2 * security/tomoyo/audit.c
4 * Pathname restriction functions.
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
10 #include <linux/slab.h>
13 * tomoyo_print_header - Get header line of audit log.
15 * @r: Pointer to "struct tomoyo_request_info".
17 * Returns string representation.
19 * This function uses kmalloc(), so caller must kfree() if this function
22 static char *tomoyo_print_header(struct tomoyo_request_info *r)
24 struct tomoyo_time stamp;
25 const pid_t gpid = task_pid_nr(current);
26 static const int tomoyo_buffer_len = 4096;
27 char *buffer = kmalloc(tomoyo_buffer_len, GFP_NOFS);
34 tomoyo_convert_time(tv.tv_sec, &stamp);
37 ppid = task_tgid_vnr(current->real_parent);
39 snprintf(buffer, tomoyo_buffer_len - 1,
40 "#%04u/%02u/%02u %02u:%02u:%02u# profile=%u mode=%s "
41 "granted=%s (global-pid=%u) task={ pid=%u ppid=%u "
42 "uid=%u gid=%u euid=%u egid=%u suid=%u sgid=%u "
43 "fsuid=%u fsgid=%u }",
44 stamp.year, stamp.month, stamp.day, stamp.hour,
45 stamp.min, stamp.sec, r->profile, tomoyo_mode[r->mode],
46 tomoyo_yesno(r->granted), gpid, task_tgid_vnr(current), ppid,
47 current_uid(), current_gid(), current_euid(), current_egid(),
48 current_suid(), current_sgid(), current_fsuid(),
54 * tomoyo_init_log - Allocate buffer for audit logs.
56 * @r: Pointer to "struct tomoyo_request_info".
57 * @len: Buffer size needed for @fmt and @args.
58 * @fmt: The printf()'s format string.
59 * @args: va_list structure for @fmt.
61 * Returns pointer to allocated memory.
63 * This function uses kzalloc(), so caller must kfree() if this function
66 char *tomoyo_init_log(struct tomoyo_request_info *r, int len, const char *fmt,
70 const char *header = NULL;
72 const char *domainname = tomoyo_domain()->domainname->name;
73 header = tomoyo_print_header(r);
76 /* +10 is for '\n' etc. and '\0'. */
77 len += strlen(domainname) + strlen(header) + 10;
78 len = tomoyo_round2(len);
79 buf = kzalloc(len, GFP_NOFS);
83 pos = snprintf(buf, len, "%s", header);
84 pos += snprintf(buf + pos, len - pos, "\n%s\n", domainname);
85 vsnprintf(buf + pos, len - pos, fmt, args);
91 /* Wait queue for /sys/kernel/security/tomoyo/audit. */
92 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_log_wait);
94 /* Structure for audit log. */
96 struct list_head list;
101 /* The list for "struct tomoyo_log". */
102 static LIST_HEAD(tomoyo_log);
104 /* Lock for "struct list_head tomoyo_log". */
105 static DEFINE_SPINLOCK(tomoyo_log_lock);
107 /* Length of "stuct list_head tomoyo_log". */
108 static unsigned int tomoyo_log_count;
111 * tomoyo_get_audit - Get audit mode.
113 * @ns: Pointer to "struct tomoyo_policy_namespace".
114 * @profile: Profile number.
115 * @index: Index number of functionality.
116 * @is_granted: True if granted log, false otherwise.
118 * Returns true if this request should be audited, false otherwise.
120 static bool tomoyo_get_audit(const struct tomoyo_policy_namespace *ns,
121 const u8 profile, const u8 index,
122 const bool is_granted)
125 const u8 category = tomoyo_index2category[index] +
126 TOMOYO_MAX_MAC_INDEX;
127 struct tomoyo_profile *p;
128 if (!tomoyo_policy_loaded)
130 p = tomoyo_profile(ns, profile);
131 if (tomoyo_log_count >= p->pref[TOMOYO_PREF_MAX_AUDIT_LOG])
133 mode = p->config[index];
134 if (mode == TOMOYO_CONFIG_USE_DEFAULT)
135 mode = p->config[category];
136 if (mode == TOMOYO_CONFIG_USE_DEFAULT)
137 mode = p->default_config;
139 return mode & TOMOYO_CONFIG_WANT_GRANT_LOG;
140 return mode & TOMOYO_CONFIG_WANT_REJECT_LOG;
144 * tomoyo_write_log2 - Write an audit log.
146 * @r: Pointer to "struct tomoyo_request_info".
147 * @len: Buffer size needed for @fmt and @args.
148 * @fmt: The printf()'s format string.
149 * @args: va_list structure for @fmt.
153 void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt,
157 struct tomoyo_log *entry;
158 bool quota_exceeded = false;
159 if (!tomoyo_get_audit(r->domain->ns, r->profile, r->type, r->granted))
161 buf = tomoyo_init_log(r, len, fmt, args);
164 entry = kzalloc(sizeof(*entry), GFP_NOFS);
170 len = tomoyo_round2(strlen(buf) + 1);
172 * The entry->size is used for memory quota checks.
173 * Don't go beyond strlen(entry->log).
175 entry->size = len + tomoyo_round2(sizeof(*entry));
176 spin_lock(&tomoyo_log_lock);
177 if (tomoyo_memory_quota[TOMOYO_MEMORY_AUDIT] &&
178 tomoyo_memory_used[TOMOYO_MEMORY_AUDIT] + entry->size >=
179 tomoyo_memory_quota[TOMOYO_MEMORY_AUDIT]) {
180 quota_exceeded = true;
182 tomoyo_memory_used[TOMOYO_MEMORY_AUDIT] += entry->size;
183 list_add_tail(&entry->list, &tomoyo_log);
186 spin_unlock(&tomoyo_log_lock);
187 if (quota_exceeded) {
192 wake_up(&tomoyo_log_wait);
198 * tomoyo_write_log - Write an audit log.
200 * @r: Pointer to "struct tomoyo_request_info".
201 * @fmt: The printf()'s format string, followed by parameters.
205 void tomoyo_write_log(struct tomoyo_request_info *r, const char *fmt, ...)
210 len = vsnprintf((char *) &len, 1, fmt, args) + 1;
213 tomoyo_write_log2(r, len, fmt, args);
218 * tomoyo_read_log - Read an audit log.
220 * @head: Pointer to "struct tomoyo_io_buffer".
224 void tomoyo_read_log(struct tomoyo_io_buffer *head)
226 struct tomoyo_log *ptr = NULL;
229 kfree(head->read_buf);
230 head->read_buf = NULL;
231 spin_lock(&tomoyo_log_lock);
232 if (!list_empty(&tomoyo_log)) {
233 ptr = list_entry(tomoyo_log.next, typeof(*ptr), list);
234 list_del(&ptr->list);
236 tomoyo_memory_used[TOMOYO_MEMORY_AUDIT] -= ptr->size;
238 spin_unlock(&tomoyo_log_lock);
240 head->read_buf = ptr->log;
241 head->r.w[head->r.w_pos++] = head->read_buf;
247 * tomoyo_poll_log - Wait for an audit log.
249 * @file: Pointer to "struct file".
250 * @wait: Pointer to "poll_table".
252 * Returns POLLIN | POLLRDNORM when ready to read an audit log.
254 int tomoyo_poll_log(struct file *file, poll_table *wait)
256 if (tomoyo_log_count)
257 return POLLIN | POLLRDNORM;
258 poll_wait(file, &tomoyo_log_wait, wait);
259 if (tomoyo_log_count)
260 return POLLIN | POLLRDNORM;