Merge tag 'audit-pr-20210426' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit

What:		Audit Login UID

Date:		2005-02-01

KernelVersion:	2.6.11-rc2 1e2d1492e178 ("[PATCH] audit: handle loginuid through proc")

Contact:	linux-audit@redhat.com

Users:		audit and login applications

Description:

		The /proc/$pid/loginuid pseudofile is written to set and

		read to get the audit login UID of process $pid as a

		decimal unsigned int (%u, u32).  If it is unset,

		permissions are not needed to set it.  The accessor must

		have CAP_AUDIT_CONTROL in the initial user namespace to

		write it if it has been set.  It cannot be written again

		if AUDIT_FEATURE_LOGINUID_IMMUTABLE is enabled.  It

		cannot be unset if AUDIT_FEATURE_ONLY_UNSET_LOGINUID is

		enabled.

What:		Audit Login Session ID

Date:		2008-03-13

KernelVersion:	2.6.25-rc7 1e0bd7550ea9 ("[PATCH] export sessionid alongside the loginuid in procfs")

Contact:	linux-audit@redhat.com

Users:		audit and login applications

Description:

		The /proc/$pid/sessionid pseudofile is read to get the

		audit login session ID of process $pid as a decimal

		unsigned int (%u, u32).  It is set automatically,

		serially assigned with each new login.

S:	Supported

W:	https://github.com/linux-audit

T:	git git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit.git

F:	include/asm-generic/audit_*.h

F:	include/linux/audit.h

F:	include/uapi/linux/audit.h

F:	kernel/audit*

F:	lib/*audit.c

AUXILIARY DISPLAY DRIVERS

M:	Miguel Ojeda <ojeda@kernel.org>

extern struct list_head *audit_killed_trees(void);

#else /* CONFIG_AUDITSYSCALL */

#define auditsc_get_stamp(c, t, s) 0

#define audit_put_watch(w) {}

#define audit_get_watch(w) {}

#define audit_put_watch(w) do { } while (0)

#define audit_get_watch(w) do { } while (0)

#define audit_to_watch(k, p, l, o) (-EINVAL)

#define audit_add_watch(k, l) (-EINVAL)

#define audit_remove_watch_rule(k) BUG()

#define audit_alloc_mark(k, p, l) (ERR_PTR(-EINVAL))

#define audit_mark_path(m) ""

#define audit_remove_mark(m)

#define audit_remove_mark_rule(k)

#define audit_remove_mark(m) do { } while (0)

#define audit_remove_mark_rule(k) do { } while (0)

#define audit_mark_compare(m, i, d) 0

#define audit_exe_compare(t, m) (-EINVAL)

#define audit_dupe_exe(n, o) (-EINVAL)

#define audit_remove_tree_rule(rule) BUG()

#define audit_add_tree_rule(rule) -EINVAL

#define audit_make_tree(rule, str, op) -EINVAL

#define audit_trim_trees() (void)0

#define audit_put_tree(tree) (void)0

#define audit_trim_trees() do { } while (0)

#define audit_put_tree(tree) do { } while (0)

#define audit_tag_tree(old, new) -EINVAL

#define audit_tree_path(rule) ""	/* never called */

#define audit_kill_trees(context) BUG()

 * (i.e., the state is AUDIT_SETUP_CONTEXT or AUDIT_BUILD_CONTEXT).

 */

static void audit_filter_syscall(struct task_struct *tsk,

					     struct audit_context *ctx,

					     struct list_head *list)

				 struct audit_context *ctx)

{

	struct audit_entry *e;

	enum audit_state state;

		return;

	rcu_read_lock();

	list_for_each_entry_rcu(e, list, list) {

	list_for_each_entry_rcu(e, &audit_filter_list[AUDIT_FILTER_EXIT], list) {

		if (audit_in_mask(&e->rule, ctx->major) &&

		    audit_filter_rules(tsk, &e->rule, ctx, NULL,

				       &state, false)) {

		context->return_valid = AUDITSC_INVALID;

		context->return_code = 0;

		audit_filter_syscall(tsk, context,

				     &audit_filter_list[AUDIT_FILTER_EXIT]);

		audit_filter_syscall(tsk, context);

		audit_filter_inodes(tsk, context);

		if (context->current_state == AUDIT_RECORD_CONTEXT)

			audit_log_exit();

		else

			context->return_code  = return_code;

		audit_filter_syscall(current, context,

				     &audit_filter_list[AUDIT_FILTER_EXIT]);

		audit_filter_syscall(current, context);

		audit_filter_inodes(current, context);

		if (context->current_state == AUDIT_RECORD_CONTEXT)

			audit_log_exit();