Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/kernel/audit_fsnotify.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /* audit_fsnotify.c -- tracking inodes
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  * Copyright 2003-2009,2014-2015 Red Hat, Inc.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * Copyright 2005 Hewlett-Packard Development Company, L.P.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  * Copyright 2005 IBM Corporation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) #include <linux/audit.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) #include <linux/kthread.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) #include <linux/mutex.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) #include <linux/fs.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) #include <linux/fsnotify_backend.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) #include <linux/namei.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) #include <linux/netlink.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) #include <linux/sched.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) #include <linux/security.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) #include "audit.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23)  * this mark lives on the parent directory of the inode in question.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24)  * but dev, ino, and path are about the child
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) struct audit_fsnotify_mark {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) 	dev_t dev;		/* associated superblock device */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) 	unsigned long ino;	/* associated inode number */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) 	char *path;		/* insertion path */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) 	struct fsnotify_mark mark; /* fsnotify mark on the inode */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) 	struct audit_krule *rule;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) /* fsnotify handle. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) static struct fsnotify_group *audit_fsnotify_group;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) /* fsnotify events we care about. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) #define AUDIT_FS_EVENTS (FS_MOVE | FS_CREATE | FS_DELETE | FS_DELETE_SELF |\
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) 			 FS_MOVE_SELF)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) static void audit_fsnotify_mark_free(struct audit_fsnotify_mark *audit_mark)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) 	kfree(audit_mark->path);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) 	kfree(audit_mark);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) static void audit_fsnotify_free_mark(struct fsnotify_mark *mark)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) 	struct audit_fsnotify_mark *audit_mark;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) 	audit_mark = container_of(mark, struct audit_fsnotify_mark, mark);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 	audit_fsnotify_mark_free(audit_mark);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) char *audit_mark_path(struct audit_fsnotify_mark *mark)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) 	return mark->path;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) int audit_mark_compare(struct audit_fsnotify_mark *mark, unsigned long ino, dev_t dev)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) 	if (mark->ino == AUDIT_INO_UNSET)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 	return (mark->ino == ino) && (mark->dev == dev);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) static void audit_update_mark(struct audit_fsnotify_mark *audit_mark,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) 			     const struct inode *inode)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) 	audit_mark->dev = inode ? inode->i_sb->s_dev : AUDIT_DEV_UNSET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) 	audit_mark->ino = inode ? inode->i_ino : AUDIT_INO_UNSET;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) struct audit_fsnotify_mark *audit_alloc_mark(struct audit_krule *krule, char *pathname, int len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 	struct audit_fsnotify_mark *audit_mark;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 	struct path path;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 	struct dentry *dentry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 	struct inode *inode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 	int ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) 	if (pathname[0] != '/' || pathname[len-1] == '/')
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 		return ERR_PTR(-EINVAL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 	dentry = kern_path_locked(pathname, &path);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 	if (IS_ERR(dentry))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 		return (void *)dentry; /* returning an error */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) 	inode = path.dentry->d_inode;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 	inode_unlock(inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) 	audit_mark = kzalloc(sizeof(*audit_mark), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 	if (unlikely(!audit_mark)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 		audit_mark = ERR_PTR(-ENOMEM);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 	fsnotify_init_mark(&audit_mark->mark, audit_fsnotify_group);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 	audit_mark->mark.mask = AUDIT_FS_EVENTS;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 	audit_mark->path = pathname;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 	audit_update_mark(audit_mark, dentry->d_inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 	audit_mark->rule = krule;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 	ret = fsnotify_add_inode_mark(&audit_mark->mark, inode, true);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 	if (ret < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 		fsnotify_put_mark(&audit_mark->mark);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 		audit_mark = ERR_PTR(ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 	dput(dentry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 	path_put(&path);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 	return audit_mark;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) static void audit_mark_log_rule_change(struct audit_fsnotify_mark *audit_mark, char *op)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 	struct audit_buffer *ab;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 	struct audit_krule *rule = audit_mark->rule;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 	if (!audit_enabled)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 		return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 	ab = audit_log_start(audit_context(), GFP_NOFS, AUDIT_CONFIG_CHANGE);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) 	if (unlikely(!ab))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 		return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 	audit_log_session_info(ab);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 	audit_log_format(ab, " op=%s path=", op);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 	audit_log_untrustedstring(ab, audit_mark->path);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) 	audit_log_key(ab, rule->filterkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) 	audit_log_format(ab, " list=%d res=1", rule->listnr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) 	audit_log_end(ab);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) void audit_remove_mark(struct audit_fsnotify_mark *audit_mark)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 	fsnotify_destroy_mark(&audit_mark->mark, audit_fsnotify_group);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 	fsnotify_put_mark(&audit_mark->mark);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) void audit_remove_mark_rule(struct audit_krule *krule)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 	struct audit_fsnotify_mark *mark = krule->exe;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 	audit_remove_mark(mark);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) static void audit_autoremove_mark_rule(struct audit_fsnotify_mark *audit_mark)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 	struct audit_krule *rule = audit_mark->rule;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 	struct audit_entry *entry = container_of(rule, struct audit_entry, rule);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 	audit_mark_log_rule_change(audit_mark, "autoremove_rule");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 	audit_del_rule(entry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) /* Update mark data in audit rules based on fsnotify events. */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) static int audit_mark_handle_event(struct fsnotify_mark *inode_mark, u32 mask,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 				   struct inode *inode, struct inode *dir,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) 				   const struct qstr *dname, u32 cookie)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) 	struct audit_fsnotify_mark *audit_mark;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) 	audit_mark = container_of(inode_mark, struct audit_fsnotify_mark, mark);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) 	if (WARN_ON_ONCE(inode_mark->group != audit_fsnotify_group) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 	    WARN_ON_ONCE(!inode))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) 	if (mask & (FS_CREATE|FS_MOVED_TO|FS_DELETE|FS_MOVED_FROM)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 		if (audit_compare_dname_path(dname, audit_mark->path, AUDIT_NAME_FULL))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 			return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 		audit_update_mark(audit_mark, inode);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 	} else if (mask & (FS_DELETE_SELF|FS_UNMOUNT|FS_MOVE_SELF)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 		audit_autoremove_mark_rule(audit_mark);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) static const struct fsnotify_ops audit_mark_fsnotify_ops = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) 	.handle_inode_event = audit_mark_handle_event,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) 	.free_mark = audit_fsnotify_free_mark,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) static int __init audit_fsnotify_init(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 	audit_fsnotify_group = fsnotify_alloc_group(&audit_mark_fsnotify_ops);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) 	if (IS_ERR(audit_fsnotify_group)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) 		audit_fsnotify_group = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) 		audit_panic("cannot create audit fsnotify group");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) device_initcall(audit_fsnotify_init);
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.