forked from luck/tmp_suning_uos_patched
073115d6b2
1) The audit_ipc_perms() function has been split into two different
functions:
- audit_ipc_obj()
- audit_ipc_set_perm()
There's a key shift here... The audit_ipc_obj() collects the uid, gid,
mode, and SElinux context label of the current ipc object. This
audit_ipc_obj() hook is now found in several places. Most notably, it
is hooked in ipcperms(), which is called in various places around the
ipc code permforming a MAC check. Additionally there are several places
where *checkid() is used to validate that an operation is being
performed on a valid object while not necessarily having a nearby
ipcperms() call. In these locations, audit_ipc_obj() is called to
ensure that the information is captured by the audit system.
The audit_set_new_perm() function is called any time the permissions on
the ipc object changes. In this case, the NEW permissions are recorded
(and note that an audit_ipc_obj() call exists just a few lines before
each instance).
2) Support for an AUDIT_IPC_SET_PERM audit message type. This allows
for separate auxiliary audit records for normal operations on an IPC
object and permissions changes. Note that the same struct
audit_aux_data_ipcctl is used and populated, however there are separate
audit_log_format statements based on the type of the message. Finally,
the AUDIT_IPC block of code in audit_free_aux() was extended to handle
aux messages of this new type. No more mem leaks I hope ;-)
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
|
||
|---|---|---|
| .. | ||
| irq | ||
| power | ||
| .gitignore | ||
| acct.c | ||
| audit.c | ||
| audit.h | ||
| auditfilter.c | ||
| auditsc.c | ||
| capability.c | ||
| compat.c | ||
| configs.c | ||
| cpu.c | ||
| cpuset.c | ||
| dma.c | ||
| exec_domain.c | ||
| exit.c | ||
| extable.c | ||
| fork.c | ||
| futex_compat.c | ||
| futex.c | ||
| hrtimer.c | ||
| intermodule.c | ||
| itimer.c | ||
| kallsyms.c | ||
| Kconfig.hz | ||
| Kconfig.preempt | ||
| kexec.c | ||
| kfifo.c | ||
| kmod.c | ||
| kprobes.c | ||
| ksysfs.c | ||
| kthread.c | ||
| Makefile | ||
| module.c | ||
| mutex-debug.c | ||
| mutex-debug.h | ||
| mutex.c | ||
| mutex.h | ||
| panic.c | ||
| params.c | ||
| pid.c | ||
| posix-cpu-timers.c | ||
| posix-timers.c | ||
| printk.c | ||
| profile.c | ||
| ptrace.c | ||
| rcupdate.c | ||
| rcutorture.c | ||
| relay.c | ||
| resource.c | ||
| sched.c | ||
| seccomp.c | ||
| signal.c | ||
| softirq.c | ||
| softlockup.c | ||
| spinlock.c | ||
| stop_machine.c | ||
| sys_ni.c | ||
| sys.c | ||
| sysctl.c | ||
| time.c | ||
| timer.c | ||
| uid16.c | ||
| user.c | ||
| wait.c | ||
| workqueue.c | ||