Lines Matching refs:context
898 static inline void audit_proctitle_free(struct audit_context *context) in audit_proctitle_free() argument
900 kfree(context->proctitle.value); in audit_proctitle_free()
901 context->proctitle.value = NULL; in audit_proctitle_free()
902 context->proctitle.len = 0; in audit_proctitle_free()
905 static inline void audit_free_module(struct audit_context *context) in audit_free_module() argument
907 if (context->type == AUDIT_KERN_MODULE) { in audit_free_module()
908 kfree(context->module.name); in audit_free_module()
909 context->module.name = NULL; in audit_free_module()
912 static inline void audit_free_names(struct audit_context *context) in audit_free_names() argument
916 list_for_each_entry_safe(n, next, &context->names_list, list) { in audit_free_names()
923 context->name_count = 0; in audit_free_names()
924 path_put(&context->pwd); in audit_free_names()
925 context->pwd.dentry = NULL; in audit_free_names()
926 context->pwd.mnt = NULL; in audit_free_names()
929 static inline void audit_free_aux(struct audit_context *context) in audit_free_aux() argument
933 while ((aux = context->aux)) { in audit_free_aux()
934 context->aux = aux->next; in audit_free_aux()
937 context->aux = NULL; in audit_free_aux()
938 while ((aux = context->aux_pids)) { in audit_free_aux()
939 context->aux_pids = aux->next; in audit_free_aux()
942 context->aux_pids = NULL; in audit_free_aux()
960 ctx->context = AUDIT_CTX_UNUSED; in audit_reset_context()
1016 struct audit_context *context; in audit_alloc_context() local
1018 context = kzalloc(sizeof(*context), GFP_KERNEL); in audit_alloc_context()
1019 if (!context) in audit_alloc_context()
1021 context->context = AUDIT_CTX_UNUSED; in audit_alloc_context()
1022 context->state = state; in audit_alloc_context()
1023 context->prio = state == AUDIT_STATE_RECORD ? ~0ULL : 0; in audit_alloc_context()
1024 INIT_LIST_HEAD(&context->killed_trees); in audit_alloc_context()
1025 INIT_LIST_HEAD(&context->names_list); in audit_alloc_context()
1026 context->fds[0] = -1; in audit_alloc_context()
1027 context->return_valid = AUDITSC_INVALID; in audit_alloc_context()
1028 return context; in audit_alloc_context()
1042 struct audit_context *context; in audit_alloc() local
1055 if (!(context = audit_alloc_context(state))) { in audit_alloc()
1060 context->filterkey = key; in audit_alloc()
1062 audit_set_context(tsk, context); in audit_alloc()
1092 static inline void audit_free_context(struct audit_context *context) in audit_free_context() argument
1095 audit_reset_context(context); in audit_free_context()
1096 free_tree_refs(context); in audit_free_context()
1097 kfree(context->filterkey); in audit_free_context()
1098 kfree(context); in audit_free_context()
1101 static int audit_log_pid_context(struct audit_context *context, pid_t pid, in audit_log_pid_context() argument
1110 ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID); in audit_log_pid_context()
1133 static void audit_log_execve_info(struct audit_context *context, in audit_log_execve_info() argument
1170 audit_log_format(*ab, "argc=%d", context->execve.argc); in audit_log_execve_info()
1242 *ab = audit_log_start(context, in audit_log_execve_info()
1299 } while (arg < context->execve.argc); in audit_log_execve_info()
1334 static void show_special(struct audit_context *context, int *call_panic) in show_special() argument
1339 ab = audit_log_start(context, GFP_KERNEL, context->type); in show_special()
1343 switch (context->type) { in show_special()
