On Thu, May 24, 2018 at 4:11 PM, Stefan Berger
<stefanb@xxxxxxxxxxxxxxxxxx> wrote:
> Implement audit_log_tty() so that IMA can add tty= to its audit records.
>
> Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx>
> ---
> include/linux/audit.h | 5 +++++
> kernel/audit.c | 8 ++++++++
> 2 files changed, 13 insertions(+)
>
> diff --git a/include/linux/audit.h b/include/linux/audit.h
> index 90aa63ddc9be..2deb76c74d10 100644
> --- a/include/linux/audit.h
> +++ b/include/linux/audit.h
> @@ -154,6 +154,7 @@ extern void audit_log_task_info(struct audit_buffer *ab,
> struct task_struct *tsk);
>
> extern int audit_update_lsm_rules(void);
> +extern void audit_log_tty(struct audit_buffer *ab, struct task_struct *tsk);
>
> /* Private API (for audit.c only) */
> extern int audit_rule_change(int type, int seq, void *data, size_t datasz);
> @@ -202,6 +203,10 @@ static inline int audit_log_task_context(struct audit_buffer *ab)
> static inline void audit_log_task_info(struct audit_buffer *ab,
> struct task_struct *tsk)
> { }
> +
> +static inline void audit_log_tty(struct audit_buffer *ab,
> + struct task_struct *tsk)
> +{ }
> #define audit_enabled 0
> #endif /* CONFIG_AUDIT */
>
> diff --git a/kernel/audit.c b/kernel/audit.c
> index 670665c6e2a6..fa54695962b4 100644
> --- a/kernel/audit.c
> +++ b/kernel/audit.c
> @@ -2305,6 +2305,14 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk)
> }
> EXPORT_SYMBOL(audit_log_task_info);
>
> +void audit_log_tty(struct audit_buffer *ab, struct task_struct *tsk)
> +{
> + struct tty_struct *tty = audit_get_tty(tsk);
> +
> + audit_log_format(ab, " tty=%s", tty ? tty_name(tty) : "(none)");
> + audit_put_tty(tty);
> +}
Perhaps I missed it, but your IMA patches only ever call this to log
current's tty, yes? If so, I would prefer if we dropped the
task_struct argument and always had audit_log_tty() use current.
--
paul moore
www.paul-moore.com
