alpha: Enable system-call auditing support.
Signed-off-by: Zhenglong.cai <zhenglong.cai@cs2c.com.cn> Signed-off-by: Matt Turner <mattst88@gmail.com>
This commit is contained in:
parent
e7651b819e
commit
a9302e8439
|
@ -17,6 +17,7 @@ config ALPHA
|
||||||
select ARCH_WANT_IPC_PARSE_VERSION
|
select ARCH_WANT_IPC_PARSE_VERSION
|
||||||
select ARCH_HAVE_NMI_SAFE_CMPXCHG
|
select ARCH_HAVE_NMI_SAFE_CMPXCHG
|
||||||
select ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE
|
select ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE
|
||||||
|
select AUDIT_ARCH
|
||||||
select GENERIC_CLOCKEVENTS
|
select GENERIC_CLOCKEVENTS
|
||||||
select GENERIC_SMP_IDLE_THREAD
|
select GENERIC_SMP_IDLE_THREAD
|
||||||
select GENERIC_STRNCPY_FROM_USER
|
select GENERIC_STRNCPY_FROM_USER
|
||||||
|
@ -77,6 +78,8 @@ config GENERIC_ISA_DMA
|
||||||
source "init/Kconfig"
|
source "init/Kconfig"
|
||||||
source "kernel/Kconfig.freezer"
|
source "kernel/Kconfig.freezer"
|
||||||
|
|
||||||
|
config AUDIT_ARCH
|
||||||
|
bool
|
||||||
|
|
||||||
menu "System setup"
|
menu "System setup"
|
||||||
|
|
||||||
|
|
|
@ -19,4 +19,9 @@
|
||||||
|
|
||||||
#define force_successful_syscall_return() (current_pt_regs()->r0 = 0)
|
#define force_successful_syscall_return() (current_pt_regs()->r0 = 0)
|
||||||
|
|
||||||
|
static inline unsigned long regs_return_value(struct pt_regs *regs)
|
||||||
|
{
|
||||||
|
return regs->r0;
|
||||||
|
}
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -70,6 +70,7 @@ register struct thread_info *__current_thread_info __asm__("$8");
|
||||||
#define TIF_NOTIFY_RESUME 1 /* callback before returning to user */
|
#define TIF_NOTIFY_RESUME 1 /* callback before returning to user */
|
||||||
#define TIF_SIGPENDING 2 /* signal pending */
|
#define TIF_SIGPENDING 2 /* signal pending */
|
||||||
#define TIF_NEED_RESCHED 3 /* rescheduling necessary */
|
#define TIF_NEED_RESCHED 3 /* rescheduling necessary */
|
||||||
|
#define TIF_SYSCALL_AUDIT 4 /* syscall audit active */
|
||||||
#define TIF_DIE_IF_KERNEL 9 /* dik recursion lock */
|
#define TIF_DIE_IF_KERNEL 9 /* dik recursion lock */
|
||||||
#define TIF_MEMDIE 13 /* is terminating due to OOM killer */
|
#define TIF_MEMDIE 13 /* is terminating due to OOM killer */
|
||||||
|
|
||||||
|
@ -77,6 +78,7 @@ register struct thread_info *__current_thread_info __asm__("$8");
|
||||||
#define _TIF_SIGPENDING (1<<TIF_SIGPENDING)
|
#define _TIF_SIGPENDING (1<<TIF_SIGPENDING)
|
||||||
#define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED)
|
#define _TIF_NEED_RESCHED (1<<TIF_NEED_RESCHED)
|
||||||
#define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME)
|
#define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME)
|
||||||
|
#define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT)
|
||||||
|
|
||||||
/* Work to do on interrupt/exception return. */
|
/* Work to do on interrupt/exception return. */
|
||||||
#define _TIF_WORK_MASK (_TIF_SIGPENDING | _TIF_NEED_RESCHED | \
|
#define _TIF_WORK_MASK (_TIF_SIGPENDING | _TIF_NEED_RESCHED | \
|
||||||
|
|
|
@ -17,6 +17,7 @@ obj-$(CONFIG_SRM_ENV) += srm_env.o
|
||||||
obj-$(CONFIG_MODULES) += module.o
|
obj-$(CONFIG_MODULES) += module.o
|
||||||
obj-$(CONFIG_PERF_EVENTS) += perf_event.o
|
obj-$(CONFIG_PERF_EVENTS) += perf_event.o
|
||||||
obj-$(CONFIG_RTC_DRV_ALPHA) += rtc.o
|
obj-$(CONFIG_RTC_DRV_ALPHA) += rtc.o
|
||||||
|
obj-$(CONFIG_AUDIT) += audit.o
|
||||||
|
|
||||||
ifdef CONFIG_ALPHA_GENERIC
|
ifdef CONFIG_ALPHA_GENERIC
|
||||||
|
|
||||||
|
|
60
arch/alpha/kernel/audit.c
Normal file
60
arch/alpha/kernel/audit.c
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
#include <linux/init.h>
|
||||||
|
#include <linux/types.h>
|
||||||
|
#include <linux/audit.h>
|
||||||
|
#include <asm/unistd.h>
|
||||||
|
|
||||||
|
static unsigned dir_class[] = {
|
||||||
|
#include <asm-generic/audit_dir_write.h>
|
||||||
|
~0U
|
||||||
|
};
|
||||||
|
|
||||||
|
static unsigned read_class[] = {
|
||||||
|
#include <asm-generic/audit_read.h>
|
||||||
|
~0U
|
||||||
|
};
|
||||||
|
|
||||||
|
static unsigned write_class[] = {
|
||||||
|
#include <asm-generic/audit_write.h>
