From 4fa6b5ecbf092c6ee752ece8a55d71f663d23254 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Wed, 10 Oct 2012 15:25:25 -0400 Subject: audit: overhaul __audit_inode_child to accomodate retrying In order to accomodate retrying path-based syscalls, we need to add a new "type" argument to audit_inode_child. This will tell us whether we're looking for a child entry that represents a create or a delete. If we find a parent, don't automatically assume that we need to create a new entry. Instead, use the information we have to try to find an existing entry first. Update it if one is found and create a new one if not. Signed-off-by: Jeff Layton Signed-off-by: Al Viro --- include/linux/audit.h | 16 +++++++++++----- include/linux/fsnotify.h | 8 ++++---- 2 files changed, 15 insertions(+), 9 deletions(-) (limited to 'include') diff --git a/include/linux/audit.h b/include/linux/audit.h index b11f517dce04..3df643d1ac5b 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h @@ -457,6 +457,8 @@ extern int audit_classify_arch(int arch); #define AUDIT_TYPE_UNKNOWN 0 /* we don't know yet */ #define AUDIT_TYPE_NORMAL 1 /* a "normal" audit record */ #define AUDIT_TYPE_PARENT 2 /* a parent audit record */ +#define AUDIT_TYPE_CHILD_DELETE 3 /* a child being deleted */ +#define AUDIT_TYPE_CHILD_CREATE 4 /* a child being created */ #ifdef CONFIG_AUDITSYSCALL /* These are defined in auditsc.c */ @@ -472,7 +474,8 @@ extern void audit_putname(const char *name); extern void __audit_inode(const char *name, const struct dentry *dentry, unsigned int parent); extern void __audit_inode_child(const struct inode *parent, - const struct dentry *dentry); + const struct dentry *dentry, + const unsigned char type); extern void __audit_seccomp(unsigned long syscall, long signr, int code); extern void __audit_ptrace(struct task_struct *t); @@ -513,9 +516,10 @@ static inline void audit_inode(const char *name, const struct dentry *dentry, __audit_inode(name, dentry, parent); } static inline void audit_inode_child(const struct inode *parent, - const struct dentry *dentry) { + const struct dentry *dentry, + const unsigned char type) { if (unlikely(!audit_dummy_context())) - __audit_inode_child(parent, dentry); + __audit_inode_child(parent, dentry, type); } void audit_core_dumps(long signr); @@ -667,13 +671,15 @@ static inline void __audit_inode(const char *name, const struct dentry *dentry, unsigned int parent) { } static inline void __audit_inode_child(const struct inode *parent, - const struct dentry *dentry) + const struct dentry *dentry, + const unsigned char type) { } static inline void audit_inode(const char *name, const struct dentry *dentry, unsigned int parent) { } static inline void audit_inode_child(const struct inode *parent, - const struct dentry *dentry) + const struct dentry *dentry, + const unsigned char type) { } static inline void audit_core_dumps(long signr) { } diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h index 9c284714977d..0fbfb4646d1b 100644 --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h @@ -109,7 +109,7 @@ static inline void fsnotify_move(struct inode *old_dir, struct inode *new_dir, if (source) fsnotify(source, FS_MOVE_SELF, moved->d_inode, FSNOTIFY_EVENT_INODE, NULL, 0); - audit_inode_child(new_dir, moved); + audit_inode_child(new_dir, moved, AUDIT_TYPE_CHILD_CREATE); } /* @@ -155,7 +155,7 @@ static inline void fsnotify_inoderemove(struct inode *inode) */ static inline void fsnotify_create(struct inode *inode, struct dentry *dentry) { - audit_inode_child(inode, dentry); + audit_inode_child(inode, dentry, AUDIT_TYPE_CHILD_CREATE); fsnotify(inode, FS_CREATE, dentry->d_inode, FSNOTIFY_EVENT_INODE, dentry->d_name.name, 0); } @@ -168,7 +168,7 @@ static inline void fsnotify_create(struct inode *inode, struct dentry *dentry) static inline void fsnotify_link(struct inode *dir, struct inode *inode, struct dentry *new_dentry) { fsnotify_link_count(inode); - audit_inode_child(dir, new_dentry); + audit_inode_child(dir, new_dentry, AUDIT_TYPE_CHILD_CREATE); fsnotify(dir, FS_CREATE, inode, FSNOTIFY_EVENT_INODE, new_dentry->d_name.name, 0); } @@ -181,7 +181,7 @@ static inline void fsnotify_mkdir(struct inode *inode, struct dentry *dentry) __u32 mask = (FS_CREATE | FS_ISDIR); struct inode *d_inode = dentry->d_inode; - audit_inode_child(inode, dentry); + audit_inode_child(inode, dentry, AUDIT_TYPE_CHILD_CREATE); fsnotify(inode, mask, d_inode, FSNOTIFY_EVENT_INODE, dentry->d_name.name, 0); } -- cgit v1.2.3-59-g8ed1b