audit: add support for the openat2 syscall

The openat2(2) syscall was added in kernel v5.6 with commit
fddb5d430ad9 ("open: introduce openat2(2) syscall").

Add the openat2(2) syscall to the audit syscall classifier.

Link: https://github.com/linux-audit/audit-kernel/issues/67
Link: https://lore.kernel.org/r/f5f1a4d8699613f8c02ce762807228c841c2e26f.1621363275.git.rgb@redhat.com
Signed-off-by: Richard Guy Briggs <rgb@redhat.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
[PM: merge fuzz due to previous header rename, commit line wraps]
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/arch/alpha/kernel/audit.c b/arch/alpha/kernel/audit.c
index 81cbd804e37556c0978e39e7742a47ac9bad9c51..3ab04709784a225e1a325cd68f8a1fa3865bd170 100644 (file)
--- a/arch/alpha/kernel/audit.c
+++ b/arch/alpha/kernel/audit.c
@@ -42,6 +42,8 @@ int audit_classify_syscall(int abi, unsigned syscall)
                return AUDITSC_OPENAT;
        case __NR_execve:
                return AUDITSC_EXECVE;
+       case __NR_openat2:
+               return AUDITSC_OPENAT2;
        default:
                return AUDITSC_NATIVE;
        }

diff --git a/arch/ia64/kernel/audit.c b/arch/ia64/kernel/audit.c
index dba6a74c9ab3a253dfa1eafed8be3e99ec19c58c..ec61f20ca61f4627e70554df1a4ae2281400efed 100644 (file)
--- a/arch/ia64/kernel/audit.c
+++ b/arch/ia64/kernel/audit.c
@@ -43,6 +43,8 @@ int audit_classify_syscall(int abi, unsigned syscall)
                return AUDITSC_OPENAT;
        case __NR_execve:
                return AUDITSC_EXECVE;
+       case __NR_openat2:
+               return AUDITSC_OPENAT2;
        default:
                return AUDITSC_NATIVE;
        }

diff --git a/arch/parisc/kernel/audit.c b/arch/parisc/kernel/audit.c
index 14244e83db75130fb80c56666b6c12423013a032..f420b55521402b4ffee9c08949c68903d553b814 100644 (file)
--- a/arch/parisc/kernel/audit.c
+++ b/arch/parisc/kernel/audit.c
@@ -52,6 +52,8 @@ int audit_classify_syscall(int abi, unsigned syscall)
                return AUDITSC_OPENAT;
        case __NR_execve:
                return AUDITSC_EXECVE;
+       case __NR_openat2:
+               return AUDITSC_OPENAT2;
        default:
                return AUDITSC_NATIVE;
        }

diff --git a/arch/parisc/kernel/compat_audit.c b/arch/parisc/kernel/compat_audit.c
index 1991b99f92ba0f760cdd8e23483239fc2561d4bd..539b16891bdf4609d019949436f11a45be270624 100644 (file)
--- a/arch/parisc/kernel/compat_audit.c
+++ b/arch/parisc/kernel/compat_audit.c
@@ -36,6 +36,8 @@ int parisc32_classify_syscall(unsigned syscall)
                return AUDITSC_OPENAT;
        case __NR_execve:
                return AUDITSC_EXECVE;
+       case __NR_openat2:
+               return AUDITSC_OPENAT2;
        default:
                return AUDITSC_COMPAT;
        }

diff --git a/arch/powerpc/kernel/audit.c b/arch/powerpc/kernel/audit.c
index 6eb18ef77dffbf078ace0c1159a3c183ce523bdd..1bcfca5fdf676e4036291dd9e2484d146a99a540 100644 (file)
--- a/arch/powerpc/kernel/audit.c
+++ b/arch/powerpc/kernel/audit.c
@@ -54,6 +54,8 @@ int audit_classify_syscall(int abi, unsigned syscall)
                return AUDITSC_SOCKETCALL;
        case __NR_execve:
                return AUDITSC_EXECVE;
+       case __NR_openat2:
+               return AUDITSC_OPENAT2;
        default:
                return AUDITSC_NATIVE;
        }

