On Mon, Nov 18, 2013 at 1:09 PM, Stephen Smalley <[email protected]> wrote: > Looks like the caller of audit_log_task_info(), audit-log_exit(), has > a context available. So possibly call your function directly from > audit_log_exit() and pass the context to it. > However, this kind of question is properly addressed to the linux-audit list.
We've seen how well that's gone.. trying to vet this here on the smaller list before going back to that list and getting ignored. > > > On Mon, Nov 18, 2013 at 12:09 PM, William Roberts > <[email protected]> wrote: >> On Mon, Nov 18, 2013 at 12:06 PM, William Roberts >> <[email protected]> wrote: >>> Change-Id: I795b14db029f64da2112a50a4b175b9b0afdf44d >>> --- >>> kernel/auditsc.c | 4 ++++ >>> 1 file changed, 4 insertions(+) >>> >>> diff --git a/kernel/auditsc.c b/kernel/auditsc.c >>> index d917c76..4a45f63 100644 >>> --- a/kernel/auditsc.c >>> +++ b/kernel/auditsc.c >>> @@ -270,6 +270,7 @@ struct audit_context { >>> } mmap; >>> }; >>> int fds[2]; >>> + char *cmdline; >>> >>> #if AUDIT_DEBUG >>> int put_count; >>> @@ -1061,6 +1062,7 @@ static inline struct audit_context >>> *audit_alloc_context(enum audit_state state) >>> audit_zero_context(context, state); >>> INIT_LIST_HEAD(&context->killed_trees); >>> INIT_LIST_HEAD(&context->names_list); >>> + printk("BILL cmdline: %p---%p", context, context->cmdline); >>> return context; >>> } >>> >>> @@ -1157,6 +1159,7 @@ static void audit_log_add_cmdline(struct audit_buffer >>> *ab, >>> { >>> int len; >>> unsigned long page; >>> + struct audit_context *audit_ctx = tsk->audit_context; >>> char *msg = "(null)"; >>> >>> audit_log_format(ab, " cmdline="); >>> @@ -1181,6 +1184,7 @@ static void audit_log_add_cmdline(struct audit_buffer >>> *ab, >>> msg = (char *)page; >>> audit_log_untrustedstring(ab, msg); >>> free_page(page); >>> + printk("BILL cmdline-use: %p", audit_ctx); >>> } >>> >>> EXPORT_SYMBOL(audit_log_task_context); >>> -- >>> 1.7.9.5 >>> >> >> Working on the version that caches, applying this patch, you can see >> that the audit_ctx is not initialized yet for caching... so do we >> perhaps print the cmdline elsewhere in the flow the results in this >> struct being initialized, or re-work the initialization? >> >> -- >> This message was distributed to subscribers of the seandroid-list mailing >> list. >> If you no longer wish to subscribe, send mail to [email protected] with >> the words "unsubscribe seandroid-list" without quotes as the message. -- Respectfully, William C Roberts -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