|
||||||
|
~0U
|
||||||
|
};
|
||||||
|
|
||||||
|
static unsigned chattr_class[] = {
|
||||||
|
#include <asm-generic/audit_change_attr.h>
|
||||||
|
~0U
|
||||||
|
};
|
||||||
|
|
||||||
|
static unsigned signal_class[] = {
|
||||||
|
#include <asm-generic/audit_signal.h>
|
||||||
|
~0U
|
||||||
|
};
|
||||||
|
|
||||||
|
int audit_classify_arch(int arch)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
int audit_classify_syscall(int abi, unsigned syscall)
|
||||||
|
{
|
||||||
|
switch(syscall) {
|
||||||
|
case __NR_open:
|
||||||
|
return 2;
|
||||||
|
case __NR_openat:
|
||||||
|
return 3;
|
||||||
|
case __NR_execve:
|
||||||
|
return 5;
|
||||||
|
default:
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static int __init audit_classes_init(void)
|
||||||
|
{
|
||||||
|
audit_register_class(AUDIT_CLASS_WRITE, write_class);
|
||||||
|
audit_register_class(AUDIT_CLASS_READ, read_class);
|
||||||
|
audit_register_class(AUDIT_CLASS_DIR_WRITE, dir_class);
|
||||||
|
audit_register_class(AUDIT_CLASS_CHATTR, chattr_class);
|
||||||
|
audit_register_class(AUDIT_CLASS_SIGNAL, signal_class);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
__initcall(audit_classes_init);
|
|
@ -465,7 +465,11 @@ entSys:
|
||||||
.cfi_rel_offset $16, SP_OFF+24
|
.cfi_rel_offset $16, SP_OFF+24
|
||||||
.cfi_rel_offset $17, SP_OFF+32
|
.cfi_rel_offset $17, SP_OFF+32
|
||||||
.cfi_rel_offset $18, SP_OFF+40
|
.cfi_rel_offset $18, SP_OFF+40
|
||||||
blbs $3, strace
|
#ifdef CONFIG_AUDITSYSCALL
|
||||||
|
lda $6, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT
|
||||||
|
and $3, $6, $3
|
||||||
|
#endif
|
||||||
|
bne $3, strace
|
||||||
beq $4, 1f
|
beq $4, 1f
|
||||||
ldq $27, 0($5)
|
ldq $27, 0($5)
|
||||||
1: jsr $26, ($27), alpha_ni_syscall
|
1: jsr $26, ($27), alpha_ni_syscall
|
||||||
|
|
|
@ -14,6 +14,7 @@
|
||||||
#include <linux/security.h>
|
#include <linux/security.h>
|
||||||
#include <linux/signal.h>
|
#include <linux/signal.h>
|
||||||
#include <linux/tracehook.h>
|
#include <linux/tracehook.h>
|
||||||
|
#include <linux/audit.h>
|
||||||
|
|
||||||
#include <asm/uaccess.h>
|
#include <asm/uaccess.h>
|
||||||
#include <asm/pgtable.h>
|
#include <asm/pgtable.h>
|
||||||
|
@ -316,15 +317,18 @@ long arch_ptrace(struct task_struct *child, long request,
|
||||||
asmlinkage unsigned long syscall_trace_enter(void)
|
asmlinkage unsigned long syscall_trace_enter(void)
|
||||||
{
|
{
|
||||||
unsigned long ret = 0;
|
unsigned long ret = 0;
|
||||||
|
struct pt_regs *regs = current_pt_regs();
|
||||||
if (test_thread_flag(TIF_SYSCALL_TRACE) &&
|
if (test_thread_flag(TIF_SYSCALL_TRACE) &&
|
||||||
tracehook_report_syscall_entry(current_pt_regs()))
|
tracehook_report_syscall_entry(current_pt_regs()))
|
||||||
ret = -1UL;
|
ret = -1UL;
|
||||||
|
audit_syscall_entry(AUDIT_ARCH_ALPHA, regs->r0, regs->r16, regs->r17, regs->r18, regs->r19);
|
||||||
return ret ?: current_pt_regs()->r0;
|
return ret ?: current_pt_regs()->r0;
|
||||||
}
|
}
|
||||||
|
|
||||||
asmlinkage void
|
asmlinkage void
|
||||||
syscall_trace_leave(void)
|
syscall_trace_leave(void)
|
||||||
{
|
{
|
||||||
|
audit_syscall_exit(current_pt_regs());
|
||||||
if (test_thread_flag(TIF_SYSCALL_TRACE))
|
if (test_thread_flag(TIF_SYSCALL_TRACE))
|
||||||
tracehook_report_syscall_exit(current_pt_regs(), 0);
|
tracehook_report_syscall_exit(current_pt_regs(), 0);
|
||||||
}
|
}
|
||||||
|
|
|
@ -284,7 +284,7 @@ config AUDIT
|
||||||
|
|
||||||
config AUDITSYSCALL
|
config AUDITSYSCALL
|
||||||
bool "Enable system-call auditing support"
|
bool "Enable system-call auditing support"
|
||||||
depends on AUDIT && (X86 || PARISC || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT))
|
depends on AUDIT && (X86 || PARISC || PPC || S390 || IA64 || UML || SPARC64 || SUPERH || (ARM && AEABI && !OABI_COMPAT) || ALPHA)
|
||||||
default y if SECURITY_SELINUX
|
default y if SECURITY_SELINUX
|
||||||
help
|
help
|
||||||
Enable low-overhead system-call auditing infrastructure that
|
Enable low-overhead system-call auditing infrastructure that
|
||||||
|
|
Loading…
Reference in New Issue
Block a user