audit_getcwd();
258*4882a593Smuzhiyun 		break;
259*4882a593Smuzhiyun 	}
260*4882a593Smuzhiyun 	case LSM_AUDIT_DATA_IOCTL_OP: {
261*4882a593Smuzhiyun 		struct inode *inode;
262*4882a593Smuzhiyun 
263*4882a593Smuzhiyun 		audit_log_d_path(ab, " path=", &a->u.op->path);
264*4882a593Smuzhiyun 
265*4882a593Smuzhiyun 		inode = a->u.op->path.dentry->d_inode;
266*4882a593Smuzhiyun 		if (inode) {
267*4882a593Smuzhiyun 			audit_log_format(ab, " dev=");
268*4882a593Smuzhiyun 			audit_log_untrustedstring(ab, inode->i_sb->s_id);
269*4882a593Smuzhiyun 			audit_log_format(ab, " ino=%lu", inode->i_ino);
270*4882a593Smuzhiyun 		}
271*4882a593Smuzhiyun 
272*4882a593Smuzhiyun 		audit_log_format(ab, " ioctlcmd=0x%hx", a->u.op->cmd);
273*4882a593Smuzhiyun 		audit_getcwd();
274*4882a593Smuzhiyun 		break;
275*4882a593Smuzhiyun 	}
276*4882a593Smuzhiyun 	case LSM_AUDIT_DATA_DENTRY: {
277*4882a593Smuzhiyun 		struct inode *inode;
278*4882a593Smuzhiyun 
279*4882a593Smuzhiyun 		audit_log_format(ab, " name=");
280*4882a593Smuzhiyun 		spin_lock(&a->u.dentry->d_lock);
281*4882a593Smuzhiyun 		audit_log_untrustedstring(ab, a->u.dentry->d_name.name);
282*4882a593Smuzhiyun 		spin_unlock(&a->u.dentry->d_lock);
283*4882a593Smuzhiyun 
284*4882a593Smuzhiyun 		inode = d_backing_inode(a->u.dentry);
285*4882a593Smuzhiyun 		if (inode) {
286*4882a593Smuzhiyun 			audit_log_format(ab, " dev=");
287*4882a593Smuzhiyun 			audit_log_untrustedstring(ab, inode->i_sb->s_id);
288*4882a593Smuzhiyun 			audit_log_format(ab, " ino=%lu", inode->i_ino);
289*4882a593Smuzhiyun 		}
290*4882a593Smuzhiyun 		audit_getcwd();
291*4882a593Smuzhiyun 		break;
292*4882a593Smuzhiyun 	}
293*4882a593Smuzhiyun 	case LSM_AUDIT_DATA_INODE: {
294*4882a593Smuzhiyun 		struct dentry *dentry;
295*4882a593Smuzhiyun 		struct inode *inode;
296*4882a593Smuzhiyun 
297*4882a593Smuzhiyun 		inode = a->u.inode;
298*4882a593Smuzhiyun 		dentry = d_find_alias(inode);
299*4882a593Smuzhiyun 		if (dentry) {
300*4882a593Smuzhiyun 			audit_log_format(ab, " name=");
301*4882a593Smuzhiyun 			spin_lock(&dentry->d_lock);
302*4882a593Smuzhiyun 			audit_log_untrustedstring(ab, dentry->d_name.name);
303*4882a593Smuzhiyun 			spin_unlock(&dentry->d_lock);
304*4882a593Smuzhiyun 			dput(dentry);
305*4882a593Smuzhiyun 		}
306*4882a593Smuzhiyun 		audit_log_format(ab, " dev=");
307*4882a593Smuzhiyun 		audit_log_untrustedstring(ab, inode->i_sb->s_id);
308*4882a593Smuzhiyun 		audit_log_format(ab, " ino=%lu", inode->i_ino);
309*4882a593Smuzhiyun 		audit_getcwd();
310*4882a593Smuzhiyun 		break;