1345 int nargs = context->socketcall.nargs; in show_special()
1350 context->socketcall.args[i]); in show_special()
1353 u32 osid = context->ipc.osid; in show_special()
1356 from_kuid(&init_user_ns, context->ipc.uid), in show_special()
1357 from_kgid(&init_user_ns, context->ipc.gid), in show_special()
1358 context->ipc.mode); in show_special()
1371 if (context->ipc.has_perm) { in show_special()
1373 ab = audit_log_start(context, GFP_KERNEL, in show_special()
1379 context->ipc.qbytes, in show_special()
1380 context->ipc.perm_uid, in show_special()
1381 context->ipc.perm_gid, in show_special()
1382 context->ipc.perm_mode); in show_special()
1389 context->mq_open.oflag, context->mq_open.mode, in show_special()
1390 context->mq_open.attr.mq_flags, in show_special()
1391 context->mq_open.attr.mq_maxmsg, in show_special()
1392 context->mq_open.attr.mq_msgsize, in show_special()
1393 context->mq_open.attr.mq_curmsgs); in show_special()
1399 context->mq_sendrecv.mqdes, in show_special()
1400 context->mq_sendrecv.msg_len, in show_special()
1401 context->mq_sendrecv.msg_prio, in show_special()
1402 (long long) context->mq_sendrecv.abs_timeout.tv_sec, in show_special()
1403 context->mq_sendrecv.abs_timeout.tv_nsec); in show_special()
1407 context->mq_notify.mqdes, in show_special()
1408 context->mq_notify.sigev_signo); in show_special()
1411 struct mq_attr *attr = &context->mq_getsetattr.mqstat; in show_special()
1416 context->mq_getsetattr.mqdes, in show_special()
1421 audit_log_format(ab, "pid=%d", context->capset.pid); in show_special()
1422 audit_log_cap(ab, "cap_pi", &context->capset.cap.inheritable); in show_special()
1423 audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted); in show_special()
1424 audit_log_cap(ab, "cap_pe", &context->capset.cap.effective); in show_special()
1425 audit_log_cap(ab, "cap_pa", &context->capset.cap.ambient); in show_special()
1428 audit_log_format(ab, "fd=%d flags=0x%x", context->mmap.fd, in show_special()
1429 context->mmap.flags); in show_special()
1433 context->openat2.flags, in show_special()
1434 context->openat2.mode, in show_special()
1435 context->openat2.resolve); in show_special()
1438 audit_log_execve_info(context, &ab); in show_special()
1442 if (context->module.name) { in show_special()
1443 audit_log_untrustedstring(ab, context->module.name); in show_special()
1473 static void audit_log_name(struct audit_context *context, struct audit_names *n, in audit_log_name() argument
1478 ab = audit_log_start(context, GFP_KERNEL, AUDIT_PATH); in audit_log_name()
1497 if (context->pwd.dentry && context->pwd.mnt) in audit_log_name()
1498 audit_log_d_path(ab, " name=", &context->pwd); in audit_log_name()
1565 struct audit_context *context = audit_context(); in audit_log_proctitle() local
1568 ab = audit_log_start(context, GFP_KERNEL, AUDIT_PROCTITLE); in audit_log_proctitle()
1575 if (!context->proctitle.value) { in audit_log_proctitle()
1590 context->proctitle.value = buf; in audit_log_proctitle()
1591 context->proctitle.len = res; in audit_log_proctitle()
1593 msg = context->proctitle.value; in audit_log_proctitle()
1594 len = context->proctitle.len; in audit_log_proctitle()
1641 struct audit_context *context = audit_context(); in audit_log_exit() local
1646 context->personality = current->personality; in audit_log_exit()
1648 switch (context->context) { in audit_log_exit()
1650 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL); in audit_log_exit()
