Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp2948279imm; Thu, 24 May 2018 19:41:25 -0700 (PDT) X-Google-Smtp-Source: AB8JxZqRM2UmzJwLmHDyemXa8sKDY+r/zn/g9oOj77OJXsO/F6vb5LaEdeqLd7mXmMRCDs+nsD91 X-Received: by 2002:a17:902:31a4:: with SMTP id x33-v6mr589806plb.355.1527216085102; Thu, 24 May 2018 19:41:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527216085; cv=none; d=google.com; s=arc-20160816; b=l2JuZ2/UrisiwSdscDRk+TXazzuuU62ah/zlqeZcGYmsmaojUeUI29VmTEaexQNRf6 EFaDZnUCA4WRvzy8s7kw3mOOMnaN38Pyu6lZBXOLc1OLKXlz8T+QOdGGHir7f3Cp67K1 C+zGfhUApmyKWolcHLQG4BDopLZRVpnHtQa88X+5RSHH7HXwFfXFY7m0WhIhOxWn4XpA 3W4bJ2zK9zUwHHPELx3rcph/34D0w9e7Z0/xrEOzuftJA1LUs3jB2INKMW+RO+nNBpGn mv6zENYKTb+CtV6W1zY6+vLR8JMRrK7wZpTM7b9z09qakSwUVeGRc/4o/LJHiGsgCQfD dV3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:references:in-reply-to:date :subject:cc:to:from:arc-authentication-results; bh=PYWAABbY1TvTupCPdLTMMNd+SP+1jEU4YGejyNviH/k=; b=XUKcbqKLMYU/GmjEeZVRo7Fuj7P2kBYOj0gqNC0WdRZioluWbbmtqMctpdZNJbOP9Y w2igRV9TBgoqR2Wedc6AlKCmkjYx5Hc2g8ufUYWgUxZXzr3+d5NXWR+AlsGM4pxy3ejn ynqgnhg+Qvo7a4upww6bb5W0NtURi9B3hzV7GsTIl3YKghAHhg9gSlIfKwvZstyGgLwJ HlZXhkTS21SHCTM29mDNzkCwhCy384ywgszSJhQVl69e07B6Z7LifaU4Yhe1RfIzzmNP eYTFPUcrjOfYRX7kd8b5DU25ijA8lNY1vqoVIhDSW6+6lUXlent9uooDTEfkaugx8R9k mlrw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i15-v6si5220364pgr.566.2018.05.24.19.41.10; Thu, 24 May 2018 19:41:25 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S968956AbeEXULS (ORCPT + 99 others); Thu, 24 May 2018 16:11:18 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:42386 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S967771AbeEXULO (ORCPT ); Thu, 24 May 2018 16:11:14 -0400 Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w4OK4EGg145017 for ; Thu, 24 May 2018 16:11:14 -0400 Received: from e18.ny.us.ibm.com (e18.ny.us.ibm.com [129.33.205.208]) by mx0a-001b2d01.pphosted.com with ESMTP id 2j61p9xbh1-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 24 May 2018 16:11:13 -0400 Received: from localhost by e18.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 24 May 2018 16:11:12 -0400 Received: from b01cxnp22035.gho.pok.ibm.com (9.57.198.25) by e18.ny.us.ibm.com (146.89.104.205) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Thu, 24 May 2018 16:11:10 -0400 Received: from b01ledav006.gho.pok.ibm.com (b01ledav006.gho.pok.ibm.com [9.57.199.111]) by b01cxnp22035.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w4OKB9HF8716816 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Thu, 24 May 2018 20:11:09 GMT Received: from b01ledav006.gho.pok.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B47B5AC0E7; Thu, 24 May 2018 16:12:38 -0400 (EDT) Received: from sbct-3.pok.ibm.com (unknown [9.47.158.153]) by b01ledav006.gho.pok.ibm.com (Postfix) with ESMTP id 9DF4CAC0E6; Thu, 24 May 2018 16:12:38 -0400 (EDT) From: Stefan Berger To: zohar@linux.vnet.ibm.com, sgrubb@redhat.com Cc: linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, linux-audit@redhat.com, Stefan Berger Subject: [PATCH 3/8] audit: Implement audit_log_tty() Date: Thu, 24 May 2018 16:11:00 -0400 X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180524201105.3179904-1-stefanb@linux.vnet.ibm.com> References: <20180524201105.3179904-1-stefanb@linux.vnet.ibm.com> X-TM-AS-GCONF: 00 x-cbid: 18052420-0044-0000-0000-0000041A804B X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00009065; HX=3.00000241; KW=3.00000007; PH=3.00000004; SC=3.00000261; SDB=6.01036001; UDB=6.00529949; IPR=6.00815130; MB=3.00021234; MTD=3.00000008; XFM=3.00000015; UTC=2018-05-24 20:11:11 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18052420-0045-0000-0000-0000084C9D6D Message-Id: <20180524201105.3179904-4-stefanb@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-05-24_07:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1805240228 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Implement audit_log_tty() so that IMA can add tty= to its audit records. Signed-off-by: Stefan Berger --- include/linux/audit.h | 5 +++++ kernel/audit.c | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/include/linux/audit.h b/include/linux/audit.h index 90aa63ddc9be..2deb76c74d10 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -154,6 +154,7 @@ extern void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk); extern int audit_update_lsm_rules(void); +extern void audit_log_tty(struct audit_buffer *ab, struct task_struct *tsk); /* Private API (for audit.c only) */ extern int audit_rule_change(int type, int seq, void *data, size_t datasz); @@ -202,6 +203,10 @@ static inline int audit_log_task_context(struct audit_buffer *ab) static inline void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) { } + +static inline void audit_log_tty(struct audit_buffer *ab, + struct task_struct *tsk) +{ } #define audit_enabled 0 #endif /* CONFIG_AUDIT */ diff --git a/kernel/audit.c b/kernel/audit.c index 670665c6e2a6..fa54695962b4 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -2305,6 +2305,14 @@ void audit_log_task_info(struct audit_buffer *ab, struct task_struct *tsk) } EXPORT_SYMBOL(audit_log_task_info); +void audit_log_tty(struct audit_buffer *ab, struct task_struct *tsk) +{ + struct tty_struct *tty = audit_get_tty(tsk); + + audit_log_format(ab, " tty=%s", tty ? tty_name(tty) : "(none)"); + audit_put_tty(tty); +} + /** * audit_log_link_denied - report a link restriction denial * @operation: specific link operation -- 2.13.6