audit: anchor all pid references in the initial pid namespace

[firefly-linux-kernel-4.4.55.git] / kernel / auditfilter.c

diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 549bbb6e659795c6468fb370fe9590592c8ca455..96c8a704f1307698c530390efc0212b3f28bd957 100644 (file)
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -433,6 +433,19 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
                        f->val = 0;
                }
 
+               if ((f->type == AUDIT_PID) || (f->type == AUDIT_PPID)) {
+                       struct pid *pid;
+                       rcu_read_lock();
+                       pid = find_vpid(f->val);
+                       if (!pid) {
+                               rcu_read_unlock();
+                               err = -ESRCH;
+                               goto exit_free;
+                       }
+                       f->val = pid_nr(pid);
+                       rcu_read_unlock();
+               }
+
                err = audit_field_valid(entry, f);
                if (err)
                        goto exit_free;
@@ -1242,12 +1255,14 @@ static int audit_filter_user_rules(struct audit_krule *rule, int type,
 
        for (i = 0; i < rule->field_count; i++) {
                struct audit_field *f = &rule->fields[i];
+               pid_t pid;
                int result = 0;
                u32 sid;
 
                switch (f->type) {
                case AUDIT_PID:
-                       result = audit_comparator(task_pid_vnr(current), f->op, f->val);
+                       pid = task_pid_nr(current);
+                       result = audit_comparator(pid, f->op, f->val);
                        break;
                case AUDIT_UID:
                        result = audit_uid_comparator(current_uid(), f->op, f->uid);