[RFC][PATCH] add security label to user messages
Hello,
This is a quicky patch to add security label info to user messages,
please take a look over it and let me know if there are objections.
Thanks.
-tim
diff --git a/kernel/audit.c b/kernel/audit.c
index d95efd6..576078b 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -54,6 +54,7 @@
#include <net/sock.h>
#include <linux/skbuff.h>
#include <linux/netlink.h>
+#include <linux/sched.h>
/* No auditing will take place until audit_initialized != 0.
* (Initialization happens after skb_init is called.) */
@@ -136,6 +137,8 @@ struct audit_buffer {
gfp_t gfp_mask;
};
+extern void audit_log_task_context(struct task_struct *tsk, struct audit_buffer *ab);
+
static void audit_set_pid(struct audit_buffer *ab, pid_t pid)
{
struct nlmsghdr *nlh = (struct nlmsghdr *)ab->skb->data;
@@ -391,6 +394,7 @@ static int audit_receive_msg(struct sk_b
u16 msg_type = nlh->nlmsg_type;
uid_t loginuid; /* loginuid of sender */
struct audit_sig_info sig_data;
+ struct task_struct *tsk;
err = audit_netlink_ok(NETLINK_CB(skb).eff_cap, msg_type);
if (err)
@@ -464,6 +468,13 @@ static int audit_receive_msg(struct sk_b
"user pid=%d uid=%u auid=%u msg='%.1024s'",
pid, uid, loginuid, (char *)data);
audit_set_pid(ab, pid);
+ read_lock(&tasklist_lock);
+ tsk = find_task_by_pid(pid);
+ if (tsk)
+ get_task_struct(tsk);
+ read_unlock(&tasklist_lock);
+ audit_log_task_context(tsk, ab);
+ put_task_struct(tsk);
audit_log_end(ab);
}
}
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 8f0a61c..689bac3 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -503,12 +503,12 @@ static inline void audit_free_context(st
printk(KERN_ERR "audit: freed %d contexts\n", count);
}
-static void audit_log_task_context(struct audit_buffer *ab)
+void audit_log_task_context(struct task_struct *tsk, struct audit_buffer *ab)
{
char *ctx = NULL;
ssize_t len = 0;
- len = security_getprocattr(current, "current", NULL, 0);
+ len = security_getprocattr(tsk, "current", NULL, 0);
if (len < 0) {
if (len != -EINVAL)
goto error_path;
@@ -519,7 +519,7 @@ static void audit_log_task_context(struc
if (!ctx)
goto error_path;
- len = security_getprocattr(current, "current", ctx, len);
+ len = security_getprocattr(tsk, "current", ctx, len);
if (len < 0 )
goto error_path;
@@ -559,7 +559,7 @@ static void audit_log_task_info(struct a
vma = vma->vm_next;
}
up_read(&mm->mmap_sem);
- audit_log_task_context(ab);
+ audit_log_task_context(current, ab);
}
static void audit_log_exit(struct audit_context *context, gfp_t gfp_mask)