1654 context->arch, context->major); in audit_log_exit()
1655 if (context->personality != PER_LINUX) in audit_log_exit()
1656 audit_log_format(ab, " per=%lx", context->personality); in audit_log_exit()
1657 if (context->return_valid != AUDITSC_INVALID) in audit_log_exit()
1659 (context->return_valid == AUDITSC_SUCCESS ? in audit_log_exit()
1661 context->return_code); in audit_log_exit()
1664 context->argv[0], in audit_log_exit()
1665 context->argv[1], in audit_log_exit()
1666 context->argv[2], in audit_log_exit()
1667 context->argv[3], in audit_log_exit()
1668 context->name_count); in audit_log_exit()
1670 audit_log_key(ab, context->filterkey); in audit_log_exit()
1674 audit_log_uring(context); in audit_log_exit()
1681 for (aux = context->aux; aux; aux = aux->next) { in audit_log_exit()
1683 ab = audit_log_start(context, GFP_KERNEL, aux->type); in audit_log_exit()
1713 if (context->type) in audit_log_exit()
1714 show_special(context, &call_panic); in audit_log_exit()
1716 if (context->fds[0] >= 0) { in audit_log_exit()
1717 ab = audit_log_start(context, GFP_KERNEL, AUDIT_FD_PAIR); in audit_log_exit()
1720 context->fds[0], context->fds[1]); in audit_log_exit()
1725 if (context->sockaddr_len) { in audit_log_exit()
1726 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SOCKADDR); in audit_log_exit()
1729 audit_log_n_hex(ab, (void *)context->sockaddr, in audit_log_exit()
1730 context->sockaddr_len); in audit_log_exit()
1735 for (aux = context->aux_pids; aux; aux = aux->next) { in audit_log_exit()
1739 if (audit_log_pid_context(context, axs->target_pid[i], in audit_log_exit()
1748 if (context->target_pid && in audit_log_exit()
1749 audit_log_pid_context(context, context->target_pid, in audit_log_exit()
1750 context->target_auid, context->target_uid, in audit_log_exit()
1751 context->target_sessionid, in audit_log_exit()
1752 context->target_sid, context->target_comm)) in audit_log_exit()
1755 if (context->pwd.dentry && context->pwd.mnt) { in audit_log_exit()
1756 ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD); in audit_log_exit()
1758 audit_log_d_path(ab, "cwd=", &context->pwd); in audit_log_exit()
1764 list_for_each_entry(n, &context->names_list, list) { in audit_log_exit()
1767 audit_log_name(context, n, NULL, i++, &call_panic); in audit_log_exit()
1770 if (context->context == AUDIT_CTX_SYSCALL) in audit_log_exit()
1774 ab = audit_log_start(context, GFP_KERNEL, AUDIT_EOE); in audit_log_exit()
1789 struct audit_context *context = tsk->audit_context; in __audit_free() local
1791 if (!context) in __audit_free()
1795 if (!list_empty(&context->killed_trees)) in __audit_free()
1796 audit_kill_trees(context); in __audit_free()
1803 if (tsk == current && !context->dummy) { in __audit_free()
1804 context->return_valid = AUDITSC_INVALID; in __audit_free()
1805 context->return_code = 0; in __audit_free()
1806 if (context->context == AUDIT_CTX_SYSCALL) { in __audit_free()
1807 audit_filter_syscall(tsk, context); in __audit_free()
1808 audit_filter_inodes(tsk, context); in __audit_free()
1809 if (context->current_state == AUDIT_STATE_RECORD) in __audit_free()
1811 } else if (context->context == AUDIT_CTX_URING) { in __audit_free()
1813 audit_filter_uring(tsk, context); in __audit_free()
1814 audit_filter_inodes(tsk, context); in __audit_free()
1815 if (context->current_state == AUDIT_STATE_RECORD) in __audit_free()
1816 audit_log_uring(context); in __audit_free()
1821 audit_free_context(context); in __audit_free()