diff --git a/arch/powerpc/kernel/compat_audit.c b/arch/powerpc/kernel/compat_audit.c
index 216a54f85a1262ca4078eadab22c1b2b70e8b6fd..d92ffe4e5dc1cbeff65c3b57e9beb2a1e3a5a6af 100644 (file)
--- a/arch/powerpc/kernel/compat_audit.c
+++ b/arch/powerpc/kernel/compat_audit.c
@@ -39,6 +39,8 @@ int ppc32_classify_syscall(unsigned syscall)
                return AUDITSC_SOCKETCALL;
        case __NR_execve:
                return AUDITSC_EXECVE;
+       case __NR_openat2:
+               return AUDITSC_OPENAT2;
        default:
                return AUDITSC_COMPAT;
        }

diff --git a/arch/s390/kernel/audit.c b/arch/s390/kernel/audit.c
index 7e331e1831d44b58e3422b3242e9f43c5509fd97..02051a596b87cc279213e55c45f724184825f016 100644 (file)
--- a/arch/s390/kernel/audit.c
+++ b/arch/s390/kernel/audit.c
@@ -54,6 +54,8 @@ int audit_classify_syscall(int abi, unsigned syscall)
                return AUDITSC_SOCKETCALL;
        case __NR_execve:
                return AUDITSC_EXECVE;
+       case __NR_openat2:
+               return AUDITSC_OPENAT2;
        default:
                return AUDITSC_NATIVE;
        }

diff --git a/arch/s390/kernel/compat_audit.c b/arch/s390/kernel/compat_audit.c
index acacc96c57cbe68acfcf3ebc7de28e7d0119c530..a7c46e8310f0351973462e5439e86fcc5f872083 100644 (file)
--- a/arch/s390/kernel/compat_audit.c
+++ b/arch/s390/kernel/compat_audit.c
@@ -40,6 +40,8 @@ int s390_classify_syscall(unsigned syscall)
                return AUDITSC_SOCKETCALL;
        case __NR_execve:
                return AUDITSC_EXECVE;
+       case __NR_openat2:
+               return AUDITSC_OPENAT2;
        default:
                return AUDITSC_COMPAT;
        }

diff --git a/arch/sparc/kernel/audit.c b/arch/sparc/kernel/audit.c
index 50fab35bdaba4d36d96d72694bc7fa027cc346cd..b092274eca792e5d19ee6d92e78a8d79af27cc03 100644 (file)
--- a/arch/sparc/kernel/audit.c
+++ b/arch/sparc/kernel/audit.c
@@ -55,6 +55,8 @@ int audit_classify_syscall(int abi, unsigned int syscall)
                return AUDITSC_SOCKETCALL;
        case __NR_execve:
                return AUDITSC_EXECVE;
+       case __NR_openat2:
+               return AUDITSC_OPENAT2;
        default:
                return AUDITSC_NATIVE;
        }

diff --git a/arch/sparc/kernel/compat_audit.c b/arch/sparc/kernel/compat_audit.c
index 12515bd655c3cae550601ed962a6067225bd9221..f1ea0005a7299144f186509be7be1ff34edd38e6 100644 (file)
--- a/arch/sparc/kernel/compat_audit.c
+++ b/arch/sparc/kernel/compat_audit.c
@@ -40,6 +40,8 @@ int sparc32_classify_syscall(unsigned int syscall)
                return AUDITSC_SOCKETCALL;
        case __NR_execve:
                return AUDITSC_EXECVE;
+       case __NR_openat2:
+               return AUDITSC_OPENAT2;
        default:
                return AUDITSC_COMPAT;
        }

