2 * security/tomoyo/audit.c
4 * Pathname restriction functions.
6 * Copyright (C) 2005-2010 NTT DATA CORPORATION
10 #include <linux/slab.h>
13 * tomoyo_convert_time - Convert time_t to YYYY/MM/DD hh/mm/ss.
15 * @time: Seconds since 1970/01/01 00:00:00.
16 * @stamp: Pointer to "struct tomoyo_time".
20 * This function does not handle Y2038 problem.
22 static void tomoyo_convert_time(time_t time
, struct tomoyo_time
*stamp
)
24 static const u16 tomoyo_eom
[2][12] = {
25 { 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, 365 },
26 { 31, 60, 91, 121, 152, 182, 213, 244, 274, 305, 335, 366 }
31 stamp
->sec
= time
% 60;
33 stamp
->min
= time
% 60;
35 stamp
->hour
= time
% 24;
37 for (y
= 1970; ; y
++) {
38 const unsigned short days
= (y
& 3) ? 365 : 366;
44 for (m
= 0; m
< 11 && time
>= tomoyo_eom
[r
][m
]; m
++)
47 time
-= tomoyo_eom
[r
][m
- 1];
54 * tomoyo_print_header - Get header line of audit log.
56 * @r: Pointer to "struct tomoyo_request_info".
58 * Returns string representation.
60 * This function uses kmalloc(), so caller must kfree() if this function
63 static char *tomoyo_print_header(struct tomoyo_request_info
*r
)
65 struct tomoyo_time stamp
;
66 const pid_t gpid
= task_pid_nr(current
);
67 static const int tomoyo_buffer_len
= 4096;
68 char *buffer
= kmalloc(tomoyo_buffer_len
, GFP_NOFS
);
75 tomoyo_convert_time(tv
.tv_sec
, &stamp
);
78 ppid
= task_tgid_vnr(current
->real_parent
);
80 snprintf(buffer
, tomoyo_buffer_len
- 1,
81 "#%04u/%02u/%02u %02u:%02u:%02u# profile=%u mode=%s "
82 "granted=%s (global-pid=%u) task={ pid=%u ppid=%u "
83 "uid=%u gid=%u euid=%u egid=%u suid=%u sgid=%u "
84 "fsuid=%u fsgid=%u }",
85 stamp
.year
, stamp
.month
, stamp
.day
, stamp
.hour
,
86 stamp
.min
, stamp
.sec
, r
->profile
, tomoyo_mode
[r
->mode
],
87 tomoyo_yesno(r
->granted
), gpid
, task_tgid_vnr(current
), ppid
,
88 current_uid(), current_gid(), current_euid(), current_egid(),
89 current_suid(), current_sgid(), current_fsuid(),
95 * tomoyo_init_log - Allocate buffer for audit logs.
97 * @r: Pointer to "struct tomoyo_request_info".
98 * @len: Buffer size needed for @fmt and @args.
99 * @fmt: The printf()'s format string.
100 * @args: va_list structure for @fmt.
102 * Returns pointer to allocated memory.
104 * This function uses kzalloc(), so caller must kfree() if this function
105 * didn't return NULL.
107 char *tomoyo_init_log(struct tomoyo_request_info
*r
, int len
, const char *fmt
,
111 const char *header
= NULL
;
113 const char *domainname
= tomoyo_domain()->domainname
->name
;
114 header
= tomoyo_print_header(r
);
117 /* +10 is for '\n' etc. and '\0'. */
118 len
+= strlen(domainname
) + strlen(header
) + 10;
119 len
= tomoyo_round2(len
);
120 buf
= kzalloc(len
, GFP_NOFS
);
124 pos
= snprintf(buf
, len
, "%s", header
);
125 pos
+= snprintf(buf
+ pos
, len
- pos
, "\n%s\n", domainname
);
126 vsnprintf(buf
+ pos
, len
- pos
, fmt
, args
);
132 /* Wait queue for /sys/kernel/security/tomoyo/audit. */
133 static DECLARE_WAIT_QUEUE_HEAD(tomoyo_log_wait
);
135 /* Structure for audit log. */
137 struct list_head list
;
142 /* The list for "struct tomoyo_log". */
143 static LIST_HEAD(tomoyo_log
);
145 /* Lock for "struct list_head tomoyo_log". */
146 static DEFINE_SPINLOCK(tomoyo_log_lock
);
148 /* Length of "stuct list_head tomoyo_log". */
149 static unsigned int tomoyo_log_count
;
152 * tomoyo_get_audit - Get audit mode.
154 * @ns: Pointer to "struct tomoyo_policy_namespace".
155 * @profile: Profile number.
156 * @index: Index number of functionality.
157 * @is_granted: True if granted log, false otherwise.