1875 if (ctx->context == AUDIT_CTX_SYSCALL) in __audit_uring_entry()
1882 ctx->context = AUDIT_CTX_URING; in __audit_uring_entry()
1901 if (ctx->context == AUDIT_CTX_SYSCALL) { in __audit_uring_exit()
1968 struct audit_context *context = audit_context(); in __audit_syscall_entry() local
1971 if (!audit_enabled || !context) in __audit_syscall_entry()
1974 WARN_ON(context->context != AUDIT_CTX_UNUSED); in __audit_syscall_entry()
1975 WARN_ON(context->name_count); in __audit_syscall_entry()
1976 if (context->context != AUDIT_CTX_UNUSED || context->name_count) { in __audit_syscall_entry()
1981 state = context->state; in __audit_syscall_entry()
1985 context->dummy = !audit_n_rules; in __audit_syscall_entry()
1986 if (!context->dummy && state == AUDIT_STATE_BUILD) { in __audit_syscall_entry()
1987 context->prio = 0; in __audit_syscall_entry()
1992 context->arch = syscall_get_arch(current); in __audit_syscall_entry()
1993 context->major = major; in __audit_syscall_entry()
1994 context->argv[0] = a1; in __audit_syscall_entry()
1995 context->argv[1] = a2; in __audit_syscall_entry()
1996 context->argv[2] = a3; in __audit_syscall_entry()
1997 context->argv[3] = a4; in __audit_syscall_entry()
1998 context->context = AUDIT_CTX_SYSCALL; in __audit_syscall_entry()
1999 context->current_state = state; in __audit_syscall_entry()
2000 ktime_get_coarse_real_ts64(&context->ctime); in __audit_syscall_entry()
2016 struct audit_context *context = audit_context(); in __audit_syscall_exit() local
2018 if (!context || context->dummy || in __audit_syscall_exit()
2019 context->context != AUDIT_CTX_SYSCALL) in __audit_syscall_exit()
2023 if (!list_empty(&context->killed_trees)) in __audit_syscall_exit()
2024 audit_kill_trees(context); in __audit_syscall_exit()
2027 audit_filter_syscall(current, context); in __audit_syscall_exit()
2028 audit_filter_inodes(current, context); in __audit_syscall_exit()
2029 if (context->current_state < AUDIT_STATE_RECORD) in __audit_syscall_exit()
2032 audit_return_fixup(context, success, return_code); in __audit_syscall_exit()
2036 audit_reset_context(context); in __audit_syscall_exit()
2041 struct audit_context *context; in handle_one() local
2048 context = audit_context(); in handle_one()
2049 p = context->trees; in handle_one()
2050 count = context->tree_count; in handle_one()
2056 if (likely(put_tree_ref(context, chunk))) in handle_one()
2058 if (unlikely(!grow_tree_refs(context))) { in handle_one()
2060 audit_set_auditable(context); in handle_one()
2062 unroll_tree_refs(context, p, count); in handle_one()
2065 put_tree_ref(context, chunk); in handle_one()
2070 struct audit_context *context; in handle_path() local
2077 context = audit_context(); in handle_path()
2078 p = context->trees; in handle_path()
2079 count = context->tree_count; in handle_path()
2093 if (unlikely(!put_tree_ref(context, chunk))) { in handle_path()
2108 unroll_tree_refs(context, p, count); in handle_path()
2112 if (grow_tree_refs(context)) { in handle_path()
2114 unroll_tree_refs(context, p, count); in handle_path()
2119 unroll_tree_refs(context, p, count); in handle_path()
2120 audit_set_auditable(context); in handle_path()
2126 static struct audit_names *audit_alloc_name(struct audit_context *context, in audit_alloc_name() argument
2131 if (context->name_count < AUDIT_NAMES) { in audit_alloc_name()
2132 aname = &context->preallocated_names[context->name_count]; in audit_alloc_name()
2143 list_add_tail(&aname->list, &context->names_list); in audit_alloc_name()
