Gitiles
Code Review Sign In
LeafOS / LeafOS-Devices / android_kernel_realme_mt6785 / 8f37d47c9bf74cb48692691086b482e315d07f40^! / .
commit8f37d47c9bf74cb48692691086b482e315d07f40[log] [tgz]
authorDavid Woodhouse <dwmw2@shinybook.infradead.org>Fri May 27 12:17:28 2005 +0100
committerDavid Woodhouse <dwmw2@shinybook.infradead.org>Fri May 27 12:17:28 2005 +0100
treeb7d35bbd8e78d124455f3abbc9c50134bc9cee0a
parent7551ced334ce6eb2a7a765309871e619f645add1 [diff]
AUDIT: Record working directory when syscall arguments are pathnames

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/include/linux/audit.h b/include/linux/audit.h
index 3278ddf..bf2ad3b 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h

@@ -61,11 +61,12 @@
 
 #define AUDIT_SYSCALL		1300	/* Syscall event */
 #define AUDIT_FS_WATCH		1301	/* Filesystem watch event */
-#define AUDIT_PATH		1302	/* Filname path information */
+#define AUDIT_PATH		1302	/* Filename path information */
 #define AUDIT_IPC		1303	/* IPC record */
 #define AUDIT_SOCKETCALL	1304	/* sys_socketcall arguments */
 #define AUDIT_CONFIG_CHANGE	1305	/* Audit system configuration change */
 #define AUDIT_SOCKADDR		1306	/* sockaddr copied as syscall arg */
+#define AUDIT_CWD		1307	/* Current working directory */
 
 #define AUDIT_AVC		1400	/* SE Linux avc denial or grant */
 #define AUDIT_SELINUX_ERR	1401	/* Internal SE Linux Errors */

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 7556c47..e75f84e 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c

@@ -145,6 +145,8 @@
 	int		    auditable;  /* 1 if record should be written */
 	int		    name_count;
 	struct audit_names  names[AUDIT_NAMES];
+	struct dentry *	    pwd;
+	struct vfsmount *   pwdmnt;
 	struct audit_context *previous; /* For nested syscalls */
 	struct audit_aux_data *aux;
 
@@ -552,6 +554,12 @@
 		if (context->names[i].name)
 			__putname(context->names[i].name);
 	context->name_count = 0;
+	if (context->pwd)
+		dput(context->pwd);
+	if (context->pwdmnt)
+		mntput(context->pwdmnt);
+	context->pwd = NULL;
+	context->pwdmnt = NULL;
 }
 
 static inline void audit_free_aux(struct audit_context *context)
@@ -745,10 +753,18 @@
 		audit_log_end(ab);
 	}
 
+	if (context->pwd && context->pwdmnt) {
+		ab = audit_log_start(context, AUDIT_CWD);
+		if (ab) {
+			audit_log_d_path(ab, "cwd=", context->pwd, context->pwdmnt);
+			audit_log_end(ab);
+		}
+	}
 	for (i = 0; i < context->name_count; i++) {
 		ab = audit_log_start(context, AUDIT_PATH);
 		if (!ab)
 			continue; /* audit_panic has been called */
+
 		audit_log_format(ab, "item=%d", i);
 		if (context->names[i].name) {
 			audit_log_format(ab, " name=");
@@ -929,6 +945,13 @@
 	context->names[context->name_count].name = name;
 	context->names[context->name_count].ino  = (unsigned long)-1;
 	++context->name_count;
+	if (!context->pwd) {
+		read_lock(&current->fs->lock);
+		context->pwd = dget(current->fs->pwd);
+		context->pwdmnt = mntget(current->fs->pwdmnt);
+		read_unlock(&current->fs->lock);
+	}
+		
 }
 
 /* Intercept a putname request.  Called from