audit.c revision eadd99cc85347b4f9eb10122ac90032eb4971b02
1eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa/* 2eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * security/tomoyo/audit.c 3eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * 4eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * Pathname restriction functions. 5eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * 6eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * Copyright (C) 2005-2010 NTT DATA CORPORATION 7eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa */ 8eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa 9eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa#include "common.h" 10eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa#include <linux/slab.h> 11eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa 12eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa/** 13eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * tomoyo_convert_time - Convert time_t to YYYY/MM/DD hh/mm/ss. 14eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * 15eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * @time: Seconds since 1970/01/01 00:00:00. 16eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * @stamp: Pointer to "struct tomoyo_time". 17eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * 18eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * Returns nothing. 19eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * 20eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * This function does not handle Y2038 problem. 21eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa */ 22eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handastatic void tomoyo_convert_time(time_t time, struct tomoyo_time *stamp) 23eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa{ 24eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa static const u16 tomoyo_eom[2][12] = { 25eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa { 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334, 365 }, 26eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa { 31, 60, 91, 121, 152, 182, 213, 244, 274, 305, 335, 366 } 27eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa }; 28eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa u16 y; 29eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa u8 m; 30eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa bool r; 31eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa stamp->sec = time % 60; 32eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa time /= 60; 33eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa stamp->min = time % 60; 34eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa time /= 60; 35eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa stamp->hour = time % 24; 36eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa time /= 24; 37eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa for (y = 1970; ; y++) { 38eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa const unsigned short days = (y & 3) ? 365 : 366; 39eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa if (time < days) 40eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa break; 41eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa time -= days; 42eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa } 43eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa r = (y & 3) == 0; 44eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa for (m = 0; m < 11 && time >= tomoyo_eom[r][m]; m++) 45eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa ; 46eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa if (m) 47eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa time -= tomoyo_eom[r][m - 1]; 48eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa stamp->year = y; 49eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa stamp->month = ++m; 50eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa stamp->day = ++time; 51eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa} 52eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa 53eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa/** 54eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * tomoyo_print_header - Get header line of audit log. 55eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * 56eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * @r: Pointer to "struct tomoyo_request_info". 57eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * 58eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * Returns string representation. 59eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * 60eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * This function uses kmalloc(), so caller must kfree() if this function 61eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * didn't return NULL. 62eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa */ 63eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handastatic char *tomoyo_print_header(struct tomoyo_request_info *r) 64eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa{ 65eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa struct tomoyo_time stamp; 66eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa const pid_t gpid = task_pid_nr(current); 67eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa static const int tomoyo_buffer_len = 4096; 68eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa char *buffer = kmalloc(tomoyo_buffer_len, GFP_NOFS); 69eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa pid_t ppid; 70eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa if (!buffer) 71eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa return NULL; 72eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa { 73eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa struct timeval tv; 74eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa do_gettimeofday(&tv); 75eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa tomoyo_convert_time(tv.tv_sec, &stamp); 76eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa } 77eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa rcu_read_lock(); 78eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa ppid = task_tgid_vnr(current->real_parent); 79eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa rcu_read_unlock(); 80eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa snprintf(buffer, tomoyo_buffer_len - 1, 81eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa "#%04u/%02u/%02u %02u:%02u:%02u# profile=%u mode=%s " 82eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa "granted=%s (global-pid=%u) task={ pid=%u ppid=%u " 83eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa "uid=%u gid=%u euid=%u egid=%u suid=%u sgid=%u " 84eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa "fsuid=%u fsgid=%u }", 85eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa stamp.year, stamp.month, stamp.day, stamp.hour, 86eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa stamp.min, stamp.sec, r->profile, tomoyo_mode[r->mode], 87eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa tomoyo_yesno(r->granted), gpid, task_tgid_vnr(current), ppid, 88eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa current_uid(), current_gid(), current_euid(), current_egid(), 89eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa current_suid(), current_sgid(), current_fsuid(), 90eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa current_fsgid()); 91eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa return buffer; 92eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa} 93eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa 94eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa/** 95eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * tomoyo_init_log - Allocate buffer for audit logs. 96eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * 97eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * @r: Pointer to "struct tomoyo_request_info". 98eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * @len: Buffer size needed for @fmt and @args. 99eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * @fmt: The printf()'s format string. 100eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * @args: va_list structure for @fmt. 101eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * 102eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * Returns pointer to allocated memory. 103eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * 104eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * This function uses kzalloc(), so caller must kfree() if this function 105eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * didn't return NULL. 106eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa */ 107eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handachar *tomoyo_init_log(struct tomoyo_request_info *r, int len, const char *fmt, 108eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa va_list args) 109eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa{ 110eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa char *buf = NULL; 111eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa const char *header = NULL; 112eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa int pos; 113eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa const char *domainname = tomoyo_domain()->domainname->name; 114eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa header = tomoyo_print_header(r); 115eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa if (!header) 116eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa return NULL; 117eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa /* +10 is for '\n' etc. and '\0'. */ 118eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa len += strlen(domainname) + strlen(header) + 10; 119eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa len = tomoyo_round2(len); 120eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa buf = kzalloc(len, GFP_NOFS); 121eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa if (!buf) 122eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa goto out; 123eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa len--; 124eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa pos = snprintf(buf, len, "%s", header); 125eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa pos += snprintf(buf + pos, len - pos, "\n%s\n", domainname); 126eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa vsnprintf(buf + pos, len - pos, fmt, args); 127eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handaout: 128eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa kfree(header); 129eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa return buf; 130eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa} 131eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa 132eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa/* Wait queue for /sys/kernel/security/tomoyo/audit. */ 133eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handastatic DECLARE_WAIT_QUEUE_HEAD(tomoyo_log_wait); 134eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa 135eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa/* Structure for audit log. */ 136eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handastruct tomoyo_log { 137eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa struct list_head list; 138eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa char *log; 139eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa int size; 140eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa}; 141eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa 142eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa/* The list for "struct tomoyo_log". */ 143eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handastatic LIST_HEAD(tomoyo_log); 144eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa 145eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa/* Lock for "struct list_head tomoyo_log". */ 146eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handastatic DEFINE_SPINLOCK(tomoyo_log_lock); 147eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa 148eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa/* Length of "stuct list_head tomoyo_log". */ 149eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handastatic unsigned int tomoyo_log_count; 150eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa 151eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa/** 152eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * tomoyo_get_audit - Get audit mode. 153eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * 154eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * @profile: Profile number. 155eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * @index: Index number of functionality. 156eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * @is_granted: True if granted log, false otherwise. 157eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * 158eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * Returns true if this request should be audited, false otherwise. 159eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa */ 160eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handastatic bool tomoyo_get_audit(const u8 profile, const u8 index, 161eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa const bool is_granted) 162eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa{ 163eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa u8 mode; 164eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa const u8 category = TOMOYO_MAC_CATEGORY_FILE + TOMOYO_MAX_MAC_INDEX; 165eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa struct tomoyo_profile *p; 166eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa if (!tomoyo_policy_loaded) 167eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa return false; 168eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa p = tomoyo_profile(profile); 169eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa if (tomoyo_log_count >= p->pref[TOMOYO_PREF_MAX_AUDIT_LOG]) 170eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa return false; 171eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa mode = p->config[index]; 172eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa if (mode == TOMOYO_CONFIG_USE_DEFAULT) 173eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa mode = p->config[category]; 174eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa if (mode == TOMOYO_CONFIG_USE_DEFAULT) 175eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa mode = p->default_config; 176eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa if (is_granted) 177eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa return mode & TOMOYO_CONFIG_WANT_GRANT_LOG; 178eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa return mode & TOMOYO_CONFIG_WANT_REJECT_LOG; 179eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa} 180eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa 181eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa/** 182eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * tomoyo_write_log2 - Write an audit log. 183eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * 184eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * @r: Pointer to "struct tomoyo_request_info". 185eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * @len: Buffer size needed for @fmt and @args. 186eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * @fmt: The printf()'s format string. 187eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * @args: va_list structure for @fmt. 188eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * 189eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * Returns nothing. 190eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa */ 191eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handavoid tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt, 192eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa va_list args) 193eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa{ 194eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa char *buf; 195eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa struct tomoyo_log *entry; 196eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa bool quota_exceeded = false; 197eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa if (!tomoyo_get_audit(r->profile, r->type, r->granted)) 198eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa goto out; 199eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa buf = tomoyo_init_log(r, len, fmt, args); 200eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa if (!buf) 201eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa goto out; 202eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa entry = kzalloc(sizeof(*entry), GFP_NOFS); 203eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa if (!entry) { 204eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa kfree(buf); 205eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa goto out; 206eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa } 207eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa entry->log = buf; 208eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa len = tomoyo_round2(strlen(buf) + 1); 209eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa /* 210eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * The entry->size is used for memory quota checks. 211eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * Don't go beyond strlen(entry->log). 212eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa */ 213eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa entry->size = len + tomoyo_round2(sizeof(*entry)); 214eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa spin_lock(&tomoyo_log_lock); 215eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa if (tomoyo_memory_quota[TOMOYO_MEMORY_AUDIT] && 216eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa tomoyo_memory_used[TOMOYO_MEMORY_AUDIT] + entry->size >= 217eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa tomoyo_memory_quota[TOMOYO_MEMORY_AUDIT]) { 218eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa quota_exceeded = true; 219eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa } else { 220eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa tomoyo_memory_used[TOMOYO_MEMORY_AUDIT] += entry->size; 221eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa list_add_tail(&entry->list, &tomoyo_log); 222eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa tomoyo_log_count++; 223eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa } 224eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa spin_unlock(&tomoyo_log_lock); 225eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa if (quota_exceeded) { 226eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa kfree(buf); 227eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa kfree(entry); 228eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa goto out; 229eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa } 230eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa wake_up(&tomoyo_log_wait); 231eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handaout: 232eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa return; 233eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa} 234eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa 235eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa/** 236eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * tomoyo_write_log - Write an audit log. 237eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * 238eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * @r: Pointer to "struct tomoyo_request_info". 239eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * @fmt: The printf()'s format string, followed by parameters. 240eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * 241eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * Returns nothing. 242eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa */ 243eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handavoid tomoyo_write_log(struct tomoyo_request_info *r, const char *fmt, ...) 244eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa{ 245eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa va_list args; 246eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa int len; 247eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa va_start(args, fmt); 248eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa len = vsnprintf((char *) &len, 1, fmt, args) + 1; 249eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa va_end(args); 250eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa va_start(args, fmt); 251eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa tomoyo_write_log2(r, len, fmt, args); 252eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa va_end(args); 253eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa} 254eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa 255eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa/** 256eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * tomoyo_read_log - Read an audit log. 257eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * 258eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * @head: Pointer to "struct tomoyo_io_buffer". 259eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * 260eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * Returns nothing. 261eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa */ 262eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handavoid tomoyo_read_log(struct tomoyo_io_buffer *head) 263eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa{ 264eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa struct tomoyo_log *ptr = NULL; 265eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa if (head->r.w_pos) 266eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa return; 267eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa kfree(head->read_buf); 268eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa head->read_buf = NULL; 269eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa spin_lock(&tomoyo_log_lock); 270eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa if (!list_empty(&tomoyo_log)) { 271eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa ptr = list_entry(tomoyo_log.next, typeof(*ptr), list); 272eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa list_del(&ptr->list); 273eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa tomoyo_log_count--; 274eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa tomoyo_memory_used[TOMOYO_MEMORY_AUDIT] -= ptr->size; 275eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa } 276eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa spin_unlock(&tomoyo_log_lock); 277eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa if (ptr) { 278eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa head->read_buf = ptr->log; 279eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa head->r.w[head->r.w_pos++] = head->read_buf; 280eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa kfree(ptr); 281eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa } 282eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa} 283eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa 284eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa/** 285eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * tomoyo_poll_log - Wait for an audit log. 286eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * 287eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * @file: Pointer to "struct file". 288eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * @wait: Pointer to "poll_table". 289eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * 290eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa * Returns POLLIN | POLLRDNORM when ready to read an audit log. 291eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa */ 292eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handaint tomoyo_poll_log(struct file *file, poll_table *wait) 293eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa{ 294eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa if (tomoyo_log_count) 295eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa return POLLIN | POLLRDNORM; 296eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa poll_wait(file, &tomoyo_log_wait, wait); 297eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa if (tomoyo_log_count) 298eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa return POLLIN | POLLRDNORM; 299eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa return 0; 300eadd99cc85347b4f9eb10122ac90032eb4971b02Tetsuo Handa} 301