2145 context->name_count++; in audit_alloc_name()
2146 if (!context->pwd.dentry) in audit_alloc_name()
2147 get_fs_pwd(current->fs, &context->pwd); in audit_alloc_name()
2162 struct audit_context *context = audit_context(); in __audit_reusename() local
2165 list_for_each_entry(n, &context->names_list, list) { in __audit_reusename()
2185 struct audit_context *context = audit_context(); in __audit_getname() local
2188 if (context->context == AUDIT_CTX_UNUSED) in __audit_getname()
2191 n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN); in __audit_getname()
2252 struct audit_context *context = audit_context(); in __audit_inode() local
2260 if (context->context == AUDIT_CTX_UNUSED) in __audit_inode()
2298 list_for_each_entry_reverse(n, &context->names_list, list) { in __audit_inode()
2325 n = audit_alloc_name(context, AUDIT_TYPE_UNKNOWN); in __audit_inode()
2370 struct audit_context *context = audit_context(); in __audit_inode_child() local
2378 if (context->context == AUDIT_CTX_UNUSED) in __audit_inode_child()
2401 list_for_each_entry(n, &context->names_list, list) { in __audit_inode_child()
2418 list_for_each_entry(n, &context->names_list, list) { in __audit_inode_child()
2438 n = audit_alloc_name(context, AUDIT_TYPE_PARENT); in __audit_inode_child()
2445 found_child = audit_alloc_name(context, type); in __audit_inode_child()
2477 if (ctx->context == AUDIT_CTX_UNUSED) in auditsc_get_stamp()
2500 struct audit_context *context = audit_context(); in __audit_mq_open() local
2503 memcpy(&context->mq_open.attr, attr, sizeof(struct mq_attr)); in __audit_mq_open()
2505 memset(&context->mq_open.attr, 0, sizeof(struct mq_attr)); in __audit_mq_open()
2507 context->mq_open.oflag = oflag; in __audit_mq_open()
2508 context->mq_open.mode = mode; in __audit_mq_open()
2510 context->type = AUDIT_MQ_OPEN; in __audit_mq_open()
2524 struct audit_context *context = audit_context(); in __audit_mq_sendrecv() local
2525 struct timespec64 *p = &context->mq_sendrecv.abs_timeout; in __audit_mq_sendrecv()
2532 context->mq_sendrecv.mqdes = mqdes; in __audit_mq_sendrecv()
2533 context->mq_sendrecv.msg_len = msg_len; in __audit_mq_sendrecv()
2534 context->mq_sendrecv.msg_prio = msg_prio; in __audit_mq_sendrecv()
2536 context->type = AUDIT_MQ_SENDRECV; in __audit_mq_sendrecv()
2548 struct audit_context *context = audit_context(); in __audit_mq_notify() local
2551 context->mq_notify.sigev_signo = notification->sigev_signo; in __audit_mq_notify()
2553 context->mq_notify.sigev_signo = 0; in __audit_mq_notify()
2555 context->mq_notify.mqdes = mqdes; in __audit_mq_notify()
2556 context->type = AUDIT_MQ_NOTIFY; in __audit_mq_notify()
2567 struct audit_context *context = audit_context(); in __audit_mq_getsetattr() local
2569 context->mq_getsetattr.mqdes = mqdes; in __audit_mq_getsetattr()
2570 context->mq_getsetattr.mqstat = *mqstat; in __audit_mq_getsetattr()
2571 context->type = AUDIT_MQ_GETSETATTR; in __audit_mq_getsetattr()
2581 struct audit_context *context = audit_context(); in __audit_ipc_obj() local
2583 context->ipc.uid = ipcp->uid; in __audit_ipc_obj()
2584 context->ipc.gid = ipcp->gid; in __audit_ipc_obj()
2585 context->ipc.mode = ipcp->mode; in __audit_ipc_obj()
2586 context->ipc.has_perm = 0; in __audit_ipc_obj()
2587 security_ipc_getsecid(ipcp, &context->ipc.osid); in __audit_ipc_obj()
2588 context->type = AUDIT_IPC; in __audit_ipc_obj()
2602 struct audit_context *context = audit_context(); in __audit_ipc_set_perm() local
