BACKPORT: audit: consistently record PIDs with task_tgid_nr() · f885566c5e - evie/android_kernel_oneplus_msm8998 - Gay Catgirls Forgejo: gay catgirls having sex

evie/android_kernel_oneplus_msm8998

BACKPORT: audit: consistently record PIDs with task_tgid_nr()

Unfortunately we record PIDs in audit records using a variety of
methods despite the correct way being the use of task_tgid_nr().
This patch converts all of these callers, except for the case of
AUDIT_SET in audit_receive_msg() (see the comment in the code).

Reported-by: Jeff Vander Stoep <jeffv@google.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

Bug: 28952093

(cherry picked from commit fa2bea2f5cca5b8d4a3e5520d2e8c0ede67ac108)
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Change-Id: If6645f9de8bc58ed9755f28dc6af5fbf08d72a00

This commit is contained in:

Paul Moore

2016-08-30 17:19:13 -04:00

• committed by

Amit Pundir

parent ce33efa799

commit f885566c5e

3 changed files with 15 additions and 9 deletions

									
										8

kernel/audit.c
									
										View file
										
					@ -870,6 +870,12 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)

									return err;

									return err;

							}

							}

							if (s.mask & AUDIT_STATUS_PID) {

							if (s.mask & AUDIT_STATUS_PID) {

								/* NOTE: we are using task_tgid_vnr() below because

								 *       the s.pid value is relative to the namespace

								 *       of the caller; at present this doesn't matter

								 *       much since you can really only run auditd

								 *       from the initial pid namespace, but something

								 *       to keep in mind if this changes */

								int new_pid = s.pid;

								int new_pid = s.pid;

								if ((!new_pid) && (task_tgid_vnr(current) != audit_pid))

								if ((!new_pid) && (task_tgid_vnr(current) != audit_pid))

					@ -1896,7 +1902,7 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)

								 " euid=%u suid=%u fsuid=%u"

								 " euid=%u suid=%u fsuid=%u"

								 " egid=%u sgid=%u fsgid=%u tty=%s ses=%u",

								 " egid=%u sgid=%u fsgid=%u tty=%s ses=%u",

								 task_ppid_nr(tsk),

								 task_ppid_nr(tsk),

								 task_pid_nr(tsk),

								 task_tgid_nr(tsk),

								 from_kuid(&init_user_ns, audit_get_loginuid(tsk)),

								 from_kuid(&init_user_ns, audit_get_loginuid(tsk)),

								 from_kuid(&init_user_ns, cred->uid),

								 from_kuid(&init_user_ns, cred->uid),

								 from_kgid(&init_user_ns, cred->gid),

								 from_kgid(&init_user_ns, cred->gid),

									
										12

kernel/auditsc.c
									
										View file
										
					@ -458,7 +458,7 @@ static int audit_filter_rules(struct task_struct *tsk,

							switch (f->type) {

							switch (f->type) {

							case AUDIT_PID:

							case AUDIT_PID:

								pid = task_pid_nr(tsk);

								pid = task_tgid_nr(tsk);

								result = audit_comparator(pid, f->op, f->val);

								result = audit_comparator(pid, f->op, f->val);

								break;

								break;

							case AUDIT_PPID:

							case AUDIT_PPID:

					@ -1987,7 +1987,7 @@ static void audit_log_set_loginuid(kuid_t koldloginuid, kuid_t kloginuid,

						ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN);

						ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_LOGIN);

						if (!ab)

						if (!ab)

							return;

							return;

						audit_log_format(ab, "pid=%d uid=%u", task_pid_nr(current), uid);

						audit_log_format(ab, "pid=%d uid=%u", task_tgid_nr(current), uid);

						audit_log_task_context(ab);

						audit_log_task_context(ab);

						audit_log_format(ab, " old-auid=%u auid=%u old-ses=%u ses=%u res=%d",

						audit_log_format(ab, " old-auid=%u auid=%u old-ses=%u ses=%u res=%d",

								 oldloginuid, loginuid, oldsessionid, sessionid, !rc);

								 oldloginuid, loginuid, oldsessionid, sessionid, !rc);