311*4882a593Smuzhiyun 	}
312*4882a593Smuzhiyun 	case LSM_AUDIT_DATA_TASK: {
313*4882a593Smuzhiyun 		struct task_struct *tsk = a->u.tsk;
314*4882a593Smuzhiyun 		if (tsk) {
315*4882a593Smuzhiyun 			pid_t pid = task_tgid_nr(tsk);
316*4882a593Smuzhiyun 			if (pid) {
317*4882a593Smuzhiyun 				char comm[sizeof(tsk->comm)];
318*4882a593Smuzhiyun 				audit_log_format(ab, " opid=%d ocomm=", pid);
319*4882a593Smuzhiyun 				audit_log_untrustedstring(ab,
320*4882a593Smuzhiyun 				    memcpy(comm, tsk->comm, sizeof(comm)));
321*4882a593Smuzhiyun 			}
322*4882a593Smuzhiyun 		}
323*4882a593Smuzhiyun 		break;
324*4882a593Smuzhiyun 	}
325*4882a593Smuzhiyun 	case LSM_AUDIT_DATA_NET:
326*4882a593Smuzhiyun 		if (a->u.net->sk) {
327*4882a593Smuzhiyun 			struct sock *sk = a->u.net->sk;
328*4882a593Smuzhiyun 			struct unix_sock *u;
329*4882a593Smuzhiyun 			struct unix_address *addr;
330*4882a593Smuzhiyun 			int len = 0;
331*4882a593Smuzhiyun 			char *p = NULL;
332*4882a593Smuzhiyun 
333*4882a593Smuzhiyun 			switch (sk->sk_family) {
334*4882a593Smuzhiyun 			case AF_INET: {
335*4882a593Smuzhiyun 				struct inet_sock *inet = inet_sk(sk);
336*4882a593Smuzhiyun 
337*4882a593Smuzhiyun 				print_ipv4_addr(ab, inet->inet_rcv_saddr,
338*4882a593Smuzhiyun 						inet->inet_sport,
339*4882a593Smuzhiyun 						"laddr", "lport");
340*4882a593Smuzhiyun 				print_ipv4_addr(ab, inet->inet_daddr,
341*4882a593Smuzhiyun 						inet->inet_dport,
342*4882a593Smuzhiyun 						"faddr", "fport");
343*4882a593Smuzhiyun 				break;
344*4882a593Smuzhiyun 			}
345*4882a593Smuzhiyun #if IS_ENABLED(CONFIG_IPV6)
346*4882a593Smuzhiyun 			case AF_INET6: {
347*4882a593Smuzhiyun 				struct inet_sock *inet = inet_sk(sk);
348*4882a593Smuzhiyun 
349*4882a593Smuzhiyun 				print_ipv6_addr(ab, &sk->sk_v6_rcv_saddr,
350*4882a593Smuzhiyun 						inet->inet_sport,
351*4882a593Smuzhiyun 						"laddr", "lport");
352*4882a593Smuzhiyun 				print_ipv6_addr(ab, &sk->sk_v6_daddr,
353*4882a593Smuzhiyun 						inet->inet_dport,
354*4882a593Smuzhiyun 						"faddr", "fport");
355*4882a593Smuzhiyun 				break;
356*4882a593Smuzhiyun 			}
357*4882a593Smuzhiyun #endif
358*4882a593Smuzhiyun 			case AF_UNIX:
359*4882a593Smuzhiyun 				u = unix_sk(sk);
360*4882a593Smuzhiyun 				addr = smp_load_acquire(&u->addr);
361*4882a593Smuzhiyun 				if (!addr)
362*4882a593Smuzhiyun 					break;
363*4882a593Smuzhiyun 				if (u->path.dentry) {
364*4882a593Smuzhiyun 					audit_log_d_path(ab, " path=", &u->path);
365*4882a593Smuzhiyun 					break;
366*4882a593Smuzhiyun 				}
367*4882a593Smuzhiyun 				len = addr->len-sizeof(short);