2604 context->ipc.qbytes = qbytes; in __audit_ipc_set_perm()
2605 context->ipc.perm_uid = uid; in __audit_ipc_set_perm()
2606 context->ipc.perm_gid = gid; in __audit_ipc_set_perm()
2607 context->ipc.perm_mode = mode; in __audit_ipc_set_perm()
2608 context->ipc.has_perm = 1; in __audit_ipc_set_perm()
2613 struct audit_context *context = audit_context(); in __audit_bprm() local
2615 context->type = AUDIT_EXECVE; in __audit_bprm()
2616 context->execve.argc = bprm->argc; in __audit_bprm()
2628 struct audit_context *context = audit_context(); in __audit_socketcall() local
2632 context->type = AUDIT_SOCKETCALL; in __audit_socketcall()
2633 context->socketcall.nargs = nargs; in __audit_socketcall()
2634 memcpy(context->socketcall.args, args, nargs * sizeof(unsigned long)); in __audit_socketcall()
2646 struct audit_context *context = audit_context(); in __audit_fd_pair() local
2648 context->fds[0] = fd1; in __audit_fd_pair()
2649 context->fds[1] = fd2; in __audit_fd_pair()
2661 struct audit_context *context = audit_context(); in __audit_sockaddr() local
2663 if (!context->sockaddr) { in __audit_sockaddr()
2668 context->sockaddr = p; in __audit_sockaddr()
2671 context->sockaddr_len = len; in __audit_sockaddr()
2672 memcpy(context->sockaddr, a, len); in __audit_sockaddr()
2678 struct audit_context *context = audit_context(); in __audit_ptrace() local
2680 context->target_pid = task_tgid_nr(t); in __audit_ptrace()
2681 context->target_auid = audit_get_loginuid(t); in __audit_ptrace()
2682 context->target_uid = task_uid(t); in __audit_ptrace()
2683 context->target_sessionid = audit_get_sessionid(t); in __audit_ptrace()
2684 security_task_getsecid_obj(t, &context->target_sid); in __audit_ptrace()
2685 memcpy(context->target_comm, t->comm, TASK_COMM_LEN); in __audit_ptrace()
2754 struct audit_context *context = audit_context(); in __audit_log_bprm_fcaps() local
2762 ax->d.next = context->aux; in __audit_log_bprm_fcaps()
2763 context->aux = (void *)ax; in __audit_log_bprm_fcaps()
2796 struct audit_context *context = audit_context(); in __audit_log_capset() local
2798 context->capset.pid = task_tgid_nr(current); in __audit_log_capset()
2799 context->capset.cap.effective = new->cap_effective; in __audit_log_capset()
2800 context->capset.cap.inheritable = new->cap_effective; in __audit_log_capset()
2801 context->capset.cap.permitted = new->cap_permitted; in __audit_log_capset()
2802 context->capset.cap.ambient = new->cap_ambient; in __audit_log_capset()
2803 context->type = AUDIT_CAPSET; in __audit_log_capset()
2808 struct audit_context *context = audit_context(); in __audit_mmap_fd() local
2810 context->mmap.fd = fd; in __audit_mmap_fd()
2811 context->mmap.flags = flags; in __audit_mmap_fd()
2812 context->type = AUDIT_MMAP; in __audit_mmap_fd()
2817 struct audit_context *context = audit_context(); in __audit_openat2_how() local
2819 context->openat2.flags = how->flags; in __audit_openat2_how()
2820 context->openat2.mode = how->mode; in __audit_openat2_how()
2821 context->openat2.resolve = how->resolve; in __audit_openat2_how()
2822 context->type = AUDIT_OPENAT2; in __audit_openat2_how()
2827 struct audit_context *context = audit_context(); in __audit_log_kern_module() local
2829 context->module.name = kstrdup(name, GFP_KERNEL); in __audit_log_kern_module()
2830 if (!context->module.name) in __audit_log_kern_module()
2832 context->type = AUDIT_KERN_MODULE; in __audit_log_kern_module()
2985 if (likely(!ctx || ctx->context == AUDIT_CTX_UNUSED)) in audit_killed_trees()