diff --git a/arch/x86/ia32/audit.c b/arch/x86/ia32/audit.c
index a5fc3b1385e03228607b2e60c872818eb2f50c5a..59e19549e759da1adaa0a5397822742a97706344 100644 (file)
--- a/arch/x86/ia32/audit.c
+++ b/arch/x86/ia32/audit.c
@@ -40,6 +40,8 @@ int ia32_classify_syscall(unsigned syscall)
        case __NR_execve:
        case __NR_execveat:
                return AUDITSC_EXECVE;
+       case __NR_openat2:
+               return AUDITSC_OPENAT2;
        default:
                return AUDITSC_COMPAT;
        }

diff --git a/arch/x86/kernel/audit_64.c b/arch/x86/kernel/audit_64.c
index 2a6cc9c9c8812bcebaa09a11246d5aab2dbcb475..44c3601cfdc45d65d75e4a440f1a0a01a83df0c2 100644 (file)
--- a/arch/x86/kernel/audit_64.c
+++ b/arch/x86/kernel/audit_64.c
@@ -53,6 +53,8 @@ int audit_classify_syscall(int abi, unsigned syscall)
        case __NR_execve:
        case __NR_execveat:
                return AUDITSC_EXECVE;
+       case __NR_openat2:
+               return AUDITSC_OPENAT2;
        default:
                return AUDITSC_NATIVE;
        }

diff --git a/include/linux/audit_arch.h b/include/linux/audit_arch.h
index d4a506faabb04134eec4189ada26e94f4ad8e30c..8fdb1afe251a1bcbf5246911c3257c77c2a1ff5b 100644 (file)
--- a/include/linux/audit_arch.h
+++ b/include/linux/audit_arch.h
@@ -16,6 +16,7 @@ enum auditsc_class_t {
        AUDITSC_OPENAT,
        AUDITSC_SOCKETCALL,
        AUDITSC_EXECVE,
+       AUDITSC_OPENAT2,
 
        AUDITSC_NVALS /* count */
 };

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 3f9108101598d4cb16b268b202296bb1a6f25c1a..8c4335a35274f60c793687976ff9d00793f56dec 100644 (file)
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -63,6 +63,7 @@
 #include <linux/fsnotify_backend.h>
 #include <uapi/linux/limits.h>
 #include <uapi/linux/netfilter/nf_tables.h>
+#include <uapi/linux/openat2.h>
 
 #include "audit.h"
 
@@ -183,6 +184,8 @@ static int audit_match_perm(struct audit_context *ctx, int mask)
                return ((mask & AUDIT_PERM_WRITE) && ctx->argv[0] == SYS_BIND);
        case AUDITSC_EXECVE:
                return mask & AUDIT_PERM_EXEC;
+       case AUDITSC_OPENAT2:
+               return mask & ACC_MODE((u32)((struct open_how *)ctx->argv[2])->flags);
        default:
                return 0;
        }

diff --git a/lib/audit.c b/lib/audit.c
index 3ec1a94d8d64b4c5a28d686d11b78e568ad817e2..738bda22dd39b709d95ce54af7dfe229dbbf6eab 100644 (file)
--- a/lib/audit.c
+++ b/lib/audit.c
@@ -60,6 +60,10 @@ int audit_classify_syscall(int abi, unsigned syscall)
 #endif
        case __NR_execve:
                return AUDITSC_EXECVE;
+#ifdef __NR_openat2
+       case __NR_openat2:
+               return AUDITSC_OPENAT2;
+#endif
        default:
                return AUDITSC_NATIVE;
        }

diff --git a/lib/compat_audit.c b/lib/compat_audit.c
index d6567d9e8b999179e4ebd29319b1ecd81afa47f0..3d6b8996f027dfc93d16da6c3fc52e9e17963a00 100644 (file)
--- a/lib/compat_audit.c
+++ b/lib/compat_audit.c
@@ -46,6 +46,10 @@ int audit_classify_compat_syscall(int abi, unsigned syscall)
 #endif
        case __NR_execve:
                return AUDITSC_EXECVE;
+#ifdef __NR_openat2
+       case __NR_openat2:
+               return AUDITSC_OPENAT2;
+#endif
        default:
                return AUDITSC_COMPAT;
        }