368*4882a593Smuzhiyun 				p = &addr->name->sun_path[0];
369*4882a593Smuzhiyun 				audit_log_format(ab, " path=");
370*4882a593Smuzhiyun 				if (*p)
371*4882a593Smuzhiyun 					audit_log_untrustedstring(ab, p);
372*4882a593Smuzhiyun 				else
373*4882a593Smuzhiyun 					audit_log_n_hex(ab, p, len);
374*4882a593Smuzhiyun 				break;
375*4882a593Smuzhiyun 			}
376*4882a593Smuzhiyun 		}
377*4882a593Smuzhiyun 
378*4882a593Smuzhiyun 		switch (a->u.net->family) {
379*4882a593Smuzhiyun 		case AF_INET:
380*4882a593Smuzhiyun 			print_ipv4_addr(ab, a->u.net->v4info.saddr,
381*4882a593Smuzhiyun 					a->u.net->sport,
382*4882a593Smuzhiyun 					"saddr", "src");
383*4882a593Smuzhiyun 			print_ipv4_addr(ab, a->u.net->v4info.daddr,
384*4882a593Smuzhiyun 					a->u.net->dport,
385*4882a593Smuzhiyun 					"daddr", "dest");
386*4882a593Smuzhiyun 			break;
387*4882a593Smuzhiyun 		case AF_INET6:
388*4882a593Smuzhiyun 			print_ipv6_addr(ab, &a->u.net->v6info.saddr,
389*4882a593Smuzhiyun 					a->u.net->sport,
390*4882a593Smuzhiyun 					"saddr", "src");
391*4882a593Smuzhiyun 			print_ipv6_addr(ab, &a->u.net->v6info.daddr,
392*4882a593Smuzhiyun 					a->u.net->dport,
393*4882a593Smuzhiyun 					"daddr", "dest");
394*4882a593Smuzhiyun 			break;
395*4882a593Smuzhiyun 		}
396*4882a593Smuzhiyun 		if (a->u.net->netif > 0) {
397*4882a593Smuzhiyun 			struct net_device *dev;
398*4882a593Smuzhiyun 
399*4882a593Smuzhiyun 			/* NOTE: we always use init's namespace */
400*4882a593Smuzhiyun 			dev = dev_get_by_index(&init_net, a->u.net->netif);
401*4882a593Smuzhiyun 			if (dev) {
402*4882a593Smuzhiyun 				audit_log_format(ab, " netif=%s", dev->name);
403*4882a593Smuzhiyun 				dev_put(dev);
404*4882a593Smuzhiyun 			}
405*4882a593Smuzhiyun 		}
406*4882a593Smuzhiyun 		break;
407*4882a593Smuzhiyun #ifdef CONFIG_KEYS
408*4882a593Smuzhiyun 	case LSM_AUDIT_DATA_KEY:
409*4882a593Smuzhiyun 		audit_log_format(ab, " key_serial=%u", a->u.key_struct.key);
410*4882a593Smuzhiyun 		if (a->u.key_struct.key_desc) {
411*4882a593Smuzhiyun 			audit_log_format(ab, " key_desc=");
412*4882a593Smuzhiyun 			audit_log_untrustedstring(ab, a->u.key_struct.key_desc);
413*4882a593Smuzhiyun 		}
414*4882a593Smuzhiyun 		break;
415*4882a593Smuzhiyun #endif
416*4882a593Smuzhiyun 	case LSM_AUDIT_DATA_KMOD:
417*4882a593Smuzhiyun 		audit_log_format(ab, " kmod=");
418*4882a593Smuzhiyun 		audit_log_untrustedstring(ab, a->u.kmod_name);
419*4882a593Smuzhiyun 		break;
420*4882a593Smuzhiyun 	case LSM_AUDIT_DATA_IBPKEY: {
421*4882a593Smuzhiyun 		struct in6_addr sbn_pfx;