159 * Returns true if this request should be audited, false otherwise.
161 static bool tomoyo_get_audit(const struct tomoyo_policy_namespace
*ns
,
162 const u8 profile
, const u8 index
,
163 const bool is_granted
)
166 const u8 category
= tomoyo_index2category
[index
] +
167 TOMOYO_MAX_MAC_INDEX
;
168 struct tomoyo_profile
*p
;
169 if (!tomoyo_policy_loaded
)
171 p
= tomoyo_profile(ns
, profile
);
172 if (tomoyo_log_count
>= p
->pref
[TOMOYO_PREF_MAX_AUDIT_LOG
])
174 mode
= p
->config
[index
];
175 if (mode
== TOMOYO_CONFIG_USE_DEFAULT
)
176 mode
= p
->config
[category
];
177 if (mode
== TOMOYO_CONFIG_USE_DEFAULT
)
178 mode
= p
->default_config
;
180 return mode
& TOMOYO_CONFIG_WANT_GRANT_LOG
;
181 return mode
& TOMOYO_CONFIG_WANT_REJECT_LOG
;
185 * tomoyo_write_log2 - Write an audit log.
187 * @r: Pointer to "struct tomoyo_request_info".
188 * @len: Buffer size needed for @fmt and @args.
189 * @fmt: The printf()'s format string.
190 * @args: va_list structure for @fmt.
194 void tomoyo_write_log2(struct tomoyo_request_info
*r
, int len
, const char *fmt
,
198 struct tomoyo_log
*entry
;
199 bool quota_exceeded
= false;
200 if (!tomoyo_get_audit(r
->domain
->ns
, r
->profile
, r
->type
, r
->granted
))
202 buf
= tomoyo_init_log(r
, len
, fmt
, args
);
205 entry
= kzalloc(sizeof(*entry
), GFP_NOFS
);
211 len
= tomoyo_round2(strlen(buf
) + 1);
213 * The entry->size is used for memory quota checks.
214 * Don't go beyond strlen(entry->log).
216 entry
->size
= len
+ tomoyo_round2(sizeof(*entry
));
217 spin_lock(&tomoyo_log_lock
);
218 if (tomoyo_memory_quota
[TOMOYO_MEMORY_AUDIT
] &&
219 tomoyo_memory_used
[TOMOYO_MEMORY_AUDIT
] + entry
->size
>=
220 tomoyo_memory_quota
[TOMOYO_MEMORY_AUDIT
]) {
221 quota_exceeded
= true;
223 tomoyo_memory_used
[TOMOYO_MEMORY_AUDIT
] += entry
->size
;
224 list_add_tail(&entry
->list
, &tomoyo_log
);
227 spin_unlock(&tomoyo_log_lock
);
228 if (quota_exceeded
) {
233 wake_up(&tomoyo_log_wait
);
239 * tomoyo_write_log - Write an audit log.
241 * @r: Pointer to "struct tomoyo_request_info".
242 * @fmt: The printf()'s format string, followed by parameters.
246 void tomoyo_write_log(struct tomoyo_request_info
*r
, const char *fmt
, ...)
251 len
= vsnprintf((char *) &len
, 1, fmt
, args
) + 1;
254 tomoyo_write_log2(r
, len
, fmt
, args
);
259 * tomoyo_read_log - Read an audit log.
261 * @head: Pointer to "struct tomoyo_io_buffer".
265 void tomoyo_read_log(struct tomoyo_io_buffer
*head
)
267 struct tomoyo_log
*ptr
= NULL
;
270 kfree(head
->read_buf
);
271 head
->read_buf
= NULL
;
272 spin_lock(&tomoyo_log_lock
);
273 if (!list_empty(&tomoyo_log
)) {
274 ptr
= list_entry(tomoyo_log
.next
, typeof(*ptr
), list
);
275 list_del(&ptr
->list
);
277 tomoyo_memory_used
[TOMOYO_MEMORY_AUDIT
] -= ptr
->size
;
279 spin_unlock(&tomoyo_log_lock
);
281 head
->read_buf
= ptr
->log
;
282 head
->r
.w
[head
->r
.w_pos
++] = head
->read_buf
;
288 * tomoyo_poll_log - Wait for an audit log.
290 * @file: Pointer to "struct file".
291 * @wait: Pointer to "poll_table".
293 * Returns POLLIN | POLLRDNORM when ready to read an audit log.
295 int tomoyo_poll_log(struct file
*file
, poll_table
*wait
)
297 if (tomoyo_log_count
)
298 return POLLIN
| POLLRDNORM
;
299 poll_wait(file
, &tomoyo_log_wait
, wait
);
300 if (tomoyo_log_count
)
301 return POLLIN
| POLLRDNORM
;