elf: Implement DT_AUDIT, DT_DEPAUDIT support [BZ #24943]

binutils ld has supported --audit, --depaudit for a long time,
only support in glibc has been missing.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

NEWS

@@ -11,6 +11,9 @@ Major new features:
 
   * New locale added: ckb_IQ (Kurdish/Sorani spoken in Iraq)
 
+* The GNU C Library now loads audit modules listed in the DT_AUDIT and
+  DT_DEPAUDIT dynamic section entries of the main executable.
+
 Deprecated and removed features, and other changes affecting compatibility:
 
   [Add deprecations, removals and changes affecting compatibility here]
@@ -3815,7 +3818,7 @@ Version 2.16
 * Support for the x32 ABI on x86-64 added.  The x32 target is selected by
   configuring glibc with:
 	BUILD_CC='gcc' CC='gcc -mx32' CXX='g++ -mx32'
-  Visit <http://sites.google.com/site/x32abi/> for more x32 ABI info.
+  Visit <https://sites.google.com/site/x32abi/> for more x32 ABI info.
   Implemented by H.J. Lu.
 
 * ISO C11 support:

elf/Makefile

@@ -202,7 +202,8 @@ tests += restest1 preloadtest loadfail multiload origtest resolvfail \
 	 tst-sonamemove-link tst-sonamemove-dlopen tst-dlopen-tlsmodid \
 	 tst-dlopen-self tst-auditmany tst-initfinilazyfail tst-dlopenfail \
 	 tst-dlopenfail-2 \
-	 tst-filterobj tst-filterobj-dlopen tst-auxobj tst-auxobj-dlopen
+	 tst-filterobj tst-filterobj-dlopen tst-auxobj tst-auxobj-dlopen \
+	 tst-audit14 tst-audit15 tst-audit16
 #	 reldep9
 tests-internal += loadtest unload unload2 circleload1 \
 	 neededtest neededtest2 neededtest3 neededtest4 \
@@ -314,7 +315,8 @@ modules-names = testobj1 testobj2 testobj3 testobj4 testobj5 testobj6 \
 		tst-initlazyfailmod tst-finilazyfailmod \
 		tst-dlopenfailmod1 tst-dlopenfaillinkmod tst-dlopenfailmod2 \
 		tst-dlopenfailmod3 tst-ldconfig-ld-mod \
-		tst-filterobj-flt tst-filterobj-aux tst-filterobj-filtee
+		tst-filterobj-flt tst-filterobj-aux tst-filterobj-filtee \
+		tst-auditlogmod-1 tst-auditlogmod-2 tst-auditlogmod-3
 # Most modules build with _ISOMAC defined, but those filtered out
 # depend on internal headers.
 modules-names-tests = $(filter-out ifuncmod% tst-libc_dlvsym-dso tst-tlsmod%,\
@@ -1498,6 +1500,22 @@ $(objpfx)tst-auditmany.out: $(objpfx)tst-auditmanymod1.so \
 tst-auditmany-ENV = \
   LD_AUDIT=tst-auditmanymod1.so:tst-auditmanymod2.so:tst-auditmanymod3.so:tst-auditmanymod4.so:tst-auditmanymod5.so:tst-auditmanymod6.so:tst-auditmanymod7.so:tst-auditmanymod8.so:tst-auditmanymod9.so
 
+LDFLAGS-tst-audit14 = -Wl,--audit=tst-auditlogmod-1.so
+$(objpfx)tst-auditlogmod-1.so: $(libsupport)
+$(objpfx)tst-audit14.out: $(objpfx)tst-auditlogmod-1.so
+LDFLAGS-tst-audit15 = \
+  -Wl,--audit=tst-auditlogmod-1.so,--depaudit=tst-auditlogmod-2.so
+$(objpfx)tst-auditlogmod-2.so: $(libsupport)
+$(objpfx)tst-audit15.out: \
+  $(objpfx)tst-auditlogmod-1.so $(objpfx)tst-auditlogmod-2.so
+LDFLAGS-tst-audit16 = \
+  -Wl,--audit=tst-auditlogmod-1.so:tst-auditlogmod-2.so \
+  -Wl,--depaudit=tst-auditlogmod-3.so
+$(objpfx)tst-auditlogmod-3.so: $(libsupport)
+$(objpfx)tst-audit16.out: \
+  $(objpfx)tst-auditlogmod-1.so $(objpfx)tst-auditlogmod-2.so \
+  $(objpfx)tst-auditlogmod-3.so
+
 # tst-sonamemove links against an older implementation of the library.
 LDFLAGS-tst-sonamemove-linkmod1.so = \
   -Wl,--version-script=tst-sonamemove-linkmod1.map \

elf/rtld.c

@@ -153,9 +153,17 @@ static void audit_list_init (struct audit_list *);
    not be called after audit_list_next.  */
 static void audit_list_add_string (struct audit_list *, const char *);
 
+/* Add the audit strings from the link map, found in the dynamic
+   segment at TG (either DT_AUDIT and DT_DEPAUDIT).  Must be called
+   before audit_list_next.  */
+static void audit_list_add_dynamic_tag (struct audit_list *,
+					struct link_map *,
+					unsigned int tag);
+
 /* Extract the next audit module from the audit list.  Only modules
    for which dso_name_valid_for_suid is true are returned.  Must be
-   called after all the audit_list_add_string calls.  */
+   called after all the audit_list_add_string,
+   audit_list_add_dynamic_tags calls.  */
 static const char *audit_list_next (struct audit_list *);
 
 /* This is a list of all the modes the dynamic loader can be in.  */
@@ -235,6 +243,16 @@ audit_list_add_string (struct audit_list *list, const char *string)
     list->current_tail = string;
 }
 