422*4882a593Smuzhiyun 
423*4882a593Smuzhiyun 		memset(&sbn_pfx.s6_addr, 0,
424*4882a593Smuzhiyun 		       sizeof(sbn_pfx.s6_addr));
425*4882a593Smuzhiyun 		memcpy(&sbn_pfx.s6_addr, &a->u.ibpkey->subnet_prefix,
426*4882a593Smuzhiyun 		       sizeof(a->u.ibpkey->subnet_prefix));
427*4882a593Smuzhiyun 		audit_log_format(ab, " pkey=0x%x subnet_prefix=%pI6c",
428*4882a593Smuzhiyun 				 a->u.ibpkey->pkey, &sbn_pfx);
429*4882a593Smuzhiyun 		break;
430*4882a593Smuzhiyun 	}
431*4882a593Smuzhiyun 	case LSM_AUDIT_DATA_IBENDPORT:
432*4882a593Smuzhiyun 		audit_log_format(ab, " device=%s port_num=%u",
433*4882a593Smuzhiyun 				 a->u.ibendport->dev_name,
434*4882a593Smuzhiyun 				 a->u.ibendport->port);
435*4882a593Smuzhiyun 		break;
436*4882a593Smuzhiyun 	} /* switch (a->type) */
437*4882a593Smuzhiyun }
438*4882a593Smuzhiyun 
439*4882a593Smuzhiyun /**
440*4882a593Smuzhiyun  * common_lsm_audit - generic LSM auditing function
441*4882a593Smuzhiyun  * @a:  auxiliary audit data
442*4882a593Smuzhiyun  * @pre_audit: lsm-specific pre-audit callback
443*4882a593Smuzhiyun  * @post_audit: lsm-specific post-audit callback
444*4882a593Smuzhiyun  *
445*4882a593Smuzhiyun  * setup the audit buffer for common security information
446*4882a593Smuzhiyun  * uses callback to print LSM specific information
447*4882a593Smuzhiyun  */
common_lsm_audit(struct common_audit_data * a,void (* pre_audit)(struct audit_buffer *,void *),void (* post_audit)(struct audit_buffer *,void *))448*4882a593Smuzhiyun void common_lsm_audit(struct common_audit_data *a,
449*4882a593Smuzhiyun 	void (*pre_audit)(struct audit_buffer *, void *),
450*4882a593Smuzhiyun 	void (*post_audit)(struct audit_buffer *, void *))
451*4882a593Smuzhiyun {
452*4882a593Smuzhiyun 	struct audit_buffer *ab;
453*4882a593Smuzhiyun 
454*4882a593Smuzhiyun 	if (a == NULL)
455*4882a593Smuzhiyun 		return;
456*4882a593Smuzhiyun 	/* we use GFP_ATOMIC so we won't sleep */
457*4882a593Smuzhiyun 	ab = audit_log_start(audit_context(), GFP_ATOMIC | __GFP_NOWARN,
458*4882a593Smuzhiyun 			     AUDIT_AVC);
459*4882a593Smuzhiyun 
460*4882a593Smuzhiyun 	if (ab == NULL)
461*4882a593Smuzhiyun 		return;
462*4882a593Smuzhiyun 
463*4882a593Smuzhiyun 	if (pre_audit)
464*4882a593Smuzhiyun 		pre_audit(ab, a);
465*4882a593Smuzhiyun 
466*4882a593Smuzhiyun 	dump_common_audit_data(ab, a);
467*4882a593Smuzhiyun 
468*4882a593Smuzhiyun 	if (post_audit)
469*4882a593Smuzhiyun 		post_audit(ab, a);
470*4882a593Smuzhiyun 
471*4882a593Smuzhiyun 	audit_log_end(ab);
472*4882a593Smuzhiyun }
473