xref: /linux/security/integrity/integrity_audit.c (revision 9dbbc3b9d09d6deba9f3b9e1d5b355032ed46a75)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright (C) 2008 IBM Corporation
4  * Author: Mimi Zohar <zohar@us.ibm.com>
5  *
6  * File: integrity_audit.c
7  *	Audit calls for the integrity subsystem
8  */
9 
10 #include <linux/fs.h>
11 #include <linux/gfp.h>
12 #include <linux/audit.h>
13 #include "integrity.h"
14 
15 static int integrity_audit_info;
16 
17 /* ima_audit_setup - enable informational auditing messages */
18 static int __init integrity_audit_setup(char *str)
19 {
20 	unsigned long audit;
21 
22 	if (!kstrtoul(str, 0, &audit))
23 		integrity_audit_info = audit ? 1 : 0;
24 	return 1;
25 }
26 __setup("integrity_audit=", integrity_audit_setup);
27 
28 void integrity_audit_msg(int audit_msgno, struct inode *inode,
29 			 const unsigned char *fname, const char *op,
30 			 const char *cause, int result, int audit_info)
31 {
32 	integrity_audit_message(audit_msgno, inode, fname, op, cause,
33 				result, audit_info, 0);
34 }
35 
36 void integrity_audit_message(int audit_msgno, struct inode *inode,
37 			     const unsigned char *fname, const char *op,
38 			     const char *cause, int result, int audit_info,
39 			     int errno)
40 {
41 	struct audit_buffer *ab;
42 	char name[TASK_COMM_LEN];
43 
44 	if (!integrity_audit_info && audit_info == 1)	/* Skip info messages */
45 		return;
46 
47 	ab = audit_log_start(audit_context(), GFP_KERNEL, audit_msgno);
48 	audit_log_format(ab, "pid=%d uid=%u auid=%u ses=%u",
49 			 task_pid_nr(current),
50 			 from_kuid(&init_user_ns, current_uid()),
51 			 from_kuid(&init_user_ns, audit_get_loginuid(current)),
52 			 audit_get_sessionid(current));
53 	audit_log_task_context(ab);
54 	audit_log_format(ab, " op=%s cause=%s comm=", op, cause);
55 	audit_log_untrustedstring(ab, get_task_comm(name, current));
56 	if (fname) {
57 		audit_log_format(ab, " name=");
58 		audit_log_untrustedstring(ab, fname);
59 	}
60 	if (inode) {
61 		audit_log_format(ab, " dev=");
62 		audit_log_untrustedstring(ab, inode->i_sb->s_id);
63 		audit_log_format(ab, " ino=%lu", inode->i_ino);
64 	}
65 	audit_log_format(ab, " res=%d errno=%d", !result, errno);
66 	audit_log_end(ab);
67 }
68