					@ -2212,7 +2212,7 @@ void __audit_ptrace(struct task_struct *t)

					{

					{

						struct audit_context *context = current->audit_context;

						struct audit_context *context = current->audit_context;

						context->target_pid = task_pid_nr(t);

						context->target_pid = task_tgid_nr(t);

						context->target_auid = audit_get_loginuid(t);

						context->target_auid = audit_get_loginuid(t);

						context->target_uid = task_uid(t);

						context->target_uid = task_uid(t);

						context->target_sessionid = audit_get_sessionid(t);

						context->target_sessionid = audit_get_sessionid(t);

					@ -2237,7 +2237,7 @@ int __audit_signal_info(int sig, struct task_struct *t)

						if (audit_pid && t->tgid == audit_pid) {

						if (audit_pid && t->tgid == audit_pid) {

							if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) {

							if (sig == SIGTERM || sig == SIGHUP || sig == SIGUSR1 || sig == SIGUSR2) {

								audit_sig_pid = task_pid_nr(tsk);

								audit_sig_pid = task_tgid_nr(tsk);

								if (uid_valid(tsk->loginuid))

								if (uid_valid(tsk->loginuid))

									audit_sig_uid = tsk->loginuid;

									audit_sig_uid = tsk->loginuid;

								else

								else

					@ -2337,7 +2337,7 @@ int __audit_log_bprm_fcaps(struct linux_binprm *bprm,

					void __audit_log_capset(const struct cred *new, const struct cred *old)

					void __audit_log_capset(const struct cred *new, const struct cred *old)

					{

					{

						struct audit_context *context = current->audit_context;

						struct audit_context *context = current->audit_context;

						context->capset.pid = task_pid_nr(current);

						context->capset.pid = task_tgid_nr(current);

						context->capset.cap.effective   = new->cap_effective;

						context->capset.cap.effective   = new->cap_effective;

						context->capset.cap.inheritable = new->cap_effective;

						context->capset.cap.inheritable = new->cap_effective;

						context->capset.cap.permitted   = new->cap_permitted;

						context->capset.cap.permitted   = new->cap_permitted;

					@ -2369,7 +2369,7 @@ static void audit_log_task(struct audit_buffer *ab)

								 from_kgid(&init_user_ns, gid),

								 from_kgid(&init_user_ns, gid),

								 sessionid);

								 sessionid);

						audit_log_task_context(ab);

						audit_log_task_context(ab);

						audit_log_format(ab, " pid=%d comm=", task_pid_nr(current));

						audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current));

						audit_log_untrustedstring(ab, get_task_comm(comm, current));

						audit_log_untrustedstring(ab, get_task_comm(comm, current));

						audit_log_d_path_exe(ab, current->mm);

						audit_log_d_path_exe(ab, current->mm);

					}

					}

									
										4

security/lsm_audit.c
									
										View file
										
					@ -220,7 +220,7 @@ static void dump_common_audit_data(struct audit_buffer *ab,

						 */

						 */

						BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2);

						BUILD_BUG_ON(sizeof(a->u) > sizeof(void *)*2);

						audit_log_format(ab, " pid=%d comm=", task_pid_nr(current));

						audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current));

						audit_log_untrustedstring(ab, memcpy(comm, current->comm, sizeof(comm)));

						audit_log_untrustedstring(ab, memcpy(comm, current->comm, sizeof(comm)));

						switch (a->type) {

						switch (a->type) {

					@ -294,7 +294,7 @@ static void dump_common_audit_data(struct audit_buffer *ab,

						case LSM_AUDIT_DATA_TASK: {

						case LSM_AUDIT_DATA_TASK: {

							struct task_struct *tsk = a->u.tsk;

							struct task_struct *tsk = a->u.tsk;

							if (tsk) {

							if (tsk) {

								pid_t pid = task_pid_nr(tsk);

								pid_t pid = task_tgid_nr(tsk);

								if (pid) {

								if (pid) {

									char comm[sizeof(tsk->comm)];

									char comm[sizeof(tsk->comm)];

									audit_log_format(ab, " opid=%d ocomm=", pid);

									audit_log_format(ab, " opid=%d ocomm=", pid);