Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9f45f5bf authored by Al Viro's avatar Al Viro
Browse files

new helper: audit_file() 



... for situations when we don't have any candidate in pathnames - basically,
in descriptor-based syscalls.

[Folded the build fix for !CONFIG_AUDITSYSCALL configs from Chen Gang]

Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 6f4e0d5a

fs/open.c

+2 −2
Original line number Diff line number Diff line
@@ -516,7 +516,7 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd, umode_t, mode) 
	int err = -EBADF;



	if (f.file) {

		audit_inode(NULL, f.file->f_path.dentry, 0);

		audit_file(f.file);

		err = chmod_common(&f.file->f_path, mode);

		fdput(f);

	}
@@ -642,7 +642,7 @@ SYSCALL_DEFINE3(fchown, unsigned int, fd, uid_t, user, gid_t, group) 
	error = mnt_want_write_file(f.file);

	if (error)

		goto out_fput;

	audit_inode(NULL, f.file->f_path.dentry, 0);

	audit_file(f.file);

	error = chown_common(&f.file->f_path, user, group);

	mnt_drop_write_file(f.file);

out_fput:

fs/xattr.c

+6 −10
Original line number Diff line number Diff line
@@ -405,16 +405,14 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, 
		const void __user *,value, size_t, size, int, flags)

{

	struct fd f = fdget(fd);

	struct dentry *dentry;

	int error = -EBADF;



	if (!f.file)

		return error;

	dentry = f.file->f_path.dentry;

	audit_inode(NULL, dentry, 0);

	audit_file(f.file);

	error = mnt_want_write_file(f.file);

	if (!error) {

		error = setxattr(dentry, name, value, size, flags);

		error = setxattr(f.file->f_path.dentry, name, value, size, flags);

		mnt_drop_write_file(f.file);

	}

	fdput(f);
@@ -509,7 +507,7 @@ SYSCALL_DEFINE4(fgetxattr, int, fd, const char __user *, name, 


	if (!f.file)

		return error;

	audit_inode(NULL, f.file->f_path.dentry, 0);

	audit_file(f.file);

	error = getxattr(f.file->f_path.dentry, name, value, size);

	fdput(f);

	return error;
@@ -590,7 +588,7 @@ SYSCALL_DEFINE3(flistxattr, int, fd, char __user *, list, size_t, size) 


	if (!f.file)

		return error;

	audit_inode(NULL, f.file->f_path.dentry, 0);

	audit_file(f.file);

	error = listxattr(f.file->f_path.dentry, list, size);

	fdput(f);

	return error;
@@ -651,16 +649,14 @@ SYSCALL_DEFINE2(lremovexattr, const char __user *, pathname, 
SYSCALL_DEFINE2(fremovexattr, int, fd, const char __user *, name)

{

	struct fd f = fdget(fd);

	struct dentry *dentry;

	int error = -EBADF;



	if (!f.file)

		return error;

	dentry = f.file->f_path.dentry;

	audit_inode(NULL, dentry, 0);

	audit_file(f.file);

	error = mnt_want_write_file(f.file);

	if (!error) {

		error = removexattr(dentry, name);

		error = removexattr(f.file->f_path.dentry, name);

		mnt_drop_write_file(f.file);

	}

	fdput(f);

include/linux/audit.h

+9 −0
Original line number Diff line number Diff line
@@ -130,6 +130,7 @@ extern void audit_putname(struct filename *name); 
#define AUDIT_INODE_HIDDEN	2	/* audit record should be hidden */

extern void __audit_inode(struct filename *name, const struct dentry *dentry,

				unsigned int flags);

extern void __audit_file(const struct file *);

extern void __audit_inode_child(const struct inode *parent,

				const struct dentry *dentry,

				const unsigned char type);
@@ -183,6 +184,11 @@ static inline void audit_inode(struct filename *name, 
		__audit_inode(name, dentry, flags);

	}

}

static inline void audit_file(struct file *file)

{

	if (unlikely(!audit_dummy_context()))

		__audit_file(file);

}

static inline void audit_inode_parent_hidden(struct filename *name,

						const struct dentry *dentry)

{
@@ -357,6 +363,9 @@ static inline void audit_inode(struct filename *name, 
				const struct dentry *dentry,

				unsigned int parent)

{ }

static inline void audit_file(struct file *file)

{

}

static inline void audit_inode_parent_hidden(struct filename *name,

				const struct dentry *dentry)

{ }

ipc/mqueue.c

+2 −2
Original line number Diff line number Diff line
@@ -990,7 +990,7 @@ SYSCALL_DEFINE5(mq_timedsend, mqd_t, mqdes, const char __user *, u_msg_ptr, 
		goto out_fput;

	}

	info = MQUEUE_I(inode);

	audit_inode(NULL, f.file->f_path.dentry, 0);

	audit_file(f.file);



	if (unlikely(!(f.file->f_mode & FMODE_WRITE))) {

		ret = -EBADF;
@@ -1106,7 +1106,7 @@ SYSCALL_DEFINE5(mq_timedreceive, mqd_t, mqdes, char __user *, u_msg_ptr, 
		goto out_fput;

	}

	info = MQUEUE_I(inode);

	audit_inode(NULL, f.file->f_path.dentry, 0);

	audit_file(f.file);



	if (unlikely(!(f.file->f_mode & FMODE_READ))) {

		ret = -EBADF;

kernel/auditsc.c

+5 −0
Original line number Diff line number Diff line
@@ -1897,6 +1897,11 @@ out: 
	audit_copy_inode(n, dentry, inode);

}



void __audit_file(const struct file *file)

{

	__audit_inode(NULL, file->f_path.dentry, 0);

}



/**

 * __audit_inode_child - collect inode info for created/removed objects

 * @parent: inode of dentry parent