+static void
+audit_list_add_dynamic_tag (struct audit_list *list, struct link_map *main_map,
+			    unsigned int tag)
+{
+  ElfW(Dyn) *info = main_map->l_info[ADDRIDX (tag)];
+  const char *strtab = (const char *) D_PTR (main_map, l_info[DT_STRTAB]);
+  if (info != NULL)
+    audit_list_add_string (list, strtab + info->d_un.d_val);
+}
+
 static const char *
 audit_list_next (struct audit_list *list)
 {
@@ -1637,6 +1655,9 @@ ERROR: '%s': cannot process note segment.\n", _dl_argv[0]);
     /* Assign a module ID.  Do this before loading any audit modules.  */
     GL(dl_rtld_map).l_tls_modid = _dl_next_tls_modid ();
 
+  audit_list_add_dynamic_tag (&audit_list, main_map, DT_AUDIT);
+  audit_list_add_dynamic_tag (&audit_list, main_map, DT_DEPAUDIT);
+
   /* If we have auditing DSOs to load, do it now.  */
   bool need_security_init = true;
   if (audit_list.length > 0)

elf/tst-audit14.c

@@ -0,0 +1,46 @@
+/* Main program with DT_AUDIT.  One audit module.
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <stdlib.h>
+#include <string.h>
+#include <support/check.h>
+#include <support/xstdio.h>
+
+static int
+do_test (void)
+{
+  /* Verify what the audit module has written.  This test assumes that
+     standard output has been redirected to a regular file.  */
+  FILE *fp = xfopen ("/dev/stdout", "r");
+
+  char *buffer = NULL;
+  size_t buffer_length = 0;
+  size_t line_length = xgetline (&buffer, &buffer_length, fp);
+  const char *message = "info: tst-auditlogmod-1.so loaded\n";
+  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
+
+  /* No more audit module output.  */
+  line_length = xgetline (&buffer, &buffer_length, fp);
+  TEST_COMPARE_BLOB ("", 0, buffer, line_length);
+
+  free (buffer);
+  xfclose (fp);
+  return 0;
+}
+
+#include <support/test-driver.c>

elf/tst-audit15.c

@@ -0,0 +1,50 @@
+/* Main program with DT_AUDIT and DT_DEPAUDIT.  Two audit modules.
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <stdlib.h>
+#include <string.h>
+#include <support/check.h>
+#include <support/xstdio.h>
+
+static int
+do_test (void)
+{
+  /* Verify what the audit modules have written.  This test assumes
+     that standard output has been redirected to a regular file.  */
+  FILE *fp = xfopen ("/dev/stdout", "r");
+
+  char *buffer = NULL;
+  size_t buffer_length = 0;
+  size_t line_length = xgetline (&buffer, &buffer_length, fp);
+  const char *message = "info: tst-auditlogmod-1.so loaded\n";
+  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
+
+  line_length = xgetline (&buffer, &buffer_length, fp);
+  message = "info: tst-auditlogmod-2.so loaded\n";
+  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
+
+  /* No more audit module output.  */
+  line_length = xgetline (&buffer, &buffer_length, fp);
+  TEST_COMPARE_BLOB ("", 0, buffer, line_length);
+
+  free (buffer);
+  xfclose (fp);
+  return 0;
+}
+
+#include <support/test-driver.c>

elf/tst-audit16.c

@@ -0,0 +1,54 @@
+/* Main program with DT_AUDIT and DT_DEPAUDIT.  Three audit modules.
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <stdlib.h>
+#include <string.h>
+#include <support/check.h>
+#include <support/xstdio.h>
+
+static int
+do_test (void)
+{
+  /* Verify what the audit modules have written.  This test assumes
+     that standard output has been redirected to a regular file.  */
+  FILE *fp = xfopen ("/dev/stdout", "r");
+
+  char *buffer = NULL;
+  size_t buffer_length = 0;
+  size_t line_length = xgetline (&buffer, &buffer_length, fp);
+  const char *message = "info: tst-auditlogmod-1.so loaded\n";
+  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
+
+  line_length = xgetline (&buffer, &buffer_length, fp);
+  message = "info: tst-auditlogmod-2.so loaded\n";
+  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
+
+  line_length = xgetline (&buffer, &buffer_length, fp);
+  message = "info: tst-auditlogmod-3.so loaded\n";
+  TEST_COMPARE_BLOB (message, strlen (message), buffer, line_length);
+
+  /* No more audit module output.  */
+  line_length = xgetline (&buffer, &buffer_length, fp);
+  TEST_COMPARE_BLOB ("", 0, buffer, line_length);
+
+  free (buffer);
+  xfclose (fp);
+  return 0;
+}
+
+#include <support/test-driver.c>

elf/tst-auditlogmod-1.c

@@ -0,0 +1,27 @@
+/* Audit module which logs that it was loaded.  Variant 1.
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <link.h>
+#include <support/support.h>
+
+unsigned int
+la_version (unsigned int v)
+{
+  write_message ("info: tst-auditlogmod-1.so loaded\n");
+  return LAV_CURRENT;
+}

elf/tst-auditlogmod-2.c

@@ -0,0 +1,27 @@
+/* Audit module which logs that it was loaded.  Variant 2.
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <link.h>
+#include <support/support.h>
+
+unsigned int
+la_version (unsigned int v)
+{
+  write_message ("info: tst-auditlogmod-2.so loaded\n");
+  return LAV_CURRENT;
+}

elf/tst-auditlogmod-3.c

@@ -0,0 +1,27 @@
+/* Audit module which logs that it was loaded.  Variant 3.
+   Copyright (C) 2020 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <link.h>
+#include <support/support.h>
+
+unsigned int
+la_version (unsigned int v)
+{
+  write_message ("info: tst-auditlogmod-3.so loaded\n");
+  return LAV_CURRENT;
+}